Technical Work
Architecture, systems, and tools built for real operational use — from a containerized SOC to a national-scale sovereign security platform.
Project Synapse
A multi-phase sovereign security engineering program — from a basic detection engine to a national-scale architecture with six specialized capability domains. Built entirely from first principles.
All Eight Phases
The initial log-correlation prototype. A simple Python script that asked: "what if we automated threat correlation?" Proved the concept was worth engineering.
The enterprise beast — full SIEM stack with Kafka streaming, OpenSearch analytics, ML anomaly detection (behavioral + statistical), TheHive/Cortex SOAR integration, Zero-Trust policy enforcement, and AWS-native monitoring. Designed for hybrid and multi-cloud environments. Processed and correlated telemetry from Ubuntu, Windows, and Kali environments simultaneously.
Compressed Enterprise into a full Docker Compose stack. Wazuh, Kafka, Zookeeper, Spark, OpenSearch, TheHive, and Cortex — all running together. Processes 10,000+ events/day with ~2–3s detection latency. Full BC/DR documentation included.
The pivot from defense to offense. Vector models attacker TTPs using MITRE ATT&CK, enabling automated red-team scenarios and direct integration with the detection pipeline to validate coverage.
Operational stealth for offensive simulation — deception, obfuscation, covert channel design. Umbra makes attack operations invisible to detection systems not specifically built to handle it.
The evolved intelligence core — rebuilt and upgraded to seamlessly integrate all six sovereign arms. Handles policy enforcement, correlation logic, and central decision routing across the entire platform.
The investigation lab — dedicated to deep forensic analysis, artifact reconstruction, timeline correlation, and chain-of-custody documentation. Small footprint, high mission-criticality.
The culmination — a sovereign-grade architecture model composed of six domains: Vector (offense), Umbra (stealth), Spectra (detection), Holmes (forensics), Axiom (intelligence), and Aegis (resilience). Aegis armors the entire system with advanced resilience layers, data-sovereignty controls, and national-grade defense mechanisms. Every domain supports every other — the full integration that makes the system truly sovereign.
Technical Projects
Cloud-Based Security Architecture (AWS)
Multi-layer AWS security solution integrating WAF, GuardDuty, IAM baselines, centralized logging, and Security Hub. Reduced client incident exposure by approximately 30%.
SIEM Implementation for SME
Built and deployed an ELK-based SIEM for centralized log management. Integrated custom ML classification models for alert scoring. Improved detection accuracy and compliance reporting readiness.
Endpoint Protection Deployment
Configured XDR/EDR solutions across 20+ endpoints, enabling automated patching pipelines, device-level threat monitoring, and DLP policy enforcement.
Active Directory Penetration (MASAR)
Full AD exploitation simulation in a Windows Server 2019 environment. Executed ZeroLogon, PrintNightmare, SMB/RDP exploitation, and privilege escalation. Produced governance-aligned risk report mapping all findings to ISO control categories.
Network Design & PNetLab Simulation
Built full enterprise network topology with routers, switches, firewalls, and servers. Hosted a secure web server on Kali Linux and validated network segmentation policy enforcement end-to-end.
security-tools Repository
Lightweight CLI utilities for SOC triage operations — starting with a working IOC extractor that pulls public IPs, domains, and hashes from alert text with deduplication and private-IP filtering.