[ SYSTEM STATUS: ONLINE & PROTECTED ]

Artem Khludov

Security Automation Engineer | DevSecOps

Building the Digital Guard. I eliminate manual SOC toil by orchestrating n8n, Python, and Splunk into automated defense pipelines.

View My Automation Stacks Contact Me

🛡️ ACTIVE PERIMETER DEFENSE // LIVE TRAFFIC MONITOR

INFRASTRUCTURE STATUS: HARDENED & MONITORED // 24/7 MONITORING ACTIVE
TOTAL ATTACKS
-
UNIQUE IPS
-
COUNTRIES
-
AVG/HOUR
-
ATTACKS TIMELINE
ATTACK TYPES
TOP COUNTRIES
ATTACK TOOLS
TOP ATTACKING IPS // DETAILED ANALYSIS
IP ADDRESS COUNTRY ATTEMPTS ATTACK TYPE TOOL USERS ATTEMPTED LAST SEEN
[SYSTEM] Loading attack data...

01. About

I don't just watch logs; I write code to act on them.

Building automated security pipelines that eliminate manual SOC toil. Writing Python scripts, orchestrating n8n workflows, and integrating APIs to turn alerts into actions. Not a security analyst who learned to code—an engineer who specializes in security automation.

02. Experience

2024 – Present

Founder, System Administrator & Security Analyst

EnergyLogic AI System | Los Angeles, CA

  • Architected a centralized SOC pipeline processing 500+ daily events. Integrated Splunk for log aggregation and deployed 10+ Python/n8n workflows for automated anomaly detection and alerting
  • Built event correlation rules in Splunk SPL detecting lateral movement, privilege escalation, and data exfiltration patterns
  • Deployed automated security reporting via Python scripts querying MySQL databases and pushing alerts to Telegram Bot for real-time ChatOps
  • Configured centralized logging collecting Windows Event Logs (4624, 4625, 4672), Linux auditd, and application logs into Splunk for analysis
  • Created custom dashboards in Notion API for security metrics visualization and performance tracking
  • Executed vulnerability scanning with Nessus, automated patch deployment via WSUS and apt, and enforced access control reviews
  • Implemented OAuth 2.0 authentication flows and REST API security hardening across multiple microservices
2020 - 2022

System Administrator & Security Operations

AntHouse Online Store | Moscow, Russia

  • Maintained 99.8% uptime for high-load retail infrastructure (Linux/Nginx). Automating server hardening via Bash and implementing WAF rules to block SQL injections and XSS attacks
  • Deployed ModSecurity WAF rules blocking 200+ daily SQL injection and XSS attempts. Configured fail2ban to auto-ban IPs after 3 failed SSH attempts
  • Hardened Linux servers (CentOS) following CIS Benchmarks: disabled unnecessary services, configured iptables firewall rules, enforced password policies
  • Automated daily security tasks via Bash: log rotation, MySQL backup verification, vulnerability scanning, and uptime monitoring with alerting
  • Monitored authentication logs detecting brute-force attacks. Correlated failed login attempts (4625) with firewall logs to identify attack patterns
  • Optimized MySQL database performance reducing query time by 40%. Configured SSL/TLS certificates for secure payment gateway integration
  • Troubleshot production issues: server performance bottlenecks, database deadlocks, API integration failures, and user access problems
2017 – 2022

Founder / General Manager

LLC Pervozdanniy Construction | Moscow, Russia

  • Founded and operated construction company managing 15+ commercial renovation projects with $2M+ annual revenue
  • Led teams of 20+ specialists across construction, engineering, and logistics. Managed project budgets, timelines, and client contracts
  • Established documentation standards and quality control procedures that remain in use today

03. Tech Arsenal

AUTOMATION ENGINE

Python
Boto3 Requests Pandas
n8n
Webhooks JSON Parsing
Bash
Auto-remediation
CI/CD
GitHub Actions Linters

THREAT HUNTER

Splunk
SPL CIM Dashboards
Detection
MITRE ATT&CK YARA
Endpoint
Sysmon EDR APIs
Network
Suricata Zeek

HARDENED INFRA

Cloud
AWS IAM Lambda GuardDuty
Zero Trust
Cloudflare Access WAF
Containers
Docker Security K8s
Linux
Hardening SELinux

04. Projects

Custom SOAR Architecture

Python • n8n • Splunk • REST APIs

Automated Threat Response Pipeline

Python • Bash • MySQL • Sysmon

Problem

SOC team was drowning in 500+ daily alerts. Triage took 15 mins per alert.

Solution

Built an autonomous pipeline. Splunk forwards alerts to n8n via Webhook. n8n parses JSON, checks IP reputation (VirusTotal API), and blocks malicious IPs on Cloudflare WAF automatically.

Impact

Triage time reduced by 70%. False positives handled without human interaction.

Technical Details

  • Automated alert correlation and prioritization
  • Real-time threat intelligence enrichment via API
  • ChatOps integration (Telegram) for incident notifications
  • Custom Python modules for log parsing and IOC extraction
Python 
import requests
import os

def automated_triage(ip_address):
    # 1. Check Reputation
    vt_url = f"https://www.virustotal.com/api/v3/ip_addresses/{ip_address}"
    headers = {"x-apikey": os.getenv('VT_API_KEY')}  # API key stored in environment variable
    response = requests.get(vt_url, headers=headers)
    
    if response.status_code == 200:
        stats = response.json()['data']['attributes']['last_analysis_stats']
        if stats['malicious'] > 5:
            # 2. Trigger Block Workflow
            return block_ip_on_firewall(ip_address)
            
    return "IP Clean - No Action Taken"

def block_ip_on_firewall(ip):
    # Simulated API call to Cloudflare/Palo Alto
    print(f"🔥 BLOCKING MALICIOUS IP: {ip} via SOAR Pipeline")
    return {"status": "blocked", "target": ip}

Splunk Alert Dashboard

n8n Workflow Execution

Cloudflare WAF Block Logs

05. Education

B.S. Cybersecurity & Information Assurance

Western Governors University (WGU)

In Progress

Kill chain R&D, skipping the theory fluff. Self-paced and competency-based.

  • Why: To back up automation skills with required certs (CompTIA, ISC2).
  • Reality: No lectures, just labs. My core stack is already proven in code.
  • Goal: Turning this degree into a completed checkbox for HR.

Certifications & Training

Calbright College Badge
Information Technology Support Calbright College - Transition to Technology Completed
Splunk Core Certified User Splunk Inc. Expected December 2024
CompTIA Security+ (SY0-701) CompTIA In Progress - Expected January 2025
MITRE ATT&CK Defender Training MITRE Completed November 2024

Relevant Coursework & Labs

  • Splunk Fundamentals 1, 2, 3 | Splunk Education
  • Detection Engineering with Splunk | Coursera/Udemy
  • Windows Event Log Analysis for Security Professionals
  • Threat Hunting with Splunk and MITRE ATT&CK
  • Incident Response & Digital Forensics Fundamentals

06. Contact

Los Angeles, CA
[email protected]