Papa Corpnet

About Papa Corpnet

I’m Nicholas, a practitioner with 6 years in cyber operations, detection engineering, and security automation. Papa Corpnet exists to turn security noise into clear, shippable actions , and leave your team stronger after every incident.

What I’m known for

  • Reducing alert volume without losing real attacks.
  • Designing escalation paths that cut MTTR and confusion.
  • Automating enrichment, evidence capture, and safe containment , with guardrails.
  • Root cause analysis that explains exactly how incidents happened and what to fix.

Tooling and platforms

  • Microsoft: Sentinel, Defender for Office 365, Endpoint, Identity, Entra ID
  • Palo Alto: Cortex XDR, NGFW policy, AIOps insights
  • Email security: Proofpoint TAP/SEG, DMARC/DKIM/SPF
  • Automation & intel: Torq, OpenCTI • Reporting: Power BI, Streamlit
  • Cloud posture: AWS (CloudTrail/GuardDuty), Azure (Defender for Cloud)

Representative outcomes

  • Multi-tenant phishing workflow that supports multiple business lines with one modular playbook.
  • 60-minute escalation standard with automation to track compliance.
  • False-positive reductions across XDR analytics (LOLBAS, rundll32, remote admin) without losing signal.
  • Weekly SOC metrics automation: SLA, MTTR/MTTD, and leadership-ready visuals.
  • QR-code phishing containment with mailbox rule snapshotting and clean resets.

How engagements work

  1. Assess quickly: clarify goals, review detections, and map the fastest wins.
  2. Stabilize: triage, contain, and document as we go , no black boxes.
  3. Ship improvements: tune rules, automate busywork, and close control gaps.
  4. Hand off cleanly: short docs, before/after metrics, and a simple maintenance plan.

Who I help

Enterprises that want clear outcomes, small businesses that need pragmatic protection, and individuals dealing with account takeovers, phishing cleanup, or home network hardening.