Threat Hunting · Detection Engineering · Cyber Threat Intelligence · OT/ICS Security
I am a security engineer focused on building practical defensive security systems, detection content, and automation. My work combines blue-team operations, controlled adversary emulation, SIEM engineering, cyber threat intelligence, and secure software development.
I am particularly interested in turning security telemetry and threat intelligence into repeatable detection, investigation, and response workflows.
- Threat hunting and detection engineering: MITRE ATT&CK, Sigma, Sysmon, Windows telemetry, detection validation
- SIEM and security automation: Trellix/McAfee ESM, IBM QRadar, TheHive, rule lifecycle and alarm workflows
- Cyber threat intelligence: MISP, STIX/TAXII, IOC enrichment and intelligence pipelines
- OT/ICS security: Modbus-aware discovery, industrial asset visibility and defensive validation
- Security product engineering: Python services, TypeScript interfaces, PowerShell and Shell automation
- Adversary emulation: MITRE CALDERA and Atomic Red Team in authorized, controlled environments
| Project | Description | Stack |
|---|---|---|
| ics_finder | Asynchronous Modbus/ICS discovery with MISP warning-list exclusions, protocol validation and structured output. | Python |
| Windows-ADV-MITRE | Windows security auditing, event generation and MITRE ATT&CK mapping for detection validation. | PowerShell |
| cti-misp-stix-pipeline | MISP-to-STIX/TAXII pipeline with STIX 1.x/2.1 support and IOC relationship handling. | Python |
| Trellix-SIEM-RACC | SIEM rule and alarm analysis tooling designed to reduce manual XML workflows and support multi-tenant operations. | Python |
| misp-extractor | MISP attribute extraction and export utility for IP addresses, URLs and hashes. | Python |
| QRadar_Log_Forwarding | Linux log-forwarding automation and validation for IBM QRadar environments. | Shell |
| MacRecovery | SwiftUI backup utility built on rsync with live logs and cancellation support. | Swift |
| Repository | Contribution |
|---|---|
| kodzamani/DevAtlas | Merged WSL2 project discovery and Explorer integration |
| MISP/misp-website | Added misp-extractor to the MISP tools directory |
| coollabsio/coolify | Contributions covering DNS and hostname management and IPv6 gateway handling |
Security and platforms
MITRE ATT&CK · Sigma · Sysmon · MISP · STIX/TAXII · QRadar · Trellix ESM · TheHive · CALDERA
Engineering
Python · TypeScript · PowerShell · Shell · Swift · SQL · Docker · GitHub Actions
I am interested in open-source work involving detection engineering, threat intelligence, SIEM automation, defensive security tooling, and OT/ICS visibility.
Security research and testing referenced here is intended for authorized and controlled environments.