EMEA & Ireland · DORA · NIS2 · EU AI Act · ISO 42001 · SOC / SIEM Implementation
CISSP · CISM · CRISC · CCSP · Azure Solutions Architect Expert · 13 Certifications Total

Technical execution. Evidence that holds.

27 years of hands-on SOC builds, SIEM configurations, KQL detection engineering, AI architecture, and regulatory audit production. 85 MITRE-mapped detection rules deployed. MTTD reduced 36 hrs → 18 min. Zero breaches over 4 years across all mandates.

Microsoft Sentinel KQL Detection Rules Azure OpenAI / GPT-4o Splunk RBA CyberArk PAM Azure Defender Wireshark / Burp Suite MITRE ATT&CK — 85 Rules CAF A-D ISO 27001 · DORA · NIS2 Terraform / AKS Semantic Kernel / LangChain
27 Years Technical Delivery
13 Active Certifications
85 MITRE Detection Rules
60+ Log Sources Integrated
30+ Regulatory Frameworks
0 Breaches Under Mandate
Hands-On Tools

Technical Stack Mastery

Proven expertise across industry-leading SIEM, EDR, threat hunting, and compliance platforms. Tool-level operational delivery, not consultancy theory.

Microsoft Sentinel

85 MITRE-mapped detection rules deployed. 60+ log sources integrated. MTTD reduced from 36 hrs → 18 min. MTTR improved 73%. Logic Apps SOAR playbooks for automated containment and ticketing.

85 Detection Rules 60+ Log Sources SOAR Playbooks MTTD: 36hr → 18min

Splunk SIEM & RBA

Risk-Based Alerting configuration reducing false positives from 500+/day to 12/day (98% noise reduction). SPL correlation rules, custom dashboards, and DORA-aligned detection workflows.

Risk-Based Alerting 98% FP Reduction DORA Compliance

Azure Defender & MDE

Defender for Endpoint hardening across enterprise estates. Defender for Cloud CSPM, threat analytics integration, and automated investigation across hybrid Azure environments.

CSPM Configuration Threat Analytics MDE Hardening

KQL (Kusto Query Language)

85 production detection rules covering brute force, lateral movement (PtH/PtT), privilege escalation, data exfiltration anomalies, and C2 beacon detection. Operational at enterprise scale.

85 Production Rules Lateral Movement Anomaly Baselines

CyberArk PAM

Privileged Access Management deployment reducing access incidents by 84%. Vault implementation, CPM/PVWA configuration, PSM session recording, and Azure PIM integration for JIT access.

84% Incident Reduction Azure PIM / JIT Session Recording

Wireshark & Burp Suite Pro

Packet-level forensics for incident response, protocol dissection, C2 traffic identification. Burp Suite Pro for OWASP Top 10 assessments and API security validation across enterprise applications.

Packet Forensics OWASP Top 10 API Security Testing

Network Security Platforms

Hands-on delivery across Cisco (CCNA Security certified), Juniper (JNCIS-FWV certified), Checkpoint (CCSE certified), Palo Alto NGFW, F5 BIG-IP, and PKI/VPN/IPSec infrastructure.

Cisco / Juniper Checkpoint / Palo Alto F5 BIG-IP / PKI

MITRE ATT&CK & Nessus

85 detection rules mapped across 11 MITRE ATT&CK tactics. Purple team exercise design, threat modelling, detection gap analysis. Nessus / Qualys for vulnerability scanning and compliance-driven remediation.

85 Rules / 11 Tactics Purple Team Vuln Scanning
Detection Infrastructure

SOC Lab Architecture

Blueprint for enterprise-grade SOC deployment: Azure Sentinel workspace with integrated detection, response, and automation tiers.

