About

MDR Analyst with nearly 5 years of experience in threat investigation, detection engineering, and incident response.

Who I Am

MDR Analyst with nearly 5 years of experience in threat investigation, threat hunting, and detection validation across endpoint, identity, and email security environments. Day to day, I analyze suspicious process execution, persistence mechanisms, and other common attacker behaviors — determining whether activity is malicious, benign, or requires additional monitoring.

A major part of my work involves turning technical findings into clear, actionable documentation. I regularly create investigation summaries, escalation notes, false positive closures, and remediation guidance that bridge the gap between security operations and client communication.

I’m especially interested in Windows-based investigations, malware behavior, persistence techniques, DFIR, and practical analyst tradecraft. I also value building repeatable investigation workflows, documenting useful commands, and improving how analysts communicate technical findings.

Experience

  • MDR Analyst — Investigating threats and validating detections across multi-tenant client environments, producing investigation summaries, escalation notes, and remediation guidance
  • Cybersecurity Team Lead — Managed a team of analysts, establishing investigation workflows, escalation procedures, and documentation standards
  • Cybersecurity Analyst (Tier 1 & 2) ��� Triage, investigation, and response across endpoint, identity, and email security alerts
  • Incident Response — Led response efforts for ransomware events, persistent threat actor access, and advanced LOLBin/BYOVD abuse across enterprise environments
  • International Training — Traveled to Mexico to deliver on-site security training for a newly formed team, all of whom have since advanced to senior roles in the industry

Platforms & Tools

Category Tools
EDR CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint
SIEM Splunk, Microsoft Sentinel, FortiSIEM, LogRhythm, AlienVault
Hunting & Analysis ELK, Volatility, Wireshark, Velociraptor
Cloud Security Microsoft Azure (AZ-500), Entra ID

Certifications

Certification Issuer
SentinelOne SIREN SentinelOne
AZ-500: Azure Security Engineer Associate Microsoft
SC-200: Security Operations Analyst Associate Microsoft
eCTHPv2: Certified Threat Hunting Professional INE Security
Security+ CompTIA

What’s on This Site

  • Research — Detection rules, IR playbooks, and threat analysis mapped to MITRE ATT&CK
  • Notes — Threat hunting labs, DFIR walkthroughs, and email forensics guides
  • Write-ups — CTF and HackTheBox write-ups
  • RTRange — Interactive red team vs. blue team training scenarios

Contact