Authorized Pentesting · SOC/SIEM · Microsoft Sentinel + Wazuh · DFIR
Application Consultant | Cybersecurity Practitioner
I bridge enterprise application consulting with offensive and defensive security — from authorized penetration testing, Microsoft Sentinel, Wazuh SIEM, and DFIR to AI-assisted response automation.
Live SOC Concept
Premium SOC dashboard animation showing alert ingestion, correlation, enrichment, and AI-assisted response workflows.
[WAZUH] Windows authentication anomaly · ATT&CK T1110
[SENTINEL] Brute-force pattern correlated with Azure sign-in logs
[TI] AbuseIPDB + VirusTotal enrichment completed
[DFIR] Credential access hypothesis created · evidence attached
[AI] Playbook recommendation: block IP, isolate host, notify analyst
[SOAR] Response staged · analyst approval required
[SENTINEL] Incident entity mapping completed: host, user, IP, process
[WAZUH] Linux syslog correlation · privilege escalation checked
[AI] Executive incident summary generated for ticketing
[WAZUH] Windows authentication anomaly · ATT&CK T1110
Detection
96%
Lab coverage model
Triage
-60%
AI-assisted reduction
Intel
5
Enrichment APIs
Dashboard animation is a portfolio visualisation of SOC workflows, not a live production system connection.
Continuous Learning
Hands-on cybersecurity learning through labs, CTF-style practice, attack paths, and defensive thinking.
Hacking Learning Platform
Structured labs for pre-security, SOC, threat analysis, web security, and attack methodology practice.
View ProfileHacking Learning Platform
Practical environment for enumeration, exploit validation, privilege escalation, and post-exploitation learning.
View PlatformProfile
Application Consultant and Cybersecurity Practitioner based in the Ruhr Region, Germany. Current work spans enterprise application delivery, authorized penetration testing, Microsoft Sentinel, Wazuh SIEM, detection engineering, threat intelligence, and DFIR workflows.
Currently at OpenTAS GmbH, operating across Red Team and Blue Team practice while completing a Master of Science in Cybersecurity.
Career Journey
OpenTAS GmbH · Hamburg, Germany (Remote)
Sep 2024 - Present
Implico Group · Hamburg, Germany (Remote)
Dec 2023 - Aug 2024
Application consulting, database administration, process optimization, documentation, and user enablement for enterprise clients.
GOD.dev Group · Germany (Remote)
Nov 2022 - May 2023
First-level IT support, incident coordination, SLA-focused escalation, and enterprise software deployment support for automotive clients.
RWE Supply & Trading GmbH · Essen, Germany
Jan 2020 - Jul 2022
Vendor operations, IT service workflows, SAP ERP, Power BI, Azure tasks, and basic vulnerability management in trading-system environments.
Technical Strength
Selected Work
Featured Project
Built a segmented SOC lab with 8+ virtual machines, three isolated network segments, 10+ security tools, SIEM workflows, and an AI-assisted response layer for credential attacks, ransomware behavior, lateral movement, and exfiltration scenarios.
▸ pfSense WAN/LAN/OPT segmentation with IDS/IPS controls
▸ Wazuh Manager, Indexer, Dashboard, custom rules, and decoders
▸ Microsoft Sentinel incident correlation and triage workflows
▸ Snort, Zeek, Tshark, Wireshark, and rsyslog detection coverage
▸ VirusTotal, AbuseIPDB, ANY.RUN, MISP, and Shodan enrichment
▸ OSSEC active response with LLM-driven playbook execution
AI Workflow
Uses AI automation to enrich alerts, recommend triage steps, run response playbooks, summarize evidence, and route priority incidents faster.
Validated vulnerabilities in enterprise environments across web apps, APIs, and Active Directory with business-risk-focused reporting.
Applied firewall engineering, network segmentation, endpoint security, DLP workflows, and monitoring controls to reduce exposure.
Created detection logic across Wazuh, Sentinel, Snort, Zeek, and packet/log pipelines mapped to MITRE ATT&CK and Cyber Kill Chain.
Education
Brandenburgische Technische Universität Cottbus-Senftenberg
Oct 2023 - Present · Penetration Testing, Risk Analysis, OSINT, Vulnerability Assessment, Incident Response
Universität Duisburg-Essen
Apr 2016 - Sep 2022 · Software engineering, databases, and cloud computing
Certifications