Automation

A bot that intercepts SIEM alerts, auto-enriches them with IP reputation, user activity, and asset ownership, then drops a pre-triaged summary into Slack before a human ever opens the ticket.

A scheduled Python detection that flags accounts hit with 20+ failed logins from rotating IPs in a 5-minute window and auto-opens a Jira ticket for the SOC, turning auth-log noise into something actually actionable.

A pipeline that picks up the emails users report through my Gmail phishing add-on, detonates their URLs in a sandbox, reads the verdict, and auto-quarantines malicious mail before anyone gets a chance to click.

A nightly cron job that pulls control evidence from AWS, Okta, GitHub, CrowdStrike, and Proofpoint into dated, immutable folders in S3 — so audit prep is a download instead of a fire drill.

A serverless Lambda that scans every IAM user across an AWS org for access keys older than 90 days and quietly nags the owner in Slack to rotate them — so no human has to chase people.

How I wired Workday terminations into an automated workflow that deactivates the user in Okta — cascading deprovisioning to every connected app — strips group memberships, and files a Jira deprovisioning ticket with a full audit trail.

A Slack bot for just-in-time, time-boxed production access via AWS IAM Identity Center: engineers request with a reason, I approve in one click, and a sweep over the grant records in MongoDB auto-expires the access after four hours.

Learn how to build a Gmail add-on to report phishing emails, automate analysis with AI and ThePhish, and integrate with Jira for streamlined SOC operations.

Learn how to automate Okta log detections using OpenSearch and Python to identify risky activity, reduce noise, and streamline SOC workflows by creating actionable Jira tickets.

Automate PCI script integrity monitoring using AI, Playwright, Jira, and open-source tools to ensure compliance with PCI DSS 4.0 by detecting and managing unauthorized script changes.