San Francisco Bay Area
Cybersecurity professional with over 10 years of experience in threat research, detection engineering, adversary emulation, incident response, and security analytics. I specialize in transforming attacker tradecraft into scalable detections, helping organizations identify, understand, and respond to evolving threats. Currently focused on threat detection and research, I serve as the primary maintainer of Splunk's Enterprise Security Content Update (ESCU) content and contribute as a maintainer of Atomic Red Team, helping bridge the gap between offensive techniques and defensive visibility. My work centers on translating real-world adversary behaviors into actionable detections, testing methodologies, and security content that improves organizational resilience. My background spans incident response, threat hunting, detection engineering, and security operations, with experience at organizations such as NBCUniversal and Splunk. These experiences have provided a strong understanding of both the technical and business impact of security incidents, enabling me to build practical and effective security solutions. Areas of expertise include: • Threat Research & Intelligence • Detection Engineering & SIEM Content Development • Adversary Emulation & ATT&CK-based Testing • Splunk Enterprise Security & Security Analytics • Incident Response & Digital Forensics • Network Security, IDS/IPS, Firewalls, and VPNs • Security Data Analysis & Threat Hunting • Python Automation & Security Tooling • Secure Software Development • Data Protection & Information Security I am passionate about understanding how attackers operate and leveraging that knowledge to improve detection capabilities. Whether researching emerging threats, developing detection content, contributing to open-source security projects, or investigating complex incidents, I enjoy solving challenging security problems and helping defenders stay ahead of adversaries. Security data → Splunk → “I think I found something with this SPL!”
Build open source security tools, detections engineering. Currently researching new threats in Cloud based technology
You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk? Just ask.
Working with the Incident SAFE Response Team to detect, analyse and provide counter measures for cyber attacks. Worked with a team of analysts on daily operational monitoring and escalation of information security events and also function as an intrusion analyst to examine security events for context, risk, and criticality. Also, performed activities related to investigating suspicious activities like abnormal network traffic behavior, XSS and SQL Injections on Web Application server, Malware callbacks and remediations. I am actively involved in processes related to Threat Intelligence and Brand Protection. Here are the few tools that I have used extensively: Symantec Endpoint Protection HP Arc Sight Splunk Moloch - Packet capture for rapid searches FireEye etc
Developed machine learning models using the scikit library in Python based on Splunk Technology to detect anomalies in the data Collaborated with the Security Practice team to write modules to enrich the raw data, using K-Means and Naïve Bayes classification algorithms and designed and developed Splunk specific security use-cases Design and write Splunk Apps, develop dashboards, drive code for additional functionality in analytic modeling, classification and visualization for fraud and insider threat use cases.
Part of the website development team from S.P.I.T which developed a college networking portal which is now extensively used by the students of college, primarily for campus recruitment drives. The website also includes additional features like student profiles, social networking, attendance, college announcements.