Role at EFROS
Daniel leads security operations across the EFROS client base. That includes running the 24/7 Security Operations Center with 50+ certified analysts, setting detection engineering strategy, owning the threat intelligence program, and serving as the executive-level incident commander when something hits client environments.
When an alert fires at 3 AM, Daniel's team is already on it. That's not marketing copy — it's how the SOC runs. The after-hours shift is staffed the same as the business-hours shift, because the only version of 24/7 that actually works is the one that doesn't drop quality after dinner.
Focus areas
- 24/7 Security Operations Center (50+ certified analysts, 10M+ events/day)
- Threat hunting and MITRE ATT&CK-aligned detection engineering
- Incident response and forensic evidence preservation
- Managed Detection & Response (MDR) with pre-authorized containment
- SIEM platform operations: Sentinel, Splunk, Elastic, QRadar
- EDR/XDR deployment: CrowdStrike Falcon, SentinelOne, Defender XDR, Palo Alto Cortex
Credentials
Certifications below are verifiable through the issuing bodies. Daniel also holds active membership with ISACA, (ISC)², and the SANS Institute, and contributes to the CSA Cloud Security Alliance working groups on managed security services.
Review and contributions
Daniel reviews all security and compliance content published on the EFROS blog before publish, including the annual threat landscape analysis, ransomware playbooks, and zero trust implementation guides. He also leads the incident command on any client engagement that crosses the material-incident threshold.