Services
Senior-practitioner engineering engagements, not managed services and not strategy-only advisory.
START HERE
Security Program Gap Assessment
Not sure where to start? This is a focused review of your detection coverage, hunt program maturity, and SIEM/pipeline health. You get a prioritized, plain-language report on what's working, what's not, and where senior engineering time would move the needle most.
- Detection and telemetry coverage review
- Hunt program maturity check
- SIEM and Cribl pipeline health check
- Prioritized findings report with next steps
Detection Engineering
Detection logic that's tested, not assumed. I write, tune, and validate detections against real attacker behavior (MITRE ATT&CK-mapped where useful), so your team spends time on real threats instead of chasing false positives.
- Detection coverage gap analysis
- Custom detection authoring and tuning
- Detection-as-code workflows for version control and testing
Threat Hunting Program Build-Out
I've built a threat hunt program from zero. I can build yours. This includes methodology, tooling selection, hypothesis-driven hunt cadence, and reporting that shows leadership what the program is actually finding.
- Hunt program design and playbooks
- Hands-on hunt engagements
- Analyst training and knowledge transfer
Cribl & SIEM Pipeline Architecture
Most SIEM cost problems are data problems. I architect Cribl pipelines that filter, route, and tier telemetry before it hits your most expensive platforms, cutting noise and cost without losing visibility.
- Cribl Stream deployment and pipeline design
- SIEM migration and data reduction
- Ongoing pipeline tuning and support
ADD-ON SERVICE
Cloud Security & CI/CD Pipeline Security
Add-on engagement scope for teams that need multi-cloud security posture work or CI/CD pipeline hardening alongside detection and hunting engagements.
