Every cybersecurity professional has that moment — a realization that this field is vast, fascinating, and constantly evolving. For me, that moment came while discussing frustrations with co-workers over our false positive rate, and thinking: "There has to be a better way."

That thought sparked a deeper curiosity, and now, I’ve decided to document my journey to becoming a Subject Matter Expert (SME) in four key areas I believe are critical to the modern defender:

• SIEM (Security Information and Event Management)
• Logging and telemetry best practices
• Open Source Intelligence (OSINT)
• Detection Engineering

Why These Areas?

Each of these disciplines plays a massive role in building effective threat detection and response capabilities:

• SIEM gives us visibility.
• Logging gives us context.
• OSINT gives us insight.
• Detection Engineering gives us power.

The more I learn, the more I realize that strong detections aren't just rules—they’re built from good data, strong hypotheses, and repeatable, testable engineering.

My Roadmap

've created a structured roadmap to guide my progress. It spans from fundamentals (networking, log formats, MITRE ATT&CK) to more advanced skills like:

• Writing and testing Sigma rules
• Automating detection deployment via CI/CD
• Scaling SIEM pipelines
• Gathering and visualizing OSINT for enrichment
• Building a detection content repo with full lifecycle management

I’ll be sharing resources, tools, labs, setbacks, breakthroughs, and personal reflections here on this blog.

What to Expect

My upcoming posts will include:

• Lab setups and walkthroughs (Elastic, Splunk, HELK, Wazuh, etc.)
• Deep dives into detection rule tuning and testing
• Lessons learned while building a detection-as-code pipeline
• OSINT workflows for defenders
• Threat hunting scenarios and MITRE ATT&CK coverage