Brooklyn / security operations / defensive tooling

Cybersecurity analyst for signal-heavy environments.

I’m David Sarkisyan. I build and document defensive projects across SOC workflows, Splunk, IAM, endpoint security, network defense, and practical evidence handling.

Embryology trained my pressure style: preserve the chain, read the small signal, make the next move calm.

GitHub LinkedIn Review work

Proof without the scavenger hunt.

Each project is framed by the problem it addresses, the evidence it shows, and the repo behind it.

OPNsense Home Network Security Live lab lapse Identity hygiene relic Active Directory Undertaker Endpoint review Browser Bailiff Browser security AI Chatbot Security Assessment AppSec case

Live lab

OPNsense Home Network Security

Problem: A real home network needed documented controls, sane DNS paths, and a roadmap that did not pretend unfinished work was done.

Proof: WAN/LAN policy, DNSSEC, Quad9 DNS-over-TLS, DNS bypass blocking, CrowdSec, DHCP/local DNS, and sanitized operational notes.

OPNsenseDNS-over-TLSCrowdSecNetwork defense

Open repo

Identity hygiene

lapse

Problem: Stale Entra ID device cleanup creates false positives when inventory is judged without sign-in evidence.

Proof: Graph-based device hygiene workflow that checks sign-in context before treating a device as abandoned.

Entra IDGraphIAMDevice hygiene

Open repo

Active Directory

relic

Problem: AD cleanup work gets risky when old objects, service accounts, and group remnants are reviewed manually.

Proof: Read-only auditing for stale objects, risky group leftovers, non-expiring passwords, and aging service accounts.

Active DirectoryLDAPAccess cleanup

Open repo

Endpoint review

Undertaker

Problem: Old scheduled jobs can hide privilege, persistence, and forgotten operational risk.

Proof: Read-only checks across Windows Scheduled Tasks, Linux cron, and systemd timers.

PythonScheduled tasksPrivilege review

Open repo

Browser security

Browser Bailiff

Problem: Browser extensions often get trusted long after their host permissions stop making sense.

Proof: Extension risk review for permissions, manifest signals, age, and host access.

Browser securityPermissionsEndpoint awareness

Open repo

AppSec case

AI Chatbot Security Assessment

Problem: An AI chatbot workflow needed practical abuse-case testing without turning the writeup into theater.

Proof: Authorized assessment notes focused on evidence, impact, and clear remediation.

AppSecAI securityEvidence

Open repo

Calm under pressure. Evidence first.

Security work gets weak when people perform certainty. I prefer evidence, careful labels, useful notes, and controls another analyst can actually review.

SOC

Alert triage, Splunk investigation, escalation notes, evidence trails.

IAM

Active Directory, Entra ID, MFA, onboarding/offboarding, access cleanup.

Endpoint

Device hygiene, browser risk, scheduled-task review, practical remediation.

Network

Firewall policy, DNS path control, OPNsense, segmentation roadmap.

Security roles, sharp feedback, real conversations.

NYC hybrid or remote. SOC, IAM, endpoint, vulnerability management, network security, and incident response.

contact [at] srkyn.com GitHub