I am a Security Operations Analyst focusing on SOC Operations, and SOC Automation. My work centers on transforming raw telemetry into actionable security intelligence, improving alert triage, and designing automation that enhances analyst effectiveness without removing human judgment.
This portfolio demonstrates end-to-end SOC capability, from detection and investigation to enrichment, automation, and professional DFIR-style documentation.
These projects demonstrate my ability to handle real-world security incidents from detection through investigation, automation, and response.
| Project Title | Core Focus | Key Achievement | Documentation |
|---|---|---|---|
| AI-SOC Automation | SOC Automation & AI-Assisted Triage | Designed and implemented an end-to-end SOC workflow integrating Splunk detections, threat intelligence enrichment, AI-assisted triage, DFIR case creation, and real-time analyst notification | View Project |
| Impossible Travel & Unfamiliar Sign-In Investigation | Identity Security & Splunk | Investigated anomalous global sign-ins and malicious Microsoft 365 mailbox forwarding rules, resulting in a confirmed Business Email Compromise investigation | View Investigation |
| Microsoft SOC Analyst Portfolio | Microsoft Sentinel & XDR | Built a Microsoft E5 SOC lab using Sentinel and Defender for Endpoint and authored custom KQL queries for cross-domain threat hunting | View Project |
| SOC Lifecycle | Technical Skills | Security Foundations |
|---|---|---|
| Alert Triage & Analysis | SPL and KQL Querying | MITRE ATT&CK Mapping |
| Incident Investigation | SOAR Playbook Development | Windows and Linux Log Analysis |
| Threat Hunting | Sysmon Telemetry Analysis | Network Protocols (TCP/IP) |
| Detection Engineering | Cloud Security Monitoring | Malware and Phishing TTPs |