A purple-team operator for anyone serious about security.
I work in the overlap between offensive simulation and blue-team detection. The purple side.
My routine: run real adversary techniques in the lab, write the detection that catches them, deploy to the SIEM, measure false positives for 72 hours and tune.
It gives me an unusual edge: when I review an infrastructure I already know what will appear on the SIEM before looking. When I review a SIEM I already know which attacks are being missed.
Day to day I audit corporate infrastructures, manage Fortinet and Sophos firewalls, stand up Wazuh + TheHive + Cortex + MISP stacks, and work with clients who need to reach NIS2 / ENS without turning compliance into theatre.
And in between: the lab. Every MITRE technique I run ends up on GitHub with its Sigma rule, its detection and its false-positive notes.
What I carry in the toolbox.
Tools, frameworks and disciplines I use in production and the lab.
- » Web Pentesting
- » OWASP Top 10
- » SQLi / XSS / CSRF
- » LFI · RFI · SSTI · IDOR
- » Command Injection
- » Burp Suite
- » Metasploit
- » sqlmap · ffuf
- » Impacket · Rubeus
- » BloodHound
- » Nmap
- » Atomic Red Team
- » Wazuh
- » TheHive · Cortex
- » MISP
- » Elastic Security
- » OpenSearch
- » Sigma
- » YARA
- » Suricata
- » Sysmon
- » MITRE ATT&CK
- » Fortinet
- » Sophos (Silver Partner)
- » VLAN segmentation
- » SSL VPN · IPsec
- » Linux (Kali · Parrot)
- » Windows hardening
- » Active Directory
- » Acronis Cyber Protect
- » AWS (EC2, CLI)
- » Azure
- » Cloudflare Pages · Workers
- » Docker
- » WireGuard
- » Git · CI/CD
- » Python 3
- » Bash
- » PowerShell
- » n8n
- » LaTeX · pdflatex
- » Go
- » Rust
- » ISO/IEC 27001:2022
- » NIS2
- » ENS
- » NIST CSF
- » PCI-DSS
- » OWASP