New York ✦ Cybersecurity Engineer ✦ Detection · Cloud · Response

Lead Story

Detect. Defend. Design the quiet.

An AI blue-team engineer files dispatches on detection, cloud & response.

I build at the seam of AI-driven detection, cloud security and incident response — security systems that stay invisible until the moment they need to be loud.

View selected work Read résumé (PDF)

By the Numbers

50%: Faster analyst triage
40+: Sigma rules shipped
10K+: Alerts triaged

The quiet discipline behind a loud defense.

An account of building defenses that stay invisible — until the very moment they must be loud.

By Dishanth CA ✦ Blue-Team Security Engineer

New York — Security isn't a product; it's a discipline. I design quiet systems built to be loud when it matters and invisible when it doesn't — detection that earns its alerts, and infrastructure that fails closed. Currently an M.Sc. Cybersecurity candidate at Yeshiva University in New York, and an AI & LLM blue-team security engineer at Cygeniq, where I focus on detection engineering, threat-intel knowledge graphs, and hardening cloud estates against real adversaries.

Where I operate — from the cloud edge to the silent SOC.

Four disciplines, one mandate: keep the estate quiet and the adversary in plain sight.

Mapped to MITRE ATT&CK and NIST 800-53.

Cloud Security Architecture

Hardening AWS, Azure and GCP estates with least-privilege IAM, encrypted-by-default data planes, and continuous posture management — from greenfield rollouts to remediating exposed attack surface at scale.

AWS
Azure
GCP
Terraform
Wiz CSPM

Detection Engineering

High-signal Sigma and YARA rules grounded in MITRE ATT&CK, plus AI-driven Graph RAG pipelines for threat-intel correlation — cutting false positives through behavioral baselining and graph analysis.

Sigma
YARA
QRadar
Splunk SPL
Neo4j

Incident Response

Triage to recovery: containment playbooks, SIEM integration, threat-actor attribution, and post-mortems that engineering teams actually adopt. A calm hand on a hot keyboard.

Suricata IDS
QRadar SIEM
MS Sentinel
CrowdStrike

AI Blue Team

LLM-powered security tooling: Graph RAG knowledge graphs for threat intelligence, AI-assisted triage, and automated detection pipelines — while securing AI systems against prompt injection and model abuse.

LangChain
OpenAI
Neo4j
Graph RAG
Python

A record of operations shipped, not shelved.

Dispatches from the SOC floor — knowledge graphs, detections and cloud posture, shipped to production.

2026 · Cygeniq 50% faster triage

Argus GraphRAG

Architected a Graph RAG pipeline connecting 10K+ threat events in Neo4j, enabling LLM-assisted correlation and cutting analyst triage time in half.

Neo4j
LangChain
OpenAI
Python
QRadar

2026 · Cygeniq 12 feeds unified

Threat Intel Graph

Built a real-time threat-intelligence knowledge graph ingesting IOCs from 12 feeds, structured for graph traversal and adversary attribution at SOC scale.

Neo4j
Graph RAG
Python
STIX/TAXII
Splunk SPL

2026 · Cygeniq 40% fewer false positives

QRadar SIEM Integration

Integrated QRadar with Suricata IDS and authored 40+ high-signal Sigma detection rules grounded in MITRE ATT&CK, reducing the false-positive rate by 40%.

QRadar
Suricata
Sigma
YARA
MITRE ATT&CK

2025 · Independent 3 intrusions caught

Cloud Posture Platform

Designed a multi-cloud security posture platform using Wiz and GuardDuty, deploying deception assets that caught 3 active lateral-movement attempts in 90 days.

AWS
Wiz CSPM
GuardDuty
Terraform
Python

2026 · Blueberries 65% controls · Q1 2026

SOC 2 Compliance Sprint

Drove SOC 2 Type II readiness from 0 to 65% in one quarter using Vanta, mapping every control to AWS security primitives and engineering guardrails.

Vanta
AWS
Terraform
GitHub Actions

2025 · Independent Zero critical findings

Secure Serverless App

Secured a production serverless application with layered WAF rules, Lambda authorizers, and zero-trust API gateway policies — passed independent pentest clean.

AWS Lambda
API Gateway
WAF
IAM
Burp Suite

A toolbox kept sharp — and battle‑tested.

The instruments of the trade, each with the years logged behind it.

Production-grade tools across six disciplines.

SIEM & Detection

Splunk4y
Elastic3y
QRadar2y
MS Sentinel2y

Endpoint & Cloud

CrowdStrike3y
Wiz2y
AWS4y
Azure3y
GCP2y

Detection Engineering

Sigma3y
YARA3y
Suricata2y
MITRE ATT&CK—

AI · Data · LLM

Python6y
LangChain2y
OpenAI2y
Neo4j2y

Infrastructure & DevOps

Terraform3y
Docker4y
Kubernetes2y
GitHub Actions3y

Network, Pen & Compliance

Wireshark4y
Burp Suite3y
SOC 2—

Built from the ground up — one credential at a time.

A paper trail of proof — earned in order, the long way.

2026 M.S. Cybersecurity Yeshiva University · Katz School, NYC
2025 CSAP — Cygeniq Security Analyst Program Cygeniq
2024 BTL-1 — Blue Team Level 1 Security Blue Team
2024 CySA+ — Cybersecurity Analyst CompTIA
2023 Security+ — Security Fundamentals CompTIA