SOC Analyst& AI Engineer
I build and defend intelligent systems — from detection engineering in the SOC to agentic AI that reasons, retrieves, and acts.
- Focus
- SOC & agentic AI
- Clouds
- AWS · Azure · GCP
This window is a decorative terminal — it sets the security vibe and auto-typed lines. The real, typeable one is the bar at the bottom of the page, or open Console in the header. You can use normal sentences; no command-line experience needed.
→ To actually type, use the console at the bottom of the screen.
The work, not the job title.
How I show up: defend systems, make models useful, harden the cloud, and still ship the product. Four lanes — one through-line: fewer surprises, faster answers.
Security work for me is a loop: see something wrong, make it show up in the data next time, and shorten the line between alert and answer. I care about the unglamorous stuff — the rules that do not false-positive your team to death, and the case notes the next shift can actually use.
On the AI side, I build systems that are allowed to act — with tools, memory, and boundaries. I spend time on context quality and failure modes because that is what separates a demo from something you can run next to a production SIEM without losing sleep.
In the queue with you, not above it.
I triage, correlate, and chase until the story makes sense. When the root cause is an attacker, you get a written trail. When it is bad hygiene, the detection and the playbook get a bump anyway.
- Case ownership: from first alert to clean handoff or close
- Hunts with a testable hypothesis, not a keyword safari
- Rules, tuning notes, and postmortems people will actually read
Agents with a job, not a chat window.
I wire up retrieval, tools, and policy so a model can do real work in your environment — and I spend as much time on what happens when a log line lies as when it tells the truth.
- End-to-end agent flows: plan → tool use → check → respond
- RAG and evals for internal docs and noisy tickets
- Threat model: prompt abuse, exfil, and over-trusted output
Clouds are just someone else's computers.
I start from identity and blast radius, then get logs and alerts into a place an analyst can stand on. Same habits across AWS, Azure, and GCP; different console quirks.
- Least privilege you can still operate under
- Pipelines: CloudTrail, Entra, IAM — into the same hunt brain
- CI and containers without secret sprawl in plain sight
I still build what I help defend.
TypeScript, Python, Solidity, Postgres — production apps and contracts, not weekend tutorials. It changes how I read an alert: I know what *should* be weird in your stack because I've shipped the happy path and the bad deploy.
- Full stack: APIs, UIs, jobs, the boring reliability bits
- On-chain and off: same discipline on keys and config
- Secure defaults without blocking your team in Jira for a week
The tools I reach for.
Core day-one tools, what I'm actively working with, and what I'm sharpening next.
Security Operations
What I use to detect, hunt, and respond.
Offensive & Forensics
Thinking like the adversary to defend better.
Cloud & Platform
Where I deploy, harden, and monitor.
AI & Agents
Where agentic systems meet the real world.
Full-Stack Engineering
Shipping the products I help defend.
Projects that shipped, and work in the lab
Each row is one story: full detail on one side, the visual on the other. Scroll the page — the pair fades in together and eases out as you go.
01 — Proof9
Sound Rights Platform
2025
On-chain IP verification for musicians — provenance, licensing, and AI-assisted originality checks.
Outcomes
- Protect, verify, license, and monetize sound IP on-chain
- AI-powered originality verification for creators
- Threat-modelled the upload pipeline against AI-model abuse
- Powered by Story Protocol, Yakoa, and Tomo
Type
Stack
- Next.js
- TypeScript
- Story Protocol
- AI
- Solidity
02 — AIX Market Analyzer
LSTM Signal Engine on SingularityNET
2024
A deep-learning analyzer for AI tokens — comparing robustness, accuracy, and decisiveness signals.
Outcomes
- Data-driven insights for AI-token investment decisions
- LSTM model benchmarked against baseline signals
- End-to-end pipeline from ingestion to dashboard
Type
Stack
- Python
- PyTorch
- LSTM
- Next.js
- SingularityNET
03 — motiFi.ai
Agentic Market Intelligence
2025
AI agent that watches multi-protocol portfolios and surfaces sentiment-weighted market moves in real time.
Outcomes
- Tracks multiple investments across protocols
- Agent-driven sentiment + trend analysis on top assets
- Pushes actionable alerts to help users react quickly
Type
Stack
- Next.js
- TypeScript
- LLM Agents
- RAG
lab · building
04 — Home Lab
SOC Detection Lab
2026
A home lab that simulates attacker TTPs against Wazuh + ELK to build and tune custom detections mapped to MITRE ATT&CK.
Outcomes
- End-to-end ingestion: Sysmon, Zeek, cloud logs
- Custom detections mapped to MITRE ATT&CK techniques
- Atomic Red Team simulations with auto-generated reports
Type
Stack
- Wazuh
- ELK
- Sysmon
- Zeek
- Atomic Red Team
- MITRE ATT&CK
05 — Research
Agentic Triage Copilot
2026
An LLM copilot that enriches and triages SOC alerts — pulling IOCs, threat-intel, and prior cases before an analyst even opens the ticket.
Outcomes
- LLM agent with tool-use over VT, OTX, and internal case history
- Auto-summarizes alerts with ATT&CK mapping
- Guardrails against prompt-injection via ingested logs
Type
Stack
- Python
- LangGraph
- RAG
- VirusTotal
- OTX
- ATT&CK
lab · building
Engineer → AI builder → Security operator.
