Shaï Krief

Cybersecurity Analyst

Download CV Book a Call

About me

SOC Tier 2 analyst and AI automation engineer with hands-on experience across the full security stack — detection, incident response, offensive testing, and AI-driven workflow automation. Known for building tools and systems that accelerate security operations: from SOAR-integrated triage pipelines to custom offensive tooling.

I spent two years commanding soldiers in combat, where hesitation costs lives. Now I bring that same precision to the cyber battlefield — protecting 100+ enterprise clients, breaking into systems others believe are locked, and automating the infrastructure that connects defense to offense. Keep reading to see what that looks like in practice.

Shaikrief@hotmail.fr 053-282-7962
Tel Aviv, Israel
0 Clients Protected
0 CTF Rooms
0 Alerts / Day
0 Automations Built

What I do

  • icon

    Offensive Security

    I don't knock — I find the door you left unlocked. Web apps, networks, Active Directory: tested and exploited before the real attackers get there.

  • icon

    Defensive Security

    I've triaged 50+ alerts a day from inside the SOC. QRadar, CrowdStrike, Cortex XDR, SentinelOne — I know exactly what attackers look like when they think no one is watching.

  • icon

    AI & Automation

    Repetition is for machines. I automate the manual, wire up the intelligent, and ship security infrastructure that runs itself — n8n, Torq SOAR, custom Python, MCP.

  • icon

    Infrastructure

    A network is only as strong as what attackers can't see. I build the invisible layers — zero-trust, segmented, monitored — so breaches stop before they start.

Certifications & Recognition

  • CRTA

    CRTA

    Certified Red Team Analyst. Red team methodologies, MITRE ATT&CK TTPs, Active Directory attacks, and lateral movement in enterprise environments.

    Cyberwarfare Labs · 2026
  • eJPT V2

    eJPT V2

    Junior Penetration Tester by INE. Foundational penetration testing and vulnerability assessment.

    INE Security · June 2025
  • ICCA

    ICCA

    Certified Cloud Associate by INE. Practical cloud infrastructure security and deployment concepts.

    INE Security · Aug 2025
  • Torq SOAR

    Torq SOAR

    Automation Expert & Practitioner. Security orchestration and automated response workflows.

    Torq Academy · March 2026

  • Ethical Hacker

    Network intrusion techniques, ethical hacking methodology, and vulnerability exploitation fundamentals.

    Cisco · March 2026

  • Bug Bounty Masterclass

    Advanced web vulnerability research, responsible disclosure, and bug bounty methodology.

    WIZ · January 2026
  • TryHackMe

    Top 1% TryHackMe

    Global ranking reaching Top 1% with 350+ rooms completed. All Cyber Paths certified.

    TryHackMe · 2024–2026

  • Claude / AI Fluency

    Claude 101 · Claude Code · MCP · Agent Skills · AI Fluency: Framework & Foundations.

    Anthropic · 2026

Resume

Professional Experience

  1. Security Analyst — SOC Tier 2 / IR

    April 2025 – Present · Citadel Cyber Security

    Triage and resolve 50+ security alerts/day across multi-tenant environments. Investigate IoCs, malware campaigns, and lateral movement using EDR/XDR platforms; produce technical Root Cause Analysis reports. Built and refined Torq SOAR playbooks to reduce manual triage overhead. Operate across IBM QRadar, Splunk, Cortex XDR, SentinelOne, CrowdStrike, and CyberArk in parallel.

    QRadar Splunk Cortex XDR SentinelOne CrowdStrike Torq CyberArk

  2. AI Automation Engineer

    January 2026 – Present · Flowly (Independent)

    Designed and deployed 10+ automation pipelines integrating LLM APIs, n8n, and custom Python tooling for security and operational use cases. Architected end-to-end systems that replace manual workflows with autonomous, AI-driven processes — from data ingestion to output delivery.

    n8n Claude API Python Vercel

  3. Curriculum Designer & Python Instructor

    September 2024 – Present · CODii

    Promoted from classroom instructor to curriculum design — currently building the company's annual cybersecurity training program from scratch. Designed full learning tracks covering Python automation and algorithmic thinking; serve as emergency instructor backup across all classes.

