Skip to content

GiftyStyles/GiftTech

BranchesTags

Repository files navigation

πŸ›‘οΈ THE CYBERSECURITY ANALYST'S TOOLKIT

Linux Administration & SQL Data Forensics Portfolio

Status Skills

πŸ“œ Verified Professional Credentials

Click below to view the official PDF certifications.

Google Cybersecurity Professional IT Fundamentals (FC0-U71)

Udemy Training
πŸ“‚ View Google PDF πŸ“‚ View Udemy PDF

πŸ“ Featured Projects

πŸ›‘οΈ Security Controls Assessment: Botium Toys

Governance, Risk & Compliance

Objective: Conducted a comprehensive internal audit to identify security gaps and misalignments using the NIST Cybersecurity Framework (CSF).


🌐 Network Traffic Analysis: DNS & ICMP Troubleshooting

Network Security & Forensics

Objective: Utilized tcpdump to capture and analyze network layer communication to resolve connectivity issues.

πŸ›‘οΈ Google Cybersecurity Professional: Linux & SQL Security Project

Verified Credential: πŸ“„ Google Certificate: Tools of the Trade

πŸ“‹ Project Overview

This project serves as a comprehensive technical portfolio demonstrating my ability to secure Linux systems and perform data forensics using SQL. This work was completed as part of the Google Cybersecurity Professional Certificate.

πŸ“œ Professional Certification


Google Certificate
Official validation of skills in Linux, SQL, and Security Operations.

🐧 1. Linux System Security & Administration

πŸ›‘οΈ Access Control & Identity (Labs 1, 2)

User Management & Permissions

Objective: Enforce the Principle of Least Privilege (PoLP) by managing user access and system permissions.

  • Action: Created and managed user accounts and modified file permissions/ownership to secure the environment.
  • Evidence: Access Control Identity Management

βš™οΈ System Hardening & Maintenance (Lab 3)

Software & Update Security

Objective: Secure the system by managing software installations and maintaining up-to-date security tools.

  • Action: Utilized the APT package manager to install, update, and verify the integrity of security tools.
  • Evidence: Installation

πŸ” Incident Response & Log Analysis (Lab 4)

Threat Hunting & Forensics

Objective: Proactively hunt for malicious activity and unauthorized access patterns within system logs.

  • Action: Filtered large datasets using grep to isolate critical security events and identify potential threats.
  • Evidence: Log Filtering

πŸ“ Linux Foundations (Labs 5, 6)

Core Administration Skills

  • Skills: Proficient in File Management (mv, cp, rm), System Navigation (find, locate), and Technical Documentation (man pages).

πŸ“Š 2. SQL Database Auditing & Forensics

πŸ”Ž Data Extraction & Filtering (Labs 7, 8, 9)

Database Auditing

Objective: Identify unauthorized access attempts and suspicious patterns within a relational database.

  • Action: Wrote SQL queries using WHERE clauses and LIKE wildcards to filter access logs for security auditing.
  • Evidence: Basic Query Data Filtering Advanced Filters

πŸ”— Advanced Correlation & Logic (Labs 10, 11)

Forensic Data Correlation

Objective: Correlate disparate data sources to track threat actors and reconstruct security incidents.

  • Action: Utilized AND/OR/NOT logic and INNER JOIN operations to merge user data with login tables for deeper investigation.
  • Evidence: Logic Operators Relational Joins

πŸ›‘οΈ Course: Assets, Threats, and Vulnerabilities

This folder serves as a comprehensive portfolio for the "Assets, Threats, and Vulnerabilities" course. It documents the full security lifecycle: identifying assets, assessing risks, remediating incidents, and applying cryptographic controls.

πŸ“œ Professional Certification


Official validation of skills in NIST standards, risk management, and cryptography.
πŸ“„ View Course Certificate

πŸ§ͺ Technical Audit & Lab Activities

πŸ“‹ 1. Asset Management: Comprehensive Asset Inventory

Governance, Risk & Compliance

Objective: Establish a formal audit baseline by identifying, categorizing, and valuing all organizational hardware and software assets to determine appropriate protection levels.

