SIEM and monitoring lab
Centralized log ingestion and investigation workflows with endpoint telemetry.
Security engineer focused on detection and practical tooling
I build SIEM pipelines, endpoint visibility labs, and defensive tools that make investigations faster and telemetry clearer.
- Elastic
- Sysmon
- Winlogbeat
- Python
- Linux
- Wireshark
Visibility Lab Preview
Endpoint telemetry pipeline
Detection-focused dashboards
Practical investigation workflows
Featured work
A few highlights. Full list lives in Projects.
Defensive security tooling
Small utilities that speed up blue team workflows and system visibility.
OSINT browser extensions
Extensions for quick lookups and investigation context during triage.
Core focus areas
The work I enjoy and the problems I like solving.
Detection and investigation
- Telemetry-first thinking
- Alert logic and triage workflows
- Hunting and incident response support
Security tooling
- Python automation for blue team workflows
- Fast investigation helpers and scripts
- Practical, repeatable lab setups
Hardening and research
- System hardening and baseline checks
- Threat modeling and risk-oriented fixes
- Writeups with clear takeaways
Latest writeups
Short technical notes, incident-style breakdowns, and build logs.
About
I work across offensive and defensive security, with a practical focus on visibility, detection, and investigation workflows. I like building things that are small, useful, and easy to run in real environments.
- Penetration testing and system security foundations
- Threat hunting, incident response support, and forensic mindset
- Tooling that speeds up SOC and investigation workflows