Tokyo based DFIR and detection engineering

Building auditable agentic systems.

I work on incident response, detection engineering, forensic automation, and operator dashboards. The common thread is simple: agents can assist, but evidence, boundaries, and human review must stay visible.

14+years across SOC, IR, CSIRT, infrastructure security
1technical book on packet-level attack analysis
6awards and recognitions across Korea and LINE
3agentic systems with public operator surfaces
01 / Operating idea

Architecture first, not prompt first.

My projects are built around deterministic execution, database-backed evidence, and clear operator surfaces. The LLM layer is useful, but it is not allowed to become the hidden system of record.

Evidence

Store the decision trail

Trades, alerts, reports, policy changes, and forensic findings should be reviewable after the fact.

Boundaries

Keep tools constrained

Agents should call typed, scoped functions. Guardrails belong in architecture, not only in prompts.

Operations

Build for the human loop

Dashboards, Telegram alerts, reports, and modals turn automation into an inspectable workflow.

02 / Flagship

Agentic-DART is the flagship security project.

An autonomous detection and response agent for DFIR work. It uses a typed MCP surface, read-only forensic tools, audit trails, and scored evaluation cases so the system can be inspected rather than merely trusted.

Agentic-DART banner

Autonomous DFIR, grounded in evidence.

Agentic-DART starts as agentic DFIR and points toward agentic SOC. It combines native Python forensic functions, SIFT-style adapters, MITRE ATT&CK mapping, and a reasoning loop that records what it saw and why it moved.

Surfacetyped MCP tools
Moderead-only analysis first
Evalground-truth case scoring
TrackSANS FIND EVIL! 2026
03 / Private runtime, public showcase

Personal agentic systems beyond DFIR.

These systems are private, but the public showcases expose the product shape: live dashboards, deep-dive modals, operator reports, and the split between deterministic control and LLM-assisted review.

YuShin Trade dashboard preview
Autonomous trading cockpit

YuShin Trade

A private Bithumb spot-market system where deterministic policy gates do the runtime work and an LLM supervisor reviews database evidence, blocked entries, policy history, and market context.

SQLite evidencepolicy auditLLM supervisorTelegram ops
YuShin Watch dashboard preview
Luxury watch market intelligence

YuShin Watch

A private watch opportunity monitor that compares active listings with sold-price evidence, extracts references, checks catalog context, and keeps the final purchase decision human-controlled.

price enginereference extractioncatalog matchingvision review
05 / Background

Security work before the agent era.

The agentic projects sit on top of practical operations: SOC monitoring, incident response, DDoS defense, infrastructure security, packet analysis, and long-running community teaching.

Experience

Now
CSIRT, Detection and ResponseLY Corporation / LINE, Tokyo
2018-2022
Incident-response leadKB Kookmin Bank, including DDoS defense and network forensics operations
2016-2018
Infrastructure securityNetmarble cloud, SIEM, WAF, IDS, and a security-event correlation patent
2012-2016
SOC and security engineeringNaver affiliate and Hankyung iNet, packet analysis and certified security products

Proof points

Network Attack Packet AnalysisCo-authored technical book, Freelec, 2019
Korea OSS Developer ContestGold Prize, NIPA, 2017
Security-event correlation patentNetmarble Corp., 2018
CCE, LINE Bug Bounty, FIESTA, KISANational and industry recognitions across security competitions and response exercises
06 / Stack

The working stack is practical.

I care less about novelty and more about operational fit: forensic tools, detection languages, data stores, typed interfaces, and deployable operator surfaces.

Languages

  • Python
  • Bash / Zsh
  • SQL / DuckDB / KQL
  • TypeScript

DFIR

  • SIFT Workstation
  • Plaso / log2timeline
  • Volatility 3
  • Velociraptor / KAPE

Detection

  • MITRE ATT&CK
  • YARA / Sigma
  • Arkime / Suricata
  • Splunk / XSOAR

Agentic

  • MCP tools
  • Claude / Anthropic API
  • Bedrock experiments
  • Dashboards / Telegram ops
07 / Contact

Interested in the systems?

Reach out for DFIR automation, agentic SOC, MCP tool design, evaluation methodology, or future private beta interest in the YuShin systems.