Istanbul, Türkiye
The Operating System
I engineer proactive threat detection systems and automate the tedious layers of security operations. I break down manual SOC workflows and rebuild them as asynchronous, AI-augmented pipelines. Eliminating the tedious layers so analysts can focus on decisions, not tickets.
Currently an MIS Freshman at Marmara University.
Proof of Work
⚙️ Engineering & Automation
- Sentinel-Native AI-Augmented Triage Agent: Engineered a zero-secret, $0-cost triage workflow utilizing LangGraph and Azure REST APIs. Bypassed synchronous API bottlenecks using
asyncio, enabling concurrent CTI enrichment and parallel incident polling. - Autonomous Tier 1 Phishing Triage Pipeline: Built a two-process SOC automation system using a LangGraph ReAct agent and a FastMCP tool server. Automates email ingestion, live threat intelligence querying, and routes verdicts directly to Splunk.
🔬 Lab Research & Write-ups
- Malware Analysis: Static & Dynamic triage of obfuscated payloads (Cryptbot, Loaders). Memory forensics of WannaCry and Agent Tesla VBA Droppers.
- Network Forensics: PCAP analysis of C2 traffic, ARP/DNS spoofing, and CobaltStrike/IcedID infections.
- Detection Engineering & SIEM Hunting: Splunk/ELK hunting, custom YARA/Snort signatures, and Atomic Red Team emulation against Sysmon.
- Incident Response: Playbook containment and forensic timeline reconstruction for active breaches (Boogeyman, Follina).
Continuous Cultivation
- CompTIA Security+ (Score: 810/900)
- Active Practitioner: CyberDefenders · Custom Home Labs.
Technical Arsenal
- Frameworks: MITRE ATT&CK®, MITRE D3FEND™, Unified Kill Chain.
- Cloud & Automation: Azure, Entra ID, LangGraph.
- NTA: Wireshark, Snort, Zeek, Brim.
- SIEM/EDR: Microsoft Sentinel, Splunk (SPL), Elastic (ELK), Sysmon.