  • Action: Created a centralized inventory tracking system, assigned data criticality levels, and mapped network-connected assets to business-critical functions.
  • Evidence: πŸ“„ View Asset_Inventory.csv

πŸ“Š 2. Risk Assessment: Score Risk Based on Likelihood and Impact

Threat Modeling & Risk Prioritization

Objective: Conduct a quantitative risk analysis using Likelihood Γ— Impact scoring to prioritize remediation and align security resources with the highest business risks.

  • Action: Developed a risk-scoring matrix to identify high-probability threats, establishing a technical foundation for implementing NIST-aligned security controls.
  • Evidence: πŸ“„ View Threat_Risk_Matrix.csv

πŸ“‘ 3. Incident Analysis: Data Leak Recovery & Remediation

GRC Auditing & NIST Compliance

Objective: Investigate a security breach to determine the root cause of a data leak and implement corrective technical controls based on NIST SP 800-53.


πŸ” 4. Lab Practical: Data Decryption and Encryption

Cryptography & Data Protection

Objective: Mitigate the risk of unauthorized data exposure by implementing industrial-grade cryptographic handling for sensitive "Data at Rest" and "Data in Transit".

  • Action: Evaluated the organizational security posture, utilized AES encryption/decryption tools to secure records, and successfully validated ciphertext recovery.
  • Lab Evidence: 04_Decrypt_and_Encrypt_Data.png

πŸ›‘οΈ 5. Lab Practical: Cryptographic Hashing

Asset Verification & Non-Repudiation

Objective: Ensure the absolute integrity of organizational assets by leveraging hash functions to verify that files remain unaltered by unauthorized actors.

  • Action: Generated and compared SHA-256 cryptographic hash values for business-critical data sets to detect unauthorized tampering and ensure authenticity.
  • Lab Evidence: 05_Create_Hash_Value.png

πŸ”‘ 6. Security Strategy: Access Control & AAA Protocols

Identity Management & Authorization

Objective: Reduce the organizational attack surface by strengthening Authentication, Authorization, and Accounting (AAA) protocols for network resources.


πŸ” 7. Audit Report: NIST Vulnerability Assessment

Risk Management Framework (RMF)

Objective: Conduct a systematic internal audit to identify technical security gaps and prioritize remediation using the NIST Cybersecurity Framework (CSF).


πŸ’Ύ 8. Forensic Analysis: USB Attack Vector Investigation

Physical Security & Threat Forensics

Objective: Evaluate the security risks posed by unauthorized removable media and social engineering-driven malware delivery.


🎯 9. Advanced Modeling: PASTA Threat Model Framework

Strategic Defense & Attack Simulation

Objective: Apply the 7-stage PASTA framework to simulate sophisticated attack paths and align technical defenses with business objectives.

πŸ›‘οΈ Sound the Alarm: Detection and Response

This folder serves as a comprehensive portfolio for the "Detection and Response" module. It documents technical proficiency in identifying security incidents, analyzing network traffic, and performing forensic packet inspection.

Note: This folder documents my technical progression through Course 4, focusing on incident detection frameworks and deep-packet analysis.

πŸ“œ Professional Certification


Official validation of skills in NIST standards, risk management, and cryptography.
πŸ“„ View Course Certificate

πŸ§ͺ Technical Analysis & Lab Activities

πŸ“‹ 1. Incident Analysis: Healthcare Ransomware Scenario

Incident Response & Business Continuity

Objective: Analyze a simulated ransomware attack on a healthcare clinic to determine the impact on patient care and business operations.

  • Action: Developed a formal incident overview by following the NIST Incident Response lifecycle, identifying risks to patient data and recommending immediate containment steps.
  • Evidence: πŸ“„ View Incident_Handlers_Journal.pdf

πŸ” 2. Lab Practical: Analyze Your First Packet

Network Traffic Analysis & Forensic Inspection

Objective: Perform Deep Packet Inspection (DPI) to identify indicators of compromise (IoCs) and verify TCP protocol integrity.

