Career changer. 3 CompTIA exams in 5 months. Building toward SOC Operations.
I don't just study for certifications β I build labs, break things, and document what I find.
I'm building a career in Security Operations β learning how attacks work in order to detect, analyze, and respond to them effectively.
My goal: a SOC Analyst role where I contribute to threat detection, alert triage, and incident response. I believe the best defenders understand how systems can be broken β so I build labs that reflect real attack scenarios and document every finding.
| Certification | Status | Date |
|---|---|---|
 |
β Passed | Jan 2026 |
 |
β Passed | Mar 2026 |
 |
π Studying | 2026 |
I learn by doing. My HomeLab Projects and HomeLab Aegis repos document real hands-on work β not tutorial copy-paste, but actual discovery, mistakes, and lessons. Aegis goes deeper: IDS deployment, SIEM integration, exploitation and detection.
| Machine | Specs | OS | Role |
|---|---|---|---|
| π» MacBook Pro | 16GB RAM Β· 500GB SSD | macOS | Primary workstation β scanning, documentation, analysis |
| π₯οΈ iMac 12,1 | 32GB RAM Β· 500GB HDD | Ubuntu | Lab server β network services, security tool hosting |
| π Lenovo TP | 16GB RAM Β· 500GB SSD | Kali Linux | Security testing & vulnerability scanning |
| π§ MacBook Pro- VirtualBox | - | VM Ubuntu | |
| π§ Lenovo TP- VirtualBox | - | VM Ubuntu | |
| π‘ Fritz!Box | β | β | Network gateway, DHCP server, DNS |
| πΆ TP-Link RE190 | β | β | Wi-Fi repeater β discovered via MAC analysis in Lab 0 |
| # | Lab | Tools | Focus | Status |
|---|---|---|---|---|
| 0 | Network Discovery | ifconfig, arp, nmap, ping | Network topology mapping, port scanning, MAC analysis, security assessment | β |
| 1 | Wireshark Traffic Analysis | Wireshark, curl, ping, nslookup | Protocol analysis (ICMP/DNS/HTTP/ARP/TLS), TCP lifecycle, JA3 fingerprinting, passive device ID | β |
| 2 | WiFi Security | aircrack-ng suite, hcxdumptool, hashcat, macchanger | WPA2 handshake capture, PMKID attack, deauth, MAC spoofing, offline cracking | β |
| 3 | Firewall & Segmentation | ufw, iptables, nmap, hydra | Host firewall, zone segmentation, brute force detection, log analysis | β |
| # | Chapter | Scenario Question | Status |
|---|---|---|---|
| 01 | IDS Deployment | Can we detect a port scan and brute force in real time? | β |
| 02 | SIEM Integration | Do Suricata alerts reach Wazuh? Can we build a dashboard? | β |
| 03 | Exploitation & Detection | If Metasploit gets a shell β does the IDS see it? | π |
| 04 | Lateral Movement | Can SIEM detect movement between hosts post-compromise? | π |
| 05 | PCAP Forensics | What does C2 and infostealer traffic look like in a PCAP? | π |
| 06 | Detection Rule Writing | Can we write a Suricata rule that catches a specific threat? | π |
| 07 | Incident Response | Can we build a full IR timeline and harden the environment? | π |
A certification proves you studied. A lab proves you understand.
I do both.
- π I question results before accepting them
- π I document findings, not assumptions
- β‘ I treat every lab as a real environment
- π I revisit and improve β no lab is ever truly finished
π Studying CompTIA Network+ while building hands-on security labs π§ͺ Running firewall and traffic analysis labs β documenting everything π Cybersecurity Weiterbildung in Germany β finishing late 2026 π» TryHackMe Cybersecurity 101 β 51% complete
Started from zero. 3 exams in 5 months. Still learning, still building β every lab teaches something new. π