Çekmeköy, Istanbul, Türkiye
Most security problems aren’t technical. They’re organizational. With 15+ years in IT Operations and Information Security, I’ve seen a consistent pattern: things break faster where ownership is unclear, context is missing and decision making is slow. I lead Identity Governance and Security Operations, with a focus on Identity and Access Management (IAM), Identity Governance and Administration (IGA) and Security Operations. The most valuable part of my work isn’t just detection and response, it’s the clarity that follows: understanding root cause, defining ownership and driving corrective action. A key strength I bring is the translation layer; turning complex cybersecurity and identity data into language Legal, Compliance, HR and executive leadership can act on. This is where security drives trust, supports governance and enables risk based decision making. Technically, I design and tune custom detections in Microsoft Sentinel (SIEM/SOAR), perform identity centric threat hunting and lead investigations across Entra ID (Azure AD), Microsoft Defender for Identity and Active Directory. I focus on improving detection engineering and reducing false positives. Threat hunting is a continuous practice for me, not just an incident response reflex. On the hardening side, I clean up what most environments quietly carry: legacy NTLM, LDAP signing gaps, orphaned service accounts, excessive privileges and weak guest access governance. The work aligns with Zero Trust, least privilege and continuous monitoring. I also run leaver driven insider risk monitoring with HR, watching for data exfiltration signals on people leaving the organization and escalating to Head of Security on confirmed risk. I work effectively under pressure and communicate clearly across technical and non technical stakeholders. My focus is building proactive security systems that prevent incidents, not just respond to them. Currently pursuing CISM. Looking to grow into senior roles where Security Strategy, Governance, Identity Security and Operational Leadership come together.
Own identity governance operations across Entra ID, Active Directory, including PIM role assignment, guest lifecycle and privileged access reviews. Lead incident response for identity compromise scenarios using Microsoft Defender and Sentinel. Coordinate across IT Operations, Legal, Compliance and HR for containment and root cause reporting. Build and tune custom detections in Microsoft Sentinel covering identity threats, non interactive sign in abuse, legacy protocol misuse and token anomalies. Reduced noisy identity alert volume by roughly 35 percent while preserving true positive rate. Built detection coverage for emerging identity attacks including device code phishing and token theft, validated against MITRE ATT&CK techniques. Run identity centric threat hunts across Entra ID, Defender for Identity and Microsoft 365 logs on a weekly cadence, feeding findings into detection content and hardening tickets. Run leaver driven insider risk monitoring in coordination with HR. Trigger watchlists from HR exit feeds and investigate data exfiltration signals and unusual outbound activity, escalating to Head of Security on confirmed risk. Manage privileged access through an enterprise Privileged Access Management (PAM) platform. Review access justifications and approve or reject privileged sessions, broker secure connections to target servers and oversee session recording for audit and accountability. Integrate identity telemetry into threat intelligence workflows and map observed attack patterns to MITRE ATT&CK for prioritization.
Led infrastructure and endpoint operations across multiple locations, supporting 450+ users while ensuring system availability, endpoint security and business continuity in a distributed enterprise environment. Strengthened Active Directory operations and service management workflows, improving identity lifecycle processes and significantly reducing operational friction and recurring support demand. Played a key role in regional cyber recovery efforts during the 2017 NotPetya ransomware attack, supporting containment and recovery activities and restoring business operations five days ahead of other EMEA teams, becoming the first fully recovered operation in the region. Contributed to incident driven recovery planning and execution, gaining real experience in large scale disruption, cross team coordination and operations under crisis conditions. Improved warehouse and operational efficiency by modernizing RF terminal systems and integrating automated asset tracking, which made daily logistics faster and more reliable.
Supported secure operation of Windows Server infrastructure, including patch management and endpoint security enforcement, contributing to system hardening and risk reduction. Led the migration of legacy Windows Server 2003 environments into production, strengthening security posture through improved configuration management, Group Policy enforcement and baseline compliance controls. Configured VLANs and RADIUS authentication to strengthen network segmentation and tighten access control.
Managed core enterprise services including DNS, DHCP and Active Directory, ensuring availability, secure configuration and reliable identity services across multiple departments. Implemented and maintained secure VPN connectivity and enterprise print services, supporting stable operations and protected remote access. Oversaw backup and recovery using HP backup systems and off site cold storage, keeping data recoverable and ready for business continuity.
Delivered enterprise end user support for 600+ users, consistently meeting SLAs and achieving a top 2 global MTTR ranking across distributed service desk teams. Supported software licensing compliance and helped onboard and train new analysts, keeping the team consistent on process and standards.