SOC Maturity · Detection Engineering · AI Security

Sajid
Kiani

SOC Consultant | Detection Engineering, SOC Maturity & AI Security Specialist

Cybersecurity professional with 10+ years of experience across SOC operations, detection engineering, threat hunting, incident response, Splunk SIEM, cyber threat intelligence, SOC maturity improvement, and emerging AI/LLM security in telecom and managed security environments.

10+
Years in Cyber
8K+
Cybersecurity Reach
5
Certifications
Read Writeups ↓ Get in Touch
About

Who I Am

Background

I am a cybersecurity professional specializing in Security Operations Center leadership, detection engineering, SOC maturity improvement, threat hunting, cyber threat intelligence, incident response, and emerging AI cybersecurity.

I currently work as a SOC Consultant, leading SOC operations across L1, L2, Splunk administration, and SIEM infrastructure functions. My work includes developing Splunk detection use cases, reviewing escalated incidents, improving alert quality, supporting DFIR investigations, and aligning SOC operations with customer, business, SLA, and regulatory requirements.

I have been associated with Cisco for more than six years. Previously, I worked as a Senior SOC Analyst, where I handled advanced investigations, threat hunting activities, incident response support, malware analysis, and detection logic enhancement for managed security environments.

I also focus on emerging AI cybersecurity areas, including LLM security, prompt injection risks, AI-assisted SOC operations, agentic AI security, and security monitoring challenges across modern AI infrastructure. My work spans hands-on detection engineering, analyst escalation review, incident investigation, SOC process improvement, AI security research, and cybersecurity publication.

sajid@soc ~ profile.sh
$ whoami
Sajid Kiani — SOC Consultant, Detection Engineering & AI Security Specialist
$ cat specializations.txt
→ SOC Maturity (SOC-CMM) · Detection Engineering · Splunk SIEM
→ DFIR · Threat Hunting · Malware Analysis
→ Cyber Threat Intelligence · Risk-Based Alerting
→ Team Leadership · SOC L1/L2 · Splunk Admin & Infra
$ echo $LOCATION
Riyadh, KSA | Islamabad, Pakistan
$ echo $STATUS
Open to international opportunities.

Key Achievements

DETECTION
Improved detection efficiency through optimized Splunk use cases, data model-based correlation searches, and better alert prioritization
MATURITY
Led SOC-CMM maturity improvement activities, supporting progression from Level 1 to Level 2 across key SOC operational domains
ALERTING
Implemented Risk-Based Alerting to reduce false positive noise, improve alert prioritization, and support risk-driven investigations
LEADERSHIP
Leading a multi-function SOC team covering L1/L2 monitoring, escalation handling, Splunk administration, and SIEM infrastructure operations
Experience

Career Timeline

2023 – Present

SOC Consultant

Cisco · Riyadh, Saudi Arabia
  • Lead SOC operations across L1/L2 monitoring, escalation handling, Splunk administration, and SIEM infrastructure functions
  • Develop and tune Splunk detection use cases using TSTATS, data models, summary indexing, and threat intelligence enrichment
  • Support Risk-Based Alerting implementation and tuning to reduce alert noise and improve investigation prioritization
  • Drive SOC-CMM maturity improvement activities across governance, people, process, and technology domains
  • Support onboarding of Microsoft Defender telemetry into Splunk with prioritized security log ingestion
  • Serve as escalation point for high-priority incidents, including DFIR investigation support and executive-level reporting
  • Align SOC operations with customer requirements, SLAs, regulatory expectations, and internal operational standards
  • Research AI cybersecurity risks, including LLM security, prompt injection, agentic AI workflows, GPU cloud security, and AI-assisted SOC monitoring scenarios
2019 – 2023

Senior Security Analyst

Cisco · Managed Security Services
  • Handled advanced security investigations and Tier 3 escalations across managed security service environments
  • Conducted threat hunting activities to identify suspicious behaviors, attack patterns, and high-risk indicators
  • Developed and tuned detection logic across Splunk and Carbon Black for managed customer environments
  • Supported malware analysis, incident response activities, and cyber threat intelligence reporting
  • Mentored L1/L2 analysts and improved escalation quality through structured guidance and investigation review
  • Maintained MITRE ATT&CK mapping for detection coverage and threat hunting activities
2016 – 2019

Assistant Manager — Cyber Security

Enterprise Organization · Pakistan
  • Managed day-to-day security operations — SIEM monitoring, alert triage, and incident escalation
  • Established vulnerability management processes and led remediation tracking across business units
  • Developed internal SOC procedures, playbooks, and escalation workflows
  • Supported regulatory compliance efforts including security audit preparation
2013 – 2016

Security Analyst

Early Career · Pakistan
  • Began career in SOC operations — alert monitoring, log analysis, and first-level incident handling
  • Built foundational expertise in network security, endpoint detection, and threat analysis
  • Pursued professional certifications and self-directed study in cybersecurity frameworks
Skills & Tools