Same curiosity, broader lens. I stack layers instead of replacing them.
- 2025 — Presentcurrent
SOC Analyst / Security Engineer
@ Security Operations
Triaging alerts across SIEM + EDR, running ATT&CK-driven threat hunts, tuning detections, and contributing to IR playbooks and post-incident reviews.
SIEMEDRMITRE ATT&CKIncident Response - 2024 — 2025
AI / Agentic Systems Engineer
@ Independent & Open-Source
Designed LLM agents with tool-use and RAG over private corpora. Shipped production AI features (sentiment, market intelligence, IP verification) across Web3 and consumer apps.
LLM AgentsRAGLangGraphPythonTypeScript - 2022 — 2024
Full-Stack & Smart Contract Engineer
@ Startups & Hackathons
Shipped multiple production dApps and SaaS products on Next.js, Node, Python, and Solidity — winning hackathons and learning how real attackers think.
Next.jsNodeSolidityPythonPostgres - 2020 — 2022
Software Engineer — Early Career
@ Learning the craft
Built the engineering foundation: clean code, systems thinking, testing, and shipping. This is where the attacker-empathy began.
TypeScriptReactGitLinux
What I'm earning, and what I'm sharpening.
A live look at the certifications I'm pursuing — with the modules, exam codes, and where I'm at.
CompTIA Security+
CompTIA
The vendor-neutral baseline for security: I'm using it to lock in the fundamentals I touch every day in the SOC.
- General Security Concepts
- Threats, Vulnerabilities & Mitigations
- Security Architecture
- Security Operations
- Security Program Management
CompTIA CySA+
CompTIA
Blue-team focused: detection engineering, threat intelligence, and the analyst workflow I live in.
- Security Operations
- Vulnerability Management
- Incident Response & Management
- Reporting & Communication
AWS Cloud Practitioner
Amazon Web Services
Anchoring AWS fundamentals so my cloud-security work stops at the right primitives: IAM, KMS, CloudTrail, GuardDuty.
- Cloud Concepts
- Security & Compliance
- Technology & Services
- Billing, Pricing & Support
TryHackMe & HackTheBox Paths
TryHackMe / HTB Academy
Hands-on labs across blue, red, and cloud security tracks — where the theory becomes muscle memory.
- SOC Level 1
- Cyber Defense
- Junior Penetration Tester
- AD enumeration & lateral movement
What people I've worked with say
A slow loop of past collaborators — not edge-to-edge; same readable width as the rest of the page.
Richard was instrumental in transforming our website into a powerful digital experience. His attention to detail and his grasp of our brand were exceptional — we're thrilled with the work he delivered.
Working with Winner was a pleasure. His expertise in smart-contract development brought our project to life, and he is genuinely focused on security implementation across EVM-compatible chains.
Winner's ability to craft seamless user experiences is unmatched. Since we launched our new restaurant web application we've seen a significant increase in conversions. We couldn't be happier.
Winner is an exceptionally dedicated engineer who consistently delivers high-quality work. His insights and work ethic make him an outstanding asset — I have no hesitation recommending him.
A true frontend wizard. He translated our complex product into an intuitive, engaging interface with solid UX — and the feedback from founders has been overwhelmingly positive.
He worked on our smart-contract security implementation and was nothing short of exceptional. A talented developer and a great communicator — highly recommended.
Add a testimonial here from a security colleague — mentor, SOC lead, or IR partner. This placeholder is visible only to you.
Richard was instrumental in transforming our website into a powerful digital experience. His attention to detail and his grasp of our brand were exceptional — we're thrilled with the work he delivered.
Working with Winner was a pleasure. His expertise in smart-contract development brought our project to life, and he is genuinely focused on security implementation across EVM-compatible chains.
Winner's ability to craft seamless user experiences is unmatched. Since we launched our new restaurant web application we've seen a significant increase in conversions. We couldn't be happier.
Winner is an exceptionally dedicated engineer who consistently delivers high-quality work. His insights and work ethic make him an outstanding asset — I have no hesitation recommending him.
A true frontend wizard. He translated our complex product into an intuitive, engaging interface with solid UX — and the feedback from founders has been overwhelmingly positive.
He worked on our smart-contract security implementation and was nothing short of exceptional. A talented developer and a great communicator — highly recommended.
Add a testimonial here from a security colleague — mentor, SOC lead, or IR partner. This placeholder is visible only to you.
A quick read on who I am
Short on fluff, long on why I do the work.
I operate where security meets AI. By day I triage alerts, hunt threats, and build detections; by night I design agentic systems that can reason, retrieve, and act.
I started as a full-stack engineer shipping production web apps and smart contracts, which shapes how I defend them today: with attacker empathy, clean code, and automation over toil.
If you're building something ambitious that needs to be fast, well-instrumented, and hard to compromise — we should talk.
Small things about how I work
- Run CLI over GUI whenever possible
- Curious about how adversaries really think
- Long walks when a problem refuses to solve
- Deep-focus music while hunting logs
- Coffee-driven development, lightly caffeinated
GitHub
Have a system that needs building — or defending?
I'm open to SOC, detection-engineering, and AI-agent roles, and to select contract work. The fastest way in is email.
- ▸ role or brief
- ▸ timeline and urgency
- ▸ stack / environment
- ▸ risk model (if any)