Junior SOC Analyst with a background in IT operations, infrastructure support, vulnerability management, and Computer Networks. I use this GitHub to document hands-on cybersecurity projects focused on SOC operations, Splunk detection engineering, identity security, Active Directory monitoring, firewall segmentation, and security automation.
My current focus is to keep developing as a SOC Analyst by building practical projects that improve my skills in:
- alert triage and investigation
- Splunk SIEM detection engineering
- Windows authentication telemetry
- identity-based threat detection
- detection tuning and false positive reduction
- SOC playbooks and response workflows
- firewall segmentation and lab hardening
- security automation
This portfolio documents the labs, detections, dashboards, and automation workflows I build to strengthen those skills.
| Skill | Associated Project |
|---|---|
| Splunk Detection Engineering (SPL) | Identity Security |
| Windows Authentication Telemetry (Kerberos / NTLM) | Identity Security |
| Identity Threat Detection & Correlation | Identity Security |
| Detection Tuning & False Positive Reduction | Identity Security |
| SOC Dashboarding & Security Monitoring | Identity Security |
| pfSense Firewall Segmentation & Rule Testing | Identity Security |
| Active Directory Configuration | AD-Project |
| Authentication Attack Simulation | AD-Project |
| SOC Playbook Creation (SOAR) | SOAR-EDR |
| EDR Rule Creation & Detection | SOAR-EDR |
| DevSecOps Automation Pipelines | DevSecOps |
| SAST / DAST / SCA Tooling | DevSecOps |
Recent work has focused on identity threat detection and SOC monitoring, including:
- writing and tuning Splunk SPL detections
- correlating Windows authentication events across time and source
- detecting Kerberos and NTLM password spraying
- detecting failed-to-successful authentication patterns
- building authentication and Kerberos security dashboards
- documenting detections with MITRE ATT&CK mapping
- creating SOC-style analyst investigation workflows
- improving lab architecture with pfSense routed segmentation
- validating firewall rules between attacker, SIEM, and Domain Controller subnets
Below are the main projects I use to develop and document practical SOC and security engineering skills.
Identity-focused detection engineering project using Splunk, Active Directory, Windows Security telemetry, and pfSense.
The lab focuses on authentication abuse, identity monitoring, detection tuning, hardening validation, and firewall-backed segmentation. It includes:
- Kerberos and NTLM password spray detections
- failed-to-successful authentication correlation
- privileged account authentication monitoring
- Kerberos security posture dashboarding
- authentication pressure dashboarding
- pfSense routed segmentation and firewall rule testing
- attacker subnet controls for Splunk and Domain Controller access paths
- MITRE ATT&CK mapping
- SOC-style investigation workflows and playbooks
Active Directory lab focused on domain deployment, Windows telemetry collection, Sysmon, authentication attack simulation, and Splunk ingestion.
Key areas covered:
- Windows Server domain deployment
- Windows endpoint telemetry
- Sysmon logging
- brute force and authentication attack simulation
- Splunk data ingestion and investigation
Response automation project using Tines and LimaCharlie to model detection, enrichment, notification, and analyst decision points.
Key areas covered:
- detection-to-response workflow design
- endpoint alert enrichment
- Slack notification workflow
- analyst approval steps
- endpoint response actions
Security testing project focused on SAST, DAST, and SCA scanning against a deliberately vulnerable application.
Key areas covered:
- static application security testing
- dynamic application security testing
- software composition analysis
- vulnerable application testing
- pipeline-style security automation