Featured Work

Portfolio & Projects

A mix of front-end builds and backend / automation work. Front-end projects show a preview of the interface; backend and automation projects show a snapshot of the code. Each links out to its GitHub repository.

This Portfolio Website

Frontend

Designed and built this site from scratch - a fully responsive, single-page-app-style portfolio with a custom dark theme, smooth section snapping and no external frameworks.

elliot-portfolio.dev
This Portfolio Website preview
HTML5 CSS3 JavaScript
View on GitHub

Security Operations Dashboard

Frontend

Example front-end project - a lightweight SOC dashboard concept for tracking open alerts, triage time and detection coverage at a glance.

soc-dashboard (example)
Security Operations Dashboard preview
React TypeScript Chart.js
View on GitHub

Privilege Escalation Detection via Service Creation

Backend / Detection

Built a multi-signal detection to identify attackers abusing service creation for privilege escalation across endpoints.

privesc-detection.yml (example)
# Sigma rule - suspicious service creation used for privesc
title: Suspicious Service Creation With Unusual Binary Path
status: stable
logsource:
  category: process_creation
detection:
  selection:
    Image|endswith: '\\sc.exe'
    CommandLine|contains:
      - 'binPath='
      - '\\Users\\Public\\'
  filter:
    ParentImage|endswith: '\\msiexec.exe'
  condition: selection and not filter
level: high
Sigma KQL Elastic
View on GitHub

Alert Enrichment & Triage Automation

Backend / Automation

Automated alert enrichment and triage workflows, reducing manual effort and improving analyst efficiency.

enrich_alert.py (example)
# Alert enrichment - pulls context before it hits the analyst queue
def enrich_alert(alert):
    ioc = alert['indicator']
    ti = threat_intel.lookup(ioc)
    user = identity.get_profile(alert['user'])

    alert['risk_score'] = score(ti, user)
    alert['context'] = {
        'ti_reputation': ti.reputation,
        'user_dept': user.department,
        'privileged': user.is_privileged,
    }

    if alert['risk_score'] > 80:
        soar.escalate(alert, priority='P1')

    return alert
Python API SOAR
View on GitHub

Data Exfiltration Risk Scoring Framework

Backend / Analytics

Developed a risk scoring model to identify potential data exfiltration based on user behavior and contextual signals.

risk_scoring.kql (example)
// KQL - flag users with abnormal outbound data volume
DeviceFileEvents
| where Timestamp > ago(24h)
| where ActionType == "FileUploaded"
| summarize TotalMB = sum(FileSize) / 1e6 by AccountName
| join kind=inner (
      UserBaseline | project AccountName, AvgDailyMB
  ) on AccountName
| extend RiskScore = round(TotalMB / AvgDailyMB, 1)
| where RiskScore > 5
| project AccountName, TotalMB, RiskScore
| order by RiskScore desc
KQL Risk Scoring Analytics
View on GitHub