Capabilities
Skills
Where I focus, grouped by area. Levels are a self-assessment, not a certification.
Detection & Response
Detection engineering
Designing, tuning, and validating detections across SIEM/EDR/NDR.
Incident response
Lead role in active response, triage, containment, and post-incident review.
Threat hunting
Hypothesis-led hunts using telemetry, threat intel, and custom queries.
Engineering
Hardened Linux engineering
Ubuntu/Debian hardening, Apache, Redis, MySQL, secure deployment.
Secure PHP development
PHP/PDO with Argon2id, CSRF, CSP, and least-privilege design.
Strategy & Governance
Threat modelling
STRIDE, attack trees, and bespoke threat models for systems and orgs.
Security architecture
Designing defensible architectures across cloud, on-prem, and hybrid.
Programme leadership
Building and running cyber defence functions and programmes.
Threat-Led Testing
Adversary emulation
TTPs-based emulation aligned to MITRE ATT&CK and bespoke threat profiles.
Red & purple teaming
Operating both attacker and defender perspectives to harden capability.