Detecting Risks.
Protecting Business.
Insider Threat Hunter at a leading financial institution in the United Kingdom, with a passion for detection engineering, automation and building solutions that detect the theats from within.
Who I Am
I specialize in identifying, analyzing and mitigating insider risks through data-driven detection logic, threat hunting and automation. I love solving complex problems and building tools that make a real impact.
More About MeData Driven
Turning data into insight and actionable detections.
Problem Solver
I tackle complex challenges with curiosity and precision.
Builder
Automating processes and building tools that scale.
Security Focused
Protecting people, data and critical systems.
What I Work With
SIEM & EDR
Microsoft Sentinel, Defender, Splunk, CrowdStrike
Query Languages
KQL, SPL, CQL, SQL
Detection Engineering
YARA, KQL, Correlation Logic
Threat Intelligence
IOCs, TTPs, MITRE ATT&CK, Threat Feeds
Scripting & Automation
Python, PowerShell, Bash, TypeScript
Data & Analytics
Log Analysis, Pandas, Regex
Cloud & Identity
Azure, Entra ID, O365, Netskope, Purview
Version Control
Git, GitHub
Certifications
Comptia CySA+
CyberSecurity AnalystComptia Security+
CyberSecurity FundamentalsCyberDefenders CCDL2
Practical CyberSecurity AnalysisMicrosoft AZ-900
Azure Cloud FundamentalsISC2 CC
CyberSecurity FundamentalsTop 1%
CyberDefenders RankProjects & Case Studies
Privilege Escalation Detection via Service Creation
Built a multi-signal detection to identify attackers abusing service creation for privilege escalation across endpoints.
Alert Enrichment & Triage Automation
Automated alert enrichment and triage workflows, reducing manual effort and improving analyst efficiency.
Data Exfiltration Risk Scoring Framework
Developed a risk scoring model to identify potential data exfiltration based on user behavior and contextual signals.
How I Work
1. Understand
Understand the environment, risks and attack surface.
2. Detect
Build high-fidelity detections that reduce noise.
3. Investigate
Hunt threats and validate suspicious activity.
4. Automate
Automate workflows and streamline responses.
5. Improve
Continuously refine and measure impact.