  • Action: Utilized Wireshark to analyze a .pcap file, isolating TCP Port 80 traffic and confirming "Complete, WITH_DATA" status to verify successful data exchange.
  • Lab Evidence: Deep_Packet_Inspection_TCP.png

Figure 3: Detailed inspection of the TCP header identifying source/destination ports and conversation completeness.




πŸ–₯️ 3. CLI Lab: Network Observation with tcpdump

Command-Line Traffic Analysis & Forensic Inspection

Objective: Identify active network interfaces and utilize the tcpdump utility to capture, filter, and inspect live packet payloads within a Linux environment.

  • Action: Mapped hardware interfaces via ifconfig, intercepted real-time HTTP traffic on eth0, and performed advanced forensic filtering using hexadecimal and ASCII output formats to verify protocol integrity.

Lab Evidence

tcpdump Capture

Figure 4: Command-line interface packet capture showing deep packet inspection and payload analysis.

πŸ›‘οΈ 4. Phishing Incident Response

Email Artifact Analysis & Forensic Escalation

Objective: Identify high-risk indicators within suspicious email artifacts and perform a formal escalation of an infected workstation alert.

  • Action: Analyzed email headers for sender mismatches, identified social engineering red flags ("Egnieer"), verified a malicious SHA256 file hash, and updated the incident ticket status to Escalated.

Lab Evidence

Phishing Email Evidence

Figure 5: Identification of suspicious sender domain, grammatical errors, and malicious attachment hash.

Phishing Escalated Ticket

Figure 6: Alert ticket updated to Escalated status with professional analyst documentation.

Evidence: πŸ“„ View Phishing Analysis in Journal

πŸ›‘οΈ 5. Intrusion Detection Analysis

Suricata IDS Alerting & JSON Metadata Parsing

Objective: Investigate network security events by executing Suricata against packet captures to identify signature-based triggers and validate IDS rule effectiveness.

  • Action: Deployed Suricata in read-pcap mode, analyzed fast.log for immediate alerts, and utilized jq to parse the eve.json telemetry for deep-flow analysis of Port 80 traffic.

"Date: January 3, ","Entry: #5 " "2026. ", "Description ","Conducted a forensic review of network traffic by running Suricata against a sample.pcap file. Analyzed both standard alerts in fast.log and detailed JSON telemetry in eve.json to verify signature triggers." "Tool(s) used ","Suricata IDS, Linux CLI, cat, jq" "The 5 W's ","β€’ Who: Cybersecurity Analyst / SOC Team." ,"β€’ What: Identified ""GET on wire"" HTTP alerts and parsed log metadata." ,"β€’ When: During active network traffic inspection using read-pcap mode." ,"β€’ Where: Communication between local IP 172.21.224.2 and external IP 142.250.1.139." ,"β€’ Why: To validate the effectiveness of custom IDS rules in detecting outbound HTTP requests."

Lab Evidence

Suricata Fast Log Figure 7: Inspection of fast.log identifying "GET on wire" alerts with Signature ID: 12345.

Suricata Eve JSON Figure 8: Refined jq query extracting flow-specific metadata and destination IPs from eve.json.

Evidence: πŸ“„ View IDS Analysis in Journal

πŸ›‘οΈ 6. Security Monitoring & SIEM Querying

Wazuh Threat Hunting & Log Correlation

Objective: Execute a targeted threat hunt using SIEM logic to isolate unauthorized brute-force patterns within a 100,000+ event dataset.

  • Action: Configured Wazuh KQL filters to monitor the www3 host, successfully identified 300+ root-level authentication failures, and correlated SIEM alerts with raw secure.log data to verify the attack vector.

