Operational Capabilities

CSOC architecture and operations for institutions that need to get it right the first time. I've built SOCs in EU institutional environments and run one through an active ransomware response. That operational baseline applies to every engagement.

• SOC architecture, log shipping, and Splunk SIEM deployment
• EDR management, detection rule engineering, and alert triage
• SOAR automation, incident response, and post-incident reporting
• Team capability building and playbook development

MDM is not security. MDM combined with detection, response, and device health scoring is. Intune, Jamf, Wazuh, and Meshcentral, hardened for field use and built into AutoSOC for AI-assisted operations.

• MDM deployment and policy hardening (Intune, Jamf)
• EDR deployment and management: Wazuh, Carbon Black, CrowdStrike, Bitdefender
• Device compliance, health scoring, and reporting
• Remote device management and incident isolation

NIS2 is in force. We scope what applies to your organization, identify the gaps, and build a remediation path that survives audit. Working controls, not compliance theater.

• NIS2 scope and applicability assessment
• Gap analysis and risk register
• Control design and implementation
• Audit preparation and supply chain security

Strategic security leadership for organisations that need senior-level security ownership without a full-time hire. Built on EU institutional CSOC experience and incident response, this covers security posture, governance, and programs that hold up under scrutiny.

• Security strategy, roadmap, and board-level risk reporting
• Security program design and governance framework
• Vendor selection, oversight, and third-party risk management
• Incident response readiness and tabletop exercises

OSINT pipelines, data set correlation, entity mapping, and structured IOC reporting. The methodology behind fraud intelligence at scale and regulatory data correlation, applied to threat profiling and adversary tracking.

• OSINT pipeline design, web scrapers, and data collection automation
• Data set correlation and entity mapping
• Threat profiling and IOC reporting
• Adversary tracking and intelligence briefings