About

I’m Sofia Dubchak — junior cybersecurity specialist at Brights (Kyiv), and a recent BSc Cybersecurity graduate from Igor Sikorsky Kyiv Polytechnic Institute (Faculty of Physical-Technical Institute, ФТІ — specialty 125, Cybersecurity, 2021–2025).

Where I work

Brights is a Kyiv digital agency — web/mobile/SaaS development, AI development, cloud/DevOps, UI/UX. The team is around 50 people. They’re ISO/IEC 27001:2022 certified, which is what creates a role for someone like me: a 27001-certified shop requires an internal ISMS function, and I’m the company’s first dedicated cybersecurity hire post- graduation. (I interned with them in summer 2024 doing OWASP-Top-10 review on their own internal apps; I came back full-time after defending the BSc.)

My work splits roughly two ways:

• SOC / detection (≈50%): vulnerability management programme, internal log review, Suricata + ELK detections on dev/staging.
• Compliance / audit (≈50%): ISMS risk register maintenance, internal- audit prep, awareness-training rollouts, vendor security questionnaires.
• AI risk research (the growing slice): leading the company’s early-stage ISO/IEC 42001 readiness work, building a NIST AI RMF crosswalk for the AI development practice.

The team sponsored me to two conferences this spring on the AI-risk side — BSides SF 2026 and the SANS AI Cybersecurity Summit 2026 (Arlington VA, April 20–21). Schneier’s “Integrous AI” keynote at SANS is still rattling around in my head a month later.

Where I studied

KPI’s ФТІ — the canonical Ukrainian cyber pipeline. The Department of Mathematical Methods of Information Protection (Кафедра математичних методів захисту інформації) sits inside ФТІ and runs the cybersec specialty. About 80 BSc cybersec graduates per year cohort. Public faculty page: https://ipt.kpi.ua/.

My BSc thesis is on a separate page — it’s the work that pushed me toward blue-team / SOC operations and gave me the detection-engineering taste I’m trying to grow into now.

What I’m reading

Mostly:

• CERT-UA bulletins — they publish in waves, and the UAC-0010 / Gamaredon ones are especially worth re-reading carefully because the file-naming schemas and beacon URL patterns get reused across campaigns. Detection- engineering value is high if you actually translate them into Suricata or similar.
• MITRE ATT&CK technique-of-the-week threads in the various community Slacks/Discords I lurk in.
• ENISA’s threat-landscape reports for the EU-side perspective.
• ISO 27001 / 27002 / 42001 + NIST AI RMF crosswalk publications (slow but useful for the compliance work).
• Detection Engineering substack-shaped writing (Florian Roth, Anton Chuvakin, Roberto Rodriguez, etc.) — for the “why this rule and not that rule” framing.

What I bring

I’m a junior. The thing I’m least bad at is structured detection-engineering work — taking a CERT-UA / MITRE / ESET TTP description and turning it into a Suricata rule that doesn’t bury an analyst in false positives. I have solid Python/Bash for log parsing and automation, growing fluency in ISO 27001/42001/NIST AI RMF crosswalks, and CTF practice through KPI’s student cybersec club.

The thing I’m trying to learn is the analyst-craft of triage — telling real attacker behaviour from benign noise quickly when an alert fires. I work best in environments with structured mentorship; I know how much I still don’t know.

What I do outside paid work

• Maintain a small set of GitHub repositories — thesis support code, CTF write-ups, a Linux IR cheatsheet that started as class notes.
• Volunteer at the KPI Student Cybersecurity Club — used to run CTF network-defender tracks, still help with the lab’s Suricata + ELK deployment when I’m in town.
• Some occasional Suricata + ELK + MITRE ATT&CK content here.

Contact

• Email: palianytsia.200[at]ukr.net
• LinkedIn: search “Sofia Dubchak, Kyiv”
• GitHub: https://github.com/palianytsia-200

If you’re at Brights, KPI, CERT-UA, ENISA, or the wider UA/EU infosec community — don’t be shy. I respond to coffee-chat invites.

Слава Україні. 🇺🇦