// projects
Work & Projects
Security operations tooling, detection engineering, and compliance projects. Framework control references shown where applicable.
SOC Analyst Lab
Self-directed home lab built on Debian 13 / KVM with Elasticsearch and Kibana deployed natively and a Windows 11 Enterprise VM shipping event logs via Winlogbeat across an isolated virtual network. Five structured investigations covering brute force and account enumeration (EID 4625), LotL reconnaissance via native binaries (EID 4688), phishing campaign analysis with IOC extraction, automated VirusTotal enrichment via Python, and three custom Kibana detection rules formally mapped to MITRE ATT&CK with a full 14-tactic coverage gap analysis. Next phase: public-facing VPS ingesting real attacker telemetry.
Automated Backup & Evidence Pipeline
Incremental encrypted backup system built in Bash, rsync hard-link snapshots, GPG encryption at rest, SHA-256 manifest generation and verification on every run, and systemd timer scheduling for unattended operation. Built with forensic evidence preservation in mind, chain of custody and integrity verification are first-class requirements, not afterthoughts.
Civic Nexus
Independent political insight and research platform built from scratch with security engineering decisions made at the design stage. Privacy-by-design architecture, hardened FastAPI backend, Cloudflare edge security, and a data minimisation model applied throughout. A live production system where the security decisions are visible in the codebase.