Client environments monitored
Security events triaged across SIEM and EDR ecosystems including Splunk, QRadar, Elastic, Google SecOps, Defender, and CrowdStrike.
Cybersecurity operator to security builder
I turn security signals into intelligence, automation, and response systems.
SOC Technical Lead based in Toronto, building practical workflows across detection, threat intelligence, incident response, cloud visibility, and security automation.
Open to roles in
Threat Intel
Detection Engineering
Security Automation
Cloud Security
Current focus
Security operations leadership
Builder lane
AI-assisted CTI and SOAR automation
Operating model
MITRE-aligned detection and response
Measured outcomes
Proof that the work scales beyond alerts.
The strongest portfolio signal is impact. These numbers connect operations, automation, risk reduction, and team leadership into one story.
Analysts led
Technical coordination across a 24x7 SOC team, mentoring analysts and improving escalation quality.
Triage effort reduced
SOAR playbooks helped standardize investigations and remove repetitive manual analysis.
CTI workflow effort reduced
Automated reporting and enrichment pipelines using PowerShell, Azure Logic Apps, DevOps, and AI-assisted security tooling.
Risks remediated
Vulnerability assessment and remediation aligned with ISO 27000, CIS, and NIST expectations.
Capability map
Four ways I create security value.
Detection and response
Run high-volume security operations with discipline.
Incident triage, alert validation, phishing and account compromise analysis, escalation, RCA support, QA reviews, and SLA-focused reporting.
Workflow automation
Convert repeatable analyst work into resilient playbooks.
SOAR playbooks, runbooks, IOC enrichment, AI-assisted advisory generation, Azure Logic Apps, PowerShell, Bash, and DevOps-backed workflows.
Threat intelligence
Turn threat context into useful decisions.
MITRE ATT&CK-aligned CTI reports, customer-specific advisories, IOC enrichment, TTP mapping, threat hunting support, and detection engineering inputs.
Security engineering foundations
Improve visibility, posture, and response across hybrid environments.
Hybrid cloud security collaboration, vulnerability management, EDR deployment, Linux and Active Directory operations, documentation, and control alignment.
Selected case files
Portfolio evidence for roles beyond traditional SOC.
Each case file frames the work as a reusable security capability: intelligence, automation, engineering, or response.
AI + CTI
Customer-specific advisories
AI-powered threat intelligence automation
Developed a scalable workflow to generate customer-specific security advisories for 20+ clients and enrich IOCs for hunting and detection work.
Impact: Improved CTI delivery consistency and helped convert external threat data into action-ready internal context.
Tools: GPT-4 concepts, Microsoft security tooling, IOC enrichment, advisory templates, threat hunting support.
SOAR
30% effort reduction
Automated incident triage playbooks
Designed SOAR workflows that standardized common investigation steps and reduced repetitive analysis across SOC operations.
Impact: Reduced manual investigation effort while making triage more consistent for L1 analysts.
Tools: SOAR, SIEM events, EDR context, runbook logic, escalation criteria, MITRE mapping.
Detection
Alert quality
SOC runbooks and detection tuning
Identified alert fatigue and operational gaps, then improved playbooks, use cases, and escalation guidance for analysts.
Impact: Better response consistency, clearer triage decisions, and improved operational reporting using MTTD, MTTR, and SLA signals.
Tools: Splunk, QRadar, Defender, CrowdStrike, MITRE ATT&CK, QA review loops.
Risk
5000+ remediated
Vulnerability remediation at scale
Performed vulnerability assessments and coordinated remediation of thousands of risks aligned to recognized security standards.
Impact: Reduced enterprise exposure and strengthened compliance readiness across IT security operations.
Tools: Tenable Nessus, ISO 27000, CIS, NIST, Linux, automation scripts.
Security stack
A practical toolkit across response, intelligence, cloud, and automation.
SIEM and Monitoring
- Splunk
- IBM QRadar
- Elastic
- Google SecOps
- FortiSIEM
- Datadog
EDR, IR, and Hunting
- CrowdStrike
- Microsoft Defender
- Incident triage
- Phishing analysis
- Account compromise
- Threat hunting support
Threat Intelligence
- MITRE ATT&CK
- IOC enrichment
- Anomali ThreatStream
- Defender Threat Intelligence
- VirusTotal
- CTI reporting
Automation and Cloud
- PowerShell
- Bash
- SOAR playbooks
- Azure Logic Apps
- AWS, Azure, GCP
- Azure DevOps
Risk and Platforms
- Tenable Nessus
- Vulnerability management
- ISO 27000
- CIS controls
- NIST alignment
- Active Directory
Trajectory
Experience built from operations, sharpened into engineering habits.
GlassHouse Systems - SOC L1 Technical Coordinator
Lead a 24x7 SOC team of 11 analysts across three shifts, guide escalations, improve runbooks and SOAR playbooks, track operational KPIs, and coordinate with TI, IR, platform, and cloud teams.
GlassHouse Systems - SOC Analyst I
Monitored and investigated events across 20+ environments, escalated high-fidelity alerts, built AI-powered CTI automation, and designed playbooks that reduced manual analysis effort.
Difenda - Threat Intelligence Analyst
Produced MITRE-aligned CTI reports using Azure AI Studio and Microsoft Security Copilot, while automating CTI workflows with PowerShell, Azure Logic Apps, and Azure DevOps.
eInfochips - IT Security Analyst
Performed vulnerability management, automated IT operations, supported enterprise EDR rollout, and delivered training to improve detection readiness.
Credentials and direction
Grounded in security fundamentals, moving toward higher-impact security engineering.
Education
Master of Cyber Security and Threat Intelligence, University of Guelph. GPA: 93.5. ISA Cybersecurity Scholarship Recipient.
Bachelor of Engineering in Computer Engineering, LDRP-ITR, KSV University.
Certifications
- (ISC)2 Certified in Cybersecurity
- Microsoft Security, Compliance, and Identity Fundamentals
- Microsoft Azure Fundamentals
- Red Hat Certified System Administrator
Where I am going
Threat intelligence engineering, detection engineering, cloud security, incident response, security automation, and AI-assisted cyber operations.