ML security systems
Behavioral baselines, anomaly scoring, peer context, model evaluation, and threshold tuning.
Security AI systems
A model score is not a security product.
Vyshyvka builds the surrounding product: data with context, model output that can be inspected, analyst screens that support review, and reporting that explains what the system found.
What this covers
Operating range
Experience covers AI/ML security work in sensitive environments: behavioral analytics, LLM-assisted triage, analyst tooling, and investigation reporting. The work holds together when the data path, scoring path, review interface, and evidence trail are designed as one system.
Capability map
A useful tool needs a clear security problem, usable data, bounded model output, review paths, and reporting that can be challenged.
Behavioral baselines, anomaly scoring, peer context, model evaluation, and threshold tuning.
Structured triage, drift checks, evidence handling, escalation paths, and cost-aware gating.
Telemetry modeling, signal persistence, migrations, ingestion boundaries, and reviewable records.
Triage queues, case views, dashboards, evidence tables, analyst actions, and audit trails.
Authentication-aware deployment, containerized services, cloud infrastructure, search, health checks, and jobs.
Security reporting with clear methods, caveats, evidence summaries, and decision-ready findings.
Systems shipped and operated
The common thread is production ownership across data models, scoring logic, workflow state, review screens, audit paths, and findings that can be explained under scrutiny.
Signal definitions, model-assisted scoring, analyst review states, feedback paths, and dashboard views.
Staged review logic, structured model outputs, persistence, quality gates, and human escalation.
Queue state, case escalation, evidence tables, dashboard views, and analyst actions.
Role-aware controls, audit logging, unstructured log parsing, weighted review logic, and exception handling.
Model training, statistical scoring, experimental graph work, searchable outputs, and evaluation loops.
Multi-source analysis, caveated findings, review-ready summaries, and clear methods.
Narrative Security
Narrative models user behavior as event sequences, scores unusual activity with user and peer context, and presents the result in a SOC-style dashboard for review.

Security analytics platform
Prototype work covering behavioral sequence scoring, Cloudflare-based runtime architecture, SOC dashboard screens, alert review, user context, red-team review, and model explanation.
View case studyArchitecture discipline
Before a tool can act, people need to see what it saw, what it inferred, and where a human decision still belongs.
Signals, model outputs, and findings need source references, caveats, and enough context to review.
Contracts keep service outputs, queue payloads, filters, and analyst actions explicit.
Training, evaluation, quantization, artifact storage, and active-version switching have to be planned.
Analyst tools need queues, timelines, peer context, review screens, data exploration, and audit records.
Evaluation guide
The clearest conversation starts with the role scope, telemetry, constraints, decision process, and the standard the work has to meet.
Walk through the event model, scoring path, deployment shape, UI surfaces, and tradeoffs.
Map the real security, AI, or data problem to systems that have been built and operated.
Discuss contracts, validation, artifacts, workflow boundaries, reliability, and implementation choices.
Use noisy telemetry, ambiguous behavior, stakeholder constraints, and evidence requirements.
Selective engagements
Good fit
Not a fit
Start the work
Send a brief if the project involves sensitive data, detection logic, analyst review, LLM triage, evidence quality, or reporting that has to hold up under scrutiny.
Send a project brief