π΅Blue Team
Security Analyst Level 1 (SAL1) β TryHackMe
Demonstrated hands-on skills in security operations, including threat detection, incident response, and security analysis using real-world tools and scenarios.
Skills covered:
Security Operations & SIEM: Monitored and investigated security alerts using Splunk and ELK for incident handling, demonstrating proficiency in SIEM and alert triage within a simulated SOC environment.
Network & Traffic Analysis: Conducted network security monitoring and traffic analysis using Wireshark, Snort, and Zeek to detect anomalies and identify malicious activity within PCAP files.
Endpoint & Digital Forensics: Performed endpoint security monitoring and digital forensics, utilizing tools such as Sysmon, Osquery, Autopsy and Volatility to analyze artifacts and investigate host-based threats.
Blue Team Level 1 (BTL1) β Security Blue Team
Validated practical defensive security skills across threat detection, incident response, and digital forensics using enterprise-grade tools and simulated attacks aligned with the MITRE ATT&CK framework.
Skills covered:
Threat Hunting & Detection Engineering: Investigated attacker behaviors and persistence mechanisms using SIEM platforms, log correlation, and endpoint telemetry to identify privilege escalation and lateral movement.
Incident Response & Digital Forensics: Applied end-to-end IR workflows, from alert triage to forensic evidence collection and analysis, leveraging tools such as Velociraptor, KAPE, and Volatility.
Network & Log Analysis: Detected malicious network activity through packet and log analysis, using Splunk and Wireshark to identify indicators of compromise and reconstruct attack timelines.
Defensive Engineering & Hardening: Developed Sigma detection rules, automated response playbooks, and mitigation recommendations to enhance security posture and reduce dwell time.
Practical Security Analyst Associate (PSAA) β TCM Security
Demonstrated applied Blue Team and SOC analysis skills through practical challenges in threat detection, log analysis, and incident response. Emphasized real-world defensive workflows mapped to MITRE ATT&CK.
Skills covered:
SIEM Operations & Log Analysis: Investigated security alerts and correlated telemetry data using Splunk and other SIEM tools to detect and triage malicious activity.
Incident Response & Threat Hunting: Executed structured IR methodologies, from evidence collection to root-cause analysis, while hunting for indicators across Windows and network logs.
Detection Engineering: Created custom detection rules and signatures based on adversary behaviors to improve alert fidelity and SOC visibility.
Blue Team Fundamentals: Strengthened understanding of attacker TTPs to inform better defensive playbooks and continuous SOC improvement.
Microsoft Certified: Security Operations Analyst Associate (SC-200)
Validated advanced expertise in detecting, investigating, and responding to threats across Microsoftβs security ecosystem. Focused on leveraging automation, analytics, and threat intelligence to improve SOC operations and incident response.
Skills covered:
Threat Detection & Investigation: Utilized Microsoft Sentinel, Defender for Endpoint, and 365 Defender to investigate alerts, correlate telemetry, and perform root-cause analysis.
KQL & Automation: Developed advanced Kusto Query Language (KQL) searches, workbooks, and playbooks to optimize detection and automate response workflows.
Threat Intelligence Integration: Enriched detections and investigations with Microsoft Threat Intelligence and MITRE ATT&CK mappings for contextualized analysis.
Incident Response & SOC Optimization: Applied structured IR processes to contain and remediate threats, improving SOC efficiency and security posture across cloud and hybrid environments.
CompTIA Security+ (SY0-701)
Validated comprehensive, vendor-neutral cybersecurity knowledge and skills required to secure hybrid environments against evolving threats. Emphasized real-world application of foundational concepts across network, cloud, and operational security.
Skills covered:
Threat Management & Response: Identified and mitigated common attack vectors including ransomware, phishing, and insider threats through proactive security controls and incident response practices.
Risk Management & Compliance: Applied frameworks such as NIST RMF and ISO 27001 to manage risk, ensure compliance, and establish a defense-in-depth strategy.
Identity, Access & Cloud Security: Configured and managed secure authentication mechanisms, IAM policies, and Zero Trust architectures to protect hybrid infrastructures.
Security Architecture & Operations: Designed resilient network and endpoint protections leveraging encryption, segmentation, and automation for continuous improvement.
Last updated