About

About

Professional Summary

Entry-level SOC Analyst with hands-on experience in SIEM log correlation, alert triage, and network traffic analysis. Investigated ransomware and C2 activity in lab and simulation workflows using Splunk, Zeek, Wireshark, and Volatility. Comfortable working a ticket-driven alert lifecycle: acknowledge, investigate, document findings, escalate with context and severity, and close with resolution criteria.

Applied Cybersecurity Certificate (ACS) - In Progress

SANS Technology Institute

GIAC Certifications

  • GCIH (92%)
  • GSEC
  • GFACT

Google Cybersecurity Professional Certificate

Google / Coursera

Bachelor of Management (Honours), Minor in Psychology

University of British Columbia (UBC)

Technical Skills

  • Security Operations: Alert triage, event investigation, SIEM log search and correlation (Splunk SPL fundamentals), severity triage, escalation and closure criteria, ticket-based case documentation, Windows Event Log analysis, MITRE ATT&CK mapping, incident documentation procedures
  • Network and Forensics: Network traffic analysis (PCAP, Zeek, RITA), memory analysis (Volatility 3), forensic timeline reconstruction (Hayabusa, Sigma)
  • Tools and Platforms: Splunk, Zeek, RITA, Wireshark, Volatility 3, Hayabusa (Sigma), AWS CLI
  • Systems and Scripting Familiarity: Windows Server (Active Directory), Linux (REMnux, Kali), AWS, GCP, Python (basic scripting, code review), PowerShell (basic scripting), SQL (basic queries)
  • AI and Documentation Tools: Claude, Gemini, Codex

Projects

Check out my Security Operations posts and all categories for full writeups.

Enterprise Incident Response and Threat Hunting Simulation

  • Investigated simulated ransomware activity through live triage and memory analysis with Volatility 3.
  • Reconstructed execution chain (ONENOTE.EXE -> cmd.exe -> powershell.exe) to identify wiper behavior and scope compromise.
  • Detected low-and-slow C2 beaconing using RITA and Zeek timing analysis.
  • Expanded incident scope from one infected host to four through beacon correlation.
  • Produced structured incident reports with timeline, impacted assets, indicators of compromise, and recommended containment actions.

National Cyber League (Spring 2025)

  • Ranked 521st out of 8,569 individually (Top 6%).
  • Ranked 63rd out of 4,798 teams (Top 1.3%).
  • Focused on network analysis and forensic challenge workflows under time constraints.

Independent Lab Development and CTF Scenarios

  • Conducted Linux forensic investigations to identify malicious artifacts.
  • Analyzed privilege escalation paths and mapped attacker behavior to MITRE ATT&CK techniques.