Security Researcher · Enterprise Security Analytics · Threat Intelligence

Mohiuddin Sohel, PhD

Builds practical security analytics systems that transform threat intelligence, security telemetry, and vulnerability data into actionable defensive insight.

Work spans enterprise security analytics, vulnerability analysis, threat intelligence, agentic AI workflows, and AI-assisted cybersecurity analysis.

View selected work Contact Resume
Threat Intelligence Enterprise Security Analysis Advisory & Risk Analysis Agentic AI Workflows Security Analytics

At a glance

Current focus
Threat intelligence, enterprise security analysis, risk prioritization, and AI-assisted cybersecurity workflows.
Background
PhD in Computing and Information Systems with research focused on threat hunting, security analytics, and cyber threat intelligence.
Location
Melbourne, Florida, USA

About

Enterprise Security Analysis & Threat Intelligence

Security researcher specializing in enterprise security analysis, vulnerability analysis, and threat intelligence.

Current work focuses on enterprise security policy analysis, risk evaluation, and advisory-driven security analysis in large-scale security environments.

Additional work includes threat intelligence, IOC analysis, and agentic AI workflows using few-shot prompting, chain-of-thought reasoning, and LLM-as-a-judge approaches.

Selected work

Areas of Focus

A concise overview of my work across enterprise security analysis, vulnerability analysis, threat intelligence, and cybersecurity analytics.

Vulnerability Analysis & Risk Assessment

Security

Experience analyzing vulnerabilities, security exposure, and mitigation strategies to support practical risk prioritization and defensive decision-making.

  • • Interprets vulnerability context and security exposure
  • • Connects technical findings to remediation and risk reduction
  • • Focused on practical security analysis and risk prioritization

Enterprise Security Policy Analysis

Policy

Experience with enterprise security policy analysis, including rule behavior, exposure reasoning, and risk-oriented evaluation across security control environments.

  • • Evaluates policy behavior and control effectiveness
  • • Reasons about exposure, prioritization, and business impact
  • • Emphasizes measurable exposure reasoning and policy evaluation

Threat Intelligence & Agentic AI Workflows

CTI

Work focused on transforming threat intelligence and security knowledge into structured, usable signals for analysis, reasoning, prioritization, and AI-assisted security workflows.

  • • Threat context interpretation and enrichment
  • • Agentic workflows using few-shot prompting, chain-of-thought reasoning, and LLM-as-a-judge techniques
  • • Supports analysis, reasoning, and prioritization workflows

Security Control Enforcement Assessment

Controls

Developed approaches to determine what to measure, how to measure it, and which metrics best assess the enforcement of critical security controls.

  • • Maps observables, tools, and metrics to specific safeguards
  • • Uses LLM-assisted extraction from control guidance
  • • Bridges research methods with practical assessment needs

Public-Key Cryptography & Smart Card Systems

PKI

Worked on cryptographic middleware libraries and smart payment card solutions involving PKI integration, authentication workflows, and secure system interoperability.

  • • Public-key cryptography middleware supporting symmetric/asymmetric key generation, hashing, MAC, encryption/decryption, and X.509 certificate operations
  • • Worked with PKCS#7, PKCS#11, JavaCard OS, and certificate-based authentication workflows
  • • System-level development using Java, C++, JNI, and OpenSSL with FIPS/KISA-oriented cryptographic support

Experience

Career summary

Security Researcher

Stealth Startup · Current

  • • Contributing to enterprise security analysis and production-oriented security analytics
  • • Working on threat intelligence, enterprise security analysis, and AI-assisted cybersecurity workflows
  • • Contributing across research, analytics, and security-focused engineering workflows

Research Assistant · Teaching Assistant

University of North Carolina at Charlotte

Aug 2016 – Apr 2024
  • • Conducted research in threat hunting, security analytics, cyber threat intelligence, and security control assessment
  • • Published work spanning CTI extraction, threat intelligence analysis, and LLM-assisted control validation
  • • Supported teaching across information security, enterprise protection, secure programming, and related computing courses

Team Lead · Software Engineer

Kona Software Lab Ltd., Dhaka, Bangladesh

Mar 2014 – Jun 2016
  • • Built public-key cryptography middleware, certificate authority toolkits, and smart-card authentication support across multiple platforms
  • • Worked across Java, C++, OpenSSL, JNI, and system-level development
  • • Led a small engineering team on NFC-based authentication solutions for Windows

Junior Software Engineer

Nascenia, Dhaka, Bangladesh

Mar 2013 – Feb 2014
  • • Developed sports analytics APIs and backend integrations for web platforms
  • • Worked with REST APIs, backend integrations, JSON, and XML-based systems

Publications

Selected publications

Selected publications across threat intelligence, security analytics, and AI-assisted cybersecurity analysis.

Prompting LLM to Enforce and Validate CIS Critical Security Control

ACM SACMAT 2024

Distributed Hierarchical Event Monitoring for Security Analytics

PhD Dissertation, 2024

A Poisoning Attack Against Cryptocurrency Mining Pools

ESORICS CBT 2018

TTPDrill: Automatic and Accurate Extraction of Threat Actions from Unstructured Text of CTI Sources

ACSAC 2017

Education

Academic background

PhD in Computing and Information Systems

University of North Carolina at Charlotte

2024
  • • Research focused on threat hunting, security analytics, and cyber threat intelligence
  • • Worked on distributed security analytics, CTI extraction, and security control assessment
  • • Published research in cybersecurity analytics and AI-assisted security analysis

BSc in Computer Science and Engineering

Bangladesh University of Engineering and Technology (BUET)

2013

Focused on computer science fundamentals, software systems, and applied computing.

Skills

Core competencies

Programming & Development

  • Python
  • Java
  • C++
  • C
  • SQL
  • Shell Scripting

Security & Analytics

  • Enterprise Security Analysis
  • Vulnerability Analysis
  • Threat Intelligence
  • MITRE ATT&CK
  • CVE/CWE Analysis
  • OWASP · NIST CSF · CIS CSC

AI & Threat Intelligence

  • Prompt Engineering
  • Few-shot Prompting
  • Chain-of-thought Reasoning
  • LLM-as-a-judge Workflows
  • IOC Analysis & CTI Enrichment
  • LangChain · NLP · Scikit-learn

Platforms & Security Tooling

  • Elasticsearch
  • RabbitMQ
  • Docker & Kubernetes
  • OpenSSL
  • Wireshark
  • IDA Pro
  • Git

Contact

Let’s connect.

Open to conversations around enterprise security analytics, threat intelligence, vulnerability analysis, and cybersecurity research.

Email GitHub LeetCode LinkedIn Scholar CV