// about me
Who I Am
SOC analyst with a technical security background and working knowledge of GRC. Here's the longer version.
Background
I work in security operations, monitoring environments, triaging alerts, and responding to incidents. My day-to-day focus is on moving from signal to context to decision accurately and quickly, using Microsoft Sentinel, Splunk, and CrowdStrike Falcon as primary tools. I'm comfortable in both Windows and Linux environments and have a strong foundation in network security and scripting that lets me go beyond the alert queue when a situation calls for it.
What sets me apart from most Tier 1/2 analysts is a working understanding of GRC and compliance frameworks: SOC 2, NIST CSF, GDPR. That background changes how I assess severity and communicate findings. I understand why certain controls exist, which helps me prioritise correctly, escalate with context, and explain security events in terms that resonate with both technical and non-technical stakeholders.
Outside of operational work I build security tooling, write in-depth analysis on GRC and incident disclosure topics, and maintain Civic Nexus, an independent research platform designed as a live application of privacy-by-design principles.
Skills & Tooling
Certifications
CCNA
Cisco · 2026
Security+
CompTIA · 2026
AZ-500
Microsoft · 2026
Experience & Training
A.A.S. Cybersecurity & Information Assurance · In Progress
Associate of Applied Science in Cybersecurity and Information Assurance. Coursework covering network security, operating systems, threat analysis, and security policy, running in parallel with hands-on lab work and independent research.
Azure Security Engineering · Microsoft
Hands-on training in Azure security, identity and access management, Microsoft Sentinel configuration and KQL querying, network security groups, Defender for Cloud, and security operations workflows in a cloud-native environment.
Google Data Analytics · Coursera
Data aggregation, visualisation, and SQL, applied to log analysis, alert data processing, and building structured reporting outputs from security event data.
Independent Security Research & Writing
Regular deep-dive analysis on incident response, GRC structural gaps, and regulatory disclosure requirements, published on this site. Topics include TPRM program effectiveness, SOC 2 control assurance, and the SEC cybersecurity materiality determination problem.