August 2025 - Present
Built a virtual security lab using Windows Server as a domain controller, with multiple endpoints joined to the domain to simulate an enterprise network environment.
Configured Splunk and Elastic Stack to ingest and analyze Windows event logs, creating dashboards to visualize authentication activity and detect suspicious behavior.
Deployed Snort IDS/IPS to monitor network traffic and generate alerts for simulated attacks such as port scans and brute-force login attempts.
Performed vulnerability scanning using Nessus/OpenVAS to identify security weaknesses and prioritize remediation within the lab environment.
Automated security monitoring tasks using PowerShell scripts for log collection, endpoint checks, and basic reporting.
Developed hands-on experience with SIEM fundamentals, log analysis, detection workflows, and security alert triage.