┌─────────────────────────────────────────────────────┐ │ AZURE SENTINEL WORKSPACE │ │ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ │ │ Azure AD │ │Defender │ │ 3rd Party Logs │ │ │ │ Logs │ │Endpoint │ │ (Syslog, CEF) │ │ │ └────┬─────┘ └────┬─────┘ └────────┬─────────┘ │ │ └─────────────┼─────────────────┘ │ │ ┌──────▼──────┐ │ │ │ Log Ingest │ │ │ │ & Parse │ │ │ └──────┬──────┘ │ │ ┌───────────┼───────────┐ │ │ ┌────▼───┐ ┌────▼───┐ ┌───▼────┐ │ │ │ KQL │ │Analytic│ │Hunting │ │ │ │Queries │ │ Rules │ │Queries │ │ │ └────┬───┘ └────┬───┘ └───┬────┘ │ │ └───────────┼──────────┘ │ │ ┌────▼────┐ │ │ │Incidents│ │ │ │& Alerts │ │ │ └────┬────┘ │ │ ┌─────────┼────────┐ │ │ ┌────▼──┐ ┌───▼────┐ ┌▼──────────┐ │ │ │Playbok│ │Workbook│ │ Automation │ │ │ │Triage │ │Reports │ │ Response │ │ │ └───────┘ └────────┘ └────────────┘ │ └─────────────────────────────────────────────────────┘

Log Sources (60+)

  • Azure AD & Entra Sign-in Logs
  • Defender for Endpoint / M365
  • Network Flows, Proxies, DNS
  • Syslog, CEF & Custom Connectors
  • Office 365 Audit Logs
  • Cisco / Juniper / Palo Alto feeds
  • CyberArk & PAM audit trails
  • SAP, Salesforce & SaaS sources

Detection Engineering

  • 85 MITRE-mapped KQL rules
  • Brute force & credential stuffing
  • Lateral movement (PtH / PtT)
  • C2 beacon identification
  • Data exfiltration anomalies
  • Privilege escalation (4720/4728)
  • MTTD: 36 hrs → 18 min
  • MTTR improved 73%

Response & Automation

  • Logic Apps playbooks
  • Auto-blocking & quarantine
  • SOAR integration
  • Ticket auto-creation
  • Escalation workflows
  • Evidence preservation
Detection Rules

KQL Detection Engineering

Production-grade Kusto queries deployed across Microsoft Sentinel for real-time threat detection and incident response.

Brute Force Login Detection

Authentication 
// Brute Force Login Detection
SigninLogs
| where TimeGenerated > ago(1h)
| where ResultType !in ("0", "50125", "50140")
| summarize FailedAttempts = count(),
            DistinctIPs = dcount(IPAddress)
            by UserPrincipalName, bin(TimeGenerated, 5m)
| where FailedAttempts > 10
| extend RiskLevel = iff(FailedAttempts > 50,
  "HIGH", "MEDIUM")
| project TimeGenerated, UserPrincipalName,
          FailedAttempts, DistinctIPs, RiskLevel

Lateral Movement via Pass-the-Hash

Persistence 
// Lateral Movement via PTH
SecurityEvent
| where EventID == 4624
| where LogonType == 3
| where AuthenticationPackageName == "NTLM"
| where WorkstationName != ComputerName
| summarize Hops = dcount(Computer),
            Targets = make_set(Computer)
            by SubjectUserName, IpAddress
| where Hops > 3
| extend ThreatScore = Hops * 10
| project SubjectUserName, IpAddress,
          Hops, Targets, ThreatScore

Anomalous Data Upload Detection

Exfiltration 
// Anomalous Data Upload
AzureNetworkAnalytics_CL
| where TimeGenerated > ago(24h)
| where FlowDirection_s == "O"
| summarize TotalBytes =
  sum(BytesSentToInternet_d)
  by SrcIP_s, bin(TimeGenerated, 1h)
| where TotalBytes > 100000000
| join kind=leftouter (
    DeviceNetworkEvents
    | where ActionType == "ConnectionSuccess"
  ) on $left.SrcIP_s == $right.LocalIP
| project SrcIP_s, TimeGenerated, TotalBytes

