IT professional with 2+ years in desktop support making a deliberate move into cybersecurity. I hold a CompTIA Security+ and have built everything in this portfolio through hands-on labs — not just coursework.
My labs cover the full security operations lifecycle: SIEM deployment, threat detection, vulnerability management, incident response, threat hunting, web application security, cloud IAM, and GRC policy development — all built in real Azure environments using real tools.
Currently targeting SOC Analyst, Security Analyst, and GRC Analyst roles where I can contribute from day one.
| 🔵 SOC / Blue Team | Microsoft Sentinel · Defender XDR · KQL · Log Analytics · Alert Triage · Incident Response · Sysmon · DCR |
| 🎯 Threat Hunting | MITRE ATT&CK · Hypothesis-Driven Hunting · IOC Investigation · CISA Advisory Analysis · Threat Intel |
| ⚔️ Offensive Security | Hydra · Metasploit Concepts · Brute Force · Attack Simulation · Kali Linux |
| 🔴 Vulnerability Mgmt | Tenable Nessus · Credentialed Scanning · CVSS Scoring · Remediation Planning · GPO-Based Hardening |
| 🌐 Web App Security | OWASP ZAP · DAST · OWASP Top 10 · Burp Suite Concepts |
| ☁️ Cloud & Identity | Microsoft Azure · Entra ID · RBAC · Azure IAM · Intune · Microsoft 365 · Active Directory |
| 📋 GRC & Compliance | NIST CSF · ISO 27001:2022 · NIST SP 800-63B · HIPAA · Policy Development · Risk Assessment · Playbooks |
| 🖥️ Systems & Networking | Windows Server · Linux · VMware · DNS · DHCP · Firewalls · VLANs · NSG |
| 🛠️ Scripting & Automation | PowerShell · Python Basics |
| Project | What I Did | Tools / Skills | Detailed Report Link |
|---|---|---|---|
| SOC Incident Response Lab | Deployed Windows Server (victim) and Ubuntu (attacker) VMs; disabled firewall and opened NSG; ran Hydra RDP brute force attack; detected 7 failed + 1 successful login via KQL (Event IDs 4624/4625); built a custom analytics rule mapped to MITRE T1110; triggered Incident ID 18 in Defender XDR; performed full SOC incident response including task creation, investigation, and closure | Microsoft Sentinel · Defender XDR · Hydra · KQL · Sysmon · Azure NSG · AMA · DCR · MITRE ATT&CK | 🔗 View Full Report |
| GeoIP Watchlist & Global Attack Map Lab | Left Web01 exposed for ~2 days to collect 4,270+ real-world RDP attacks from global threat actors; uploaded GeoIP CSV watchlist; built a KQL workbook using ipv4_lookup() to enrich attacker IPs with geographic coordinates; rendered a global heat map showing attack origins including Hanoi (808), Southampton (795), London (681) | Microsoft Sentinel · KQL · ipv4_lookup() · Watchlist · Workbook · Defender XDR | 🔗 View Full Report |
| Threat Hunting Lab | Followed CISA Advisory AA25-141b; built a hypothesis that LummaC2 executed in the environment; created a safe simulation executable (LummaC2.exe); installed Sysmon v15.21; created a custom DCR to ingest Sysmon logs; ran 5 KQL hunting queries mapped to MITRE ATT&CK — Hunt 1 returned 3 confirmed results; simulated nslookup against IOC IP 94.158.244.69 and confirmed detection | Microsoft Sentinel · Sysmon · KQL · CISA AA25-141b · MITRE ATT&CK · PS2EXE · IOC Investigation | 🔗 View Full Report |
| Hybrid Endpoint Monitoring Lab | Deployed a hybrid SIEM lab onboarding Windows, Linux, and Azure endpoints via Azure Arc; built KQL detection rules and triggered/resolved a real incident in Sentinel | Microsoft Sentinel · Azure Arc · AMA · Log Analytics · KQL · DCR · RBAC | 🔗 View Full Report |
| Honeynet & Live Attack Detection Lab | Deployed Windows and Linux VMs as honeypots with deliberately open NSGs; ingested logs into Sentinel via Log Analytics, DCR, and NSG Flow Logs; enriched alerts with GeoIP watchlist; confirmed live real-world attack detection using KQL | Microsoft Sentinel · Azure NSG · SQL Server · Log Analytics · KQL · Defender for Cloud | 🔗 View Full Report |
| Project | What I Did | Tools / Skills | Repo |
|---|---|---|---|
| Nessus Vulnerability Management Lab | Built an Active Directory lab (biksec.com); created a Nessus service account (SVC_Nessus); deployed Nessus Essentials 10.12.0 on Kali Linux; created credentialed scan policies; deployed GPOs for WMI/Remote Registry/Firewall; ran authenticated scans; identified and remediated SMB Signing (Plugin 57608) via GPO and 7-Zip Critical CVEs; conducted a web app scan of testasp.vulnweb.com (18 findings) | Tenable Nessus · Kali Linux · Active Directory · GPO · CVSS · SMB Hardening · Windows Server | 🔗 View Full Report |
| OWASP ZAP — Web App Security Assessment Lab | Performed a full DAST assessment against testasp.vulnweb.com using OWASP ZAP 2.17.0; confirmed SQL Injection (including 15-second WAITFOR time-based blind injection), DOM XSS, Reflected XSS, Path Traversal (Windows/system.ini retrieved), and Open Redirect; identified 21 alerts across OWASP Top 10 | OWASP ZAP · DAST · SQL Injection · XSS · Path Traversal · OWASP Top 10 · Kali Linux | 🔗 View Full Report |
