Expertise

Skills & Technical Stack

A full-stack security skill set built across enterprise environments.

Endpoint Detection & Response (EDR)

  • CrowdStrike Falcon (NG-SIEM, EDR, Prevent, Insight, Discover)
  • Microsoft Defender for Endpoint (MDE)
  • Endpoint protection administration
  • Detection tuning and alert triage
  • Threat hunting across enterprise estates
  • Incident response workflows
  • CrowdStrike secure configuration baselines

SIEM / SOAR

  • Microsoft Sentinel (KQL: detection & hunting queries)
  • Splunk (SPL: analytics and dashboards)
  • CrowdStrike NG-SIEM
  • Analytics rule creation and tuning
  • SOAR automation playbook development
  • Threat hunting across large datasets
  • Alert triage and false positive reduction

Identity & Access Management

  • Azure Active Directory (Entra ID)
  • Single Sign-On (SSO)
  • Multi-Factor Authentication (MFA)
  • Conditional Access policies
  • Role-Based Access Control (RBAC)
  • Microsoft Intune (MDM & MAM)
  • BeyondTrust Privileged Access Management (PAM)

Email & Web Security

  • Mimecast email security gateway administration
  • Web security gateway management
  • Data Loss Prevention (DLP) controls
  • Anti-phishing policy configuration
  • Anti-malware policy management
  • Content filtering systems

Vulnerability Management

  • Pentera (Breach and Attack Simulation)
  • Tenable.io vulnerability scanning
  • AppCheck and Nessus
  • Vulnerability prioritisation and remediation coordination
  • Penetration test findings remediation
  • CIS Benchmarks and secure configuration baselines
  • Tanium: asset discovery and patch management

Incident Response

  • NIST 800-61 incident response lifecycle
  • MITRE ATT&CK framework
  • Investigation, containment, eradication and recovery
  • Post-incident reporting (technical and executive)
  • Incident response playbook development
  • Runbook creation and SOAR workflow integration
  • Ransomware, phishing, insider threat, identity attack scenarios

Firewall & Network Security

  • Check Point Harmony firewall administration
  • WAF and DDoS protection
  • Intrusion Detection and Prevention (IDS/IPS)
  • VPNs and network segmentation
  • DNS and TCP/IP fundamentals
  • Secure network architecture principles
  • Cisco Umbrella management

Frameworks & Compliance

  • NIST Cybersecurity Framework (CSF)
  • NIST 800-61 Incident Response
  • CIS Controls
  • ISO 27001 / ISO 27002
  • Cyber Essentials+
  • GDPR and data protection regulations
  • PCI-DSS

Scripting & Automation

  • PowerShell scripting for security operations automation
  • SOAR workflow integration
  • Incident response tooling development
  • Alert triage and enrichment automation