
Paul Jaramillo
Paul Jaramillo is an extremely passionate, technical, and results-oriented security professional with over 10 years of incident response and 15 years of IT experience. Previously working at Splunk, CrowdStrike, and the US DoE, Paul is currently Director of Threat Hunting & Intelligence at Sophos. He has a long-distinguished record of reducing enterprise risk and guiding organizations to an improved security posture. Some highlights include breaking into a 2-factored VPN as a pen tester, successfully investigating an insider threat case across the globe as a forensic examiner, and hunting and ejecting nation-state adversaries from corporate and government networks.
Content by Paul Jaramillo

Threat Research
Featured
MDR
Patch Tuesday
SharePoint
Sophos X-Ops
toolshell
SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild
July 21, 2025

Security Operations
Threat Research
china
Crimson Palace
EAGERBEE
Earth Longzhi
MDR
Sophos X-Ops
Operation Crimson Palace: A Technical Deep Dive
June 5, 2024

Threat Research
BackdoorDiplomacy
china
EAGERBEE
Earth Longzhi
Featured
RUDEBIRD
Sophos X-Ops
state actors
TA428
threat-hunting
Worok
Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
June 5, 2024

Security Operations
Threat Research
CVE-2023-34362
CVE-2023-35036
CVE-2023-35708
CVE-2023-36932
CVE-2023-36933
CVE-2023-36934
Exploit
Featured
FIN11
MDR
MOVEit
Progress Software
TA505
vulnerability
Update 6: Information on MOVEit Vulnerabilities CVE-2023-34362, CVE-2023-35036, CVE-2023-35708, and CVE-2023-36934
June 5, 2023

Security Operations
Threat Research
Akira
Featured
incident response
Ransomware
Sophos XDR
Akira Ransomware is “bringin’ 1988 back”
May 9, 2023

Security Operations
CVE-2023-27350
CVE-2023-39143
Featured
MDR
MDR Flash
PaperCut
Sophos MDR
Update 2: Increased exploitation of PaperCut drawing blood around the Internet
April 27, 2023