I am a Threat Detection Engineer and Technical Consultant entrusted with creating a Detection Engineer Program for clients, aimed at fully optimizing their Detection Program life cycle. My expertise lies in conducting gap analysis and MITRE ATT&CK threat modeling, as well as crafting detection analytics in the practice of detection-as-code using widely supported open-source projects like Sigma Rules, a YARA-like language designed to be SIEM vendor agnostic.
Additionally, I specialize in assessing emerging threats and taking proactive actions to map their Tactics, Techniques, and Procedures (TTPs) in order to create effective detections.
Previously at Epirus...
I am a cybersecurity professional with a proven track record in architecting and implementing advanced cybersecurity solutions for startups across domains such as Security Operations, Security Engineering, Detection Analytics, corporate security, and security architecture. I excel in fast-paced startup environments, implementing modern security solutions, industry best practices, and emerging trends. I lead by influence and empathize with user experiences while spearheading the design of security architecture. I am exceptional in communicating with stakeholders and C-suite executives to align security initiatives with organizational goals, milestones, and fostering a strong security culture.
Some notable examples of my key highlight projects include:
Architected and executed a three-year strategy for a defense startup by deploying a robust cybersecurity program, catering to the needs of 250+ employees and securing over 400+ workstations. I orchestrated the implementation of EDR, MDM, SASE, UEBA, DLP, VM, PAM, Azure AD, Conditional Access, MDM, and SIEM tools, enhancing their effectiveness through tailored detection analytics to fortify cyber defense capabilities.
Contributed to the development of a ticketing system, resulting in a 50% reduction in Mean-Time-To-Response(MTTR) and a 70% reduction in Mean-Time-To-Detect incidents. This was achieved by creating a single-pane dashboard using the Tines Security Orchestation, Automation and Response(SOAR) platform, prioritizing alert tuning through API, and customizing the detection pipeline.
Presented Cybersecurity roadmap and reported to C-Suite executives by creating quarterly objective and security program readiness with a budget of 1.2M dollars. I facilitated strategic decisions and ensured alignment with organizational goals and compliance requirements.
I'm enthusiastic about roles that enables me and the autonomy to solve complex challenges and working with individuals like yourself.
I am passionate about connecting with new people and welcome the opportunity to connect with you. You can reach me at hyunwoo1124@gmail.com.
Objectives.
My intention is to immerse myself in learning and adapting to modern technology, with a specific focus on creating robust security measures. My goal is to stay informed and educated on emerging trends such as generative AI and large language models (LLMs). I believe that cybersecurity will play a critical role in safeguarding these advancements and ensuring their responsible use.
Certification.
CLF-C02 AWS Cloud Practitioner
Foundations of Breach & Attack Simulation
AZ-900 Azure Fundamentals
Databricks Lakehouse Fundamentals
CompTIA Security+
Splunk Certified Core User
MITRE ATT&CK Defender (MAD) ATT&CK Fundamentals Training
MITRE ATT&CK Defender (MAD) ATT&CK SOC Assessments Certification Training
MITRE ATT&CK Defender (MAD) ATT&CK Cyber Threat Intelligence Certification Training
Google Cloud Platform Fundamentals: Core Infrastructure
Project.
Sigma Rules Conversion to All
visualize the power of Sigma Rules empowered by SigmAIQ to convert them to the supported SIEM language of your choice. This project also aims to standardize Detection-as-Code (DAC) practices.
VirusTotal API Script
Utilized VirusTotal APIs to create a script to classify URL/domain as undetected, harmless, and malicious from 70+ engines
Tenable Vulnerability Management Diagram
Demonstrated a Tenable Vulnerability Architecture Management diagram that optimizes visibility of vulnerabilities in on-premises and cloud solutions.
Cybersecurity Lab
I created a Detection environment using Chris Long's DetectionLab. This lab is designed to detect Tactics, Techniques, and Procedures (TTPs) by simulating Atomic Red Team using Splunk, osquery, Windows Event Forwarder, Sysmon, and more.
MAC Changer
Developed a python script that utilizes subprocesses to change and modify MAC addresses, incorporating optparse to validate user input with a focus on security.
Machine Learning Malicious URL Analyzer
I led the development of a machine learning malicious URL analyzer and conceptualized analytics using seaborn and matplotlib. I applied linear regression and multinomial naive bayes techniques to predict and analyze URLs, using a sample of 60K CSV URLs to determine the precision and accuracy of each module. To achieve this, I utilized count vectorizer and tfidf-vectorizer.
Malware Analysis
I have identified the type of malware and assessed current anti-virus detection capabilities. I have also examined the malware's functionality to determine dependencies and provided incident recommendations based on my analysis. This included performing snapshots for both static and dynamic analysis.