Threat detection in the SOC. Cloud hardening on AWS, Azure, GCP. Pentesting, forensics, compliance.

Cloud SecuritySOC AnalystPenetration TestingEthical HackingDFIRGRC
~ /soc/agents — zsh
secure
agent runtime: online
enc: TLS 1.3
SOC AnalystThreat HuntingMITRE ATT&CKIncident ResponseDetection EngineeringSIEMZero TrustCloud SecurityAgentic AILLM SecurityPurple TeamingVulnerability ManagementSOAREDRBlue TeamKill ChainObservabilityDevSecOpsHardeningForensicsSOC AnalystThreat HuntingMITRE ATT&CKIncident ResponseDetection EngineeringSIEMZero TrustCloud SecurityAgentic AILLM SecurityPurple TeamingVulnerability ManagementSOAREDRBlue TeamKill ChainObservabilityDevSecOpsHardeningForensics
What I do

The work, not the job title.

How I show up: defend systems, make models useful, harden the cloud, and still ship the product. Four lanes — one through-line: fewer surprises, faster answers.

SOC work: see something wrong, make it show up next time, shorten the gap between alert and fix. I care about detections that don't spam the team and case notes the next shift can use.

Cloud security: start from identity and blast radius, get logs flowing, tighten posture before audits, monitor the control plane like you monitor endpoints.

01 / Detect & Respond

Triage, hunt, close.

I triage alerts, correlate events, and chase leads until it makes sense. Attackers get documented. Bad hygiene gets fixed in the detection.

  • Own cases from alert to close
  • ATT&CK-mapped hunts with real hypotheses
  • Write detection rules and postmortems people actually read
Proficiencycore
02 / Cloud Security

Lock down the cloud.

Start from identity and blast radius. Get logs flowing. Tighten posture. Monitor the control plane.

  • Least privilege across AWS, Azure, GCP
  • CloudTrail, Entra, GCP Audit into one pipeline
  • Fix misconfigs, harden containers
Proficiencycore
03 / Offensive Awareness

Think like an attacker.

Know how attacks work to build better detections. Initial access, lateral movement, exfil — the real stuff, not theory.

  • Pentest basics: recon, exploit, post-exploit
  • Purple team: test detections before attackers do
  • Track CVEs and exploits to keep rules current
Proficiencyworking
04 / Security Automation

Automate the boring parts.

Python, APIs, AI agents. Close the gap between alert volume and analyst time. Build tools that handle repetitive work.

  • SOAR playbooks and Python scripts that save time
  • LLM-assisted enrichment, IOC lookup, log summaries
  • Detection-as-code with version control and CI testing
Proficiencyworking
Stack

The tools I reach for.

Core day-one tools, what I'm actively working with, and what I'm sharpening next.

core working learning

Security Operations

What I use to detect, hunt, and respond.

Splunk
Microsoft Sentinel
Elastic / ELK
CrowdStrike EDR
MITRE ATT&CK
Incident Response
SOAR / Playbooks
Vulnerability Mgmt

Offensive & Forensics

Thinking like the adversary to defend better.

Wireshark
Nmap
Burp Suite
Metasploit
TryHackMe / HTB
Log Forensics

Cloud & Platform

Where I deploy, harden, and monitor.

AWS
Microsoft Azure
Google Cloud
DigitalOcean
Vercel
Docker
Kubernetes
Terraform

AI & Agents

Where agentic systems meet the real world.

LLM Agents
LangChain / LangGraph
RAG Pipelines
Vector DBs
LLM Security
Prompt Eng.
PyTorch / TF

Full-Stack Engineering

Shipping the products I help defend.

TypeScript
Python
React / Next.js
Node.js
PostgreSQL
Solidity
GitHub / CI
PythonTypeScriptNext.jsFastAPILangChainSplunkElasticAWSDockerReactPostgreSQLPrismaGSAPFramer MotionSolidityLLMsAzureGCPGitHub ActionsTerraformPythonTypeScriptNext.jsFastAPILangChainSplunkElasticAWSDockerReactPostgreSQLPrismaGSAPFramer MotionSolidityLLMsAzureGCPGitHub ActionsTerraform
Selected work

Projects that shipped

Built, deployed, and defended.