Privilege Escalation Attempt

Escalation 
// Privilege Escalation Detection
SecurityEvent
| where EventID in (4720, 4722, 4728, 4732)
| where SubjectUserName !in ("SYSTEM", "root")
| summarize EscalationCount = count(),
            TargetAccounts = make_set(
              TargetUserName)
            by SubjectUserName, Computer
| where EscalationCount > 5
| extend AlertSeverity = "High"
| project SubjectUserName, Computer,
          EscalationCount, TargetAccounts
Regulatory Delivery

Audit & Compliance Execution

Evidence production at scale. CAF A-D scoring matrices, ISO 27001 control mapping, and NIS submissions accepted on first presentation.

CAF A-D Evidence Production

Produced IGP scoring matrices, evidence packs, control mapping documents, and gap analysis reports for all 4 CAF objectives: A (Governance), B (Protect), C (Detect), D (Respond & Recover). Delivered to NCSC-reporting regulators.

Governance (A) Protect (B) Detect (C) Respond (D) First Pass Zero Findings

ISO 27001 → CAF Control Mapping

Cross-mapped ISO 27001 Annex A controls to CAF objectives, producing control equivalence matrices that eliminated duplicate assessment effort and reduced compliance overhead by ~40%.

14 Control Groups Equivalence Matrix 40% Overhead Reduction No Rework

NIS Regulatory Submissions

Produced end-to-end NIS submissions for Operators of Essential Services across energy and finance. All submissions accepted by sector regulator on first presentation. Zero remediation demands.

Energy Sector Finance Sector 100% First Pass Zero Remediation
Emerging Threats

AI + Cyber Security

As the threat surface expands into AI-generated phishing, LLM exploitation, and model poisoning attacks, your security architecture must evolve. 27 years of cyber delivery meets 2026's AI threat landscape.

LLM Security & Prompt Injection Defence

Azure OpenAI (GPT-4o) secure deployment, adversarial prompt testing, jailbreak detection, output sanitisation. OWASP LLM Top 10 assessment. ISO 42001 AI management system implementation (in progress). AI model sandboxing and guardrail architecture.

Azure OpenAI GPT-4o OWASP LLM Top 10 ISO 42001 Guardrail Architecture

AI-Driven SIEM & RAG Architecture

Azure ML anomaly detection integrated with Sentinel. RAG pipelines using Azure Document Intelligence + LangChain + Semantic Kernel processing 2.5M+ documents/year at 94–96% accuracy. 12M+ API calls/month at <200ms p95 latency.

Azure Document Intelligence Semantic Kernel LangChain / RAG 2.5M docs/year

AI Governance & Model Risk

EU AI Act Article 9 risk management. ISO 42001 AI management system. Model inventory, bias testing, and transparency documentation. Azure AI Engineer Associate certified. AI incident classification under DORA, NIS2, and EU AI Act reporting obligations.

EU AI Act Art. 9 ISO 42001 Azure AI Engineer Cert DORA / NIS2
Threat Framework

MITRE ATT&CK Coverage Map

Detection and response coverage across MITRE ATT&CK tactics. Mapped techniques inform SOC detection strategy and purple team exercise design.

85 detection rules deployed across 11 MITRE ATT&CK tactics. Figures represent technique sub-coverage within each tactic category, as measured against the full MITRE ATT&CK Enterprise matrix.

Reconnaissance
72%
Initial Access
88%
Execution
64%
Persistence
78%
Privilege Escalation
85%
Defense Evasion
68%
Credential Access
93%
Lateral Movement
82%
Collection
61%
Exfiltration
84%
Impact
73%
Measurable Results

Quantified Delivery Impact

Every engagement produces documented, auditable results. Numbers from real deployments — not estimates.

