Summary
Overview
Work History
Publications
Timeline
Generic

Tomer Pugach

Linkedin.com/in/tomer-pugach

Summary

Cybersecurity professional specializing in SOC operations, incident response, and large-scale threat research, with hands-on experience translating risk assessments and threat intelligence into actionable detections, SOC workflows, and IR playbooks. Experienced in partnering with enterprise and Fortune 500 security teams to drive effective prevention, detection, and response at scale.

Overview

7
7
years of professional experience

Work History

Cyber Security Specialist

UBS
01.2024 - Current
  • Owning and personally executing risk assessments for critical products and infrastructure, while coordinating cross-functional teams of threat researchers, SIEM engineers, and project managers, covering globally distributed environments with 100,000+ endpoints.
  • Analyzing threats and risks across Azure and on-premises environments, leveraging MITRE ATT&CK, the Diamond Model, and the Cyber Kill Chain to translate findings into actionable security controls and detection logic.
  • Driving and contributing hands-on to the development and refinement of TTP-based detections, with 1,000+ detections evaluated and adjusted annually based on assessment outcomes and evolving threat activity.
  • Defining detection strategies and requirements derived from threat research and assessment outcomes, enabling SOC teams to implement Splunk and Microsoft Sentinel SIEM/SOAR workflows for alerting, investigation, and response.

Senior Cyber Threat Intelligence Analyst

Q6 Cyber
01.2021 - 01.2024
  • Conducting cyber threat research for clients, focusing on APT activity, ransomware, and information-stealer campaigns, and analyzing adversary behavior across the full attack lifecycle using MITRE ATT&CK, the Diamond Model, and the Cyber Kill Chain.
  • Profiling advanced threat actors and campaigns, and translating intelligence into actionable TTP (Tactics, Techniques, and Procedures) reports delivered to Fortune 500 organizations, working closely with client security teams to support real-world defensive operations.
  • Developing SOC and Incident Response (IR) playbooks, providing clear prevention, detection, and response guidance aligned with clients’ existing security tools and controls.
  • Designing and implementing threat detections and hunting use cases in Microsoft Azure Sentinel and Splunk, mapped to real-world attacker techniques and operational security needs.
  • Performing advanced data and behavioral analysis using Kibana, OpenSearch, and Python (Pandas, NumPy) to identify malicious patterns and enhance detection coverage.

Cyber Security Lecturer

8200 Academy
01.2022 - 01.2023
  • Designing and leading the course curriculum and training materials, defining advanced technical content (including vulnerabilities, exploitation techniques, and defensive analysis).
  • Serving as a subject-matter expert for candidates preparing for advanced military cyber selection.

Project Manager – Deputy Platoon Commander

Unit 8200
01.2021 - 01.2021
  • Owning end-to-end product lifecycle management for innovative SaaS products, converting product strategy and business objectives into well-defined functional and technical requirements.
  • Managing and mentoring a project management team of two, and partnering with R&D and cross-functional stakeholders to deliver and launch products successfully.

Cyber Intelligence Analyst Course Commander

Unit 8200
01.2020 - 01.2021
  • Designing and structuring the course syllabus and learning objectives.
  • Instructing and leading classes, while providing ongoing technical guidance and day-to-day problem solving for course participants.

Cyber Intelligence Analyst

Unit 8200
01.2019 - 01.2020
  • Leading end-to-end cyber intelligence investigations, delivering critical technical and operational insights on threat activity.
  • Researching APT campaigns and threat actors using frameworks such as MITRE ATT&CK and the Cyber Kill Chain, translating analysis into actionable intelligence.
  • Conducting network and traffic analysis using tools such as Wireshark and Fiddler to investigate malicious behavior and attacker infrastructure.
  • Performing intelligence-driven data analysis using Python and MySQL, and collecting and correlating OSINT, WEBINT, SIGINT, and HUMINT to support investigative conclusions.

Publications

  • PANDEMONIUM IN THE DARK WEB - Feb 2022
  • BREACHFORUMS SHUTDOWN: ENGLISH-SPEAKING CYBERCRIMINAL COMMUNITY IN FLUX - Mar 2023
  • ONLINE SMS VERIFICATION SERVICES: CYBERCRIMINAL’S NEW FAVORITE TOOL - Dec 2023

Timeline

Cyber Security Specialist

UBS
01.2024 - Current

Cyber Security Lecturer

8200 Academy
01.2022 - 01.2023

Senior Cyber Threat Intelligence Analyst

Q6 Cyber
01.2021 - 01.2024

Project Manager – Deputy Platoon Commander

Unit 8200
01.2021 - 01.2021

Cyber Intelligence Analyst Course Commander

Unit 8200
01.2020 - 01.2021

Cyber Intelligence Analyst

Unit 8200
01.2019 - 01.2020

Similar Profiles

CREATE PROFILE
Tomer PugachLinkedin.com/in/tomer-pugach