👋 Hi!

I’m Kevin Wilck, a Cyber Security Analyst based in Ludwigsfelde, near Berlin. I work in a 24/7 Security Operations Center, where I investigate and triage alerts, hunt for threats across EDR, XDR and SIEM platforms, and take incidents from first detection through to response and reporting. Day to day that means working with tools like SentinelOne, CrowdStrike, HarfangLab, Microsoft Sentinel and Defender, mapping activity against MITRE ATT&CK and turning noisy signals into clear, actionable findings.

I learn defense best by understanding offense. In my spare time I enjoy building small security tools in Python, from an SSH honeypot and a network packet monitor to a proof of concept command and control framework. Tinkering with projects like these, and taking apart how attacks actually work, is what keeps me sharp on the defending side.

My path into security was not the typical one. I spent more than a decade with the German Armed Forces, where incident response and clear reporting under pressure became second nature, before moving into system engineering and then fully into cyber defense. I’m also an AEVO certified trainer, which matters more in security than it might sound: a SOC lives and dies by clear communication, so being able to break down a complex attack chain, mentor junior analysts and write documentation people actually use is part of what makes a team effective. Outside of work I keep my skills current in a home lab where I can break things safely and learn from the results.

Interested in connecting or discussing a project? Feel free to reach out via the links below!