J. METHMAL

Skills

A skill matrix shaped by the SOC floor

Proficiency levels reflect day-to-day operational use — not certification badges alone. Each category maps directly to work I've shipped or defended.

Hover a node — size reflects proficiency, colour reflects category

Cybersecurity & SOC

Core discipline — SIEM/EDR/XDR operations, detection engineering, and incident response across MSSP and banking SOCs.

Incident ResponseThreat Detection & HuntingSIEM/XDR Engineering (Sentinel, Cortex XDR/XSIAM, QRadar, FortiSIEM)Endpoint Detection & Response (SentinelOne, CrowdStrike Falcon, Defender)Vulnerability ManagementMalware Detection & AnalysisCompromise Assessment & Digital ForensicsMITRE ATT&CK & Breach Simulation (AttackIQ)Ethical Hacking & Penetration Testing

Identity, Email & Network Security

Securing identity, email, and network access across multi-client MSSP environments for highly regulated industries.

Identity & Access Management (Okta)Email Security (Abnormal Security)Secure Access / SASE (Zscaler)Google Workspace Security

Cloud Security

Securing and monitoring identities, workloads, and logs across multi-cloud environments alongside on-premises infrastructure.

Microsoft Azure (Security & Sentinel)AWS (Security & Administration)Hybrid / On-prem IntegrationCloud Identity & Access Monitoring

Security Automation & Orchestration

Automating detection-to-response workflows and operational tracking — building toward Tines playbooks alongside Linux scripting and infrastructure-as-code.

Tines Workflow Automation (in progress)Jira Workflow & Operational TrackingDetection & Defense AutomationLinux AdministrationBash ScriptingGit / GitHub WorkflowsKusto Query Language (KQL)

Software Engineering

A builder's foundation that informs how I think about attack surfaces — full-stack development across modern JavaScript and Java ecosystems.

React.js / Next.jsNode.js / ExpressTypeScript / JavaScriptJavaPythonMySQLHTML / CSS / SCSS / Tailwind

Applied AI & Research

Exploring the intersection of AI and security — from LLM-assisted workflows to privacy-preserving machine learning research.

Large Language Models (LLM) for SecurityFully Homomorphic Encryption (Concrete ML)Applied ML (Scikit-learn, Pandas)AI Security Foundations

SOC Tech Stack

Platforms I operate daily

SentinelOneCrowdStrike FalconCortex XDRMicrosoft DefenderMicrosoft SentinelOktaAbnormal SecurityZscalerGoogle Workspace SecurityTinesCortex XSIAMFortiSIEMAlienVault USM AnywhereNetScout ArborThe HiveIBM QRadar

Currently expanding into

Detection engineering is moving toward cloud-native and infrastructure-as-code environments — these are the areas I'm deliberately building depth in next.

KubernetesTerraformDocker & Container SecurityAdvanced Cloud-Native Security (CSPM/CWPP)

Open to security research collaborations & freelance engineering work

Let's strengthen your security posture — or build something new.

Whether it's detection engineering, a compromise assessment, or a full-stack build — I'm always glad to talk shop.

Get in touch
More about me