Mohammed.
  • About
  • Experience
  • Projects
  • Skills
  • Blog
  • Contact
Home/Blog

Writing

Blog

Notes from the SOC floor — triage workflows, SIEM tooling, and detection engineering practices.

May 12, 2026·5 min read

A Practical Alert Triage Checklist for SOC Analysts

The mental checklist I run through on every Splunk/QRadar alert before deciding to escalate, close, or dig deeper.

SOCSplunkQRadarTriage
April 3, 2026·6 min read

Splunk vs QRadar: Notes From Running Both in Production

Neither tool is strictly better — they optimize for different things. Here's what actually matters day-to-day as an L1/L2 analyst.

SplunkQRadarSIEM
February 20, 2026·4 min read

Mapping Alerts to MITRE ATT&CK Without Slowing Down Your SOC

MITRE ATT&CK mapping adds real value to incident reporting — but only if it doesn't turn into a 20-minute tagging exercise per alert.

MITRE ATT&CKIncident ResponseProcess
July 11, 2026·5 min read

Phishing Email Header Analysis: What SOC Analysts Actually Need to Know

Email headers feel intimidating at first, but they're your fastest way to confirm or dismiss a phishing alert. Here's what to look for without getting lost in the noise.

PhishingEmail SecurityInvestigation

© 2026 Mohammed Tawheed