Blue Team | Detection Engineering | Incident Response
Core stack:
I'm William, a detection engineer and SOC analyst (early-career) focused on defensive security, detection engineering, and incident response. This repository documents structured, hands-on work across the Blue Team skill stack: alert triage, log analysis, SIEM investigations, detection authoring, and threat hunting.
Every project here is built to mirror the workflows of a working SOC, not tutorial replays. The goal is demonstrable competence: detections I've written, incidents I've walked through end-to-end, and tooling I can speak to in an interview.
Certifications: ISC2 Certified in Cybersecurity (CC) | CompTIA Security+ (in progress)
The detection, triage, and incident response work most representative of day-to-day SOC and detection engineering operations.
| Project | Focus | Technique | Status |
|---|---|---|---|
| SSH Brute Force Detection (Splunk) | SIEM detection, log analysis | T1110 | ✅ |
| Microsoft Sentinel SOC Lab (KQL) | Cloud SIEM, KQL analytics rules, hunting | T1110, T1078 | ✅ |
| Sigma Detection Lab | Detection-as-code, Sigma rule authoring | Multi-technique | ✅ |
| Phishing Email Analysis | Email triage, IOC extraction | T1566 | ✅ |
| Splunk SIEM Alerts & Dashboard | Alert engineering, dashboards | T1078 | ✅ |
| Incident Response Playbook | IR workflow, containment | — | ✅ |
| Network Traffic Analysis (Wireshark) | Packet inspection, anomaly detection | — | ✅ |
| MITRE ATT&CK Detection Coverage | Detection mapping, coverage analysis | — | ✅ |
| Project | Focus | Status |
|---|---|---|
| Network Port Scan Detection (Wireshark) | Recon detection | ✅ |
| Windows Event Log Analysis | Endpoint log triage | ✅ |
| Linux Log Analysis & File Integrity | Host integrity monitoring | ✅ |
| Active Directory Password Spray Detection | Identity attack detection | ✅ |
| Malware Analysis & Threat Hunting | Threat hunting | ✅ |
| Vulnerability Scanning & Remediation | Vuln management | ✅ |
| Firewall Rules & Network Segmentation | Network defense | ✅ |
| PowerShell SOC Toolkit | Automation/scripting | ✅ |
| Threat Intelligence & OSINT | Threat intel | ✅ |
| SOC Shift Simulation Capstone | End-to-end shift sim | ✅ |
| Regex Log Parsing Toolkit | Log parsing, SPL | ✅ |
| Wazuh EDR Lab | EDR/endpoint detection | ✅ |
| Digital Forensics Investigation | DFIR | ✅ |
| SOC Metrics Dashboard | SOC reporting | ✅ |
| Advanced Splunk Intelligence Platform | Advanced SIEM | ✅ |
Build a real-world detection engineering and SOC portfolio through hands-on detection, investigation, and documentation, and land an entry-level Blue Team role.
Open to networking and collaboration in cybersecurity and Blue Team learning.