"Date: January 4, ","Entry: #6 " "2026. ", "Description ","Simulated Threat Hunt: Analyzed historical security telemetry from the Buttercup Games dataset using the Wazuh dashboard to isolate unauthorized access attempts." "Tool(s) used ","Wazuh SIEM, Kibana Query Language (KQL)" "The 5 W's ","β€’ Who: Potential malicious actors or automated scripts." ,"β€’ What: Identified over 300 failed SSH login attempts for the ""root"" account. ,"β€’ When: Historical activity captured within the logs." ,"β€’ Where: The www3 web server." ,"β€’ Why: Brute-force attack pattern targeting administrative credentials."

Lab Evidence

Server Log Evidence Figure 9: Manual forensic verification of raw secure.log artifacts confirming the brute-force attempt.

Evidence: πŸ“„ View SIEM Analysis in Journal



🐍 Automate Cybersecurity Tasks with Python

Google Cybersecurity Professional Certificate | Technical Portfolio


Official validation of skills in NIST standards, risk management, and cryptography.

πŸŽ“ Professional Certification

Google Python Automation Specialist

Objective: Mastered Python fundamentals to automate security workflows, parse complex log files, and develop remediation algorithms.

"Date: January 5, 2026", "Entry: #1", "Tool(s) used: Python 3.x, VS Code, Jupyter" Credential: πŸ“œ View Professional Certificate

πŸ›‘οΈ 1. User-to-Device Verification Algorithm

Conditional Logic & Data Correlation

Objective: Connect users to their assigned devices by cross-referencing usernames with hardware IDs to detect unauthorized system access.

  • Action: Created an automated verification function using .index() and nested if/else statements to confirm if a user is operating their designated equipment.

"Date: January 5, 2026", "Entry: #2" "Description: Algorithmic verification of user-device affinity to prevent hardware misuse." "Tool(s) used: Python (Conditional Statements, List Indexing)" "The 5 W's: β€’ Who: Internal employees and assigned hardware assets. β€’ What: Automated check for hardware-to-user alignment. β€’ When: System login or hardware audit phase. β€’ Where: Corporate network infrastructure. β€’ Why: To prevent unauthorized users from accessing the system on unassigned devices."

Evidence: πŸ§ͺ View Verification Lab Analysis

πŸ›‘οΈ 2. Security Log Pattern Analysis (Regex)

Regular Expressions & Log Parsing

Objective: Execute a targeted extraction of device IDs and IP addresses from login logs to identify vulnerabilities.

  • Action: Configured re.findall() patterns to isolate devices requiring critical software updates and correlate flagged IP addresses.

"Date: January 4, 2026", "Entry: #3" "Description: Used Regular Expressions to automate the identification of outdated systems and malicious IPs." "Tool(s) used: Python re Module" "The 5 W's: β€’ Who: Potential malicious actors and outdated network devices. β€’ What: Automated extraction of specific device IDs and IP addresses. β€’ When: Scheduled log monitoring and vulnerability scanning. β€’ Where: System login attempts and device logs. β€’ Why: To automate the detection of security vulnerabilities and brute-force attempts."

Evidence: πŸ§ͺ View Regex Pattern Analysis

πŸ›‘οΈ 3. Import and Parse Security Logs

File I/O & String Manipulation

Objective: Automate the process of importing and parsing large text-based security logs to extract specific login attempt data.

  • Action: Utilized the .read() and .split() methods to transform raw text file data into manageable lists for security analysis.

"Date: January 5, 2026", "Entry: #4" "Description: Developed scripts to efficiently access and parse information from text-based security logs." "Tool(s) used: Python (File Handling, String Methods)" "The 5 W's: β€’ Who: Security analysts managing large log datasets. β€’ What: Processed login data to extract specific fields. β€’ When: During routine security log reviews. β€’ Where: Organization's internal security database. β€’ Why: To allow analysts to efficiently access information from text files."

Evidence: πŸ§ͺ View Log Parsing Lab Analysis

πŸ›‘οΈ 4. Technical Foundation: Algorithm Development

File Handling & Remediation Logic

Objective: Develop a Python algorithm to automate the removal of unauthorized IP addresses from a restricted healthcare access file.

