PROJECT
October 2025
Network-Wide DNS Security — Pi-hole
Deployed a Pi-hole DNS sinkhole on Raspberry Pi Zero 2 W to block ads, trackers, and malicious domains across the entire home network. Documents the full installation, static IP config, router DHCP changes, and security hardening steps.
Pi-hole
DNS
Raspberry Pi
Linux
Networking
Read More →
PROJECT
November 2025
Home Mini-SOC — Suricata + Splunk
Full home Security Operations Center built on Raspberry Pi. Suricata IDS running 30,000+ ET Open rules feeding logs via rsyslog to Splunk Enterprise SIEM. Includes architecture diagram, dashboards, and threat detection capabilities.
Suricata
Splunk
IDS
SIEM
Raspberry Pi
rsyslog
Read More →
PROJECT
2025
CyberOps Sidekick — Threat Intelligence Bot
Automated threat intel bot built with n8n and Docker. Queries AbuseIPDB, VirusTotal, and AlienVault OTX in parallel, calculates a weighted risk score (0–100), and delivers formatted reports to Telegram in real-time.
n8n
Docker
AbuseIPDB
VirusTotal
OTX
Telegram API
Read More →
PROJECT
2025
Cybersecurity Audit Tool — Python Port Scanner
Evolved from a basic port scanner into a full security platform. v1: threaded TCP scanner. v2: CVE intelligence via NVD API with CVSS scoring and 95% cache hit rate. v2.1: AI-assisted analysis with OpenClaw orchestration.
Python
Threading
NVD API
CVE Intelligence
AI
Linux
Read More →
PROJECT
2025
CyberOps AI Assistant — Gemini-Powered Analysis
AI security automation tool combining OSINT, log correlation, and Google Gemini AI for expert-level threat assessment. Reduces investigation time from 15+ minutes to under 60 seconds. Three modes: Quick (30s), Deep (60s), Full (90s).
Python
Google Gemini AI
OSINT
Log Analysis
n8n
Read More →
INCIDENT REPORT
December 2024
Detecting Suspicious PowerShell Activity — SOC Investigation
Full incident response walkthrough from my home Mini-SOC. Wazuh detected encoded PowerShell execution attempting payload download and scheduled task persistence. Documented triage, Base64 decode, log correlation, threat intel enrichment, MITRE ATT&CK mapping, and containment.
PowerShell
MITRE ATT&CK
Wazuh
Splunk
Incident Response
IOC
Read More →
CERTIFICATION
2025
CompTIA CySA+ & Security+ — Study Guide & Notes
Deep-dive into both exams including the Incident Response Lifecycle, IOC types (network/host/application), HTTP status codes, Nmap scan types, firewall evasion, CVSS scoring, syslog levels, and exam strategy. 6–8 hours/day for 3 weeks.
CySA+
Security+
CompTIA
Incident Response
Threat Detection
Read More →
CERTIFICATION
2024
Microsoft Azure AZ-900 & SC-900 Journey
Five-week study path for both Azure exams. AZ-900 covered cloud fundamentals, Azure architecture and governance. SC-900 focused on Zero Trust, identity management, Microsoft Defender suite, and Sentinel SIEM. Passed both on first attempt.
AZ-900
SC-900
Azure
Microsoft
Cloud Security
Zero Trust
Read More →
LAB NOTES
In Progress
CompTIA Linux+ — Journey In Progress 🔒
Currently deep in study for Linux+ certification — system administration, security hardening, shell scripting, automation, and exam prep. Full writeup coming once complete. Active since January 2026.
Linux+
CompTIA
System Administration
Bash
Exam Prep
IN PROGRESS