Technology Risk & Cybersecurity Analyst • Tokyo, Japan 🇯🇵

Bridging enterprise risk management, security operations, and AI-assisted security workflows through hands-on projects, threat hunting, and governance-focused security initiatives.

I am a Technology Risk and Cybersecurity Analyst with a background in financial risk governance and enterprise risk management.

My recent work focuses on:

• Technology Risk & IT Risk
• Security Governance & GRC
• Security Operations & Threat Hunting
• Microsoft Security Technologies
• AI-Assisted Security Workflows
• Risk Analytics & Automation

I enjoy translating technical findings into structured risk insights and exploring how governance, controls, and security operations intersect in modern organizations.

AI-Assisted Threat Hunting Platform

A cybersecurity capstone project combining:

• Azure Log Analytics
• Microsoft Defender for Endpoint
• OpenAI
• Python
• MITRE ATT&CK

Key enhancements introduced during refactoring:

• Time-window guardrails
• Row-limiting controls
• Sensitive data redaction
• Table, field, and model allowlists
• Human-in-the-loop remediation controls
• Environment-variable configuration

➡️ https://github.com/dan-chui/AI-SOC-Analyst-Agent

• Reconstructed a multi-stage ransomware attack
• Identified persistence, credential access, staging, and impact activity
• Mapped findings to MITRE ATT&CK
• Produced structured incident analysis

➡️ https://github.com/dan-chui/Threat-Hunt-Ransomware-Investigation

• Investigated endpoint activity using Defender telemetry
• Analyzed network communications and process execution
• Reconstructed attack timeline
• Escalated findings based on risk context

➡️ https://github.com/dan-chui/Threat-Hunt-Tor-Browser-Investigation

• Risk-based remediation framework
• Ownership and reporting workflows
• Prioritization methodology

➡️ https://github.com/dan-chui/Vulnerability-Management-Program

• ISO 27001-aligned risk assessment
• Likelihood and impact scoring
• Annex A control mapping

➡️ https://github.com/dan-chui/Risk-Register

• Multi-asset portfolio risk model
• Historical and Parametric VaR
• Python-based workflow automation
• Quantitative risk analysis

➡️ https://github.com/dan-chui/VaR-Portfolio-Analysis

Threat Hunting • Incident Analysis • Alert Triage • MITRE ATT&CK • KQL • SIEM Analysis

Microsoft Sentinel • Defender for Endpoint • Microsoft Entra ID • Azure Log Analytics • SC-900

Technology Risk • IT Risk • GRC • ISO 27001 • NIST CSF • IT Controls • Vulnerability Management

Python • pandas • NumPy • Excel • Data Analysis • Risk Analytics • Git/GitHub

• Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
• CompTIA Security+
• ISC² Certified in Cybersecurity (CC)
• MIT Sloan – Cybersecurity for Managers
• AWS Certified Cloud Practitioner

• LinkedIn: https://www.linkedin.com/in/danchui/
• Blog: https://happy-bytes.vercel.app/

Currently exploring opportunities in Technology Risk, IT Risk, Security Governance, GRC, Security Operations, and cybersecurity-adjacent analyst roles in Tokyo and international environments.

テクノロジーリスク & サイバーセキュリティアナリスト｜東京

金融リスク管理のバックグラウンドを活かしながら、現在はテクノロジーリスク、セキュリティガバナンス、サイバーセキュリティ分野に取り組んでいます。

特に以下の領域に関心があります。

• テクノロジーリスク / ITリスク
• セキュリティガバナンス / GRC
• セキュリティ運用（SOC）
• 脅威ハンティング
• Microsoft Security
• AIを活用したセキュリティ分析

Azure Log Analytics、Microsoft Defender、OpenAI、Python を活用した AI支援型脅威ハンティングプロジェクトです。

主な改善点：

• ガードレールの実装
• PII（個人情報）保護
• データ取得範囲の制御
• 人による承認プロセス
• 設定・ドキュメントの改善

➡️ https://github.com/dan-chui/AI-SOC-Analyst-Agent

• CompTIA Security+
• ISC² Certified in Cybersecurity (CC)
• Microsoft SC-900
• MIT Cybersecurity for Managers
• AWS Certified Cloud Practitioner

• LinkedIn: https://www.linkedin.com/in/danchui/
• Blog: https://happy-bytes.vercel.app/

現在、東京を中心に以下の分野に関連するポジションに関心があります。

• テクノロジーリスク
• ITリスク
• セキュリティガバナンス
• GRC
• サイバーセキュリティ
• セキュリティ運用（SOC）