βββ(alejandroγΏsec-ops)-[~]
ββ$ whoami --verbose
> Name : Alejandro Zavala Zenteno
> Role : Jr. Cybersecurity Professional & (soon to be) Computational Systems Engineer
> Cert : ISC2 Certified in Cybersecurity (CC) Β· 2026β2029
> Base : Morelia, MichoacΓ‘n Β· Mexico [UTC-6]
> Focus : SOC Operations | Detection Engineering | SIEM/XDR | Incident Response
> Status : [ Seeking remote security roles Β· Open to opportunities ]
βββ(alejandroγΏsec-ops)-[~]
ββ$ cat featured_project.md
|
Enterprise-grade Wazuh SIEM/XDR + TheHive IRP deployment β 9 phases covering the full SOC pipeline from stack deployment to automated incident response. Highlights:
|
βββ(alejandroγΏsec-ops)-[~]
ββ$ cat currently_running.log
[*] Wazuh SIEM Home Lab ........................ COMPLETE (9/9 phases)
ββ Custom XML rules deployed ............... 5 rules (100001β100005)
ββ Detection strategy ...................... Behavioral TTPs (Pyramid of Pain)
ββ ATT&CK techniques covered ............... T1110 Β· T1078 Β· T1548 Β· T1565 Β· T1087 Β· T1082 Β· T1095
ββ Active response mechanisms .............. firewall-drop (IP ban) + custom alert script
ββ IRP integration ......................... TheHive v5 β Wazuh (custom Python API bridge)
ββ Triage runbooks published ............... 5 (one per custom rule)
ββ Agents reporting ........................ Windows + Linux
ββ SOC dashboard ........................... Custom OpenSearch KPI panel (5 visualizations)
[*] Next objectives ............................ QUEUED
ββ [ ] ???
βββ(alejandroγΏsec-ops)-[~]
ββ$ cat skill_matrix.txt
[ Security Operations ]
SIEM/XDR βββββββββββ Wazuh Β· OpenSearch Β· Custom dashboards Β· Active response
Detection Eng βββββββββββ XML rules Β· Behavioral TTPs Β· Telemetry analysis Β· Rule tuning
Threat Hunt βββββββββββ FIM Β· Auth correlation Β· Discovery Β· C2 detection
Incident Resp βββββββββββ TheHive v5 Β· Triage runbooks Β· Containment SOPs Β· Kill chain analysis
Frameworks βββββββββββ MITRE ATT&CK Β· NIST CSF Β· ISO/IEC 27001 (via ISC2 CC)
[ Infrastructure ]
Linux βββββββββββ Ubuntu hardening Β· Debian Β· Bash scripting Β· syslog pipelines
Containers βββββββββββ Docker Β· Docker Compose Β· WSL2 Β· IaC credential management
Windows βββββββββββ PowerShell Β· WazuhSvc Β· AD basics
[ Networking ]
Protocols βββββββββββ TCP/IP Β· DNS Β· SSH Β· VPN (Sophos)
Hardware βββββββββββ Cisco Β· Ruckus Β· Switches Β· Routers
Analysis βββββββββββ Wireshark Β· Nmap Β· Firewall config Β· iptables
[ Offensive (lab only) ]
Tools βββββββββββ Hydra Β· Nmap Β· Nikto Β· Metasploit Β· Kali Β· Reverse shells
βββ(alejandroγΏsec-ops)-[~]
ββ$ ls -la projects/
drwxr-xr-x wazuh-soc-homelab/
β
βββ Phase 1 Β· Stack deployment & credential hardening [β DONE]
βββ Phase 2 Β· Windows agent & lifecycle management [β DONE]
βββ Phase 3 Β· Linux agent & SSH brute-force simulation [β DONE]
β ββ 1,815 auth failures Β· Level 10 alert triggered
βββ Phase 4 Β· File Integrity Monitoring (FIM) [β DONE]
β ββ /etc/passwd tampering Β· Rules 554 & 550
βββ Phase 5 Β· Custom detection engineering & rule tuning [β DONE]
β ββ Rules 100001β100005 Β· Pyramid of Pain shift
β ββ bash_audit pipeline Β· Behavioral TTP detection
βββ Phase 6 Β· MITRE ATT&CK mapping & standardization [β DONE]
β ββ 7 techniques mapped Β· 5 triage runbooks
βββ Phase 7 Β· Custom SOC dashboard engineering [β DONE]
β ββ 5 KPI visualizations Β· OpenSearch bypass
βββ Phase 8 Β· Active response & automated containment [β DONE]
β ββ firewall-drop IP ban Β· <2s detection-to-block
β ββ 3 WSL2 architectural discoveries resolved
βββ Phase 9 Β· TheHive IRP integration & API automation [β DONE]
ββ Custom Python API bridge Β· RBAC config
ββ I/O race condition resolved Β· 100% alert delivery
βββ(alejandroγΏsec-ops)-[~]
ββ$ cat /etc/motd
"The goal is not to be better than everyone else,
but to be better than you were yesterday."
Building in public Β· Documenting every step Β· Failing forward.
[ Stack ]
[ Connect ]