01 / 06 — Open SourceLive

AWS Threat Detection Lab

2026

Detection-as-code on AWS: CloudTrail + GuardDuty telemetry, EventBridge detections mapped to MITRE ATT&CK, least-privilege Lambda alerting.

Security

Stack

TerraformCloudTrailGuardDutyEventBridgeLambdaMITRE ATT&CK
Not shipped yet
02 / 06 — Proof9Live

Sound Rights Platform

2025

On-chain IP verification for musicians. Provenance, licensing, AI originality checks.

AIWeb3Full-Stack

Stack

Next.jsTypeScriptStory ProtocolAISolidity
03 / 06 — AIX Market AnalyzerLive

LSTM Signal Engine on SingularityNET

2024

Deep-learning analyzer for AI tokens. Compares stability, accuracy, decisiveness.

AIFull-Stack

Stack

PythonPyTorchLSTMNext.jsSingularityNET
04 / 06 — motiFi.aiLive

Agentic Market Intelligence

2025

AI agent watches multi-protocol portfolios, surfaces sentiment-weighted moves in real time.

AIFull-StackWeb3

Stack

Next.jsTypeScriptLLM AgentsRAG
05 / 06 — Home LabIn progress

SOC Detection Lab

2026

Home lab simulating attacker TTPs against Wazuh + ELK. Build and tune detections mapped to MITRE ATT&CK.

Security

Stack

WazuhELKSysmonZeekAtomic Red TeamMITRE ATT&CK
Not shipped yet
06 / 06 — ResearchComing soon

Agentic Triage Copilot

2026

LLM copilot enriches and triages SOC alerts. Pulls IOCs, threat intel, prior cases before analyst opens ticket.

AISecurity

Stack

PythonLangGraphRAGVirusTotalOTXATT&CK
Not shipped yet
Trajectory

Engineer → AI builder → Security operator.

Same curiosity, broader lens. I stack layers instead of replacing them.

  1. 2025 — Presentcurrent

    SOC Analyst / Security Engineer

    @ Freelance / Contract

    Triaging alerts across SIEM + EDR, running ATT&CK-driven threat hunts, tuning detections, and contributing to IR playbooks and post-incident reviews.

    SIEMEDRMITRE ATT&CKIncident Response
  2. 2024 — 2025

    AI / Agentic Systems Engineer

    @ Proof9 · AIX · motiFi.ai

    Designed LLM agents with tool-use and RAG over private corpora. Shipped production AI features — IP verification on Story Protocol, LSTM market signals on SingularityNET, and multi-protocol portfolio intelligence.

    LLM AgentsRAGLangGraphPythonTypeScript
  3. 2022 — 2024

    Full-Stack & Smart Contract Engineer

    @ ChainCheque · PeerRamp · AdanfoCash · Tanic

    Built and audited smart contracts across EVM chains, shipped SaaS and restaurant web apps, and delivered frontend systems for fintech and Web3 clients across Ghana and the wider ecosystem.

    Next.jsNodeSolidityPythonPostgres
  4. 2020 — 2022

    Software Engineer

    @ Freelance / Open Source

    Built the engineering foundation across full-stack web, systems thinking, and Linux. Started reading CVEs recreationally — this is where the attacker-empathy began.

    TypeScriptReactGitLinux
Credentials

What I'm earning, and what I'm sharpening.

A live look at the certifications I'm pursuing — with the modules, exam codes, and where I'm at.

Google Professional Cybersecurity

Google

Earned

End-to-end cybersecurity foundations covering threat detection, SIEM, incident response, and Python automation for security tasks.

Progress100%
Domains on the syllabi
  1. Foundations of Cybersecurity
  2. Networks & Network Security
  3. Linux & SQL
  4. Assets, Threats & Vulnerabilities
  5. Detection & Response
  6. Automate Cybersecurity Tasks with Python
Skills & domains
SIEMIncident ResponseThreat DetectionLinuxPythonSQL

CompTIA Security+

CompTIA

Exam: SY0-701Target: Q3 2026
Pursuing

The vendor-neutral baseline for security: I'm using it to lock in the fundamentals I touch every day in the SOC.

