Cybersecurity · SOC Analysis · Threat Detection
MS Cybersecurity student at the University of Houston. I run adversary emulation labs, triage real endpoint alerts, and document findings with the rigor of a practicing analyst. Focused on threat detection, adversary emulation, and building security controls grounded in real attack data.
Every project below is a self-directed lab - built, executed and documented from scratch. They follow a deliberate progression: from building detection foundations, to full adversary emulation and threat intelligence, to original research identifying systematic gaps in enterprise EDR coverage. Each lab informed the next.
Built a Python pipeline that feeds real attack-generated Splunk alerts to the Claude API for automated Tier 1 SOC triage. Generated 38 alerts via live Kerberoasting, AS-REP Roasting, and lateral movement attacks, normalized NDJSON exports into a structured JSON schema, and displayed AI vs manual analyst verdicts in a custom dashboard. Caught a High-confidence AI hallucination during failure testing - inverted encryption type mapping on a Kerberoasting alert and documented why AI confidence scores cannot replace analyst judgment.
Simulated a full AD attack chain: Kerberoasting, AS-REP Roasting, Pass-the-Hash, DCSync, and BloodHound enumeration against a live domain environment, then investigated each technique from the analyst seat using Splunk SIEM with tuned Windows audit policies. Documented detection gaps including LDAP-based enumeration generating zero events across both SIEM and EDR layers.
Built an enterprise Active Directory lab (Windows Server 2022, domain-joined Windows 10, MITRE Caldera C2 on Kali Linux), executed three adversary profiles mapped to MITRE ATT&CK, and triaged live incidents in Microsoft Defender for Business. Identified systematic detection gaps for post-compromise staging techniques.
Deployed Splunk Enterprise on Ubuntu, engineered a Windows log forwarding pipeline via HTTP Event Collector, simulated a multi-stage attack chain from Kali Linux (brute force + PowerShell persistence), and detected all attack stages using SPL queries. Documented findings in a formal incident report mapped to MITRE ATT&CK.
Built through hands-on lab work, not just coursework.
Open to Security Engineer, Security Analyst and SOC Analyst roles.
Actively seeking Security Engineer and SOC Analyst roles. MS Cybersecurity graduate with hands-on experience in log analysis, attack simulation and threat detection.