New York City cybersecurity analyst building security tools, detections, identity hygiene, and network defense. I came through healthcare IT, systems administration, and embryology. Environments where small mistakes matter, documentation has to be clean, and calm handoff under pressure is part of the job. That background shapes how I approach security work.
I focus on the operational security work that is easy to overlook: STIG changes that need triage, stale Entra ID devices, leftover Active Directory objects, scheduled jobs nobody reviews, browser extensions with broad access, detections that need tuning context, and network controls that need monitoring and documentation.
My tools are built from a practical question; what would make this work less painful for the person doing it? The answer is usually not another viewer or scanner. It is a fast local helper that turns a dense input into a short brief, a backlog, and something people can actually act on.
Current focus: detection engineering, SOC operations, IAM hygiene, and security automation.
| Project | Focus | Artifact |
|---|---|---|
| STIGPilot | DISA STIG change triage, remediation backlog generation, evidence checklist planning, and ticket-ready exports | Chrome demo |
| IdentityRiskGraph | Identity-first detection engineering for CloudTrail IAM events, nested access paths, MITRE-mapped findings, and reviewable risk context | CloudTrail detector |
| Splunk Detection Content | SPL detections mapped to MITRE ATT&CK with analyst pivots, tuning notes, and triage playbooks | Playbooks |
| lapse | Entra ID stale-device review using device timestamps and interactive sign-in evidence — cloud half of a hybrid identity hygiene pair | Demo / Release |
| relic | Active Directory hygiene for stale users, computers, disabled accounts with live memberships, and Kerberoasting-exposed service accounts — on-prem half of a hybrid identity hygiene pair | Demo / Release |
| Undertaker | Read-only scheduled task auditor for cron, systemd timers, and Windows Scheduled Tasks | Demo |
| Browser Bailiff | Browser extension permission, host access, age, and review-reason auditor | Demo |
| Authorized LMS Security Assessment | Sanitized case study from an authorized assessment, focused on access boundaries, control review, and redaction discipline | Control matrix |
| OPNsense + Proxmox Security Control Plane | Firewall intent, DNSSEC, Quad9 DNS-over-TLS, CrowdSec, Proxmox LXCs, VictoriaLogs, NetAlertX, OpenCanary, live threat telemetry | Architecture |
TryHackMe: top 1% public profile — 120+ completed rooms across SOC alert triage, SIEM, Splunk, EDR, phishing analysis, Wireshark, Linux, web security, and defensive security fundamentals.
Website: srkyn.com · Email: contact [at] srkyn.com · LinkedIn: linkedin.com/in/srkyn
David Sarkisyan · Cybersecurity Analyst · New York City