SOC Analyst | Blue Team | Threat Detection Ottawa, Canada
My background is in Computer Science, and I got pulled into cybersecurity by one question. how do we actually defend these systems?
Badges: SOC Apprentice | First Step into SOC | Defensive Toolsmith | Blue (EternalBlue) | Security Awareness | Skilled Navigator
Key rooms completed: SOC L1 Alert Triage and Reporting | Introduction to SIEM | Splunk Basics and SPL | Elastic Stack | Introduction to EDR | MITRE ATT&CK | Cyber Kill Chain | Pyramid of Pain | Phishing Analysis | Nessus | OpenVAS | Active Directory Basics | Linux and Windows Fundamentals | Governance and Regulation
May 2025 - Present | Ottawa, Canada
- Conduct vulnerability assessments using Nessus across company and client systems, identifying and prioritising critical and high-severity findings
- Produce vulnerability assessment reports with severity ratings, business impact analysis, and remediation recommendations for technical and executive audiences
- Monitor security posture on an ongoing basis, providing advisory services aligned with ISO 27001 frameworks
- Support incident response by investigating alerts, performing root cause analysis, and producing structured incident documentation
- Configure firewall rules, endpoint security policies, and SIEM detection logic to reduce alert noise
Tools: Nessus | Microsoft Sentinel | Splunk | Microsoft Defender | ISO 27001
Deployed Nessus Essentials on Kali Linux, scanned a Metasploitable 2 VM, applied remediations, and re-scanned to verify, simulating a complete SOC vulnerability management cycle.
| Component | Details |
|---|---|
| Scanner | Nessus Essentials on Kali Linux |
| Target | Metasploitable 2 (192.168.56.101) |
| Baseline Findings | 69 vulnerabilities - 9 Critical, 6 High |
| Key CVEs | VNC default password (10.0), Bind Shell Backdoor (9.8), Ghostcat AJP (9.8) |
| Remediations Applied | 7 service-level fixes across Critical and High findings |
| Final Scan | 61 vulnerabilities - 8 Critical/High eliminated |
| Extras | Nessus REST API used with curl and Python to export findings CSV |
Skills demonstrated: Vulnerability scanning, CVSS triage, Linux service hardening, risk prioritisation, API data extraction, before/after verification
Simulated APT29 (Cozy Bear) nation-state attacks using MITRE Caldera 5.3.0 against an isolated Windows 10 victim VM, then engineered Splunk detection rules to measure ATT&CK coverage.
| Component | Details |
|---|---|
| Attacker | MITRE Caldera 5.3.0 on Kali Linux |
| Defender | Splunk + Sysmon v15.20 on Windows 10 |
| Telemetry | 32,000+ Sysmon events captured |
| Techniques Detected | T1003, T1053, T1057, T1059.001 |
| ATT&CK Coverage | 57% detection rate |
| Heatmap | ATT&CK Navigator layer included |
Skills demonstrated: SIEM detection engineering, adversary emulation, endpoint telemetry, SPL authoring, threat hunting, incident documentation
Built a full corporate IT environment from scratch with Windows Server 2019, Active Directory, Group Policy, and osTicket helpdesk.
Skills demonstrated: Active Directory, Group Policy, PowerShell automation, helpdesk workflows, user lifecycle management
| Certification | Issuer | Status |
|---|---|---|
| CompTIA Security+ | CompTIA | Active |
| Certified in Cybersecurity (CC) | ISC2 | Active |
| Introduction to Cybersecurity | Cisco | Active |
| SC-200: Microsoft Security Operations | Microsoft | In Progress |
| Repo | Description |
|---|---|
| Vulnerability-Assessment-Lab | Nessus scan of Metasploitable 2 - 69 vulns found, 8 Critical/High fixed, 3 scans |
| Adversary-Emulation-Lab | APT29 emulation + Splunk detection engineering, 57% ATT&CK coverage |
| IT-Support-Homelab | Windows Server 2019, Active Directory, osTicket helpdesk environment |
"The best defenders think like attackers."