Security engineer focused on threat research, network detection engineering, vulnerability research, and threat intelligence tooling.

I build practical security tooling and research workflows for understanding adversary behavior, enriching indicators, validating detections, and turning technical findings into clear, actionable guidance.

• Threat intelligence and adversary TTP analysis
• Network detection engineering and detection validation
• Vulnerability and exploit behavior research
• Active Directory abuse, credential access, and lateral movement
• Malware behavior analysis and indicator enrichment
• Python-based security tooling and automation

• Radar: Passive intelligence enrichment CLI for IP addresses, domains, URLs, and file hashes.
• Patchday: Terminal UI for browsing Microsoft Patch Tuesday CVEs and emitting enriched JSON for automation.

• Detection quality, coverage analysis, and false-positive reduction
• Practical workflows for vulnerability intelligence
• Passive enrichment pipelines for security investigations
• Mapping network behaviors to adversary techniques
• Applying structured analysis to ambiguous security questions

• Languages & Tools: Python, Bash, SQL, Git
• Security Domains: Threat research, detection engineering, malware analysis, vulnerability research, incident response
• Protocols & Platforms: DNS, SMB, Kerberos, LDAP, RPC, HTTP/S, AWS, Azure
• Analysis Frameworks: MITRE ATT&CK, Diamond Model, Intelligence Cycle, threat modeling