[CODENAME T1]
T1-TRANSACTION is a jump server used day to day by users in various tasks, secured, fast, and 24/7 maintained
Role: Product Management
Overview:
T1-TRANSACTION is a mission-critical jump server (also known as a bastion host) designed to provide secure, centralized access to internal infrastructure for users performing sensitive operational tasks. The system serves as a gateway between external networks and internal systems, offering enhanced security, performance, and reliability.
T1-TRANSACTION is a mission-critical jump server (also known as a bastion host) designed to provide secure, centralized access to internal infrastructure for users performing sensitive operational tasks. The system serves as a gateway between external networks and internal systems, offering enhanced security, performance, and reliability.
Key Features & Highlights:
- Secure Access Control
Implemented strong authentication mechanisms (SSH key-based, MFA), role-based access policies, and session logging to ensure controlled and auditable access to target systems.
- High Availability & 24/7 Maintenance
The system is engineered for uptime and resilience. Automated monitoring tools and on-call support ensure 24/7 availability with minimal downtime.
- Performance Optimization
Fine-tuned for speed and responsiveness, with resource isolation, connection pooling, and optimized network configurations to handle a high volume of daily user transactions efficiently.
- User-Centric Design
Developed with ease-of-use in mind, T1 supports a diverse user base across teams, providing seamless connection experiences while maintaining strict security protocols.
- Scalable Infrastructure
Designed to grow with demand, T1 integrates with centralized directory services (e.g., LDAP/Active Directory), supports containerized deployment, and is cloud-ready for hybrid environments.
- Audit & Compliance
Full session recording, log aggregation, and compliance reporting meet enterprise security standards and internal policy requirements.
Responsibilities in Product Management:
- Defined product vision and roadmap aligned with internal IT security goals.
- Coordinated with infrastructure, security, and DevOps teams to ensure technical feasibility and timely rollouts.
- Collected feedback from end-users to refine features and improve usability.
- Oversaw performance KPIs, availability SLAs, and ongoing maintenance operations.
- Maintained up-to-date documentation and trained relevant teams on usage best practices.
2024 - Present · Product management
CODENAME EAGLE-EYE
EAGLE-EYE is an all-in Network Defense Solution that combines EDR, IDS, IPS, and a room for threat intelligent analysis.
Role: Product Design
Status: Ongoing
Overview:
EAGLE-EYE is a comprehensive network defense platform designed to provide end-to-end visibility, detection, and response across enterprise environments. It integrates key cybersecurity components—including Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and a dedicated environment for threat intelligence analysis—into a unified, modular framework.
Status: Ongoing
Overview:
EAGLE-EYE is a comprehensive network defense platform designed to provide end-to-end visibility, detection, and response across enterprise environments. It integrates key cybersecurity components—including Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and a dedicated environment for threat intelligence analysis—into a unified, modular framework.
Key Features & Capabilities:
- Unified Security Architecture
Combines multiple layers of defense (EDR, IDS, IPS) under a centralized management interface, enabling faster threat detection, correlation, and response.
- Real-Time Threat Detection
Uses signature-based and behavioral analysis engines to identify anomalies and block malicious activity as it occurs across endpoints and network layers.
- Threat Intelligence Integration
Offers a dedicated space for threat hunting, analysis, and integration with third-party threat intelligence feeds (e.g., MISP, STIX/TAXII) to proactively defend against evolving attack vectors.
- Customizable Response Workflows
Enables automated or manual response actions such as quarantining hosts, blocking IPs, or alert escalation based on customizable rules and severity levels.
- Scalable & Modular Design
Built for flexibility, EAGLE-EYE can be deployed in small to large environments, on-premises or in hybrid networks, with each module (EDR, IDS, IPS, TI) being deployable independently or in combination.
- Centralized Dashboard
Provides security teams with a consolidated view of threat landscape, alerts, trends, and performance metrics—designed for clarity and quick decision-making.
Responsibilities in Product Design:
- Leading the conceptual design and architecture of the platform.
- Defining user flows, system requirements, and integration points for each security module.
- Collaborating with cybersecurity analysts and network engineers to ensure functional alignment with real-world threat scenarios.
- Creating wireframes, mockups, and user interface components focused on usability and efficiency for security operations teams.
- Ensuring modularity and scalability in the overall system design to support future enhancements and integration.
ONGOING · Product design
CODENAME TAPPER
"TAPPER" can refer to a network traffic monitoring device
( Lan-Tap ), is a piece of hardware that passively intercepts and duplicates network traffic for analysis without interfering with the network's operation.
( Lan-Tap ), is a piece of hardware that passively intercepts and duplicates network traffic for analysis without interfering with the network's operation.
ONGOING · Product design
Role: Product/Hardware Concept & Design
Status: Completed prototype
Overview:
TAPPER refers to a specialized network traffic monitoring hardware device, commonly known as a LAN Tap. It is designed to passively intercept and duplicate Ethernet traffic between network nodes, allowing real-time traffic analysis without introducing latency or altering packet data.
Status: Completed prototype
Overview:
TAPPER refers to a specialized network traffic monitoring hardware device, commonly known as a LAN Tap. It is designed to passively intercept and duplicate Ethernet traffic between network nodes, allowing real-time traffic analysis without introducing latency or altering packet data.
Key Features & Capabilities:
- Passive Traffic Interception
TAPPER sits inline between two network devices (e.g., switch and router) and silently mirrors all traffic, including errors and malformed packets—ideal for forensic and security analysis.
- Non-Intrusive Design
Since it doesn't use active electronics or require IP configuration, TAPPER ensures zero interference with the network's normal operations—no latency, no packet loss, no disruptions.
- Real-Time Monitoring
Enables tools such as Wireshark, Zeek, or custom packet analyzers to capture live traffic for inspection, debugging, or threat hunting.
- Hardware-Level Reliability
Built using passive components (e.g., transformers, resistors), TAPPER functions reliably even in power outage scenarios—no power supply needed.
- Secure and Discreet
No detectable footprint on the network; ideal for compliance auditing, incident response, or silent observation in security-sensitive environments.
- Supports Full-Duplex Monitoring
Provides separate output channels for TX and RX, allowing complete full-duplex visibility when used with dual-interface monitoring systems.
Use Cases:
- Intrusion detection system (IDS) traffic feed
- Deep packet inspection (DPI)
- Network performance analysis
- Forensics and post-breach investigation
- Penetration testing and red team operations