  • Action: Implemented with open() for secure file access, utilized .split() for data parsing, and built a for loop with .remove() logic to programmatically purge unauthorized IPs.

"Date: January 5, 2026", "Entry: #5" "Description: Technical foundation for automated maintenance of an IP 'allow list'." "Tool(s) used: Python (File I/O, List Methods)" "The 5 W's: β€’ Who: Security Analyst at a Healthcare organization. β€’ What: Removed unauthorized IP addresses from the allow_list.txt file. β€’ When: Real-time update during the access review process. β€’ Where: Restricted subnetwork server. β€’ Why: To maintain data privacy and system integrity by revoking access for unauthorized users."

Evidence: πŸ§ͺ View Algorithmic Logic Lab Analysis

πŸ›‘οΈ 5. PORTFOLIO PIECE: Automated ACL Updates

Advanced Remediation Algorithm

Objective: Execute an automated remediation workflow to secure a restricted healthcare subnetwork by programmatically updating access permissions.

  • Action: Developed a modular Python script that parses server logs, identifies unauthorized entries, and rewrites the permission file to ensure 100% compliance with access policies.

"Date: January 5, 2026", "Entry: #6" "Description: FINAL PORTFOLIO PROJECT: A comprehensive security automation tool for managing server access." "Tool(s) used: Python, File I/O, List Manipulation" "The 5 W's: β€’ Who: Senior Security Analyst. β€’ What: Automated the cleanup of a restricted IP allow list. β€’ When: Project completion phase of the Python Automation course. β€’ Where: Healthcare Network Infrastructure. β€’ Why: To demonstrate professional-grade automation and secure data handling."

Portfolio Evidence

Evidence: πŸ“„ View Numbered Portfolio Report


πŸ“ˆ Cybersecurity Career Strategy & AI Optimization

Google Cybersecurity Professional Certificate | Professional Growth Portfolio

πŸ›‘οΈ 1. Prepare for Cybersecurity Jobs


Credential: πŸ“œ View Job Preparation Certificate

Official validation of skills in NIST standards, risk management, and professional readiness.

Objective: Translate technical proficiency into professional value by aligning hands-on experience with the NIST Cybersecurity Framework (CSF).

  • Action: Created a professional narrative by mapping technical lab activities (Python automation, SIEM analysis) to the Identify, Protect, Detect, Respond, and Recover functions of the NIST CSF.

"Entry: #1", "Focus: Professional Readiness & Portfolio Strategy" "The 5 W's: β€’ Who: Aspiring Cybersecurity Analyst. β€’ What: Strategic alignment of technical skills with organizational security goals. β€’ When: Career preparation and job market entry phase. β€’ Where: Professional networking platforms and technical portfolios (GitHub/LinkedIn). β€’ Why: To bridge the gap between "learning a skill" and "solving business security risks" for hiring managers."

πŸ€– 2. Accelerate Your Job Search with AI


Credential: πŸ“œ View AI Strategy Certificate

Official validation of skills in Generative AI for professional workflow optimization.

Objective: Leverage Generative AI tools to enhance the quality of technical documentation and increase efficiency in the job application lifecycle.

  • Action: Mastered prompt engineering techniques to refine technical summaries, optimize resumes for Applicant Tracking Systems (ATS), and practice technical interview scenarios using AI as a simulator.

"Entry: #2", "Focus: Generative AI & Productivity" "The 5 W's: β€’ Who: Tech-forward Security Professional. β€’ What: Application of Generative AI for professional branding and technical writing. β€’ When: Advanced job search and interview preparation phase. β€’ Where: Technical documentation and professional communications. β€’ Why: To stay competitive in a tech-driven market and demonstrate the ability to use AI for operational efficiency."

Verified by Google: Professional readiness in the cybersecurity ecosystem.


⬅️ Back to GiftTech Main Page

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors