About

Hey, I'm Karlo.

Most people online know me as AccidentalRebel. I help security teams work smarter, specifically at the intersection of SOC operations and AI.

I've spent the last few years leading L2 operations in a 24/7 SOC and leading the team behind TryHackMe's SOC Simulator, a gamified training environment where SOC teams investigate realistic incidents using Splunk, Elastic, or Sentinel. It's used by teams at Google, KPMG, and others to cut investigation time and improve escalation accuracy across TryHackMe's 3M+ user base. Before that, 10+ years as a software engineer building games, web apps, dev tools, and low-level systems. I think like an attacker, but I build for defenders.

What I Work On

Making SOC analysts faster. Most security tooling is designed for feature checklists, not analyst workflows. I build automations, write detections in Microsoft Sentinel, and figure out where teams are losing time to UI friction instead of doing actual analysis. I wrote about this in The Hidden Tax of Security Tooling.

Building security tools. I don't just use tools, I build them. VGL4NT classifies malware with ML. shcode2exe makes shellcode analysis easier. Claudecker containers AI agents for safe execution. If a problem keeps showing up, I'd rather build a solution than keep working around it.

Understanding how AI changes security. AI is both a force multiplier for defenders and a new attack surface. I track this closely because it's moving fast and most of the coverage is either hype or vendor marketing.

What I Write About

Every week I publish the Cybersecurity x AI brief — practitioner analysis of how AI systems get attacked and what defenders need to know. No hype, no vendor pitches, just what matters and why.

I also write deep dives on malware analysis, reverse engineering, and the tools I build along the way.

Background

  • Computer Engineer by training, hardware-to-software full stack
  • 10+ years software engineering before pivoting to security
  • SANS GIAC GSLC certified
  • CISSP in progress (May 2026)

Let's Talk

I'm always up for conversations about security operations, AI in security, or interesting problems that need building.