Security engineer focused on detection and practical tooling

I build SIEM pipelines, endpoint visibility labs, and defensive tools that make investigations faster and telemetry clearer.

  • Elastic
  • Sysmon
  • Winlogbeat
  • Python
  • Linux
  • Wireshark
Visibility Lab Preview

Endpoint telemetry pipeline

Detection-focused dashboards

Practical investigation workflows

Featured work

A few highlights. Full list lives in Projects.

SIEM and monitoring lab

Centralized log ingestion and investigation workflows with endpoint telemetry.

ElasticSysmonWinlogbeat

Defensive security tooling

Small utilities that speed up blue team workflows and system visibility.

PythonLinuxAutomation

OSINT browser extensions

Extensions for quick lookups and investigation context during triage.

OSINTBrowserTriage

Core focus areas

The work I enjoy and the problems I like solving.

Detection and investigation

  • Telemetry-first thinking
  • Alert logic and triage workflows
  • Hunting and incident response support

Security tooling

  • Python automation for blue team workflows
  • Fast investigation helpers and scripts
  • Practical, repeatable lab setups

Hardening and research

  • System hardening and baseline checks
  • Threat modeling and risk-oriented fixes
  • Writeups with clear takeaways

About

I work across offensive and defensive security, with a practical focus on visibility, detection, and investigation workflows. I like building things that are small, useful, and easy to run in real environments.

  • Penetration testing and system security foundations
  • Threat hunting, incident response support, and forensic mindset
  • Tooling that speeds up SOC and investigation workflows