Hi, I’m Sofia.

Junior cybersecurity at Brights (Kyiv) since September 2025 — first dedicated cybersec hire on a small ISO/IEC 27001:2022 certified team. Day-to-day: half SOC/detection (Suricata + ELK on dev/staging, vulnerability management), half compliance/audit support (ISMS risk register, ISO 42001 readiness, AI risk crosswalks).

Recent KPI ФТІ Cybersecurity grad (BSc, 2025). My BSc thesis was on behavioural anomaly detection in network traffic with Suricata + ELK — looking specifically at APT lateral movement patterns.

I write here mostly so future-me can grep my own past notes. Sometimes a post is also a small attempt to give back to the KPI student cybersec community — first-years come asking for examples and I try to point them at something useful.

Topics I keep coming back to:

• UAC-0010 / Gamaredon activity — they’re loud, they target Ukrainian CERT-UA / journalists / researchers, and tracking them is a never-ending detection-engineering exercise.
• ISO 27001 / 42001 / NIST AI RMF crosswalks — the part of compliance work that’s actually interesting (not the bureaucracy).
• Suricata rule writing for blue-team SOC contexts.
• CTF write-ups — see the page.

If you want to reach me: best is LinkedIn DM (search “Sofia Dubchak, Kyiv”). Email is in contact info — I check it less reliably than I’d like.

Слава Україні. 🇺🇦

Recent posts

• 2026-04-25 · sans, ai-risk, iso-42001, conference, brights, nist-ai-rmf

  SANS AI Cybersecurity Summit 2026 — three things I'm bringing back to Brights

  Just back from SANS AI Cybersecurity Summit in Arlington VA. The Schneier and Anne Neuberger keynotes were both better than expected. Three things I'm taking back to the ISO 42001 readiness work at Brights.

• 2025-09-15 · brights, iso-27001, isms, grc, junior, career

  First month at Brights — what an ISO 27001 ISMS function actually does day-to-day

  I've been at Brights for a month as their first cybersec hire. The ISO 27001 ISMS work is way less bureaucracy and way more cross-team negotiation than I expected. Notes for future-junior-me.

• 2025-06-10 · thesis, kpi, detection-engineering, career

  Thesis defended — what worked, what I'd change, what comes next

  Defended my BSc on June 6th. A few notes on what worked methodologically, what I'd change in retrospect, and the small career decisions on the other side.

• 2025-01-08 · suricata, detection-engineering, gamaredon, uac-0010, blue-team

  Writing a Suricata rule for the double-letter alliterative C2 URL pattern

  Following up on the Gamaredon URL-pattern observation from November — turning it into an actually-shippable Suricata rule, with false-positive notes.

• 2024-11-12 · gamaredon, uac-0010, cert-ua, detection-engineering, suricata, pterodo

  Reading CERT-UA's UAC-0010 / Gamaredon update — what jumped out

  A close re-read of the late-2024 CERT-UA bulletin on UAC-0010 / Gamaredon and what's worth turning into Suricata rules for a small-shop SOC.