About Me
Over the last five years, I have specialized in various domains of cybersecurity, particularly in incident response & detection engineering for cloud environments and SaaS applications. My cybersecurity engineering expertise has been utilized by FAANG companies, Fortune 500 companies and major tech firms worldwide, and I have designed cloud DFIR-based labs and training for well-known learning platforms such as LetsDefend, Blue Team Labs Online by Security Blue Team, and LinkedIn Learning to teach core skills in Cloud Detection Engineering, Incident Response, and Forensics.
Apart from being an engineer, I am a digital creative who produces content on YouTube, LinkedIn, Instagram, Tiktok and Twitter, and I have a total audience of over 50k followers. I founded Cyberwox Academy, an online cybersecurity community with over 4000 members, where I mentor the next generation of cybersecurity professionals. Furthermore, I am passionate about sharing my work and research and have spoken at conferences and platforms such as fwd:cloudsec, Texas Cyber Summit, Microsoft Reactor, Cloud Security Podcast and many others.
What I Do
My core skills lie in Detection Engineering and Threat Research for cloud environments, SaaS applications, and identity providers. This work also entails Threat Hunting, Threat Emulation, Incident Response, Security Automation, Data Analysis, Security Logging, and Pipeline Engineering.
I have extensive experience in Incident Response, SOAR, and Insider Threat Investigations, specializing in fraud and platform abuse. As part of the Worldwide Customer Service CSIRT at Amazon, I serve as a Tier 4 escalation point, handling complex investigations involving data exfiltration, fraud, policy violations, and application vulnerabilities. I automate response workflows using Python and Splunk SOAR, and act as an on-call Incident Commander for critical incidents. My role involves close collaboration with Detection, Threat Intel, and AppSec teams to enhance security measures, as well as working with HR and Legal on insider threat investigations.
I possess skills in developing Cloud DFIR content and have successfully created multiple labs for AWS, GCP, and Azure. Developing this content involves deploying infrastructure in cloud environments using Infrastructure as Code (IaC) tools such as Terraform and CloudFormation, which I am proficient in using.
I'm a frequent speaker at security conferences and meetup groups. I have presented multiple cybersecurity talks and provided specialized training for 1000+ Professionals from my various courses and lab projects.
I lead an open source project - Datadog AWS Threat Emulation Guide which aims to simplify the process of evaluating Datadog's Cloud SIEM security capabilities to detect AWS threats. I also I'm a major contributor to the learntocloud.guide which aims to provide an outline of skills you need to learn to get into Cloud Computing.
I'm the founder of Cyberwox Academy, an online cybersecurity community with over 2000 members, where I mentor the next generation of cybersecurity professionals.
