Projects / Current Project

Impossible Travel Risk Detection

Built sophisticated risk scoring system for detecting impossible travel patterns in authentication logs. Implemented weighted factor analysis with historical context validation, achieving 85% false positive reduction through intelligent threshold management.

Security Threat Detection

Data Analysis Incident Response Detection Engineering

Challenge

Traditional impossible travel detection generated excessive false positives, overwhelming incident response teams with 20+ daily alerts requiring manual triage. Conventional rule-based approaches failed to account for legitimate edge cases like VDI infrastructure and internal networks.

Solution

Developed advanced risk scoring system using Splunk components:

Weighted Risk Factors: Dynamic scoring based on city history, device familiarity, and 30-day patterns
Historical Context: User-specific baseline analysis for legitimate travel patterns
Edge Case Handling: Allowlisting for VDI infrastructure and internal network ranges
Threshold Management: Collaborative risk acceptance with incident response teams
Statistical Validation: Measurable reduction from 20+ daily alerts to 1-2 actionable incidents

The system leveraged Splunk's internal components with sophisticated statistical analysis.

Key Metrics

85% reduction in false positives

95% retention of true positive detections

60% decrease in analyst investigation time

Improved alert confidence score by 75%

Security Impact

Enhanced security team efficiency and effectiveness by reducing noise and enabling focus on genuine security threats.

Results

Achieved 85% false positive reduction validated through historical ticket system analysis. Transformed overwhelming alert volume into manageable, actionable incidents while maintaining security coverage through accepted risk thresholds.

Related Projects

OCTOPUS: Security Framework Design Study

Security framework design study built using AI-assisted development workflows (Cursor + Claude) to demonstrate modern security architecture patterns and modular threat detection design. This project showcases architectural thinking, rapid prototyping capabilities, and systematic approach to security tooling design—emphasizing learning and architectural exploration rather than production deployment.

Security AI/ML

SOAR Migration Project

Coordinated the migration of DocuSign's security orchestration platform from a custom-built Houston (forked Huginn) solution to Tines, encompassing 100+ automation workflows across multiple security teams. As Senior Security Engineer, drove architecture design, vendor evaluation, cross-team coordination, and comprehensive threat modeling while maintaining zero downtime during the transition.

Security Automation

Azure SOC AI Enhancement (Design Study)

Designed AI-powered ticket prediction system for Azure Security Operations Center using Azure Machine Learning Studio and Log Analytics Workspace. Built data pipeline architecture for correlating security indicators with historical ticket closure patterns. NOTE: This was architecture and proof-of-concept work—not deployed to production due to career transition from DocuSign to Okta. Included here to demonstrate ML architecture and design capabilities.

AI/ML Security

View All Projects