| Project | What I Did | Tools / Skills | Repo |
|---|---|---|---|
| Azure IAM Security Lab | Created a Resource Group (RG-IAM-Security-Lab); provisioned a test user (IAM Test User) in Entra ID; created a Security Group (IAM-Lab-Readers); assigned Reader RBAC role; validated read access worked and delete/create were blocked; configured MFA via Microsoft Authenticator; reView Full Reported sign-in logs | Microsoft Entra ID · Azure RBAC · MFA · Sign-in Logs · Least Privilege | 🔗 View Full Report |
| Azure Cloud — Identity & RBAC Lab | Provisioned Windows Server via Azure CLI; configured dynamic group membership; implemented custom RBAC roles for delegated access control | Azure CLI · Entra ID · Dynamic Groups · RBAC | 🔗 View Full Report |
| Azure Windows VM Administration Lab | Provisioned a Windows 11 VM in Azure; configured RDP access; managed user accounts and RBAC; performed troubleshooting and decommissioned the environment | Azure · Windows 11 · RDP · Entra ID · RBAC | 🔗 View Full Report |
| Project | What I Did | Tools / Skills | Repo |
|---|---|---|---|
| Policy and Playbook Development | Developed two professional GRC documents for a fictional healthcare clinic: (1) Phishing Incident Response Playbook with severity classification, containment tracks, HIPAA breach notification procedures, and evidence chain-of-custody; (2) Password & Authentication Policy aligned to NIST SP 800-63B — both mapped to NIST CSF, ISO 27001:2022 Annex A, and HIPAA Security Rule | NIST CSF · ISO 27001:2022 · NIST SP 800-63B · HIPAA · Policy Writing · Incident Playbook · GRC | 🔗 View Full Report |
| Cyber Risk Assessment | Conducted a full information security risk assessment for a fictional Learning Management System; produced Asset Register, Threat Catalogue, Vulnerability Register, Risk Scoring Matrix (Impact × Likelihood), Controls Register (NIST CSF), Risk Treatment Plan, and Risk Register | NIST CSF · Risk Assessment · Risk Register · Asset Classification · Control Mapping | 🔗 View Full Report |
| Project | What I Did | Tools / Skills | Repo |
|---|---|---|---|
| On-Prem AD, DC, Windows 11 & Linux | Built a virtualised on-prem network with Windows Server 2022 as Domain Controller; joined Windows 11 and Kali Linux clients; configured AD DS, DNS, and resolved cross-platform connectivity issues | VMware · Windows Server 2022 · Active Directory · DNS · Kali Linux · PowerShell | 🔗 View Full Report |
| Enterprise IT Infrastructure Design & Deployment | Designed and deployed a full enterprise network for a simulated college — AD with OU structure, RBAC, Microsoft 365 integration, Fortinet firewall, and end-to-end validation testing | Active Directory · Microsoft 365 · Fortinet Firewall · RBAC · VLAN | 🔗 View Full Report |
| Simulation | Company | What I Did | Tools / Skills | Repo | Certificate |
|---|---|---|---|---|---|
| Cybersecurity Analyst | Tata | Assessed an organisation's cybersecurity posture and provided strategic security advisory recommendations | Threat Analysis · Risk Reporting · Security Frameworks | — | 🔗 View Full Report |
| Shields Up Cybersecurity | AIG | Responded to a ransomware threat scenario, assessed vulnerabilities, and drafted an incident response communication | Incident Response · Vulnerability Assessment · Ransomware Analysis | — | 🔗 View Full Report |
| Cyber Security Management | ANZ Australia | Investigated phishing emails and analysed PCAP network traffic to extract hidden files and recover encoded data | Wireshark · HxD · PCAP Analysis · Base64 Decoding | 🔗 Repo | 🔗 View Full Report |
| Cybersecurity Job Simulation | Mastercard | Designed a phishing simulation, analysed results to identify vulnerable teams, and created targeted security awareness training | Phishing Simulation · Security Awareness · Presentation | 🔗 Repo | 🔗 View Full Report Full Report |
| Cybersecurity Job Simulation | Telstra | Triaged a network malware incident, identified affected systems, and drafted a technical mitigation response | Incident Triage · Network Security · Malware Analysis | — | 🔗 View Full Report |
| Cybersecurity Job Simulation | Datacom | Investigated APT34 (OILRIG) breach using OSINT and MITRE ATT&CK; delivered a risk assessment with inherent, current, and target risk ratings | MITRE ATT&CK · OSINT · NIST · Risk Matrix | 🔗 Repo | 🔗 View Full Report |
| Certification | Issuer | Credential |
|---|---|---|
| CompTIA Security+ | CompTIA | 🔗 Verify |
| Google Cybersecurity Professional Certificate | 🔗 Verify | |
| SC-200: Microsoft Security Operations Analyst | Microsoft (via Udemy) | 🔗 Verify |
