A portfolio of SIEM, Splunk, logging, monitoring, and detection engineering work.
Problem: Security teams needed a current and historical pane of glass to identify firewall drops, denies, and possible scan-related impact.
Solution: Designed Splunk dashboards using current-window and historical comparison panels.
Outcome: Faster triage and clearer operational visibility.
Problem: Azure workloads lacked a consistent logging strategy.
Solution: Created an Azure Collection Tier using Event Hub and forwarder-based collection.
Outcome: Improved scalability and repeatable onboarding.
Problem: Teams needed to determine whether vulnerability scans were causing network impact.
Solution: Correlated scan source activity against firewall denies and drops.
Outcome: Faster identification of scan-related issues.
Problem: Leadership needed visibility into SIEM maturity and telemetry gaps.
Solution: Built a phased roadmap covering onboarding, cloud ingestion, detection engineering, and governance.
Outcome: Better executive alignment and measurable improvement path.