Threat detection in the SOC. Cloud hardening on AWS, Azure, GCP. Pentesting, forensics, compliance.
- Clouds
- AWS · Azure · GCP
The work, not the job title.
How I show up: defend systems, make models useful, harden the cloud, and still ship the product. Four lanes — one through-line: fewer surprises, faster answers.
SOC work: see something wrong, make it show up next time, shorten the gap between alert and fix. I care about detections that don't spam the team and case notes the next shift can use.
Cloud security: start from identity and blast radius, get logs flowing, tighten posture before audits, monitor the control plane like you monitor endpoints.
Triage, hunt, close.
I triage alerts, correlate events, and chase leads until it makes sense. Attackers get documented. Bad hygiene gets fixed in the detection.
- Own cases from alert to close
- ATT&CK-mapped hunts with real hypotheses
- Write detection rules and postmortems people actually read
Lock down the cloud.
Start from identity and blast radius. Get logs flowing. Tighten posture. Monitor the control plane.
- Least privilege across AWS, Azure, GCP
- CloudTrail, Entra, GCP Audit into one pipeline
- Fix misconfigs, harden containers
Think like an attacker.
Know how attacks work to build better detections. Initial access, lateral movement, exfil — the real stuff, not theory.
- Pentest basics: recon, exploit, post-exploit
- Purple team: test detections before attackers do
- Track CVEs and exploits to keep rules current
Automate the boring parts.
Python, APIs, AI agents. Close the gap between alert volume and analyst time. Build tools that handle repetitive work.
- SOAR playbooks and Python scripts that save time
- LLM-assisted enrichment, IOC lookup, log summaries
- Detection-as-code with version control and CI testing
The tools I reach for.
Core day-one tools, what I'm actively working with, and what I'm sharpening next.
Security Operations
What I use to detect, hunt, and respond.
Offensive & Forensics
Thinking like the adversary to defend better.
Cloud & Platform
Where I deploy, harden, and monitor.
AI & Agents
Where agentic systems meet the real world.
Full-Stack Engineering
Shipping the products I help defend.
Projects that shipped
Built, deployed, and defended.
AWS Threat Detection Lab
2026
Detection-as-code on AWS: CloudTrail + GuardDuty telemetry, EventBridge detections mapped to MITRE ATT&CK, least-privilege Lambda alerting.
Stack
Sound Rights Platform
2025
On-chain IP verification for musicians. Provenance, licensing, AI originality checks.
Stack
LSTM Signal Engine on SingularityNET
2024
Deep-learning analyzer for AI tokens. Compares stability, accuracy, decisiveness.
Stack
Agentic Market Intelligence
2025
AI agent watches multi-protocol portfolios, surfaces sentiment-weighted moves in real time.
Stack
SOC Detection Lab
2026
Home lab simulating attacker TTPs against Wazuh + ELK. Build and tune detections mapped to MITRE ATT&CK.
Stack
Agentic Triage Copilot
2026
LLM copilot enriches and triages SOC alerts. Pulls IOCs, threat intel, prior cases before analyst opens ticket.
Stack
Engineer → AI builder → Security operator.
Same curiosity, broader lens. I stack layers instead of replacing them.
- 2025 — Presentcurrent
SOC Analyst / Security Engineer
@ Freelance / Contract
Triaging alerts across SIEM + EDR, running ATT&CK-driven threat hunts, tuning detections, and contributing to IR playbooks and post-incident reviews.
SIEMEDRMITRE ATT&CKIncident Response - 2024 — 2025
AI / Agentic Systems Engineer
@ Proof9 · AIX · motiFi.ai
Designed LLM agents with tool-use and RAG over private corpora. Shipped production AI features — IP verification on Story Protocol, LSTM market signals on SingularityNET, and multi-protocol portfolio intelligence.
