Skip to content
View yatuk's full-sized avatar
🏠
Working from home
🏠
Working from home

Block or report yatuk

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
yatuk/README.md

Fatih Serdar Çakmak

SOC Analyst Intern · Blue Team · Detection & Incident Response

typing
profile views linkedin portfolio location

~/whoami

name:         Fatih Serdar Çakmak
role:         SOC Analyst Intern  ·  Computer Engineering Student
focus:        [ SOC Operations, Alert Triage, Incident Response, Detection ]
currently:    SOC Intern @ Fibabanka (BDDK-regulated banking SOC)
building:     [ Tamga - LLM security proxy, MCPRadar - MCP scanner ]
education:    B.Sc. Computer Engineering @ ITU (expected 2027)
learning:     Detection-as-Code · AI/LLM Security · Threat Hunting
philosophy:   "Most alerts are noise. The interesting part is the few that aren't."
ask_me_about: [ SIEM, MITRE ATTACK, SOAR, Blue Team, LLM Security, Go, Python ]

I'm a Computer Engineering student who spends most of his time inside a SOC. Day to day that means triaging alerts, killing false positives, and tweaking SOAR playbooks so the signal surfaces faster. Mostly I'm learning what incidents actually look like before they reach an analyst, and how much of a working SOC quietly runs on automation.

Off the clock I build security tooling for AI systems. Right now that's a self-hosted proxy that guards LLM traffic and a scanner that checks MCP servers for nasty surprises. Both are open source, both are below.

~/experience

[ Mar 2026 -> Present ]  Fibabanka          ·  Cybersecurity Operations (SOC) Intern
                         └─ SIEM/EDR alert triage · CTI review · incident docs · AI-assisted triage

[ Jul 2025 -> Mar 2026 ]  Doğuş Teknoloji   ·  Cybersecurity and Incident Response Intern
                         └─ SIEM/SOAR/EDR/NDR triage · phishing playbooks · L1 IR · AD and log monitoring

~/tech-stack

🛡️ Security · SOC · Detection

SIEM Cortex XSOAR EDR / NDR MITRE ATT&CK Wireshark

💻 Languages

Python Go C C++ SQL

🧰 Infrastructure and Tooling

Docker FastAPI Next.js PostgreSQL Linux Active Directory Git

📋 Compliance and Frameworks

BDDK ISO 27001

~/projects

🛡️ Tamga · Self-Hosted LLM Security Proxy

Go Python Next.js AGPL-3.0 stars

A proxy you host yourself that sits between your app and the LLM provider (OpenAI, Anthropic, Azure, Vertex). It redacts PII inline (TC Kimlik, IBAN, credit card), blocks leaked secrets, and catches prompt injection, with sub-millisecond static scanning via an Aho-Corasick DFA. Comes with KVKK / BDDK / GDPR / PCI-DSS compliance mappings, hash-chained audit logs, and a Next.js incident dashboard. The stack is a Go proxy, a Python (FastAPI) analyzer, and the dashboard, with a 309-prompt adversarial suite gated in CI.

📡 MCPRadar · Security Scanner for MCP Servers

Python PyPI MIT stars

Catches tool poisoning, prompt injection, and supply-chain "rug pulls" in Model Context Protocol servers before your agent runs them. 6 detection rules (zero-width Unicode, injection patterns, encoded blobs, hidden HTML/Markdown, permission scope mismatch, dangerous tool names), SARIF output that drops straight into the GitHub Security tab, and SQLite snapshot diffing to flag silent schema changes. One-shot run with uvx mcpradar scan ..., no install needed. Public leaderboard at yatuk.github.io/mcpradar.

🗄️ WDI Analytics · Full-Stack Data Platform

Flask React TypeScript MySQL Docker

A platform for exploring World Bank development indicators across six domains (countries, health, emissions, energy, freshwater, sustainability). A Flask blueprint API sits behind a React and TypeScript SPA, with role-based access control (admin / editor / viewer), parameterized SQL to block injection, and audit logging on every change. Interactive Chart.js trends, a Leaflet world map, CSV export, and server-side pagination on top. Packaged with Docker Compose, Alembic migrations, pytest, rate limiting, CSRF protection, and a CI pipeline. Built as an ITU term project for BLG-317E.

Astro TypeScript

Terminal-themed personal site built with Astro 5. Boot animation, a SOC-dashboard recruiter view, and bilingual content.

~/github-stats

stats streak top langs activity graph
contribution snake

"Security is a process, not a product." · Bruce Schneier

Pinned Loading

  1. tamga tamga Public

    Self-hosted LLM security proxy. PII redaction, prompt injection defense, KVKK/GDPR/PCI-DSS compliance. Sub-millisecond latency.

    Go 11

  2. mcpradar mcpradar Public

    Security scanner for Model Context Protocol (MCP) servers. Detects tool poisoning, prompt injection, secrets exposure, command injection, and cross-server attack chains. 12 detection rules, 7 cross…

    Python 1

  3. soc-simulation soc-simulation Public

    SOC Analyst portfolyo projesi | 127 alert, 126 false positive, 1 gerçek tehdit, 6 kahve | SIEM/SOAR/EDR simülasyonu

    Python 3

  4. Database-Management-System Database-Management-System Public

    Forked from s4l1hs/Database-Management-System

    A comprehensive database management and visualization platform for World Development Indicators (WDI) data. Flask REST API + React SPA with role-based access control."

    Python 1