Become an ambassador

Chief Cybersecurity Innovation Officer / Antarex Singapore. I design and modernize large-scale SOC architectures at the intersection of scale, reliability, and detection engineering — building systems that continue to function when telemetry volume stops being polite.

Having operated six-figure EPS SIEM pipelines, I focus less on individual detections and more on how detection systems evolve safely under load: how ingestion remains reliable, how rules and decoders are introduced, validated, rolled back, and trusted, and how architectures avoid fragility as volume and complexity grow.

My work with Wazuh centers on extending the platform beyond traditional SIEM deployments into federated, high-throughput, automation-ready SOC environments. I treat Wazuh as a programmable security foundation, enabling organizations to scale, adapt, and integrate advanced workflows without compromising operational stability or becoming locked into vendor constraints.

Key areas of involvement: Ingestion reliability at scale (UDP/TCP mirroring, failover, origin preservation) – Decoder and rule lifecycle engineering under sustained high throughput – SOC architecture modernization for large, heterogeneous environments – Detection pipeline refinement to improve alert fidelity at scale. Programming languages: Golang, Python, PHP. Operating Systems: Linux, Windows. Technologies: IT Manager, Wazuh, Cybersecurity. Available for: Blogposts, Writing Tutorials, Testing. “Wazuh’s strength is not just detection — it’s architectural freedom. When treated as a programmable security substrate rather than a fixed SIEM, it becomes the backbone of next-generation SOCs.”