SOC & SIEM Performance

36 hrs → 18 min
MTTD improvement — Sentinel deployment
−73%
MTTR reduction post-SOAR playbook deployment
500+ → 12
Daily false positives after Splunk RBA tuning
11 weeks
Full SOC deployed from zero to operational

Security & Compliance

−84%
Privileged access incidents after CyberArk PAM
−73%
Attack surface reduction via Zero Trust (40+ migrations)
4 × SOX
Consecutive external audits, zero material weaknesses
8 × PCI
PCI-DSS Level 1 maintained across 8 annual audits

Cloud & AI Engineering

€480K/yr
Cloud cost savings — 34% infrastructure reduction
2.5M+
Documents/year processed at 94–96% accuracy
12M+
API calls/month at <200ms p95 latency
0
Security breaches across 4-year Zero Trust mandate
Infrastructure Engineering

Cloud, DevOps & Data Architecture

Full-stack cloud architecture delivery. Security controls embedded at infrastructure layer, not retrofitted. Azure Expert certified.

Azure Cloud Architecture

Hub-Spoke network topology design, AKS/Kubernetes cluster hardening, Azure Functions serverless, Logic Apps SOAR integration, and private endpoint security across multi-region deployments. €480K/year cost optimisation delivered.

Azure Solutions Architect Expert AKS / Kubernetes Hub-Spoke / Private Endpoints Azure Functions

DevSecOps & IaC

Terraform and ARM/Bicep for infrastructure-as-code. Azure DevOps and GitHub Actions CI/CD pipelines with integrated SAST/DAST gates. Docker, Helm, and GitOps deployment patterns. Blue-Green and canary release strategies.

Terraform / ARM / Bicep Azure DevOps / GitHub Actions Docker / Helm / GitOps SAST / DAST Gates

Data & Backend Engineering

.NET Core 8 (C#) and Python (FastAPI/Flask/Django) backend systems. Azure Synapse Analytics, Databricks (Apache Spark, Delta Lake), Data Factory pipelines, Cosmos DB, MongoDB, and Redis for enterprise-scale data platforms.

.NET Core 8 / Python Azure Synapse / Databricks Cosmos DB / Redis Apache Spark / Delta Lake
Validated Expertise

13 Active Certifications

Certifications spanning security governance, cloud architecture, AI engineering, and network infrastructure — all active, all examined, not honorary.

ISACA / (ISC)²

CISSP

Certified Information Systems Security Professional — (ISC)². The global gold standard for senior information security practitioners.

Governance & Risk
ISACA

CISM

Certified Information Security Manager — ISACA. Information security governance, risk management, and program development.

Security Management
ISACA

CRISC

Certified in Risk and Information Systems Control — ISACA. Enterprise risk management, IT risk identification, and control implementation.

Risk & Control
(ISC)²

CCSP

Certified Cloud Security Professional — (ISC)². Cloud data security, platform architecture, and compliance across multi-cloud environments.

Cloud Security
Microsoft

Azure Solutions Architect Expert

AZ-305. Advanced cloud architecture, hybrid networking, identity, storage, and security across Azure enterprise platforms.

Azure Expert
Microsoft

Azure Security Engineer Associate

AZ-500. Azure security controls, identity protection, platform security, data and application security implementation.

Azure Security
Microsoft

Azure AI Engineer Associate

AI-102. Azure Cognitive Services, Azure OpenAI, Document Intelligence, and responsible AI implementation for enterprise workloads.

AI Engineering
Microsoft

Azure Administrator Associate

AZ-104. Azure infrastructure administration, virtual networking, compute, storage, and identity management at enterprise scale.

Azure Admin
Checkpoint

CCSE — Checkpoint

Checkpoint Certified Security Expert. Next-generation firewall policy, VPN configuration, and advanced threat prevention on Checkpoint platforms.

Network Security
Juniper Networks

JNCIS-FWV — Juniper

Juniper Networks Certified Specialist – Firewall/VPN. Juniper firewall and VPN configuration, policy management, and network security architecture.

Network Security
Cisco

CCNA Security

Cisco Certified Network Associate Security. Cisco firewall, IPS, VPN, and network infrastructure hardening across enterprise Cisco environments.

