Former Navy Hospital Corpsman to cybersecurity with real-world combat experience. I bring military discipline, high-pressure decision-making skills, and a systematic approach to threat detection and incident response.

Purple Team & SOC Focus — building both offensive and defensive capabilities
Operating a 22+ VM home lab for attack simulation and detection engineering
Pursuing PSAA → PSAP → Security+ → CCDL1 → PAPA → PJPT → PNPT certification path
TryHackMe Top 1% - 270+ rooms completed (Inactive) Actively seeking SOC Analyst & Purple Team roles

Red Team

• Penetration Testing & Security Research
• Red team operations & exploitation
• Active Directory & Windows exploitation
• Network security & privilege escalation

Blue Team

• Threat detection & incident response
• SIEM analysis & log correlation
• Threat hunting & malware analysis
• Security monitoring & alerting

All detection engineering and IR tools below are part of Nebula Forge — an open-source SOC platform of 19 tools covering the full workflow: Detect → Normalize → Hunt → Drift → Cluster → Simulate → Investigate → Respond → Report.

Nebula Forge includes two automated pipelines:

• drift-scan — scheduled Sigma rule drift analysis across your detection library
• purple-loop — end-to-end purple team cycle: discover (VulnForge) → simulate (AtomicLoop) → detect (Wazuh/Splunk) → validate (DriftWatch) → hunt (HuntForge) | Pipeline validated end-to-end April 2026

YaraForge - YARA Rule Generator & Testing Platform
Build, manage, test, and visualize YARA detection rules with MITRE ATT&CK mapping and a detection dashboard.
Python Flask YARA MITRE ATT&CK Detection Engineering

SnortForge - SnortForge - Snort IDS/IPS Rule Generator — Flask web app with multi-content chaining, Snort 2/3 syntax toggle, rule performance scoring, 12 detection templates, inline help tooltips, PCRE flag checkboxes, HTTP URI/Header matching, rule validation, and .rules file import/export. Dark-themed UI with real-time live preview. v1.2.0. Python Flask Snort IDS/IPS Network Security

SigmaForge — Vendor-Agnostic Sigma Rule Generator Custom conversion engine (no pySigma dependency) generating Sigma rules to 6 SIEM backends: Splunk SPL, Elastic KQL, EQL, Sentinel KQL, Wazuh XML, and QRadar AQL — plus Detection-as-Code JSON. MITRE ATT&CK mapping, 12 pre-built templates, rule library, and standalone CLI. Python Flask Sigma SIEM Detection Engineering CLI

LogNorm - Log Source Normalizer (port 5006)
Normalizes log sources from disparate inputs into a consistent ECS-lite schema for downstream detection and analysis pipelines.
Python Flask Log Normalization ECS SIEM

HuntForge - MITRE ATT&CK Hunt Playbook Generator (port 5007)
Generates structured threat hunting playbooks mapped to MITRE ATT&CK techniques, providing analyst-ready queries and investigation checklists.
Python Flask MITRE ATT&CK Threat Hunting Detection Engineering

DriftWatch - Sigma Rule Drift Analyzer (port 5008)
Analyzes Sigma rule libraries for drift — identifying stale, misconfigured, or coverage-gapped rules over time. Feeds the drift-scan pipeline.
Python Flask Sigma Detection Engineering Rule Management

ClusterIQ - Contextual Alert Clustering Engine (port 5009)
Groups and contextualizes alerts using behavioral clustering to reduce noise and surface high-fidelity incident signals for SOC triage.
Python Flask Alert Clustering SOC Incident Response

AtomicLoop — Atomic Red Team Test Runner (port 5011) Executes Atomic Red Team tests in controlled loops for purple team validation, feeding results into the purple-loop pipeline for detection coverage measurement. Dedicated purple loop target: Win10x2 (Wazuh agent 005, AtomicLoop-Test). Python Flask Atomic Red Team Purple Team MITRE ATT&CK

VulnForge - Vulnerability & Exploit Intelligence Tool (port 5012)
Aggregates exploit intelligence from ExploitDB, NVD, and Metasploit, maps findings to MITRE ATT&CK techniques, and feeds results into the purple team pipeline — generating hunt playbooks, LogNorm-ready exports, and AtomicLoop simulation triggers from a single search.
Python Flask MITRE ATT&CK Vulnerability Intelligence Purple Team

WifiForge - Wireless Network Security Analyzer (port 5013)
Passively scans wireless networks, assesses security posture, detects deauth attacks and rogue configurations, maps findings to MITRE ATT&CK techniques, and exports results to the Nebula Forge LogNorm pipeline.
Python Flask Scapy Wireless Security MITRE ATT&CK

