[ portrait.matrix ]
ABDULLAAH_YASEEN.EXE
// hello, world

Abdullaah
Yaseen

Cybersecurity engineer and founder. Building AI-powered SOC tools for SMBs. Ex-college DB. Currently building ARIA.

Phoenix, AZ
view projects get in touch
/ about me

I'm a cybersecurity engineer and founder based in Phoenix, AZ. I build detection systems, agentic AI tools, and full-stack applications — with a focus on making enterprise-grade security accessible to small and mid-sized businesses.

My flagship project, ARIA, is an autonomous SOC pipeline that polls Microsoft Sentinel, triages alerts with AI, maps threats to MITRE ATT&CK, and automates responses via Microsoft Defender — all aligned to NIST CSF 2.0.

Before going independent, I sharpened my skills at The Cyber Range, where I built agentic AI SOC systems and ran threat hunting operations targeting TOR traffic, brute-force attacks, and malware infections. I also shipped BBM Cleaning's production site and the Tote4Rent rental platform.

When I'm not in the terminal, I'm thinking about how AI can close the security gap for organizations that can't afford a full SOC team.

Abdullaah Yaseen
// tech stack
Microsoft Sentinel
NIST CSF 2.0
Python
Threat Hunting
Microsoft Defender
Splunk / SPL
Next.js / React
Azure / KQL
MITRE ATT&CK
PowerShell
/ experience
CISO Global
Magna5
Yaseen Enterprise
TBConsulting
Log(n) Pacific
Freelance Dev
SOC Analyst @ CISO Global
March 2026 — Present  ·  Scottsdale, AZ
  • Investigate identity-based alerts using Microsoft Sentinel, focusing on login anomalies, MFA failures, and privilege misuse.
  • Analyze authentication logs including Azure AD sign-ins, conditional access results, and risky user activity.
  • Perform threat hunting using KQL across identity, endpoint, and network telemetry.
  • Investigate endpoint activity using SentinelOne Deep Visibility with focus on credential access and persistence.
  • Support incident response by validating identity-related threats and recommending remediation actions.
SentinelKQLSentinelOne Azure ADThreat Hunting
Tier 1 Engineer @ Magna5
March 2025 — March 2026  ·  Phoenix, AZ
  • Investigated security incidents using Microsoft Sentinel, Defender XDR, and SentinelOne across identity and endpoint layers.
  • Performed IAM tasks including RBAC updates, MFA configuration in Microsoft 365 and Azure AD.
  • Analyzed phishing attacks and credential theft attempts impacting user identities.
  • Conducted DNS and authentication log analysis to trace unauthorized access attempts.
  • Used PowerShell to automate user access reviews and remediation tasks.
  • Documented incidents with clear identity impact and escalation paths.
SentinelDefender XDRSentinelOne PowerShellAzure AD
Founder @ Yaseen Enterprise
2024 — Present  ·  Phoenix, AZ
  • Founded and leading development of ARIA, an autonomous SOC pipeline for SMBs that automates threat detection, triage, and response end-to-end.
  • Architected Microsoft Sentinel polling and alert enrichment pipeline with AI-powered triage logic, reducing manual analyst workload.
  • Integrated Microsoft Defender API for automated VM isolation on confirmed threat events.
  • Mapped detection coverage to MITRE ATT&CK and aligned program framework to NIST CSF 2.0.
  • Incorporated OTX AlienVault and CISA KEV for real-time threat intelligence enrichment and Telegram alerting.
PythonMS SentinelAzure MITRE ATT&CKNIST CSF 2.0Defender API
SOC Analyst @ TBConsulting
March 2024 — March 2025  ·  Phoenix, AZ
  • Monitored and analyzed security alerts using Splunk and Microsoft Sentinel across 1,000+ endpoints.
  • Investigated unauthorized access, lateral movement, and account misuse.
  • Enforced RBAC policies and MFA settings in Azure AD and Microsoft 365.
  • Built KQL queries to detect login anomalies and privilege escalation patterns.
  • Managed incidents in ServiceNow with focus on identity-related threats.
  • Performed root cause analysis on compromised accounts and access failures.
SplunkSentinelKQL Azure ADServiceNow
SOC Analyst @ Log(n) Pacific
January 2025 — April 2025  ·  Remote
  • Performed SOC monitoring and incident response using Microsoft Sentinel and Defender for Endpoint.
  • Conducted threat hunting using KQL across Azure AD and Log Analytics data.
  • Created and tuned detection rules in Sentinel to reduce false positives and improve alert quality.
  • Investigated endpoint and identity-based threats using EDR tools.
  • Performed vulnerability management using Tenable and supported remediation efforts.
  • Applied NIST and MITRE ATT&CK frameworks during investigations and response.
SentinelDefenderKQL TenableMITRE ATT&CKNIST
Developer @ Freelance
2024 — Present  ·  Remote
  • Built and deployed bbmcleaningaz.com — production Next.js site for a Phoenix commercial cleaning company, live on Vercel with Resend-powered contact form.
  • Developed Tote4Rent, a local rental platform with booking management and inventory tracking built on Next.js, React, and TypeScript.
  • Designed and implemented full-stack solutions from UI through deployment, managing client relationships end-to-end.
Next.jsReactTypeScript VercelResend
/ projects
★ FEATURED PROJECT
ARIA — AI-Powered SOC Analyst
// autonomous-soc-pipeline.py

Autonomous SOC analyst for SMBs. Polls Microsoft Sentinel for alerts, applies AI triage, maps threats to MITRE ATT&CK, sends Telegram alerts, enriches with OTX AlienVault + CISA KEV threat intel, and automates Microsoft Defender VM isolation. NIST CSF 2.0 compliant.

