Threat Researcher • Detection Engineering & Response • AI & Quantum Security

Durgesh Gaurav

Cyber Threat Researcher with 8 years of experience building intelligence-driven security operations, adversary research programs, and detection engineering capabilities across enterprise environments.

Contact Me LinkedIn
8
Years Threat Research Experience
4
Years Software Experience
24/7
Threat Research

Core Focus Areas

Threat Intelligence Operations

Operationalizing intelligence into detection, hunting, and response workflows.

AI & Emerging Threat Research

Researching adversarial AI, makware, vulnerability, telecom/5G, Quantum, cloud, and supply chain threats.

Detection Engineering

YARA, Sigma, SIEM/SOAR detections, telemetry correlation, and ATT&CK mapping.

About

Research-Driven Cybersecurity Leadership

I specialize in transforming threat intelligence into practical security outcomes. My work spans adversary research, threat hunting, malware analysis, detection engineering, AI security, and intelligence-driven security operations.

Throughout my career, I have built honeynet infrastructure, operationalized intelligence workflows, developed detection content, and led research into emerging threats targeting cloud, AI, telecom, and enterprise environments.

I actively collaborate with SOC, DFIR, and engineering teams to bridge the gap between intelligence and action.

Expertise

Technical Capabilities

Threat Research
Threat Hunting
Detection Engineering
MITRE ATT&CK
MITRE ATLAS
AI Security
NIST AI RMF
OWASP LLM
Malware Analysis
Incident Response
Threat Modeling
YARA & Sigma
SOAR
SIEM
EDR
OpenCTI / MISP
Experience

Professional Journey

Threat Researcher | Cyber Threat Intelligence

Dish Wireless (An EchoStar Company)
Aug 2024 – Present
  • Lead end-to-end intelligence cycle operations including deep research on threat actors, cybercriminals, fraud groups, Initial Access Brokers (IABs), and adversary TTPs.
  • Assist SOC teams on threat hypothesis generation, detection engineering, and operational threat intelligence support.
  • Research emerging threats across 5G/telecom, ICS/OT, AI security, supply chain, and quantum security landscapes.
  • Establish intelligence-sharing partnerships with GSMA, MITRE, private organizations, and internal stakeholders.
  • Architect and govern intelligence workflows for threat data ingestion, processing, enrichment, and threat identification.
  • Leverage AI/LLMs to develop workflows, frameworks, tooling, and operational CTI capabilities.
  • Conduct malware analysis, campaign tracking, vulnerability intelligence analysis, and threat actor investigations.
  • Maintain intelligence knowledge bases tracking TTPs, detections, mitigations, and adversary tradecraft.
  • Deliver executive-level intelligence briefings and curated intelligence for Threat Hunting, DFIR, and Detection Engineering teams.
  • Analyze intelligence from OSINT, social media, technical blogs, intelligence reports, sandbox output, and internal telemetry.
  • Support incident responders and intrusion analysts by pivoting endpoint, log, and network telemetry during investigations.

Senior Security Engineer | Threat Research

Tesla
Jan 2023 – Jun 2024
  • Researched and analyzed attacker techniques using OSINT, SOCMINT, and TECHINT sources to improve security posture.
  • Collaborated with cross-functional teams to implement countermeasures and improve enterprise security defenses.
  • Led threat research and response activities focused on supply chain cyber threats and third-party risks.
  • Identified IOCs, developed threat hypotheses, and conducted proactive threat hunting operations.
  • Produced daily, weekly, and monthly intelligence reports highlighting critical threats, vulnerabilities, and recommendations.
  • Provided detection and response capabilities using SIEM, SOAR, EDR, and security automation platforms.
  • Conducted advanced investigations and correlation analysis across network, OS, and application-level telemetry.
  • Performed threat modeling exercises and delivered actionable mitigation recommendations.
  • Captured malware samples and performed malware capability analysis and infrastructure tracking.
  • Developed and maintained security operations playbooks, standards, procedures, and response workflows.
  • Continuously improved detection rules, alerts, and security signals to reduce response time and incident impact.

Threat Analyst | Research & Development

Fortinet
Dec 2019 – Jan 2023
  • Researched, developed system to capture active zero-day threats via deception/honeynet, assessed adversary latest TTPs.
  • Monitored Dark/Deep web for sensitive information, adversary activities and potential threats to infrastructure.
  • Leveraged MITRE ATT&CK, Diamond, Pyramid of Pain, Cyber Kill Chain, and Threat Modeling as applicable.
  • Hunted, investigated, and identified IOCs and IOAs to identify threats/threat actor TTPs in the environment.
  • Helped improve threat detection by providing latest adversary TTPs to relevant stakeholders.
  • Leveraged OSINT, SMI/SOCMINT, and TECHINT solutions to obtain/investigate intelligence.
  • Conducted threat emulation via purple teaming and simulation to identify security gaps and remediated security issues.
  • Developed Digital Forensics, Network Forensics, Incident Response plans and procedures and performed incident investigations.
  • Identified, collected, and analyzed digital evidences. Conducted investigations on security incidents.
  • Analyze malicious traffic and IOCs to perform correlation to attribute threat actors. Written YARA and Sigma rules.
  • Research, analyze, and provide reports on attacker campaigns as required.
  • Manage and consolidate the cyber threat data sources, compile reports and provide regular consultation and threat briefings to stakeholders.
  • Tested and analyzed vulnerabilities reported in Fortinet products. Assess the impact of the vulnerabilities.