Progress30%
Domains on the syllabi
  1. General Security Concepts
  2. Threats, Vulnerabilities & Mitigations
  3. Security Architecture
  4. Security Operations
  5. Security Program Management
Skills & domains
Threats & VulnerabilitiesSecurity ArchitectureOperationsGovernance & RiskIR

Cisco Ethical Hacker

Cisco

Target: Q4 2026
Pursuing

Offensive security fundamentals from a vendor with deep network roots — recon, exploitation, and post-exploitation mapped to real-world attack surfaces.

Progress60%
Domains on the syllabi
  1. Introduction to Ethical Hacking
  2. Reconnaissance & Footprinting
  3. Scanning & Enumeration
  4. Exploitation Techniques
  5. Post-Exploitation & Reporting
Skills & domains
ReconnaissanceExploitationPost-ExploitationNetwork AttacksWeb App Testing

AWS Cloud Practitioner

Amazon Web Services

Exam: CLF-C02
Earned

Anchoring AWS fundamentals so my cloud-security work stops at the right primitives: IAM, KMS, CloudTrail, GuardDuty.

Progress100%
Domains on the syllabi
  1. Cloud Concepts
  2. Security & Compliance
  3. Technology & Services
  4. Billing, Pricing & Support
Skills & domains
IAMKMSCloudTrailGuardDutyShared ResponsibilityBilling

TryHackMe & HackTheBox Paths

TryHackMe / HTB Academy

In progress

Hands-on labs across blue, red, and cloud security tracks — where the theory becomes muscle memory.

Progress55%
Domains on the syllabi
  1. SOC Level 1
  2. Cyber Defense
  3. Junior Penetration Tester
  4. AD enumeration & lateral movement
Skills & domains
Blue-teamSOC L1Web exploitationAD attacksCloud labsForensics
Trust

What people I've worked with say

Colleagues and clients — across security, AI, and product.

Richard rebuilt our website from scratch. His attention to detail and understanding of our brand were exceptional. We're thrilled with what he delivered.

Nicholas Kwasi
CEO, Tanic Technologies
About

Who I am

No fluff. Just what I do and why.

bio.md

I triage alerts, hunt threats, harden cloud setups, run pentests, and investigate incidents. I know how attacks work and how to catch them in logs.

Started building full-stack apps and smart contracts. Now I defend them. I automate the boring parts and focus on what actually matters.

Currently going deep on cloud engineering and cloud security — I build it, then I harden it. You protect best what you know how to build.

If you're building something ambitious that needs to be fast, well-instrumented, and hard to compromise — we should talk.

signals.txt

How I work

  • Run CLI over GUI whenever possible
  • Curious about how adversaries really think
  • Long walks when a problem refuses to solve
  • Deep-focus music while hunting logs
  • Coffee-driven development, lightly caffeinated
Open source

GitHub

Launching soon · Join the waitlist

Break Into Cloud Security— a hands-on study cohort

Learn cloud security the way it actually sticks: build real cloud environments, break them, defend them, and turn every lab into portfolio proof. I'm walking the same road — SOC floor to cloud security — and sharing everything that works.

Hands-on labs: SIEM, EDR, cloud logging, detection engineering

Real-world threat hunts and incident response walkthroughs

AWS / Azure / GCP hardening from identity to control plane

Weekly check-ins + a public portfolio of labs you can show hiring managers

Reserve your spot

First cohort is limited. Be the first to know when doors open.

No spam. Unsubscribe anytime.
/contact

Have a system that needs building  or defending? 

I'm open to SOC, detection-engineering, and AI-agent roles, and to select contract work. The fastest way in is email.

what to include
  • role or brief
  • timeline and urgency
  • stack / environment
  • risk model (if any)
Response within 24h. PGP on request.

dr_winner@portfolio · Cyber & Cloud Security Engineer