~$ whoami

Pyae Heinn Kyaw

Cyber Incident Responder

Threat Hunting · Digital Forensics · Cloud IR · DFIR

MITRE ATT&CK Contributor BTLO Global #1 BSides Myanmar 2025 Speaker GIAC Advisory Board
View Experience Get in Touch

# About

Dedicated Cyber Incident Responder at Salesforce CSIRT, focused on Blue Team operations and defensive security. Experienced in Threat Hunting, Digital Forensics, Incident Response, and Threat Investigation across Windows, Linux, macOS, and multi-cloud environments (AWS, Azure, GCP). Committed to continuous learning and improving detection & response capabilities — from contributing to MITRE ATT&CK to building internal DFIR tooling.

4+Years in Security
7GIAC Certifications
#1BTLO Global Rank
1MITRE Contribution

# Experience

Cyber Incident Responder, CSIRT

Salesforce — Melbourne, Australia

Mar 2025 – Present
  • Cyber Incidents Detection, Analysis, Response & Containment
  • Contribute to Salesforce CSIRT projects and improve core CSIRT workflows and processes
  • Endpoint Forensics (Windows, Linux, macOS) and Cloud Incident Response (AWS, Azure, GCP)
  • Provide 24×7 cyber incident response support on a rostered basis

Associate Cyber Incident Response Specialist

EnergyAustralia — Melbourne, Australia

Feb 2023 – Feb 2025
  • Key member of highly specialised CSIRT Team
  • Incident Response Consultant for Operational Technology (OT)
  • Purple Teaming and Proactive Threat Hunting
  • Subject Matter Expert for Security Toolings
  • Provide 24×7 cyber incident response support on a rostered basis

Security Operations Centre (SOC) Supervisor

MPT – KDDI Summit Global Myanmar — Yangon, Myanmar

Jun 2022 – Jan 2023
  • Cyber Incidents Detection, Analysis, Response & Containment
  • Web Application Penetration Testing & Cyber Risk Assessment
  • Threat Hunting & Purple Teaming
  • Phishing Simulation & Internal Security Awareness Training Development

Cyber Security Analyst

Kernellix — Yangon, Myanmar (Internship)

May 2019 – Aug 2019
  • Web Application Penetration Testing & Vulnerability Assessment
  • Developed automation scripts using Python and Bash

# Achievements

🥇

BTLO Global #1

Blue Team Labs Online — ranked #1 globally across all defenders on the platform.

View Profile →
⚔️

MITRE ATT&CK Contributor

Contributed T1546.018 — Event Triggered Execution: Python Startup Hooks.

View Technique →
🎙️

BSides Myanmar 2025 Speaker

Presented "The Art of Windows Memory Forensics".

2025
🏅

SANS Offensive Operations Coin

Won the final capstone challenge of SEC504 on the last day of class.

2026
🏅

SANS Lethal Forensicator Coin

Won the final capstone challenge of FOR508 on the last day of class.

2024
🎖️

GIAC Advisory Board

Awarded by GIAC for outstanding score (90%) on the GCFA exam.

2024
📋

Insider Threat Matrix Contributor

Contributed AR5 and DT095 (Uninstalling Software).

View Contribution →
🥈

BTL2 Silver Challenge Coin

Awarded by Security Blue Team for passing the Blue Team Level 2 exam.

2024
🎓

TryHackMe Top 1%

Ranked in the top 1% of users globally on TryHackMe.

View Profile →

# Certifications

GIAC / SANS

8 certifications

  • GSP GIAC Security Professional #506
  • GCFA GIAC Certified Forensic Analyst
  • GCFE GIAC Certified Forensic Examiner
  • GCIH GIAC Certified Incident Handler
  • GIME GIAC iOS & macOS Examiner
  • GX-FA GIAC Advanced Forensic Analyst
  • GX-FE GIAC Advanced Forensic Examiner
  • GX-IH GIAC Advanced Incident Handler

EC-Council

1 certification

  • C|HFI Computer Hacking Forensic Investigator

INE / eLearnSecurity

1 certification

  • eCTHP Certified Threat Hunting Professional

Security Blue Team

1 certification

  • BTL2 Blue Team Level 2

CyberDefenders

1 certification

  • CCDL1 Certified CyberDefender Level 1

TryHackMe

1 certification

  • SAL1 Security Analyst Level 1

# Education & Courses

Degrees

Master of Information Technology / Master of Business Administration

James Cook University, Australia

2019 – 2021

Bachelor of Science (Computing)

Edinburgh Napier University, UK

2018

HND in Computing & Systems Development

Info Myanmar University, Myanmar

2015 – 2017

Courses

FOR508 — Advanced Incident Response, Threat Hunting & Digital Forensics

SANS Institute

FOR518 — Mac and iOS Forensic Analysis and Incident Response

SANS Institute

SEC504 — Hacker Tools, Techniques & Incident Handling

SANS Institute

Investigation Theory

Applied Network Defense — Chris Sanders

Hunting Adversary Infrastructure

IntelOps

# Skills & Tooling

SIEM

SplunkMicrosoft SentinelGoogle ChronicleIBM QRadar CrowdStrike Next-Gen SIEM

EDR / XDR

CrowdStrike EDRMicrosoft Defender XDRCybereason EDRTrellix HX

Digital Forensics

Windows ForensicsLinux ForensicsmacOS Forensics Memory ForensicsiOS Forensics

Cloud IR

AWSAzureGCP

Other

Threat HuntingPurple TeamingOT/ICS IR Akamai WAFZscaler ZIARapid7 VMTrellix ETP

Development

PythonBashSwiftFastAPIDuckDB

# Projects

🛠️

Internal DFIR Tooling

Developed multiple internal DFIR tools across the Cloud Incident Response and Host Forensics space.

DFIRCloud IRHost ForensicsAutomation
🦠

TONESHELL Malware Analysis

Threat Intelligence · Malware Analysis

Deep-dive analysis of TONESHELL malware attributed to Chinese APT group Mustang Panda. Published as part of PHK Knowledge Sharing series covering TTPs, C2 infrastructure, and detection opportunities.

Malware AnalysisAPTThreat Intel

# Contact

Open to collaboration, speaking opportunities, and interesting security problems.

security@pyaeheinnkyaw.com in linkedin.com/in/ph0b14 pyaeheinnkyaw.com BTLO Profile TryHackMe Profile