Portfolio & Projects
A mix of front-end builds and backend / automation work. Front-end projects show a preview of the interface; backend and automation projects show a snapshot of the code. Each links out to its GitHub repository.
This Portfolio Website
FrontendDesigned and built this site from scratch - a fully responsive, single-page-app-style portfolio with a custom dark theme, smooth section snapping and no external frameworks.

Security Operations Dashboard
FrontendExample front-end project - a lightweight SOC dashboard concept for tracking open alerts, triage time and detection coverage at a glance.

Privilege Escalation Detection via Service Creation
Backend / DetectionBuilt a multi-signal detection to identify attackers abusing service creation for privilege escalation across endpoints.
# Sigma rule - suspicious service creation used for privesc
title: Suspicious Service Creation With Unusual Binary Path
status: stable
logsource:
category: process_creation
detection:
selection:
Image|endswith: '\\sc.exe'
CommandLine|contains:
- 'binPath='
- '\\Users\\Public\\'
filter:
ParentImage|endswith: '\\msiexec.exe'
condition: selection and not filter
level: high
Alert Enrichment & Triage Automation
Backend / AutomationAutomated alert enrichment and triage workflows, reducing manual effort and improving analyst efficiency.
# Alert enrichment - pulls context before it hits the analyst queue
def enrich_alert(alert):
ioc = alert['indicator']
ti = threat_intel.lookup(ioc)
user = identity.get_profile(alert['user'])
alert['risk_score'] = score(ti, user)
alert['context'] = {
'ti_reputation': ti.reputation,
'user_dept': user.department,
'privileged': user.is_privileged,
}
if alert['risk_score'] > 80:
soar.escalate(alert, priority='P1')
return alert
Data Exfiltration Risk Scoring Framework
Backend / AnalyticsDeveloped a risk scoring model to identify potential data exfiltration based on user behavior and contextual signals.
// KQL - flag users with abnormal outbound data volume
DeviceFileEvents
| where Timestamp > ago(24h)
| where ActionType == "FileUploaded"
| summarize TotalMB = sum(FileSize) / 1e6 by AccountName
| join kind=inner (
UserBaseline | project AccountName, AvgDailyMB
) on AccountName
| extend RiskScore = round(TotalMB / AvgDailyMB, 1)
| where RiskScore > 5
| project AccountName, TotalMB, RiskScore
| order by RiskScore desc