LLM AgentsRAGLangGraphPythonTypeScript - 2022 — 2024
Full-Stack & Smart Contract Engineer
@ ChainCheque · PeerRamp · AdanfoCash · Tanic
Built and audited smart contracts across EVM chains, shipped SaaS and restaurant web apps, and delivered frontend systems for fintech and Web3 clients across Ghana and the wider ecosystem.
Next.jsNodeSolidityPythonPostgres - 2020 — 2022
Software Engineer
@ Freelance / Open Source
Built the engineering foundation across full-stack web, systems thinking, and Linux. Started reading CVEs recreationally — this is where the attacker-empathy began.
TypeScriptReactGitLinux
What I'm earning, and what I'm sharpening.
A live look at the certifications I'm pursuing — with the modules, exam codes, and where I'm at.
Google Professional Cybersecurity
End-to-end cybersecurity foundations covering threat detection, SIEM, incident response, and Python automation for security tasks.
- Foundations of Cybersecurity
- Networks & Network Security
- Linux & SQL
- Assets, Threats & Vulnerabilities
- Detection & Response
- Automate Cybersecurity Tasks with Python
CompTIA Security+
CompTIA
The vendor-neutral baseline for security: I'm using it to lock in the fundamentals I touch every day in the SOC.
- General Security Concepts
- Threats, Vulnerabilities & Mitigations
- Security Architecture
- Security Operations
- Security Program Management
Cisco Ethical Hacker
Cisco
Offensive security fundamentals from a vendor with deep network roots — recon, exploitation, and post-exploitation mapped to real-world attack surfaces.
- Introduction to Ethical Hacking
- Reconnaissance & Footprinting
- Scanning & Enumeration
- Exploitation Techniques
- Post-Exploitation & Reporting
AWS Cloud Practitioner
Amazon Web Services
Anchoring AWS fundamentals so my cloud-security work stops at the right primitives: IAM, KMS, CloudTrail, GuardDuty.
- Cloud Concepts
- Security & Compliance
- Technology & Services
- Billing, Pricing & Support
TryHackMe & HackTheBox Paths
TryHackMe / HTB Academy
Hands-on labs across blue, red, and cloud security tracks — where the theory becomes muscle memory.
- SOC Level 1
- Cyber Defense
- Junior Penetration Tester
- AD enumeration & lateral movement
What people I've worked with say
Colleagues and clients — across security, AI, and product.
Richard rebuilt our website from scratch. His attention to detail and understanding of our brand were exceptional. We're thrilled with what he delivered.
Who I am
No fluff. Just what I do and why.
I triage alerts, hunt threats, harden cloud setups, run pentests, and investigate incidents. I know how attacks work and how to catch them in logs.
Started building full-stack apps and smart contracts. Now I defend them. I automate the boring parts and focus on what actually matters.
Currently going deep on cloud engineering and cloud security — I build it, then I harden it. You protect best what you know how to build.
If you're building something ambitious that needs to be fast, well-instrumented, and hard to compromise — we should talk.
How I work
- Run CLI over GUI whenever possible
- Curious about how adversaries really think
- Long walks when a problem refuses to solve
- Deep-focus music while hunting logs
- Coffee-driven development, lightly caffeinated
GitHub
Break Into Cloud Security— a hands-on study cohort
Learn cloud security the way it actually sticks: build real cloud environments, break them, defend them, and turn every lab into portfolio proof. I'm walking the same road — SOC floor to cloud security — and sharing everything that works.
Hands-on labs: SIEM, EDR, cloud logging, detection engineering
Real-world threat hunts and incident response walkthroughs
AWS / Azure / GCP hardening from identity to control plane
Weekly check-ins + a public portfolio of labs you can show hiring managers
Have a system that needs building — or defending?
I'm open to SOC, detection-engineering, and AI-agent roles, and to select contract work. The fastest way in is email.
- ▸ role or brief
- ▸ timeline and urgency
- ▸ stack / environment
- ▸ risk model (if any)