Technical Stack

Core Expertise
SOC Operations & Leadership Detection Engineering Risk-Based Alerting SOC-CMM Maturity Assessment Incident Response & DFIR Threat Hunting Cyber Threat Intelligence Analyst Enablement Playbook Development
Tools & Platforms
Splunk Enterprise Security Splunk TSTATS & Data Models Splunk Admin & Infrastructure Microsoft Defender Microsoft Fabric Snowflake IBM QRadar Carbon Black MITRE ATT&CK Anomali ThreatStream Firewall / WAF / EDR / NDR
AI Cybersecurity & Research
LLM Security Agentic AI Security Prompt Injection Defense AI-Assisted SOC Operations GPU Cloud Security Kubernetes Security AI Model & Data Exposure Risks Secure AI Adoption
Services

How I Can Help

SOC Maturity & Strategy
  • SOC maturity assessment using SOC-CMM
  • SOC process improvement and playbook development
  • SOC team training and analyst enablement
Detection Engineering
  • Splunk detection engineering and use case development
  • Risk-Based Alerting design and tuning
  • Threat hunting program development
Threat Intelligence & IR
  • CTI operationalization and IOC monitoring workflows
  • Incident response review and investigation support
AI Security Advisory
  • AI security research and advisory for SOC and enterprise security teams
  • LLM security risk review — prompt injection, data leakage, insecure tool use
  • AI-assisted SOC use case design — triage, enrichment, investigation summarization
  • Secure AI adoption for enterprise security operations

Available for consulting engagements, advisory work, and speaking opportunities.

Get in Touch ↓
Publications

Writeups & Research

Security Architecture · MICCMAC

MICCMAC: Engineering Networks That Can Be Watched, Controlled, and Defended

A defensible network architecture article focused on monitored, inventoried, controlled, claimed, minimized, assessed, and current network security engineering.

May 2026 · LatestRead ↗
Security Architecture · Zero Trust

Defensible Security Architecture: Think Like an Attacker, Act Like a Defender

The opening article in a technical series on defensible security architecture, Zero Trust engineering, threat-informed defense, and reducing attacker freedom across the enterprise.

May 2026 · Series StartRead ↗
SOC Maturity · Series Final

SOC Maturity: Charting the Path Forward with the SOC-CMM Framework

The culminating article in a 5-part series — mapping the complete SOC maturity journey using SOC-CMM, covering governance, people, process, and technology dimensions.

Feb 2025 · 58 reactionsRead ↗
SOC Maturity · Part 4

The Human Element: Building and Nurturing a Skilled SOC Team

People remain the most critical and underinvested layer of SOC operations. This article covers analyst development, retention, and building a collaborative culture under pressure.

Feb 2025 · 66 reactionsRead ↗
SOC Maturity · Part 3

Tools, Frameworks, and Strategies for Effective SOC Operations

A practitioner's view of the technology layer — SIEM selection, detection engineering frameworks, automation strategies, and avoiding the common tooling traps.

Jan 2025 · 68 reactionsRead ↗
SOC Maturity · Part 2

Building the Foundation for SOC Success

The structural prerequisites that most SOCs skip — processes, measurement frameworks, and the foundational governance elements required before any tooling investment pays off.

Jan 2025 · 34 reactionsRead ↗
SOC Maturity · Part 1

The Journey Towards SOC Maturity: Challenges and Opportunities

The opening article of the series — diagnosing why most SOCs stagnate at reactive operations and the strategic path toward proactive, intelligence-driven defense.

Jan 2025 · 47 reactionsRead ↗
Detection Engineering

Risk-Based Analysis (RBA) in Cybersecurity: Reducing Alert Fatigue with Splunk RBA

A technical walkthrough of implementing Risk-Based Alerting in Splunk Enterprise Security — how to cut alert noise without losing signal, using risk scores and risk objects.

Feb 2025 · 17 reactionsRead ↗
DFIR · Incident Response

SOC Engagement in a Multi-Layered Cybersecurity Breach

Case study analysis of SOC response to a complex, multi-vector breach — detection handoffs between tiers, DFIR investigation workflow, and lessons for improving response playbooks.

Feb 2025 · 20 reactionsRead ↗
AI Security · Critical Analysis

AI Confidence Is Not Cybersecurity Evidence

A critical perspective on AI adoption in security operations — why AI-generated output must always be validated against logs, telemetry, and business context before action.

May 2026 · 7 reactionsRead ↗
AI Security · Infrastructure

AI Runs on GPUs. But Who Is Securing the GPU Cloud?

Security architecture analysis of GPU cloud platforms (NCP/NVIDIA) — covering identity, control plane risks, workload isolation, shared responsibility, and SOC use cases for AI infrastructure monitoring.

May 2026 · LatestRead ↗
Security Operations

Why Comprehensive Asset Management Is Your Best Defense Against Cyber Threats

Asset visibility as a detection prerequisite — why you cannot detect what you cannot see, and practical approaches to building and maintaining a living asset inventory for SOC operations.

Nov 2024 · 12 reactionsRead ↗
Contact

Let's Connect

Available for consulting, speaking, cybersecurity advisory, AI security research collaboration, and professional opportunities.

[email protected]