Security
Operations,
Engineered.
8+ years building and optimising SecOps. From frontline SOC analyst to engineering the automation and detection pipelines that power modern security teams.
From frontline analyst to security engineer
I've spent my career building security operations that actually work — from tuning SIEM alerts at a managed security provider, to engineering automation pipelines that power SecOps at scale.
Career Journey
Building SecOps services end-to-end: log pipelines into SIEM, SOAR automations with AI enrichment, ISO 27001 controls implementation, and mentoring SOC analysts.
Secured Cyber Essentials Plus, automated asset reporting in Python, migrated applications to SSO, and streamlined alert investigation workflows.
Built MITRE ATT&CK-mapped detections, ensured PCI/SOX compliance, and implemented cloud security monitoring to catch out-of-guardrail deployments.
SIEM monitoring, PCI ASV scanning with Qualys, vulnerability reporting, and tool capability analysis to improve SOC operations.
Frontline SOC: SIEM alert analysis, false-positive tuning, daily threat hunting on customer environments, and investigation playbook documentation.
Education
Certifications
Research & Speaking
Tools
Skills & Practices
How I can help your team
Practical security engineering and consulting for startups and mid-market teams that need expert guidance without enterprise overhead.
SOC Design & Optimisation
Design or overhaul your Security Operations Centre — from detection engineering and log pipelines to analyst workflows and sprint planning. Built on real experience running SecOps at MSSP and internal teams.
Incident Detection & Response
Build detection use cases mapped to MITRE ATT&CK that reflect your actual threat landscape — with containment, eradication, and recovery playbooks to match. Includes false-positive reduction and alert quality improvement.
SIEM Engineering
Log pipeline design, ingestion tuning, and detection rule management across Splunk and Datadog. I'll help you cut through the noise — standardising event formats, reducing false positives, and making your SIEM actually useful.
SOAR & Security Automation
Implement and extend SOAR platforms (Tines and others) with custom Python automations for incident response, alert triage, bug bounty triage, and asset reporting — reducing manual toil across your security team.
AI-Augmented Security Operations
Bring AI into your SecOps workflows — from LLM-powered alert enrichment and triage to AI-assisted threat summarisation. Practical, production-tested approaches that reduce analyst workload without replacing human judgement.
ISO 27001 & Cyber Essentials
Implement security controls, gather evidence, and prepare your team for ISO 27001 and Cyber Essentials Plus certification. Hands-on experience taking organisations through both — not just gap analysis, but doing the work.
Cloud Security Operations
Security monitoring and guardrail policies for AWS and GCP environments — alerting on out-of-policy deployments, implementing cloud-native detection, and integrating cloud logs into your SIEM pipeline.
Vulnerability Management
Stand up a structured vulnerability programme using Qualys and similar tooling — regular scanning, risk-prioritised reporting for engineering teams, and PCI ASV compliance. I'll help you move from reactive patching to proactive exposure management.
Threat Intelligence Integration
Operationalise threat intelligence — IOC-driven hunting, integrating feeds into detection pipelines, and building processes that give analysts context rather than noise. Informed by research presented at BlackHat Europe 2018.
Ready to strengthen your security posture?
Let's talk through your challenges in a free 30-minute consultation. No obligation, just expert perspective.
Book a Free Call