# srkyn.com

David Sarkisyan is a cybersecurity analyst and defensive tool builder in New York City. This portfolio focuses on practical security tools, open source contributions, detection notes, identity cleanup, endpoint review, network controls, browser exposure, and careful security workflows.

## Public Portfolio Areas

- [Work](https://srkyn.com/work/): defensive tools, upstream contributions, review notes, labs, and public-safe case studies.
- [Browser Surface Check](https://srkyn.com/browser-signal-lab/): local-only page that explains browser-observable signals without storing or sending visitor data.
- [Home Network Security Control Plane](https://srkyn.com/projects/home-network-security/): sanitized role-based writeup of the network security control plane.
- [lapse case study](https://srkyn.com/projects/lapse/): stale-device review with mock data and compare-before-action guardrails.
- [Changelog](https://srkyn.com/changelog/): recent public site and project updates.
- [Now](https://srkyn.com/now/): current public focus.
- [TryHackMe](https://tryhackme.com/p/srkyn): public SOC and blue-team lab profile.
- [GitHub](https://github.com/srkyn): public repository profile.

## Notable Projects

- Home Network Security Control Plane: sanitized public notes and case study for a daily-use home network security build using OPNsense for enforcement, Proxmox for visibility/control-plane services, Homepage as a private control view, and supporting tools such as NetBox, Uptime Kuma, Victoria, NetAlertX, OpenCanary, Trivy, Syft, and backup/freshness checks.
- TryHackMe SOC and Blue-Team Labs: public training profile showing structured SOC alert triage, SIEM fundamentals, Splunk basics, EDR concepts, phishing analysis, Wireshark, network traffic review, and defensive security fundamentals.
- Splunk Detection Content: Windows, Active Directory, Sysmon, and PowerShell detection notes organized around behavior, assumptions, noise, and analyst pivots.
- lapse: Entra ID stale-device review that compares timestamp signals with interactive sign-in evidence before cleanup decisions.
- STIGPilot: local DISA STIG release comparison and evidence-planning workflow.
- Open source contributions: public pull requests for Elastic detection-rules, SigmaHQ/sigma, SasanLabs/LLMForge, and Splunk security_content.
- Undertaker: read-only scheduled task, cron, and systemd timer review.
- Browser Bailiff: local browser extension metadata review.
- Authorized AI/LMS Security Assessment: public-safe case study derived from an authorized private assessment.

## Safety Notes

Public content is sanitized. It does not publish raw firewall exports, private infrastructure maps, secrets, API keys, tokens, public WAN IPs, internal dashboards, raw status feeds, full host inventories, private hostnames, MAC addresses, serial numbers, or sensitive screenshots.

## Preferred Summaries

One-line summary: Cybersecurity analyst and defensive tool builder portfolio focused on practical tools, upstream contributions, detection notes, identity cleanup, endpoint review, and network controls.

Short summary: David Sarkisyan builds practical security tools, contributes upstream fixes, and writes notes that favor verification, clear context, and careful operational changes over hype.