RICHARD

Security Analyst II

The Deck

Welcome aboard. Get to know the captain of this vessel.

Mission & Background

My journey in cybersecurity began within MSSPs, where I learned to operate in fast-paced environments, triaging high volumes of alerts, investigating incidents, and sharpening my operational skills.

Seeking greater challenges, I transitioned into an internal security team where tasks became more ambiguous, and I was required to wear many hats — from incident response and cloud security investigations to detection rule creation, log analysis, and vulnerability management.

Throughout this journey, I consistently pursued growth outside of working hours: studying detection engineering, learning new security tools, building Sigma rules, writing KQL queries, simulating adversary behavior, and deepening my understanding of modern threat landscapes.

Beyond cybersecurity, I'm passionate about balance and discipline — I enjoy cooking, biking, and consistently training at the gym. These habits reflect the same energy I bring to my professional development: always learning, always moving forward.

Today, my mission is clear: to evolve from security analyst to a skilled Detection Engineer — designing resilient, proactive defenses to find adversaries before they strike.

Areas of Interest

Detection Engineering

Digital Forensics

Incident Response

Threat Hunting

Voyages

A complete project series on building a cybersecurity monitoring and detection lab.

Part 1: Configuring Elasticsearch & Kibana

Setting up Elasticsearch and Kibana for centralized log management and analysis in a cybersecurity environment.

Elasticsearch

Kibana

Log Management

Part 2: Setting Up Winlogbeat & Filebeat

Configuring Winlogbeat and Filebeat for efficient log collection from Windows systems and various file sources.

Winlogbeat

Filebeat

Log Collection

Part 3: Windows Audit Policy, Sysmon & Atomic Red Team

Implementing Windows audit policies, Sysmon monitoring, and using Atomic Red Team for security testing.

Sysmon

Windows Audit

Atomic Red Team

Part 4: Triage and Custom Detection Creation

Analyzing and responding to a simulated phishing attack using the monitoring infrastructure set up in previous parts.

Incident Response

Phishing

Threat Analysis

The Crow's Nest

Cybersecurity articles, tutorials, and analysis from the lookout point.

Snowflake Log Ingestion via Azure Functions

A technical guide on setting up Snowflake log ingestion using Azure Functions, with step-by-step implementation details.

Cloud Security

Azure

Snowflake

LetsDefend: WinRAR 0-Day (CVE-2023-38831)

Analysis of the WinRAR zero-day vulnerability, including detection methods and security implications.

Vulnerability Analysis

CVE

Detection

Investigative Features in Microsoft Defender and Sentinel

A breakdown of key investigative features in Microsoft Defender and Sentinel for SOC analysts.

Microsoft Defender

Microsoft Sentinel

SOC

Signals in the Sea

Professional certifications and qualifications in the field.

Certifications

SC-200, Microsoft Certified: Security Operations Analyst Associate

CDSA, HackTheBox Certified Defensive Security Analyst

PSAA, Practical SOC Analyst Associate

PNPT, Practical Network Penetration Tester

BTL1, Blue Team Level 1

eJPT, eLearn Junior Penetration Tester

CompTIA Network+

CompTIA Security+

Splunk Enterprise Security Admin

The Hold

Send a message in a bottle or signal across the digital waves.

Get in Touch

Have a question or want to work together? Send me a message.

Contact Information

enleak@protonmail.com

Available for freelancing

Social Networks