Threat Researcher • Detection Engineering & Response • AI & Quantum Security

Durgesh Gaurav

Cyber Threat Researcher with 8 years of experience building intelligence-driven security operations, adversary research programs, and detection engineering capabilities across enterprise environments.

Contact Me LinkedIn
8
Years Threat Research Experience
4
Years Software Experience
24/7
Threat Research

Core Focus Areas

Threat Intelligence Operations

Operationalizing intelligence into detection, hunting, and response workflows.

AI & Emerging Threat Research

Researching adversarial AI, makware, vulnerability, telecom/5G, Quantum, cloud, and supply chain threats.

Detection Engineering

YARA, Sigma, SIEM/SOAR detections, telemetry correlation, and ATT&CK mapping.

About

Research-Driven Cybersecurity Leadership

I specialize in transforming threat intelligence into practical security outcomes. My work spans adversary research, threat hunting, malware analysis, detection engineering, AI security, and intelligence-driven security operations.

Throughout my career, I have built honeynet infrastructure, operationalized intelligence workflows, developed detection content, and led research into emerging threats targeting cloud, AI, telecom, and enterprise environments.

I actively collaborate with SOC, DFIR, and engineering teams to bridge the gap between intelligence and action.

Expertise

Technical Capabilities

Threat Research
Threat Hunting
Detection Engineering
MITRE ATT&CK
MITRE ATLAS
AI Security
NIST AI RMF
OWASP LLM
Malware Analysis
Incident Response
Threat Modeling
YARA & Sigma
SOAR
SIEM
EDR
OpenCTI / MISP
Experience

Professional Journey

Threat Researcher | Cyber Threat Intelligence

Dish Wireless (An EchoStar Company)
Aug 2024 – Present
  • Lead end-to-end intelligence cycle operations including deep research on threat actors, cybercriminals, fraud groups, Initial Access Brokers (IABs), and adversary TTPs.
  • Assist SOC teams on threat hypothesis generation, detection engineering, and operational threat intelligence support.
  • Research emerging threats across 5G/telecom, ICS/OT, AI security, supply chain, and quantum security landscapes.
  • Establish intelligence-sharing partnerships with GSMA, MITRE, private organizations, and internal stakeholders.
  • Architect and govern intelligence workflows for threat data ingestion, processing, enrichment, and threat identification.
  • Leverage AI/LLMs to develop workflows, frameworks, tooling, and operational CTI capabilities.
  • Conduct malware analysis, campaign tracking, vulnerability intelligence analysis, and threat actor investigations.
  • Maintain intelligence knowledge bases tracking TTPs, detections, mitigations, and adversary tradecraft.
  • Deliver executive-level intelligence briefings and curated intelligence for Threat Hunting, DFIR, and Detection Engineering teams.
  • Analyze intelligence from OSINT, social media, technical blogs, intelligence reports, sandbox output, and internal telemetry.
  • Support incident responders and intrusion analysts by pivoting endpoint, log, and network telemetry during investigations.

Senior Security Engineer | Threat Research

Tesla
Jan 2023 – Jun 2024
  • Researched and analyzed attacker techniques using OSINT, SOCMINT, and TECHINT sources to improve security posture.
  • Collaborated with cross-functional teams to implement countermeasures and improve enterprise security defenses.
  • Led threat research and response activities focused on supply chain cyber threats and third-party risks.
  • Identified IOCs, developed threat hypotheses, and conducted proactive threat hunting operations.
  • Produced daily, weekly, and monthly intelligence reports highlighting critical threats, vulnerabilities, and recommendations.
  • Provided detection and response capabilities using SIEM, SOAR, EDR, and security automation platforms.
  • Conducted advanced investigations and correlation analysis across network, OS, and application-level telemetry.
  • Performed threat modeling exercises and delivered actionable mitigation recommendations.
  • Captured malware samples and performed malware capability analysis and infrastructure tracking.
  • Developed and maintained security operations playbooks, standards, procedures, and response workflows.
  • Continuously improved detection rules, alerts, and security signals to reduce response time and incident impact.

Threat Analyst | Research & Development

Fortinet
Dec 2019 – Jan 2023
  • Researched and developed deception and honeynet infrastructure to capture active zero-day threats and adversary TTPs.
  • Monitored dark/deep web sources for sensitive information exposure and emerging adversary activities.
  • Leveraged MITRE ATT&CK, Diamond Model, Pyramid of Pain, STRIDE, and Cyber Kill Chain frameworks during investigations.
  • Conducted threat hunting and identified IOCs/IOAs associated with adversary tradecraft.
  • Performed threat emulation and purple teaming exercises to identify and remediate security gaps.
  • Developed Digital Forensics, Network Forensics, and Incident Response procedures and investigation workflows.
  • Analyzed malicious traffic and attributed attacker infrastructure using IOC correlation techniques.
  • Created YARA and Sigma rules supporting enterprise detection engineering capabilities.
  • Managed and consolidated cyber threat data sources and delivered intelligence briefings to stakeholders.
  • Tested and analyzed vulnerabilities affecting Fortinet products and assessed associated business impact.

