Portfolio
Resume — Threat Intelligence & Detection
Yana Ivanov
Security Analyst · Threat Intelligence & Detection
yanaivanov@gmail.com 917-593-2690 LinkedIn Portfolio
⬇ Download PDF Version
Profile

Professional Summary

Threat intelligence and detection content analyst with 15+ years of enterprise technology experience and an MS in Information Systems. Built ArgusX, an independent threat intelligence platform processing 1,000+ posts/day from 20+ public and vendor research sources, with classification taxonomy and methodology designed for predictive threat analysis. Architect systems, design detection logic, and ship working security tools using AI development assistants for implementation. Published 15+ threat analyses and 2 detection rules submitted to Sublime Security's open-source ruleset. Russian/English bilingual. CompTIA Security+ scheduled June 2026.

Most candidates studying for Security+ have a homelab. I have a working threat intelligence platform ingesting 1,000+ posts/day, classifying threats by category, and tracking nation-state actors. The work itself is the credential.

Capabilities

Certifications & Skills

Education

  • CompTIA Security+ SY0-701 In Progress · Target June 2026
  • MS Information Systems & Management — Golden Gate University Graduate
  • BFA Visual Communication — Fashion Institute of Technology Graduate

Technical Skills

Threat Intelligence
IOC enrichment · threat classification · MITRE ATT&CK · OSINT · threat actor attribution · capability commodification analysis · trigger-based forecasting
Detection & Analysis
Detection content design · rules logic · behavioral patterns · malware traffic analysis · log analysis · pcap parsing · executive briefing
AI-Augmented Development
Prompt engineering · system architecture · code validation · AI-directed implementation · production-grade tooling delivery
Data & Tooling
SQL/PostgreSQL · Supabase · Python (read/modify/validate) · JavaScript · Git · RSS/API ingestion · data classification taxonomy
Security Tools
Wireshark · Zeek · Nmap · tcpdump · GPG · Linux CLI · Docker · Kali Linux
Languages
English (native) · Russian (native) — relevant for nation-state actor analysis and threat research
Published Research

Selected Work

ArgusX — Threat Intelligence Platform Build
Built independent threat intel platform from scratch. Multi-source ingestion, AI-driven classification at $0.27/month, 61,000+ auto-detected relationships. Documents methodology, architectural decisions, and the workflow for shipping a working threat intel system without an engineering budget.
The Trusted Device in the Room — Apple Watch as Nation-State Attack Surface
Original threat research analyzing how nation-state actors targeting AI/ML intellectual property could exploit Apple Watch's always-on radio stack, inherited Wi-Fi trust relationships, and iCloud persistence layer. Three documented attack chains with MITRE ATT&CK mapping. Identifies the policy gap that leaves boardrooms unprotected where SCIFs are not.
60 Seconds — How North Korea Hijacked a Library Used by 100M Developers
UNC1069 (BlueNoroff/Lazarus) compromised the axios npm maintainer account and injected WAVESHAPER.V2 — a cross-platform RAT — into two releases with 100M+ weekly downloads. Three-hour exposure window. This report reconstructs the attack traffic, explains four detection gaps, and challenges assumptions about UNC1069 and TeamPCP operational separation.
Volt Typhoon — Living Off the Land
China's APT campaign targeting US critical infrastructure using LOTL techniques. Years-long persistence inside defended networks. Audit log deletion patterns, detection gaps in standard SIEM rules, and defensive recommendations for organizations facing similar threats.
Lab Log 011 — Ladon Validated Against Real-World Malware
Document security analyzer validated against five malicious PDFs — Gamaredon (Russian APT), ValleyRAT/SilverFox (Chinese APT), Facebook credential phishing, an unknown dropper, and a live job scam. Every file passed Gmail. Every file had a Windows PE executable hidden inside. Polyglot detection in practice.
View Full Portfolio →
Open Source

Open Source Security Contributions

Sublime Security · sublime-rules — Detection Rules (PR #4267)
Authored two detection rules submitted to Sublime's open-source rule repository: Unicode homoglyph BEC detection and Glassworm invisible Unicode payload detection. Currently in active review with a Sublime engineer; pending logic refinements and false-positive testing before merge to production ruleset. Backed by independent threat analysis published on portfolio.
Ladon · document_triage.py — Static Analysis Tool
Authored static-analysis tool for pre-click PDF and calendar-invite triage. Detects polyglot payloads, auto-execute actions, typosquatted domains, and meeting-platform spoofs. Validated against 5 confirmed malicious samples including ValleyRAT (Chinese APT), Gamaredon (Russian FSB-linked), and a live phishing email that bypassed Gmail. Zero false negatives, zero false positives. Published IOCs to ThreatFox during April 2026 BlueNoroff/UNC1069 campaign.
Career History

Professional Experience

Founder & Independent Security Researcher

2023 – Present
SiteWave Studio LLC · Milford, CT
  • Founded LLC operating as parent entity for ArgusX threat intelligence platform, published threat research, and detection content authoring
  • Built ArgusX — independent threat intelligence platform aggregating, classifying, and correlating threat data from 20+ public and vendor research sources, processing 1,000+ posts/day. Designed methodology for capability commodification analysis (nation-state tools cascading to criminal use) and trigger-based threat forecasting. Live system; demo available under NDA
  • Published 15+ threat analyses spanning nation-state operations (Volt Typhoon LOTL, Apple Watch attack surface, UNC1069/Lazarus npm supply chain), criminal infrastructure (TeamPCP Telnyx steganography, Glassworm Unicode supply chain, Lumma Stealer), and identity/credential research (38-breach exposure study, LinkedIn verification gap)
  • Authored 2 open-source detection rules submitted to Sublime Security's production ruleset (Glassworm Unicode payload, homoglyph BEC); built Ladon static analysis tool validated against 5 malicious samples including Gamaredon (Russian FSB-linked APT), ValleyRAT/SilverFox (Chinese APT), and live phishing that bypassed Gmail. Zero false negatives
  • Identified Lumma Stealer C2 infrastructure via Wireshark/Zeek analysis, confirmed 2.27MB credential exfiltration, and mapped TLS-encrypted C2 domains invisible to standard filters
  • Manage web design and digital advisory services for small business clients as separate revenue stream

Senior UI/UX Designer

2022 – 2024
SylvanRoad Capital · Remote
  • Rebuilt core rental application experience for national housing platform, increasing application completion rates ~30%
  • Led end-to-end UX design across custom web and mobile applications collaborating with product managers, developers, and C-suite stakeholders

Lead UI/UX Designer

2019 – 2022
605 · Media Analytics · Remote
  • Accelerated project delivery 30%+ by establishing reusable design framework adopted across the full product team
  • Led complex B2B analytics product design from discovery through developer handoff for media measurement clients making multi-million dollar advertising decisions
  • Translated technical constraints into user decisions — directly transferable to making security findings and threat intelligence actionable for non-technical stakeholders

Senior UX/UI Designer & Consultant

2013 – 2019
Housing Tech, SaaS & E-Commerce Clients · New York / Remote
  • 15 years designing enterprise web and mobile applications across housing tech, media analytics, and e-commerce sectors
  • Extensive C-suite and VP-level communication — presenting risk tradeoffs and strategic recommendations directly transferable to compliance and advisory roles