available for opportunities

Lloyd Sato

Cyber Security Professional

Master's Graduate with commercial experience in security operations and risk management. I translate technical threats into business advice.

Get In Touch View Experience
2+
Years in SOC & Research
MSc
Cyber & Forensics
Sec+
CompTIA Certified
lloyd@soc ~ %
01 About

Background

Security operations, threat research, and the craft of turning adversary behavior into clear, actionable risk conversations.

I specialize in translating technical threats into business advice, managing risk registers, and implementing security frameworks like MITRE ATT&CK. Currently operating as a Security Operations Analyst (SOC L1), handling the full incident lifecycle to minimize operational disruption.

I hold a Master of Cyber Security and Forensics from the University of Westminster, and possess industry certifications including CompTIA Security+.

My focus sits at the intersection of detection engineering and adversary research and reading what malware actually does in memory, mapping it to ATT&CK, and feeding those findings back into the controls that stop the next intrusion.

02 Skills

Technical Skills

A working toolkit across detection, response, analysis, and scripting with the frameworks that tie it together.

03 Research

Featured Research

Adversary-side work on how modern malware hides from the controls we rely on.

Master's Project · University of Westminster

Decoding Malicious Camouflage: Analysing Evasion Techniques

An investigation into how contemporary malware families circumvent host-based defence architectures specifically AMSI and EDR and how those behaviours map back to detection and response.

  • Evaluated evasion mechanisms employed by malware families to circumvent host-based defence architectures, specifically AMSI and EDR.
  • Conducted isolated sandbox analysis using Any.Run and REMnux on Redline Stealer, WannaCry ransomware, and SheetRAT trojan.
  • Mapped all findings to the MITRE ATT&CK framework to ensure industry-standard classification.
Key Finding Uncovered an obfuscated script using memory patching to disable AMSI tracing at runtime.
Any.Run REMnux MITRE ATT&CK AMSI EDR
View full report
04 Experience

Work History

From enterprise SOC operations to academic adversary research and back again.

Dec 2025 — Present

Security Operations Analyst (SOC L1)

Acumen Technix LTD · London, UK
  • Deployed Microsoft Defender for Endpoint to monitor assets and block complex malware.
  • Administered and optimised Splunk to detect and triage incidents.
  • Managed risk registers using SQL to track service impacts, ensuring GDPR alignment.
Defender for Endpoint Splunk SQL GDPR
Oct 2023 — Mar 2024

Researcher

University of Westminster · Westminster, UK
  • Conducted in-depth research into malware evasion techniques.
  • Performed analysis utilising the Any.Run sandbox to dissect process injection and obfuscation.
  • Produced actionable cyber threat intelligence reports.
Any.Run REMnux CTI MITRE ATT&CK
Jul 2021 — Nov 2022

Security Operations Analyst (SOC L1)

HSBC · Gurgaon, India
  • Analysed security alerts from Microsoft Sentinel and CrowdStrike.
  • Conducted comprehensive analysis of malware samples to identify Indicators of Compromise.
  • Developed custom scripts using Python and PowerShell to automate intelligence collection.
Sentinel CrowdStrike Python PowerShell
05 Contact
Let's talk

Get In Touch

Open to cybersecurity roles, research collaborations, and contract work. Fill in the form and I'll get back to you within 48 hours.

mail@lloydsato.com London, UK