Interview with Threat Bounty Developer: Furkan Celik

February 22, 2022 · 4 min read

Our Threat Bounty community keeps growing and attracting more and more distinguished specialists in detection content development. This time, we want to introduce to you Furkan Celik – a senior security analyst in banking and one of our active contributors. Furkan has been with us since December 2019. He wrote precise detections that help to catch some of the world’s most aggressive cyber-attacks like Maze Ransomware and Zloader Campaign.

View Detection Content

Dive in our interview to discover Furkan’s path to success and find out more about his experience with SOC Prime’s Threat Bounty Program.

Tell us a bit about yourself and your professional experience in cybersecurity.

Greetings, My name is Furkan Celik. I live in Istanbul, Turkey. I’m 26 years old. I completed my Computer Engineering education in 2017. I am currently working as a senior security analyst in a bank. I have been dealing with threat hunting for 3 years. I analyze new attack types and attack behaviors and develop threat detection rules.

What are your main areas of interest in threat detection engineering?

My main area of ​​interest is ransomware groups such as the Ryuk group. As a threat hunter, I’m not afraid to challenge myself with difficult tasks because I believe that’s the best way to grow. For example, Ryuk is notorious for being able to bypass even highly organized security controls, install and delete its own files thus being especially hard to capture. Over the course of my career, I’ve been diving deep into analyzing the finest patterns of Ryuk behavior and APT groups associated with it to be able to hunt them down at their weakest points. I am continuously improving my detection content with regard to the new patterns that I discover and that’s what I enjoy about threat hunting the most.

How did you learn about SOC Prime Threat Bounty Program? Why decided to join?

I joined SOC Prime’s Threat Bounty Program based on a recommendation of a friend. At first, I was only reviewing the rules shared by SOC Prime. Thanks to the shared rules, my personal development in the field of threat hunting increased. Thus, SOC Prime encouraged me to develop rules. In addition, companies worldwide leveraging the SOC Prime Platform can use my rules, which I cannot achieve just by myself.  In this way, I both become well-known and earn money thanks to the rules I share.

How long have you been a Threat Bounty content developer? What are your achievements? What tech skills would you like to improve with Threat Bounty?

I have been developing content at SOC Prime since 2019. I have more than 100 rules. Here, rules such as Sigma, Yara, and Snort are shared. Every shared rule is precious. I would like to further develop my technical analysis and view of the rules.

Tell us how you learned to write Sigma. How much time does it on average take you to write a behavior-based Sigma rule?

My friend explained how to write Sigma very simply. Afterward, I learned by using various Sigma resources with the help of Uncoder.IO on the SOC Prime side. When I submitted a rule, SOC Prime analysts gave me various feedback about our rules, helping me to learn more. If the behavior outputs are ready, I can write the Sigma rule in 10 minutes.

What do you think is the biggest benefit of the SOC Prime Threat Bounty Program for the global cybersecurity community?

It certainly plays a huge role in uniting and engaging the community to share high-quality detections timely after an attack. This enables better protection against attacks for everyone. Antivirus, EDR, and other security solutions may not always be successful against advanced cyber-attacks. The rules in SOC Prime offer an effective solution against advanced attacks.

What would you recommend for Threat Bounty beginners?

I recommend that they learn sysmon and log sources and understand the basic logic in the Sigma rule.

Are you an ambitious cybersecurity specialist or an established professional with a long achievement list? While developing your tech skills, why not take a chance to make the world a safer place! Join SOC Prime Threat Bounty Program and receive repeated rewards for your own content for threat hunting and threat detection — like SIGMA, Yara, and Snort rules. You’re welcome to contribute to our global community of leading security experts. Hold the defense line against emerging threats and monetize on your advanced cyber skills.

Go to Platform Join Threat Bounty

Was this article helpful?

Like and share it with your peers.
Join SOC Prime's Detection as Code platform to improve visibility into threats most relevant to your business. To help you get started and drive immediate value, book a meeting now with SOC Prime experts.

Related Posts