Berkan Türel
Cyber Security Analyst
About Me
With over 3 years of hands-on experience as a SOC Analyst, I specialize in proactive threat detection, incident response, and security operations across diverse client environments. I excel at monitoring and analyzing security events using leading SIEM platforms (IBM QRadar, Splunk), developing and tuning correlation rules and Sigma rules to enhance detection fidelity while minimizing false positives through exclusion tuning and alert optimization.
Proficient in SOAR automation, I design and implement playbooks in Cortex XSOAR and FortiSOAR to accelerate incident response workflows and reduce MTTR. My endpoint expertise includes advanced EDR/XDR solutions (SentinelOne, CrowdStrike Falcon, Cortex XDR, Microsoft Defender for Endpoint) for behavioral analysis, threat hunting, and rapid containment of sophisticated threats.
I actively perform Cyber Threat Intelligence (CTI) collection from OSINT sources, Telegram channels, dark web forums, and underground communities to provide early warnings and enable proactive defense. As a freelancer, I've delivered tailored cybersecurity solutions to global clients via platforms like Fiverr, sharpening my ability to translate technical capabilities into client-specific value.
Passionate about knowledge sharing, I run a YouTube channel focused on cybersecurity tutorials, tool walkthroughs, industry trends, and emerging threats. In the Cyber Shield Community, I serve as a System Administrator and lead content creation initiatives. One of my flagship projects is a real-time monitoring system that continuously scans ~400 cybersecurity report-sharing sites, automatically notifying users via email and X (Twitter) about new intelligence uploads—significantly improving threat awareness and dissemination speed.
Continuously upskilling in Python for security automation, MITRE ATT&CK framework mapping, behavioral analytics, and AI-assisted detection techniques, I stay ahead of evolving cyber threats. Committed to building resilient defenses and fostering collaboration in the cybersecurity community—always open to connecting with professionals, organizations, and enthusiasts passionate about next-gen security operations.
Technical Skills
Tools and technologies I work with
SIEM Platforms
SOAR & Automation
EDR / XDR Solutions
Detection Engineering
Threat Intelligence
Security Automation
Professional Experience
My journey in cybersecurity
Cyber Security Analyst
PURE7
- Monitor and analyze security events using SIEM solutions (IBM QRadar, Splunk), developing and tuning custom correlation rules and use cases
- Perform false positive tuning through exclusion mechanisms to enhance detection fidelity
- Design and implement automation playbooks in SOAR platforms (Cortex XSOAR, FortiSOAR) to streamline incident response processes
- Leverage advanced EDR/XDR technologies (SentinelOne, CrowdStrike, Cortex XDR, Microsoft Defender) for proactive threat hunting and rapid threat containment
- Perform ongoing CTI activities by monitoring attacker communications on Telegram channels, forums, and underground sources to enable early warning and proactive defense
Cyber Security Analyst
Destel @ IGA (Istanbul Grand Airport)
- Specialized in monitoring and analyzing network and systems with a focus on cyber threat intelligence using Splunk, FortiSOAR, and Cisco AMP
- Engaged in cyber threat intelligence analysis and reporting to stay at the forefront of emerging threats and vulnerabilities
- Collaborated with internal and external teams to facilitate the exchange of crucial insights for preemptive cybersecurity risk addressal
- Played a pivotal role in incident response activities, leveraging expertise in Windows Forensics and file analysis tools to mitigate risks effectively
- Continuously refined defense strategies to stay ahead of evolving threats
Freelance Security Engineer
Fiverr
- Developed network projects and cybersecurity tools tailored to clients' needs
- Designed, implemented, and maintained a range of cybersecurity tools including vulnerability scanners, network monitors, and intrusion detection systems
Projects & Portfolio
Technical work and security tools
Automated Cybersecurity Report Aggregator and Notifier
Collects the latest cybersecurity reports from over 200 sharing sites and notifies users via email based on predefined keywords. Using web scraping, it categorizes and summarizes the reports. Users can enhance their security measures proactively by staying informed about current threats and vulnerabilities.
RansomTrack - Ransomware Group Activity Tracker
A Python-based project to monitor the activities of ransomware groups and deliver updates via email. Leveraging web scraping techniques, it gathers and analyzes data from various sources, capturing ransomware group movements and sharing announcements. Helps organizations strengthen cybersecurity measures and proactively defend against potential threats.
Network Reconnaissance Tool
A Network Reconnaissance Tool using Python and the Scapy library. The tool can operate in two modes: active and passive. In active mode, it sends ICMP packets to all IP addresses on the network to discover live hosts. In passive mode, it listens for ARP packets on the network to map IP and MAC addresses of all hosts. Useful for both offensive and defensive security purposes.
Blog & Articles
Sharing knowledge with the security community