Network Security
ISO / IEC

ISO 27001 Lead Implementer & Lead Auditor

Dual certification: ISMS design and implementation (Lead Implementer) and third-party ISMS audit and certification (Lead Auditor). BSI certified.

ISO 27001 Lead Auditor
In Progress — 2026

ISO 42001 — AI Management System Lead Implementer

The world's first AI management system standard. Implementing Article 9-aligned risk frameworks for AI system governance, bias testing, transparency obligations, and incident reporting under EU AI Act.

AI Governance

See the governance infrastructure behind the detection work

Behind every detection rule sits an audit trail. Behind every SOC operation sits a governance mandate. Behind every regulatory submission sits engineering rigour.

View Regulatory Delivery Engage Directly
Full-Spectrum Capability

Skills & Competencies

25+ years of hands-on delivery across technical security architecture, enterprise leadership, and regulatory governance.

Technical Skills

SIEM · Detection · SOC
Microsoft SentinelSplunkArcSight ESMQRadarLogRhythmRSA EnvisionSOARKQLSPLSIEM ArchitectureLog AnalysisLog ManagementSecurity AnalyticsUser Behaviour Analytics (UBA)Threat DetectionThreat HuntingThreat Intelligence
IAM · PAM · Zero Trust
CyberArk PAMIdentity & Access Management (IAM)OktaAzure AD / EntraActive DirectoryPing IdentityPrivileged Access ManagementMFASSO · SAML · OAuthLDAPIdentity LifecycleZero TrustAzure PIM / JIT
Cloud Security
AzureAWSGCPAzure DefenderCloud Security ArchitectureCSPMContainer SecurityKubernetesDockerTerraformAnsibleJenkinsDevSecOpsInfrastructure as Code (IaC)ZscalerAkamai CDN
Network & Perimeter Security
Checkpoint CCSEPalo Alto NetworksCisco ASA / CCNAJuniper JNCIS-FWVFortinetFirewall ManagementIDS / IPSWAFVPN · IPSec · SSLDDoS MitigationF5 BIG-IPProxy (Bluecoat · Zscaler · Websense)TCP/IP · BGP · OSPFVLANPKI
Endpoint · EDR · DLP
CrowdStrikeMicrosoft Defender (MDE)SentinelOneCarbon BlackMcAfee EPOSymantecEndpoint Detection & Response (EDR)Data Loss Prevention (DLP)Mobile Device Management (MDM)BYOD SecurityAnti-Malware
Frameworks · Compliance · Governance
NIST CSFISO 27001MITRE ATT&CKNCSC CAFECAF (Ofgem)UK NIS RegulationsDORANIS2GDPR · UK GDPRPCI DSSSOX · SAS 70COBITITILOWASPCIS ControlsArcher eGRC
Vulnerability & Penetration Testing
QualysTenable NessusFoundstoneBurp Suite ProNmapWiresharkVulnerability ManagementPenetration TestingThreat ModellingAttack Surface Management
Scripting · Automation · AI
PythonTerraformAnsiblePowerShellKQLSQLJavaScriptAzure OpenAI / GPT-4oSemantic KernelLangChainAI Security Architecture

Business & Leadership Skills

Strategic PlanningEnterprise ArchitectureGovernance & ComplianceRisk ManagementRisk AssessmentRisk MitigationRegulatory ComplianceSecurity AuditIT AuditSolutions ArchitectureProject ManagementProgramme DeliveryChange ManagementStakeholder ManagementBudget Management ($20M+)Business Continuity (BCP)Disaster Recovery (DRP)Incident ManagementVendor ManagementContract NegotiationConsultingBusiness AnalysisDigital TransformationAgile · Prince2 · WaterfallIT Service ManagementConfiguration ManagementFramework DevelopmentSecurity Awareness TrainingBoard-Level ReportingExecutive Stakeholder Engagement

Personal & Professional Attributes

Executive PresenceLeadershipStakeholder EngagementCommunicationWritten CommunicationCollaborationInnovationIntegrityResilienceDriveOrganisation