Security Detection
with AI
I design detection-as-code systems that use LLMs to augment traditional SIEM capabilities — correlating signals across cloud, identity, and network layers to surface real threats faster with less noise.
The Problem
Traditional SIEMs drown you in alerts. Most are false positives. Meanwhile, real threats hide in the noise because your detection rules can't correlate across the dozen platforms your organization uses — AWS, Azure AD, Google Workspace, Duo, Netskope, and more.
AI can change this, but only if you know how to apply it. Throwing an LLM at raw logs doesn't work. You need structured detection pipelines with AI augmentation at the right layers.
How I Work
- Design tiered detection architectures over AWS Security Lake
- Write detection-as-code using Sigma rules and YAML
- Build correlation rules across cloud, identity, and network signals
- Integrate LLMs for alert triage and context enrichment
- Set up autonomous response workflows for high-confidence detections
- Reduce alert fatigue through intelligent prioritization
Real Experience
I've built detection systems that correlate signals from AWS Security Lake, GuardDuty, CloudTrail, Azure AD, Duo, GCP, Google Workspace, and Netskope — all feeding into a unified detection pipeline with AI-powered triage.
The result: fewer alerts, faster response times, and detections that catch real threats traditional rules miss.
Technologies
Related Projects
Ready to modernize your detection stack?
Let's build detection systems that find real threats instead of generating noise.
Start a Conversation