Rafal Pracki

Cyber Security Analyst

COMPLETED PROJECTS

Living Off the Land Binaries (LOLBins) Threat Hunting: Successfully scoped and delivered a project focused on identifying the misuse of LOLBins within the client environment. This included writing and optimizing threat hunting queries in the CrowdStrike platform, enabling precise detection and mitigation of potential threats.
Remote Monitoring and Management (RMM) Tools Threat Hunting: Developed tailored threat hunting queries to identify unauthorized or suspicious usage of RMM tools in the client environment. Highlighted specific tools in use, provided detailed findings, and offered actionable recommendations to strengthen the client’s security posture.
Browser Extensions Threat Hunting: Conducted a thorough analysis of browser extensions, emphasizing their potential to be malicious and the importance of regular reviews. Leveraged the CrowdStrike platform to identify suspicious activity and presented strategies to mitigate risks associated with malicious browser extensions.

CERTIFICATIONS

AWS Solution Architect Associate
AWS Certified Security - Specialty
CompTia Cloud+
CompTia Security+
CompTia CySA+
CCFR (CrowdStrike Certified Falcon Responder)
CCSK (Certificate of Cloud Security Knowledge V4)

INTERESTS

Technology | Smart Homes | IT
Sport | Basketball
Entertainment | Movies | Video Games

VISITORS

Visitors: Loading...

WORK EXPERIENCE

SOC Supervisor/Analyst

InPhySec | Jan 2024 - Present

Oversee and guide a team of SOC analysts to ensure efficient incident detection, response, and resolution.
Monitor and improve team performance metrics to maintain operational excellence.
Implement strategies to enhance the overall security posture of the organization.
Collaborate with cross-functional teams to address security incidents and effectively mitigate risks.
Proactively monitor threat intelligence feeds, articles, and advisories to notify clients of potential threat exposures.
Conduct thorough threat hunting in client environments by leveraging CrowdStrike, Microsoft Defender, Kibana SIEM, and Netskope to identify, mitigate, and monitor threats across endpoints, networks, and cloud applications in real time.
Write and optimize threat hunt queries to gather and analyze relevant information from various intelligence sources.
Guide customers on best practices for maintaining a secure environment.
Communicate complex technical concepts clearly to both technical and non-technical stakeholders.

SOC Analyst

InPhySec | Oct 2023 - Jan 2024

Monitor and analyze network traffic, logs, and security events to identify potential threats and vulnerabilities.
Conduct investigations into security alerts, escalate incidents, and coordinate with other teams to mitigate risks.
Stay updated with the latest cybersecurity trends and threat intelligence to enhance threat detection.
Collaborate with other teams to ensure security tools are effective and fine-tuned to minimize false positives.
Participate in incident response activities, including containment and remediation of security incidents.
Generate reports for both technical and non-technical audiences to inform them about the security landscape and organizational stance.

Junior SOC Analyst

InPhySec | Oct 2022 - Oct 2023

Monitoring customer environments and performing initial triage and investigation of security events and detections in line with Service-Level Agreements (SLAs) throughout the shift period.
Performing guided threat hunting, network analysis, and host forensic analysis where applicable and as directed by colleagues and mentors.
Assisting in the deployment and configuration of Data Protection DLP (Data Loss Prevention) solutions, which help prevent sensitive data from being stolen or leaked.
Responding to security incidents and conducting investigations using data collected from Falcon Crowdstrike, Microsoft Defender, and other security tools.
Using a SIEM solution to collect and analyze data to identify potential security threats.

EDUCATION

CompTIA Cyber Ready programme | May 2022 - Oct 2022

Technical Mechanical School | Sep 1997 - Jun 2002

Diploma in Mechanical Technician (Naric verified to N/SVQ level 3 equivalent)

Technical Skills

VPN, VLAN, Port Security (802.1x), OSI Model, TCP/IP, DNS, DHCP, Firewalls, IDS/IPS, Network Policy Server, Wireshark, NMAP, Nikto, Netstat, Nessus, OpenVAS, AlienVault, Netflow, Syslog, Active Directory, Group Policy, Microsoft InTune (MDM), Azure, AWS, Virtualisation, Office 365 Administration, SharePoint, Microsoft Teams, Crowdstrike, Endpoint Detection and Response (EDR), Threat Intelligence, Threat Hunting, Proactive Threat Detection, Vulnerability Management, Netskope Data Loss Prevention (DLP), Security Information and Event Management (SIEM) Malware Analysis Tools: PEView, FLOSS, MITRE ATT&CK Framework, Team Management, Communication Skills, Decision Making, Problem Solving, Training and Mentorship, Real-Time Monitoring