EN TR Terminal
[ ANALYST PROFILE ]

Fatih Serdar Çakmak

SOC Intern @ Fibabanka ITU CS '27 Istanbul, Turkey

> Blue team by day, AI/LLM security tooling by night.

Defending production banking systems @ Fibabanka
CURRENT STATUS
ROLE SOC Analyst Intern
ENV Banking / BDDK
STACK SIEM · EDR · SOAR
STATUS ACTIVE
12 mo SOC
4 featured project
1 certification
[ BDDK REGULATED ]

Experience

● ACTIVE Part-time 2026-03 – present
Cyber Security Operations (SOC) Intern @ Fibabanka
Istanbul, Turkey
  • Triage production SIEM and EDR alerts in a BDDK-regulated banking SOC, escalating confirmed incidents to senior analysts
  • Design and run n8n automation workflows for the SOC — LLM-assisted alert triage, IOC enrichment, and phishing analysis to cut manual L1 steps
  • Review CTI feeds and track daily alert volumes; write incident documentation used in shift handovers and audit records
2025-07 – 2026-03
Cybersecurity and Incident Response Intern @ Doğuş Teknoloji
Istanbul, Turkey
  • Triaged alerts and filtered false positives across SIEM, SOAR, EDR, and NDR platforms on a live SOC shift
  • Wrote and tuned Cortex XSOAR playbooks for phishing and recurring threat patterns together with senior analysts
  • Handled L1 incident response tasks and prepared case reports within SLA targets
  • Monitored Active Directory and Windows/Linux logs; supported basic network segmentation work

Writeups

All writeups →

About

Computer Engineering student at Istanbul Technical University (class of 2027). Started in Industrial Automation at Kocaeli ENKA, which turned out to be solid prep for OT/IT security. At Doğuş Teknoloji I worked across SIEM, SOAR, EDR and NDR platforms: L1 incident response, SOAR playbook writing (phishing playbooks especially), EDR alert tuning, and IT/OT segmentation. Now part-time at Fibabanka doing daily alert triage, CTI review, and n8n SOC automation (LLM-assisted triage, IOC enrichment, phishing analysis) in a BDDK-regulated banking environment. MITRE ATT&CK is how I think about threats. Off the clock I build open-source security tooling for AI systems: Tamga, a self-hosted LLM security proxy, and MCPRadar, a scanner that checks MCP servers for nasty surprises.

Technical Arsenal

Cybersecurity
SOC OperationsAlert TriageIncident Response (IR)Threat DetectionLog AnalysisPhishing AnalysisIOC EnrichmentCTISIEMSOAREDR/NDRMITRE ATT&CK
AI / LLM Security
Prompt Injection DefensePII RedactionMCP SecurityLLM-Assisted Triage
Infrastructure
Active DirectoryWindows/Linux AdministrationNetwork SecurityNetwork Segmentation
Compliance
BDDK Regulatory AwarenessKVKKISO/IEC 27001 AwarenessIncident Reporting
Tools & Programming
PythonGoSQLC/C++FastAPICortex XSOARn8nWiresharkDockerGit
English Professional
Turkish Native

Featured projects

ACTIVE Personal project
GoPythonNext.jsAI SecurityAGPL-3.0

Open-source proxy you host yourself, sitting between your app and the LLM provider (OpenAI, Anthropic, Azure, Vertex). Redacts PII inline (TC Kimlik, IBAN, credit cards), blocks leaked secrets, and catches prompt injection with sub-millisecond static scanning via an Aho-Corasick DFA. Ships KVKK / BDDK / GDPR / PCI-DSS compliance mappings, hash-chained audit logs, a Next.js incident dashboard, and a 309-prompt adversarial suite gated in CI.

ACTIVE Personal project
PythonMCPSupply ChainSARIFPyPI

Catches tool poisoning, prompt injection, and supply-chain rug pulls in Model Context Protocol servers before your agent runs them. 6 detection rules (zero-width Unicode, injection patterns, encoded blobs, hidden HTML/Markdown, permission scope mismatch, dangerous tool names), SARIF output that drops straight into the GitHub Security tab, and SQLite snapshot diffing to flag silent schema changes. One-shot run with uvx, no install needed.

ACTIVE Personal project
PythonMCPAutomationMIT

Local MCP server that connects an ITU student's Ninova (LMS) and OBS (student portal) accounts to Claude, Cursor, Codex, and other MCP clients. Ask about assignments, deadlines, grades, transcripts, or attendance in natural language; reads PDF/DOCX files, uploads homework only with explicit confirmation. Local-first: credentials never leave the machine and are sent only to ITU endpoints.

COMPLETE Personal project
PythonReactSIEMSOARMITRE ATT&CK

End-to-end SOC simulation: 127 alerts, 126 false positives, 1 real threat. Maps multi-stage attacks to MITRE ATT&CK TTPs, with a React dashboard for real-time alert visualization, realistic log datasets to test SIEM correlation rules, and Python-based SOAR playbook flows for automated triage and enrichment.

Education

B.Sc. in Computer Engineering
Istanbul Technical University (İTÜ)
2023 – 2027 (expected)
Industrial Automation (Technical High School Diploma)
Kocaeli ENKA Technical Schools
2019 – 2023

Certifications

Nokia NRS1
Nokia Network Routing Specialist I
Nokia

Get in touch

>_ Force terminal mode
Best on tablet/desktop — the terminal is keyboard-driven.

Source on GitHub · Built with Astro