About

I’m Elmer Phillips, a Security Analyst with 3 years workin in Managed Detection & Response. I spend my days triaging alerts, hunting through SIEM data, and investigating suspicious activity across our customer environments.

My philosophy is straightforward: good detections have high signal and low noise. If an alert fires, I should be able to investigate it and determine what happened without spending an hour chasing false positives. I share what I learn because security works better when we’re not all solving the same problems in isolation.

What I Work With

SIEM: Splunk, Microsoft Sentinel
EDR: SentinelOne, CrowdStrike
Focus areas: Alert triage, threat hunting, incident investigation, OSINT

How I Got Here

Years 1-2: Learned the fundamentals—triaging alerts, investigating events, understanding what “normal” looks like across different environments. Spent a lot of time with SIEM queries and learning to separate signal from noise.

Year 3: Started recognizing patterns across incidents. Purple team exercises taught me how attackers actually move through environments.

Current Projects

• SentinelOne Power Query UI: Interface for SentinelOne query operations
• Argus: OSINT aggregator for threat intelligence gathering

Why Blue Team?

The job isn’t glamorous. You’re triaging alerts, investigating suspicious logins, and hunting through logs to figure out if that PowerShell execution at 3 AM was automation or an attacker. But when you catch something real before it becomes a breach, or surface a threat that everyone else missed, that’s what makes it worth it.

It’s never finished, which is exactly what makes it interesting.