About Me

I didn’t plan to work in cybersecurity — I fell into it.

What began as a tech support job helping customers troubleshoot Microsoft Defender turned into an obsession. Within a year, I was the go-to person for deep-dive Defender issues. And now, I am Technical Lead supporting our team’s ramp up and escalations related to the Microsoft’s XDR stack.

My toolkit? Defender for Endpoint, Identity, Cloud Apps, Azure Sentinel — and a lot of KQL. I’ve supported customers across Windows, Linux, and macOS environments, bridging operations with Intune, GPO, and SCCM. When Defender tools didn’t behave as expected, I dug into the why — helping teams trace the root cause and build solutions that actually worked in the real world.

Now, I’m Microsoft Certified and Associate of ISC2, working toward full certification by Jan 2026. My next goal is to transition into a full-time hands-on security operations role focused on threat hunting, and incident response.

This site is my sharing ground — and hopefully a helpful resource for the Community. I’ll be sharing what I found useful in Defender XDR stack, and document personal labs or tests. If it helps one other person get un-stuck, then that’s a win for this website.