🛡️

Blue Team Operations

SOC Analysis & Defensive Security

80+ documented investigations across multiple platforms demonstrating SIEM analysis, alert triage, incident response workflows, and threat detection capabilities.

Active hands-on training across industry-leading cybersecurity platforms

🏆 Featured Achievements

HTB Certified Defensive Security Analyst

HTB Certified Defensive Security Analyst (CDSA)

Completed: [Month Year] | Certification Exam

  • SOC fundamentals & alert triage workflows
  • SIEM analysis with Splunk & Elastic
  • Threat intelligence & IOC correlation
  • Digital forensics & incident response
  • Phishing analysis & malware detection
  • Network traffic analysis & PCAP investigation
View Certificate →
LetsDefend

LetsDefend SOC Analyst Path

Completed: February 2026 | 34 Investigations | 97% Success Rate

  • Real-world SIEM alert triage
  • Log analysis & correlation
  • Malware investigation & IOC identification
  • Incident documentation & reporting
  • Threat intelligence integration
View Profile →

📺 Investigation Walkthroughs

LetsDefend SOC Investigations

LetsDefend SOC Investigations

Ongoing real-world SIEM alert investigations documenting structured triage, log correlation, containment decisions, and defensive workflow development.

📹 40+ Videos ⏱️ ~4 hours
TryHackMe Blue Team

TryHackMe Blue Team Operations

Structured SOC Analyst Level 1 (SAL1) walkthroughs focused on alert triage, log analysis, PCAP investigation, and defensive reasoning. Each lab is approached using real-world analyst workflow and escalation methodology.

📹 12+ Videos ⏱️ ~3 hours

🎓 BTL1 Certification Labs

Hands-on labs from Security Blue Team's Blue Team Level 1 certification path. Each lab covers real-world defensive security scenarios with practical analysis and reporting.

Piggy - PCAP Analysis Lab
✓ COMPLETED

Piggy

PCAP Analysis • Wireshark • Network Forensics

Multi-PCAP investigation covering SSH data exfiltration, malware infrastructure identification, and MITRE ATT&CK mapping.

Wireshark OSINT BTL1
View Investigation →
🔒 UPCOMING
Lab 2

Upcoming Lab

TBD

Additional BTL1 labs will be documented here as they are completed.

🔒 UPCOMING
Lab 3

Upcoming Lab

TBD

Additional BTL1 labs will be documented here as they are completed.

1 of 9 BTL1 labs completed (11%)

🔬 Hands-On Practice Labs

Ongoing blue team challenge labs and investigations across multiple platforms, demonstrating continuous skill development and practical application.

Source Leak Investigation
✓ COMPLETED

Source Leak Investigation

Incident Response • Digital Forensics • HackSmarter

First incident response investigation: source code breach at indie game studio. Evidence collection, timeline analysis, and root cause identification.

IR Forensics DFIR
View Challenge →
SOCmas 2025
✓ COMPLETED

🎄 Advent of Cyber 2025 (SOC-mas)

SOC Training • TryHackMe • 24 Daily Labs

24 days of hands-on blue team challenges covering phishing analysis, Splunk detections, alert triage, host forensics, network traffic analysis, and malware basics.

Splunk SOC DFIR
View Certificate →
Night Shift CTF
✓ COMPLETED

Night Shift CTF

SOC Simulation • TryHackMe • Medium Difficulty

Week-long SOC analyst simulation with 9 realistic enterprise scenarios covering alert triage, severity assessment, multi-source log correlation, and incident response.

SOC IR Logs
View Profile →
🔄 IN PROGRESS
Next Lab

More Labs Coming

Various Platforms

Additional hands-on labs from HackSmarter, BTLO, and other platforms will be documented here.

🔒 UPCOMING
Lab 3

More Labs Coming

TBD

Continuous learning across multiple blue team platforms.

📊 Investigation Documentation

📓

Obsidian Investigation Vault

Comprehensive case documentation with MITRE ATT&CK mapping, IOC tracking, and investigation timelines.

  • 80+ documented investigations
  • MITRE ATT&CK technique mapping
  • Reusable investigation templates
  • IOC database & metrics dashboard

Private repository - screenshot available on request

🔗

Public Platform Profiles

Verified investigation work across multiple SOC training platforms.

  • LetsDefend - 34 cases, 97% success
  • TryHackMe - 46 cases, 100% detection
  • All investigations publicly verifiable
  • Real-time metrics & rankings

🔬 Hands-On Lab Environments

📡

Splunk Enterprise SIEM Lab

Production-style SIEM environment for alert detection, log analysis, and threat hunting practice.

Host: Ubuntu 24.04 running Splunk Enterprise
Agent: Windows 11 with Universal Forwarder
Telemetry: Sysmon event collection & parsing
Use Cases: Custom detection rules, SPL queries, dashboards
🦠

Malware Analysis Sandbox

Isolated environment for safe malware detonation, static analysis, and reverse engineering practice.

Platform: FlareVM on isolated virtual network
Tools: IDA, Ghidra, PE analysis, debuggers
Analysis: Static & dynamic malware examination
Use Cases: IOC extraction, behavior analysis, reporting

Ready to Discuss SOC Operations?

View my investigation work, watch walkthroughs, or reach out to discuss defensive security capabilities.

Get In Touch →