EndpointForge - Cross-Platform Endpoint Security Monitor
Host-based intrusion detection and endpoint triage across 5 modules: process execution, file integrity (SHA-256 FIM), network connections, registry persistence (Windows), and autoruns — all MITRE ATT&CK mapped. Includes Wazuh export integration: POST /api/wazuh/export writes NDJSON picked up by the Wazuh agent using bundled decoder and rules (IDs 100200–100265) with ATT&CK technique tags — no manual log shipping. Markdown/JSON report generation for IR workflows.
Python Flask MITRE ATT&CK HIDS Endpoint Security Wazuh

EndpointTriage - Windows Endpoint Forensic Artifact Collector
Automated PowerShell-based IR triage script that collects volatile and non-volatile forensic artifacts — running processes with hashes, network connections, registry persistence checks, scheduled tasks, event log extraction (Security, Sysmon, PowerShell, Defender), named pipe enumeration, and suspicious indicator flagging. Outputs a structured triage package with HTML summary report.
PowerShell Incident Response Forensics DFIR Endpoint Security

log-analyzer - Security Log Analyzer
Python-based log analysis tool designed for SOC analysts with pattern matching and anomaly detection.
Python Flask SIEM Log Analysis SOC

phishing-analyzer - Phishing Email Analyzer
Email header and content analysis tool for identifying phishing campaigns and malicious indicators.
Python Email Security Phishing Detection Blue Team

security-awareness-training - Security Awareness Platform
Enterprise-style platform with phishing simulations, training modules, and progress tracking.
Python Flask Security Training Phishing Simulation

Threat-intel-dashboard - Threat Intelligence Dashboard
Real-time threat intelligence platform with IOC tracking, feed aggregation, and visual analytics for SOC operations.
HTML JavaScript Threat Intelligence OSINT SOC

SIREN - Security Incident Response Engine & Notation
Professional incident report generator following NIST 800-61 framework with severity scoring, IOC tracking, timeline management, and Markdown/JSON export.
Python Flask NIST 800-61 Incident Response SOC

Hidden-Rogue-AP-Detector - Rogue Access Point Detector Python-based wireless security tool for detecting unauthorized access points using RSSI signal strength analysis, whitelist management, and active/passive scanning modes. Python Scapy Wireless Security Network Monitoring Rogue AP Detection

Wi-Fi-Probe-Request-Sniffer - Wi-Fi Probe Request Analyzer Captures and analyzes wireless probe requests from nearby devices with SSID extraction, MAC vendor identification, and CSV/JSON export for network visibility and device enumeration. Python Scapy 802.11 Network Security Device Enumeration

SMB-RDP-Exploitation-Scanner — SMB & RDP Vulnerability Scanner Python-based exploitation scanner for authorized penetration testing. Detects and validates SMB vulnerabilities (EternalBlue MS17-010, SMBGhost CVE-2020-0796, null session enumeration) and RDP vulnerabilities (BlueKeep CVE-2019-0708) with credential brute forcing, multi-format reporting (JSON/CSV/TXT), and threaded subnet scanning. Designed for Kali Linux. Python Penetration Testing SMB RDP Network Security Vulnerability Assessment

Network-Security-Toolkit — PathFinder & PathGuard Unified red/blue team network security toolkit built on a shared core library (NetworkMapper). PathFinder maps attack paths, lateral movement routes, and exfiltration channels with Shodan integration and MITRE ATT&CK coverage. PathGuard provides defensive choke point analysis, CIS/NIST-mapped hardening recommendations, baseline change detection, and a prioritized remediation roadmap. Python Red Team Blue Team Network Security MITRE ATT&CK Shodan PathFinder PathGuard

• PSAA exam April 23, 2026 — PSAP scheduled Q3 2026
• Nebula Forge Detection Suite v2 — 7 tools live (LogNorm, HuntForge, DriftWatch, ClusterIQ, AtomicLoop, VulnForge, WifiForge)
• Purple team automation pipelines: drift-scan and purple-loop
• Expanding Wazuh SIEM detections and Splunk correlation rules

In Progress:

• 🔹 PSAA (Practical Junior Security Awareness Analyst) - 2026*
• 🔹 PSAP (Practical SOC Analyst Professional) - Scheduled Q4 2026

Certification Roadmap:

PSAA → PSAP → Sec+ → CCDL1 → PAPA → PJPT + PNPT

22+ VM Purple Team Lab:

• Active Directory lab (attack & defense)
• Snort IDS/IPS network monitoring
• Web vulnerability testing environment
• Malware analysis sandbox
• WiFi penetration testing lab
• Flipper Zero / Pwnagotchi
• Wazuh SIEM with Sysmon integration & MITRE ATT&CK-mapped detections (5 agents across Windows/Linux/Kali)
• Splunk Free on Ubuntu for detection and hunt workflows

Offensive:

Defensive:

Hardware:

Breaking to Build. Defending to Endure.