Ermal | Cyber Securitee & Defenz (Serbia, of course)

About me (short story long)

I are cyber guy from Novi Sad. After army (Vojska Srbije, salute!), I jump into SOC, hunting threat like wolf in Fruska Gora. I protect ministrees, univerzitet, elektro-thing and water pipe from bad guy with laptop.

I like share brain too: mentor small hacker kid in CTF, talk on RS Cyber Night (Belgrade, big city yes), and send indicator to CERT-RS so neighbor no cry later.

Fast Fact (no slow)

Name: Ermal
Nationality: Serbia 100%
Base: Novi Sad & Belgrade (remote ok, village also ok)
Langvages: Serbian native, English kinda-ok, bash script fluent

Hobiz

Reading book of Andrić, Pekić, and cyber thriller where hacker always wear hoodie
Walking fortress Petrovaradin, Kalemegdan; climb Tara, Kopaonik when server not on fire
CTF, reverse malware, yelling at IDA when it not decompile nice
Teach kids in Vojvodina to no click shady link with “FREE BITCOIN”

Experienz (job I do)

2022
Lead Threat Hunter — Cyber Defense Center, Ministry of Defense (Belgrade)

Jan 2022 – now still
- I boss of 6 people, we sniff APT like burek smell morning, catch them in supply chain.
- Put MITRE ATT&CK rule in ELK & Sentinel, hacker dwell time go down 47% (math hard but good).
- Purple team with Brigada veze, we break then fix, write SOP with much CAPS LOCK.
- Share intel with CERT-RS and neighbor friendo, phishing cross-border go byebye.
2019
SOC Analyst & Forenzik Lead — 224th Signal Battalion, Serbian Armed Forces

Oct 2019 – Dec 2021
- Look into 300+ incident, write report for General Staff (they like PDF, I give many).
- Make Graylog eat all log from many kasarna, visibility +60% (I measure with feeling).
- Teach 20+ junior soldier: memory grab, radio secure, malware autopsy (no real body).
2017
IT Securiti Specialist — University of Novi Sad (kontrakt)

Mar 2017 – Sep 2019
- Harden web thing, tell researcher “pls no SQLi, danke” and open vuln disclosure.
- Put MFA and zero trust (aka no trust) in lab with sensitive data, no leak happen (yay).
- Help tech faculty build baby SOC for students, much fun, little sleep.
2015
Conscription & Signal Corps Training — Serbian Armed Forces

Aug 2015 – Feb 2017
- Do mandatory service, learn secure comms and network stuff, march also.
- Deploy encrypt box and satellite link in exercise, feel like sci-fi movie.
- Found love for cyber defend when catch intrusion on intranet, commander say “bravo momak”.

Projekts (Serbia fokus)

"Dunav Shield" Threat Intel Platform

2023

Home-made CTI mashine: mix OSINT, darknet, honeypot. Spit STIX/TAXII like ćevap machine. Send to CERT-RS and ministry buddy. Everyone happy (except attacker).

Python
Elasticsearch
MISP

Red vs Blue Drilovi sa Brigadom Veze

2022

Make fake phishing, lateral move, boom! Then write AAR, change SOP, do again. Soldiers yell, we learn, system stronger.

MITRE ATT&CK
Purple Teaming
Windows DFIR

"Sava NetGuard" — Segmentation for Uni Labs

2018

Cut network into many small piece so hacker confused. University of Novi Sad sleep calm, no critical boom for 18 month.

pfSense
Ansible
Zero Trust (zero, nada)

Skilz & Toolz

Cyber & DFIR

Threat hunting / SOC ops (night shift champion)
Memory & disk forenzik (Volatility, Autopsy, lot of coffee)
Malware analysis (IDA Free, Ghidra, swearing)
Network watch (Zeek, Suricata, tcpdump when bored)

Dev & Automatizacija

Python (script all the thing)
Bash / PowerShell (one-liner master)
SIEM enginering (ELK, MS Sentinel, Graylog too)
IaC with Ansible (playbook or playdead)

Soft Skilz (brain & mouth)

Lead team, not scream (sometimes scream)
Write report for komandant, add many diagram for trust
Training & workshop, show slide, break lab, fix lab
Work civil + military, translate geek to general and back

Certifikati

GIAC Certified Forensic Analyst (GCFA) – 2023
CompTIA Security+ – 2020
Serbian MOD Cyber Defense Course – 2021

Edukacija

B.Sc. Information Technology — University of Novi Sad, 2015
Signal & Comms Training — Serbian Armed Forces, 2016

Zdravo, me is Ermal Cyber Securitee & Defenz Specialist from Serbia (real)