EDR | XDR | Threat Hunting | Detection Engineering | ATT&CK | BlueTeam
I'm passionate about Cyber Threat Hunting and Detection Engineering.
My perfect work day includes analyzing emerging threats, identifying and documenting key adversarial behaviors (ATT&CK TTPs), Hunting on large amounts of data (e.g. using tools like Kibana, Splunk, Athena), creating new detections and fine tuning existing ones to diminish unwanted hits.
I work with Mitre ATT&CK framework everyday.
I create yara-like (regexp) detection rules.
I'm self-motivated and results-oriented. I can do work alone, but I prefer working as part of a team. I enjoy mentoring others and being a mentee.
In bullets:
- Currently working on Threat Detection and Hunting, fueling Trellix EDR solution with detections against emerging threats.
- Presenter at SANS 2021 Blue Team Summit and SANS 2021 Threat Hunting Summit (Set and Oct 2021)
- Presenter at McAfee Enterprise internal conferences (several times)
- At InfoSec/SecOps since 2016. +15y overall working experience.
- Core team member at McAfee's EDR (since inception).
- Wide (+10y) experience as Software Development Manager and Technical Program Manager working with Product Management, Sales, Support and other organizations.
- Experienced (+10y) on Agile Methodologies (Scrum, Kanban, Scaled Agile).
- Hands-on experience with JIRA (+10y), Splunk(+3y) and ELK (+3y) and QuickSight (+1y).
- Hands-on experience on EDR Threat Alert Monitoring and Analysis (+2y).
Highlights:
- Presenter at SANS Blue Team and Threat Summit
- Inventor: 2 patents on InfoSec/SecOps
- 3 times at Mitre APT Assessment with MVISION EDR
- Defined and implemented data-driven Continuous Improvement programs
- Technical Contributions to MVISION EDR Threat Detection
Different roles I played:
- Threat Hunting Specialist
- Threat Detection Engineer
- Software Engineering Manager
- Technical Program Manager
- Software Engineer