PythonMS SentinelAzure MITRE ATT&CKTelegram API OTX AlienVaultNIST CSF 2.0
aria@soc:~$python aria.py --start
[✓] Sentinel polling active
[✓] AI triage engine loaded
[✓] MITRE ATT&CK mapped
[✓] OTX + CISA KEV threat intel
[✓] Defender API connected
[!] T1059.001 — PowerShell Execution
Severity: HIGH · Auto-isolating VM...
Telegram alert → @soc_alerts ✓
aria@soc:~$
Kubernetes Homelab
Production-grade K8s cluster on Proxmox running K3S across 3 VMs. GitOps-managed via Flux CD with Cilium CNI networking, Grafana/Prometheus monitoring, CloudNativePG, Nginx ingress, and self-hosted Forgejo and Uptime Kuma.
K3S Flux CD Proxmox Cilium Grafana
Threat Hunt: TOR Traffic
Threat hunt report on unauthorized TOR browser installation and usage on a corporate Azure VM. KQL queries across DeviceFileEvents, DeviceProcessEvents, and DeviceNetworkEvents confirm silent install, browser launch, and connections to TOR entry nodes. Device isolated as response.
KQL Defender for Endpoint Microsoft Azure
PowerShell Invoke-WebRequest Detection
End-to-end detection lab for PowerShell Invoke-WebRequest abuse. Builds a Sentinel scheduled analytics rule, simulates the attack (port scanner, EICAR, data exfiltration, ransomware scripts), then works the incident through containment and eradication.
Microsoft Sentinel KQL Defender for Endpoint
Threat Hunt: Fake VLC Installer Malware
Threat hunt for a trojanized VLC installer dropping a persistent payload. KQL queries across Defender XDR DeviceFileEvents, ProcessEvents, NetworkEvents, and RegistryEvents detect the download, dropper execution, Run key persistence, C2 beaconing on port 8080, and .tmp data staging.
KQL Defender XDR MITRE ATT&CK
Brute Force Detection Lab
Sentinel scheduled analytics rule detecting 10+ failed logins per IP within 5 hours using DeviceLogonEvents. Incident response covers confirmed credential compromise across 4 Azure VMs, MDE isolation, NSG hardening to block public RDP, MFA enforcement, and Azure Bastion recommendation. MITRE T1110.
KQL Microsoft Sentinel Defender for Endpoint
Vulnerability Management Program
Full VM program lifecycle from policy draft and stakeholder buy-in to remediation completion. Tenable credentialed scans on Azure VMs, four PowerShell remediation rounds (Wireshark removal, insecure ciphers/protocols, guest account hardening, Windows updates), achieving an 80% reduction in total vulnerabilities.
Tenable Azure VMs PowerShell
Yaseen Copy
Cybersecurity ghostwriting subscription service. Tiered pricing ($750–$2,500/mo) with Stripe checkout, services showcase, FAQ accordion, and book-a-call form with Calendly integration.
Next.js 14 TypeScript Tailwind Stripe
BBM Cleaning Website
Production Next.js site for a Phoenix commercial cleaning company. Vercel deploy, Resend contact form.
Next.js Vercel Resend
Tote4Rent
Moving tote rental service for Phoenix, AZ and surrounding metro cities. SEO-optimized city landing pages for 10+ AZ cities, pricing tiers, FAQ, and contact. Free delivery and pickup within the Phoenix metro area.
Next.js TypeScript Tailwind CSS
Splunk Investigations Series
4-part Security Blue Team lab series using Splunk to investigate the BOTS v1 dataset. Labs cover a brute-force attack against imreallynotbatman.com, web scanner identification, OSINT, and endpoint investigation using progressively complex SPL queries.
Splunk SPL BOTS v1
Bike Sales Data Analysis
Bike sales dataset analysis project. The repository contains a single Excel workbook with the sales dataset.
Excel Data Analysis
/ daily non-negotiable
// fitness
Hit the gym.
At least 3 days a week.

Built the system around it. You can too.

learn more →
/ contact
Let's build something secure.

I'm open to collaborations, consulting, and conversations about cybersecurity, AI-powered detection, or building products. If you're an SMB looking to level up your security posture — or just want to talk shop — reach out.

// response time: < 24h
01
// EMAIL
abdullaahyaseen@gmail.com
 02
// GITHUB
github.com/abdullaah019
 03
// LINKEDIN
linkedin.com/in/abdullaahyaseen