Information Security Analyst

Pacific Gas & Electric (PG&E)
Jul 2018 – Dec 2019
  • Analyzed network traffic for malicious and/or abnormal activity for attack vectors.
  • Conducted SIEM scans and generated dashboard/reports. Scanned and Identified IOCs and IOAs.
  • Performed threat analysis using MITRE ATT&CK framework, Pyramid of Pain, and Diamond model.
  • Assisted Cyber Kill Chain defense against APTs emulations.
  • Leveraged cyber threat modeling techniques to identify malicious threats and malicious activities to architect tooling.
  • Identified adversary's TTPs for technical mitigation strategies to prevent, control, and isolate incidents.
  • Performed malware analysis using various malware analysis methodologies.
  • Performed digital forensics to identify suspicious malicious evidence.
  • Assisted intrusion detection and prevention techniques. Performed log analysis and identified malicious activities.
  • Conducted data loss prevention, implemented data anonymization measures. Secured customer and employee data.

Sr. Software Engineer

Apace Technology
Aug 2011 – July 2015
Publications

Cybersecurity Research & Community Contribution

Author of “Learn How to Defend Against Cyber Crimes, In Just One Day” — focused on helping individuals and organizations defend against evolving cyber threats.

Read Publication
Research Areas
AI Security & Adversarial AI
Threat Intelligence Lifecycle Automation
Cloud & Enterprise Threat Detection
Threat Modeling & ATT&CK Mapping
Malware Analysis & Infrastructure Tracking
LLM Security & Emerging Threats
Research & Labs

Threat Research & Engineering Focus

Detection Engineering

  • Develop ATT&CK-aligned detection logic using SIEM, SOAR, EDR/XDR, YARA, Sigma, and behavioral analytics.
  • Build threat-informed detections using adversary emulation, telemetry correlation, and IOC/IOA enrichment.
  • Research and validate detection opportunities across enterprise, cloud, AI, and hybrid environments.
  • Support proactive threat hunting missions and advanced investigation workflows.

Threat Intelligence & Adversary Research

  • Track nation-state actors, ransomware groups, cybercriminal ecosystems, and Initial Access Brokers (IABs).
  • Research malware campaigns, supply chain compromises, AI-related threats, and emerging attacker tradecraft.
  • Analyze technical intelligence from OSINT, TECHINT, dark web, malware sandboxes, and telemetry pipelines.
  • Map adversary behavior to MITRE ATT&CK, D3FEND, ATLAS, and Cyber Kill Chain frameworks.

Security Research Lab

  • Maintain lab environments for malware analysis, adversary simulation, telemetry validation, and detection testing.
  • Operate honeynet and deception-based research systems to capture attacker behaviors and exploit attempts.
  • Research emerging threats impacting AI systems, telecom/5G, ICS/OT, cloud, and enterprise infrastructure.
  • Experiment with AI/LLM-assisted workflows for threat analysis, enrichment, and intelligence automation.

Leadership & Intelligence Operations

  • Lead intelligence-driven security initiatives across SOC, DFIR, Detection Engineering, and Threat Hunting teams.
  • Deliver executive-level threat intelligence briefings, strategic assessments, and operational recommendations.
  • Mentor analysts and collaborate with cross-functional teams to improve enterprise security posture.
  • Establish intelligence-sharing partnerships with industry organizations, researchers, and security communities.
Frameworks & Methodologies

Threat-Informed Security Approach

MITRE ATT&CK

Adversary behavior mapping, detection coverage analysis, and threat-informed defense.

MITRE ATLAS

Researching AI attack techniques, adversarial ML threats, and AI security operations.

NIST AI RMF

Managing socio-technical risks, trustworthiness, and safety in AI systems.

MITRE FIGHT

Adversary behavior modeling for 5G/6G networks and telecommunications infrastructure.

MITRE D3FEND

Defensive countermeasure mapping and detection engineering strategy alignment.

Cyber Kill Chain

Threat modeling, intrusion analysis, and adversary lifecycle disruption.

OWASP LLM

Securing Large Language Models against prompt injection, data leakage, and vulnerabilities.

NIST Cybersecurity Framework (CSF)

Holistic cybersecurity governance, risk management, and operational resilience standards.

Contact

Let’s Build Better Security Together

Feel free to connect with me.

durgesh@durgeshgaurav.com LinkedIn Profile