user@0xAtef:~$ whoami
> Mohamed Atef
user@0xAtef:~$ role
> Cyber Defense Lead | Blue Team Strategist
user@0xAtef:~$ mission
> Orchestrating next-gen SOC operations, architecting resilient defense ecosystems, and engineering automated threat response.
user@0xAtef:~$ core_competencies
> CTI, Detection-as-Code, Threat Hunting, Adversary Emulation, SOAR Architecture
user@0xAtef:~$ current_status
> Leading high-performance defense teams & driving security maturity.
user@0xAtef:~$ executing
> ./threat_hunting.sh --target=advanced_persistent_threats --mode=continuous
Leading MSSP security operations, strategy, and team development.
- Strategic Leadership: Architecting high-velocity security operations and cultivating elite engineering talent to drive continuous defensive innovation.
- Security Architecture & Engineering: Leading end-to-end SOC deployments and transforming legacy environments through Maturity Assessments and Gap Analysis. Expert implementation of multi-vendor ecosystems including FortiSIEM, QRadar, TheHive, ELK, Wazuh, MISP, and SOAR pipelines (n8n, Shuffle).
- Crisis Management & DFIR: Directing high-stakes incident response engagements for advanced persistent threats, orchestrating containment and eradication strategies for Ransomware, Bootkits, and BEC campaigns.
Leading CTI operations, threat hunting, and detection engineering.
- Threat Detection: Champion a Detection-as-Code philosophy using CI/CD pipelines for detection logic.
- Intelligence Operations: Operationalize intelligence via MISP with real-time SIEM integration.
- Automation Architecture: Design and maintain "ThreatOps" and other custom automation tools.
SOC operations, SIEM/SOAR administration, security architecture.
Incident response, security monitoring, and compliance.
- π€ Automated CTI Pipeline: Built comprehensive automated CTI pipeline using MISP, N8n, and Python.
- πΊοΈ MISP Galaxy: Designed and published a custom MISP Galaxy mapping ransomware actors to ATT&CK.
- π n8n Workflows: Built end-to-end enrichment pipelines for MISP events.
- π MISP Analytics: Created interactive Jupyter Notebook dashboards for threat visualization.
- βοΈ Attack Simulation: Utilized CALDERA for adversary emulation and defense testing.
- π eCTHPv2 β Certified Threat Hunting Professional (EC-Council)
- π Group-IB β Threat Intelligence Analyst
- π Group-IB β Cyber Crime Investigator
- π Belkasoft β Windows Forensics Certification
- ThreatOps: Custom CTI Automation Platform - Custom-built tool for RSS feed intelligence collection and operationalization
- MISP: Malware Information Sharing Platform - Advanced CTI pipeline and automation workflows
- TheHive: Open Source SOAR - Incident response and threat handling automation
- Threat Hunting Framework - MITRE ATT&CK-based hunting methodologies and detection engineering
- EDR Assessment Guide - Comprehensive evaluation framework for endpoint detection solutions
- CTI Pipeline Automation - End-to-end automated threat intelligence processing and enrichment
- ELK Stack Deployment - Security-focused log analysis and visualization
- C2 Framework Integrations - Purple team testing and detection validation
- Attack Simulation Labs - Controlled environments for threat emulation and hunting
- API-to-QRadar Syslog Middleware - Custom integration solutions
- Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers
- Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware
- WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
- Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks
- New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards