Apr 2022 – Dec 2023 · 1 yr 8 mos

• Doing research on forensic artifacts(SRUM, Amcache, Prefetch, etc.) to find new methods for efficient DFIR analysis
• Applying data science techniques to forensic data and finding ways to detect anomalies
• Applying unsupervised machine learning algorithms(Isolation Forest) to find anomalies
• Researching new features for the product and providing prototypes
• Independently:
• Researching threats and TTPs (simulation/emulation) to find novel detection methods
• Participating in the MSTICPy project
• Contributing to the infosec community as a Microsoft Security MVP

Jan 2021 – Present · 5 yrs 3 mos · Amsterdam, North Holland, Netherlands

Jan 2019 – Jul 2019 · 6 mos

Jan 2018 – Jan 2019 · 1 yr

• Responsibilities / Accountabilities:
• Providing ArcSight and Cyber Security consultancy. Responsible for implementation, tuning, and optimization of SIEM components, use case development, threat intelligence integrations in line with security policies.
• Achievements:
• Designed and implemented SIEM solutions according to customers’ business objectives.
• Improved threat detection via developing custom use cases by understanding and analyzing customers’ business objectives, critical assets and IT architecture.
• Reduced false positives and time spent on analysis by developing log enrichment mechanisms for log correlation, threat hunting and detection.
• Improved detection capability by developing Threat Intelligence integrations.
• Standardized use case development for threat detection by implementing ArcSight Activate Framework into ArcSight ESM.
• Developed detection mechanisms related to MITRE ATT&CK by simulating attacks with Red Canary Atomic Red Team tests.
• Integrated custom log sources into SIEM by developing Flex Connectors.
• Managed and troubleshot ArcSight ESM, Logger and Smart Connectors.
• Managed Splunk Enterprise.

Dec 2016 – Jan 2018 · 1 yr 1 mo · Istanbul, Turkey

• Responsibilities / Accountabilities:
• Enforcing IT security across the group of companies by leading implementation and configuration of security components, providing SOC services and information security consultancy within the group. Responsible for implementing security procedures in line with security policies.
• Achievements:
• Built and effectively operated central log management and SIEM tools (IBM QRadar).
• Assisted in the design and implementation of security systems and tools based on information security architecture.
• Provided consultancy and support services through information security expertise for projects on infrastructure and systems as a consultant.
• Identified improvement areas by analyzing and controlling incidents trend.
• Ensured preventative measures for repetitive and corrective actions to be taken by monitoring information security violations and recording notifications.
• Kept internal customer satisfaction at the highest level by analyzing information security needs, receiving and evaluating expectations.
• Improved SIEM detection capability by creating advanced correlation rules, use cases, tuning false positive alarms and rules on IBM QRadar.
• Reduced license usage and costs by discovering and filtering unnecessary logs.
• Managed Privileged Account Security Project, which made unmanaged privileged accounts on systems such as Firewalls, Servers, Databases, Routers, and other products to be managed automatically by C-y-b-e-r-A-r-k.
• Improved security of the endpoints and servers by managing and implementing NGFW Project, which includes HTTPS inspection, Antivirus, IPS, URL Filtering, Application Control and Threat Emulation (APT Sandbox).
• Managed C-y-b-e-r-A-r-k Enterprise Vault.

Nov 2013 – Jul 2016 · 2 yrs 8 mos · Istanbul, Turkey

• Responsibilities / Accountabilities:
• Installation and management of netw0rk security products (FW, VPN, Proxy, SSL VPN, DLP, Anti-Spam etc.). Developing new projects such as mobile security, advanced threat protection and evaluate new products in support of business objectives.
• Achievements:
• Managed New Data Center Security Infrastructure Project. The goal of the project was to migrate and transform the current infrastructure by designing and implementing a next generation security platform in order to eliminate the risks of the current security architecture of the data center and other security related risks and threats.
• Managed Advanced Threat Protection Project. The goal of the project is to setup a framework in order to detect and stop advanced persistent threat attacks by sandboxing products.
• Managed Ziraat Katılım Bankası Infrastructure Project. With this project, a security infrastructure has been designed; security products (Firewall, IPS, DDOS, web/email/data security etc.) have been chosen and implemented.
• Managed Check Point NGFW implementation/integration project in data centers and enhanced security of the company’s Network Infrastructure. With this project, all obsolete ISA firewalls have been removed, old Checkpoint firewalls have been replaced with new ones in order to standardize firewall infrastructure with the latest technology and standalone management systems has been replaced with high available ones.
• Managed DLP implementation project and secure the company’s critical data. This project is now an ongoing process.
• Administration of Websense Web/Data/Email Security products.
• Administration of Check Point, Fortigate, Cisco ASA, Firewalls.
• Administration of Check Point Mobile Access.

May 2012 – Nov 2013 · 1 yr 6 mos · Istanbul, Turkey

• Responsibilities / Accountabilities:
• Responsible for netw0rk, netw0rk security, email/data/web security operations and project management. Design, implement and maintain company’s LAN, WAN and WLAN infrastructure. Develop and establish the policies, procedures, standards and guidelines to ensure netw0rk security.
• Achievements:
• Secured company’s critical information by implementing Websense DLP Project.
• Secured IT infrastructure, simplified wireless guest access and reduced incidents on helpdesk by implementing Wireless Guest Access Project.
• Managed and implemented Central Log Management Project.
• Managed Check Point, Cisco ASA, Juniper SSG, Microsoft TMG Firewalls.
• Managed Check Point Mobile Access, Juniper SA Series SSL VPN.
• Managed Check Point, IBM ISS IPS.
• Managed Cisco, HP routers and switches; HP Wireless Controllers.
• Managed Websense Web/Data/Email and IronPort Email Security products.

Apr 2011 – May 2012 · 1 yr 1 mo

• Responsibilities / Accountabilities:
• Responsible for Backup operations and Backup management. Design, implement and maintain Backup systems according to company standards and guidelines.
• Achievements:
• Managed IBM Tivoli Storage Manager Systems.
• Developed backup procedures for systems.
• Monitored and maintained backup activities.

Apr 2009 – Nov 2010 · 1 yr 7 mos

• Responsibilities / Accountabilities:
• Responsible for netw0rk, netw0rk security, Active Directory, VMware operations. Design, implement and maintain company’s LAN, WAN, WLAN, Active Directory and VMware infrastructure. Developing and establishing the policies, procedures, standards and guidelines to ensure netw0rk security.
• Achievements:
• Managed Microsoft TMG Firewalls.
• Managed Cisco ASA, Juniper SSG, Microsoft TMG Firewalls.
• Managed Juniper SA Series SSL VPN.
• Managed Cisco, HP routers and switches; HP Wireless Controllers.
• Managed VMware Infrastructure.
• Managed Active Directory.

Dec 2008 – Apr 2009 · 4 mos

• Responsibilities / Accountabilities:
• Responsible for netw0rk operations of the Ministry of Finance. Maintain and operate the company’s large LAN, WAN(MPLS) infrastructure.
• Achievements:
• Managed Cisco Routers and Switches.
• Managed Cisco Call Manager System.