CYBER SECURITY ANALYST · DFIR SPECIALIST

AHMET
DEMIR

I am a cybersecurity professional focused on incident response, digital forensics, and threat analysis. My work centers on investigating security incidents, analyzing compromised systems, and determining root cause, impact, and attack scope. My skill set is aligned with CompTIA CySA+ and SANS Incident Handler methodologies, with a strong foundation in structured incident response, forensic investigation techniques, and evidence-based analysis. Key skills include incident handling, log and event analysis, malware triage, forensic investigation of endpoints and systems, and reconstruction of attack timelines. I am experienced in analyzing security events to identify indicators of compromise and support containment and recovery processes. I also focus on improving detection quality and response effectiveness through systematic analysis of past incidents and security data.

I have worked on detecting, investigating, and responding to a wide range of cybersecurity incidents in enterprise environments. My experience includes analyzing indicators of compromise (IOCs), investigating phishing campaigns, and supporting the full lifecycle of incident response activities. I have performed phishing analysis including email header inspection, URL and attachment detonation, and identification of malicious infrastructure used in targeted and mass phishing attempts. In parallel, I have investigated system and network-based indicators to determine scope, impact, and attack progression. My work has also involved triaging SOC alerts, analyzing security logs and telemetry, and supporting forensic investigations across endpoints and network traffic. Through these activities, I have developed a practical understanding of common attack techniques, adversary behavior, and incident escalation paths. Overall, my experience is built on hands-on exposure to real security incidents, including phishing investigations, IOC tracking, and enterprise incident response operations, with a focus on accurate analysis and structured investigation.

WHAT I DO

SOC OPERATIONS, SVC-001

Monitoring · Triage · Escalation

VIEW DETAILS
SOC OPERATIONS

INCIDENT RESPONSE, SVC-002

Containment · Eradication · Recovery

VIEW DETAILS
INCIDENT RESPONSE

DIGITAL FORENSICS, SVC-003

Disk · Memory · Network Evidence

VIEW DETAILS
DIGITAL FORENSICS

MALWARE ANALYSIS, SVC-004

Static · Dynamic · Sandbox Triage

VIEW DETAILS
MALWARE ANALYSIS

PHISHING ANALYSIS, SVC-005

Headers · URLs · Payload Inspection

VIEW DETAILS
PHISHING ANALYSIS

SECURITY ENGINEERING, SVC-006

Detection · Hardening · Toolchain

VIEW DETAILS
SECURITY ENGINEERING

Asset Discovery · CVE Detection · Risk Scoring

VIEW DETAILS
VULNERABILITY SCANNING

IOC Tracking · Campaign Analysis · Attribution

VIEW DETAILS
THREAT INTELLIGENCE

Reconnaissance · Exploitation Analysis · Validation

VIEW DETAILS
PENETRATION TESTING SUPPORT

CURRENT FOCUS

THREAT 49.30, SECTOR 8.13
ACTIVE — SOC MONITORING

Threat Intelligence Feed

Syncing…
[ ARCHIVE / SECURE VAULT ]

CREDENTIALS & TRAINING

04 CREDENTIALS · ALL VERIFIED
GIAC GCIH — INCIDENT HANDLER
VERIFIED
01 / 04
CRED-012024
GIAC GCIH — INCIDENT HANDLER
GIAC / SANS
Incident ResponseThreat HuntingLog Analysis