    Python Curriculum Design

  4. Tier 2 Technical Support

    January 2025 – April 2025 · Netspark Ltd

    Resolved complex L2/L3 network and software issues for enterprise clients across iOS, macOS, Android, and Windows. Diagnosed SSL, URL filtering, and IP-level issues — building a systematic troubleshooting methodology applied later in SOC work.

    TCP/IP SSL/TLS Ticketing Systems

Military Service

  1. Sergeant — Combat Operations (Nahal Brigade)

    March 2021 – November 2023 · Israel Defense Forces (IDF)

    Led a team in high-pressure combat environments; developed rapid decision-making and crisis management under operational stress. Responsible for mission planning, team readiness, and real-time tactical decisions.

    Leadership Crisis Management Tactical Operations

Education

  1. KERNELIOS

    July 2024 – November 2024 · Tel Aviv

    Cybersecurity & System Administration Bootcamp (450+ hrs). Network analysis, web app security (SQLi, XSS, CSRF), malware analysis, Active Directory hardening — 250+ practical lab scenarios.

    Active Directory Windows Server Linux Azure AWS

  2. Ironi Dalet Municipal High School

    2015 – 2020 · Tel Aviv

    High School Diploma (Baccalauréat Général).

  3. Continuous Learning

    2023 – Present · Self-directed

    HackTheBox CPTS Path · PortSwigger Academy · TryHackMe. Self-directed offensive security curriculum — 350+ rooms completed, Top 1% global ranking on TryHackMe. Pursuing CPTS certification.

    HackTheBox PortSwigger TryHackMe

Security Research & Hobbies

Personal Security Lab

Proxmox / RPi 5 & RPi 500+
  • Multi-node hybrid lab (x86 + ARM) running Proxmox + Docker for continuous attack/defense simulation
  • SIEM & detection: Wazuh for centralized log analysis, intrusion detection, and real-time alerting
  • Zero-Trust network: Tailscale + Cloudflare Tunnels + OPNsense firewall with full VLAN segmentation
  • Security research environment: Kali ARM, Windows Server 2025, GrapheneOS — CTF prep & vulnerability research
Proxmox Wazuh Docker n8n Tailscale OPNsense Kali Python Bash

Vulnerability Research & Offensive Tooling

Independent / Intigriti (Bug Bounty)
  • Research web application vulnerabilities (XSS, SQLi, IDOR, SSTI, auth flaws, file upload bypass) as a learning discipline
  • Built custom offensive tooling: blind XSS payload generator with context break-out engine and file upload bypass toolkit
  • Active on HackTheBox (CPTS certification path) and PortSwigger Academy for continuous offensive skill development
  • CTF competitor — 350+ rooms completed, Top 1% global on TryHackMe
Burp Suite Pro Python HackTheBox PortSwigger Intigriti

Certifications

  • CRTA

    Red Team Analyst · CWL · 2026

  • eJPT V2

    Junior Pentest · INE · June 2025

  • ICCA

    Cloud Associate · INE · Aug 2025

  • Ethical Hacker

    Cisco · March 2026

  • Torq Automation

    Expert & Practitioner · March 2026

  • Bug Bounty Masterclass

    WIZ · January 2026

  • Claude / AI Fluency

    Anthropic (Multiple) · 2026

  • Linux Essentials

    LPI

  • Top 1% TryHackMe

    350+ Rooms · All Cyber Paths

  • CyberFoxes Founder

    Discord Community

Technical Skills

Offensive Security

Burp Suite Pro Metasploit Nmap Active Directory XSS / SQLi / IDOR Red Teaming

Defensive / Detection

QRadar Splunk Wazuh Cortex XDR CrowdStrike SentinelOne Incident Response

AI & Automation

n8n Torq SOAR Python Claude / OpenAI APIs MCP AI Agent Design

Infrastructure & Cloud

Linux Docker Proxmox Tailscale OPNsense AWS / Azure / GCP

Portfolio

Blog

  • Loading posts…

Contact

Let's talk.

Most messages get a reply within 24 hours.