Case Studies

Projects

Real-world security engineering work, detection development, and incident response case studies from enterprise SOC environments.

Detection Engineering

Insider Threat Detection Framework

Production

Built a Splunk-based detection framework to identify anomalous data exfiltration patterns, reducing insider threat false positives by 62%.

SplunkSPLUEBADLP

62% reduction in false positives

Incident Response

Ransomware IR Playbook Redesign

Deployed

Redesigned the enterprise ransomware response playbook after a near-miss event, cutting containment time from 4 hours to 47 minutes.

IRCrowdStrikeContainmentNIST

47-minute containment time

Threat Intelligence

Threat Intel Integration Pipeline

Active

Engineered an automated IOC ingestion pipeline connecting MISP and Splunk ES to push new indicators into detection rules within minutes of publication.

MISPSplunk ESPythonAutomation

Sub-5-min IOC deployment

Communication

Executive Security Briefing Program

Ongoing

Established a monthly executive security briefing cadence for CISO and board, translating technical SOC metrics into business-impact language.

ReportingKPIsExecutive Comms

Adopted org-wide

EDR Engineering

CrowdStrike Falcon Detection Tuning

Complete

Audited and retuned 200+ Falcon prevention policies across 50k endpoints, cutting noise by 40% while maintaining detection coverage against MITRE ATT&CK T1 threats.

CrowdStrikeMITRE ATT&CKEDRTuning

40% noise reduction

Mentorship

SOC Analyst Onboarding Curriculum

Active

Designed a 30-60-90 day onboarding program for Tier 1 analysts that reduced time-to-proficiency by 3 weeks across three analyst cohorts.

TrainingDocumentationLeadership

3-week faster onboarding