Information Security Analyst

Pacific Gas & Electric (PG&E)
Jul 2018 – Dec 2019
  • Analyzed network traffic for malicious activity and attack vectors across enterprise environments.
  • Conducted SIEM scans, dashboard reporting, and IOC/IOA analysis for security investigations.
  • Performed threat analysis using MITRE ATT&CK, Diamond Model, and Pyramid of Pain methodologies.
  • Supported Cyber Kill Chain defense operations against APT emulation scenarios.
  • Performed malware analysis, digital forensics, and malicious activity investigations.
  • Conducted log analysis, intrusion detection support, and threat mitigation activities.
  • Implemented data protection and anonymization measures to secure customer and employee data.

Sr. Software Engineer

Apace Technology
Aug 2011 – July 2015
Publications

Cybersecurity Research & Community Contribution

Author of “Learn How to Defend Against Cyber Crimes, In Just One Day” — focused on helping individuals and organizations defend against evolving cyber threats.

Read Publication
Research Areas
AI Security & Adversarial AI
Threat Intelligence Lifecycle Automation
Cloud & Enterprise Threat Detection
Threat Modeling & ATT&CK Mapping
Malware Analysis & Infrastructure Tracking
LLM Security & Emerging Threats
Research & Labs

Threat Research & Engineering Focus

Detection Engineering

  • Develop ATT&CK-aligned detection logic using SIEM, SOAR, EDR/XDR, YARA, Sigma, and behavioral analytics.
  • Build threat-informed detections using adversary emulation, telemetry correlation, and IOC/IOA enrichment.
  • Research and validate detection opportunities across enterprise, cloud, AI, and hybrid environments.
  • Support proactive threat hunting missions and advanced investigation workflows.

Threat Intelligence & Adversary Research

  • Track nation-state actors, ransomware groups, cybercriminal ecosystems, and Initial Access Brokers (IABs).
  • Research malware campaigns, supply chain compromises, AI-related threats, and emerging attacker tradecraft.
  • Analyze technical intelligence from OSINT, TECHINT, dark web, malware sandboxes, and telemetry pipelines.
  • Map adversary behavior to MITRE ATT&CK, D3FEND, ATLAS, and Cyber Kill Chain frameworks.

Security Research Lab

  • Maintain lab environments for malware analysis, adversary simulation, telemetry validation, and detection testing.
  • Operate honeynet and deception-based research systems to capture attacker behaviors and exploit attempts.
  • Research emerging threats impacting AI systems, telecom/5G, ICS/OT, cloud, and enterprise infrastructure.
  • Experiment with AI/LLM-assisted workflows for threat analysis, enrichment, and intelligence automation.

Leadership & Intelligence Operations

  • Lead intelligence-driven security initiatives across SOC, DFIR, Detection Engineering, and Threat Hunting teams.
  • Deliver executive-level threat intelligence briefings, strategic assessments, and operational recommendations.
  • Mentor analysts and collaborate with cross-functional teams to improve enterprise security posture.
  • Establish intelligence-sharing partnerships with industry organizations, researchers, and security communities.
Frameworks & Methodologies

Threat-Informed Security Approach

MITRE ATT&CK

Adversary behavior mapping, detection coverage analysis, and threat-informed defense.

MITRE ATLAS

Researching AI attack techniques, adversarial ML threats, and AI security operations.

NIST AI RMF

Managing socio-technical risks, trustworthiness, and safety in AI systems.

MITRE FIGHT

Adversary behavior modeling for 5G/6G networks and telecommunications infrastructure.

MITRE D3FEND

Defensive countermeasure mapping and detection engineering strategy alignment.

Cyber Kill Chain

Threat modeling, intrusion analysis, and adversary lifecycle disruption.

OWASP LLM

Securing Large Language Models against prompt injection, data leakage, and vulnerabilities.

NIST Cybersecurity Framework (CSF)

Holistic cybersecurity governance, risk management, and operational resilience standards.

Contact

Let’s Build Better Security Together

Feel free to connect with me.

durgesh@durgeshgaurav.com LinkedIn Profile