name: Fatih Serdar Çakmak
role: SOC Analyst Intern · Computer Engineering Student
focus: [ SOC Operations, Alert Triage, Incident Response, Detection ]
currently: SOC Intern @ Fibabanka (BDDK-regulated banking SOC)
building: [ Tamga - LLM security proxy, MCPRadar - MCP scanner ]
education: B.Sc. Computer Engineering @ ITU (expected 2027)
learning: Detection-as-Code · AI/LLM Security · Threat Hunting
philosophy: "Most alerts are noise. The interesting part is the few that aren't."
ask_me_about: [ SIEM, MITRE ATTACK, SOAR, Blue Team, LLM Security, Go, Python ]I'm a Computer Engineering student who spends most of his time inside a SOC. Day to day that means triaging alerts, killing false positives, and tweaking SOAR playbooks so the signal surfaces faster. Mostly I'm learning what incidents actually look like before they reach an analyst, and how much of a working SOC quietly runs on automation.
Off the clock I build security tooling for AI systems. Right now that's a self-hosted proxy that guards LLM traffic and a scanner that checks MCP servers for nasty surprises. Both are open source, both are below.
[ Mar 2026 -> Present ] Fibabanka · Cybersecurity Operations (SOC) Intern
└─ SIEM/EDR alert triage · CTI review · incident docs · AI-assisted triage
[ Jul 2025 -> Mar 2026 ] Doğuş Teknoloji · Cybersecurity and Incident Response Intern
└─ SIEM/SOAR/EDR/NDR triage · phishing playbooks · L1 IR · AD and log monitoring
🛡️ Tamga · Self-Hosted LLM Security Proxy
A proxy you host yourself that sits between your app and the LLM provider (OpenAI, Anthropic, Azure, Vertex). It redacts PII inline (TC Kimlik, IBAN, credit card), blocks leaked secrets, and catches prompt injection, with sub-millisecond static scanning via an Aho-Corasick DFA. Comes with KVKK / BDDK / GDPR / PCI-DSS compliance mappings, hash-chained audit logs, and a Next.js incident dashboard. The stack is a Go proxy, a Python (FastAPI) analyzer, and the dashboard, with a 309-prompt adversarial suite gated in CI.
📡 MCPRadar · Security Scanner for MCP Servers
Catches tool poisoning, prompt injection, and supply-chain "rug pulls" in Model Context Protocol servers before your agent runs them. 6 detection rules (zero-width Unicode, injection patterns, encoded blobs, hidden HTML/Markdown, permission scope mismatch, dangerous tool names), SARIF output that drops straight into the GitHub Security tab, and SQLite snapshot diffing to flag silent schema changes. One-shot run with uvx mcpradar scan ..., no install needed. Public leaderboard at yatuk.github.io/mcpradar.
🗄️ WDI Analytics · Full-Stack Data Platform
A platform for exploring World Bank development indicators across six domains (countries, health, emissions, energy, freshwater, sustainability). A Flask blueprint API sits behind a React and TypeScript SPA, with role-based access control (admin / editor / viewer), parameterized SQL to block injection, and audit logging on every change. Interactive Chart.js trends, a Leaflet world map, CSV export, and server-side pagination on top. Packaged with Docker Compose, Alembic migrations, pytest, rate limiting, CSRF protection, and a CI pipeline. Built as an ITU term project for BLG-317E.
🖥️ Portfolio · fscakmak.com
Terminal-themed personal site built with Astro 5. Boot animation, a SOC-dashboard recruiter view, and bilingual content.
⚡ "Security is a process, not a product." · Bruce Schneier
