#!/usr/bin/env python3
# ruthran_profile.py
class SOCAnalyst:
def __init__(self):
self.name = "Ruthran"
self.alias = "RUTHRAN-SEC"
self.location = "India ๐ฎ๐ณ"
self.role = "Aspiring SOC Analyst | Blue Teamer"
self.degree = "B.Voc Data Science @ The American College (2024โ2027)"
self.email = "ruthran.sec@gmail.com"
self.stack = [
"Splunk (SPL ยท Dashboards ยท Alerts)",
"Elastic Stack", "Wireshark", "Sysmon",
"Microsoft Defender", "CrowdStrike (Concept)",
"Cisco ASA Firewall", "Cisco Packet Tracer",
"VirusTotal ยท AbuseIPDB ยท Any.Run",
"MITRE ATT&CK ยท Cyber Kill Chain",
]
self.currently_learning = [
"๐ด Malware Reverse Engineering โ Static & Dynamic Analysis",
"โ๏ธ Cloud Security โ AWS ยท Azure Sentinel",
"๐ Python Scripting โ Log Parsing ยท SOAR Automation",
"๐ Sigma Rules โ Custom Detection Engineering",
]
self.fun_fact = "I map every suspicious event to MITRE ATT&CK before breakfast โ"
def motto(self) -> str:
return "Detect. Investigate. Respond. Repeat."
me = SOCAnalyst()
print(me.motto())๐ฅ๏ธ SIEM & Log Analysis
๐ Network Security & Analysis
๐ Threat Intelligence & OSINT
๐ฑ๏ธ EDR / Endpoint
๐ง Tools & Frameworks
๐ก๏ธ SOC Analyst Self-Study Roadmap ย |ย Phases 1โ10 ย |ย 2024 โ 2026 ย |ย Remote
NetworkingWindows OSSysmonLinuxSplunk SIEMLog AnalysisSOC InvestigationsThreat DetectionMITRE ATT&CKEDR/XDR
- Completed a structured 10-phase SOC Analyst roadmap covering all core blue team disciplines from network fundamentals through advanced EDR/XDR operations.
- Mastered Splunk SPL query writing โ built dashboards, alerts, and reports for real-world investigation scenarios including brute force, phishing, and malware triage.
- Developed deep expertise in Windows Event Log analysis (EIDs 4624/4625/4688/4720) and Sysmon correlation (EIDs 1/3/7/8/10/11/13/22) for endpoint threat hunting.
- Mapped every investigation finding to MITRE ATT&CK techniques, applying Cyber Kill Chain and Diamond Model frameworks for structured adversary behavior analysis.
๐ Google Cybersecurity Professional Certificate ย |ย Google / Coursera ย |ย 2024
Security FundamentalsNetwork SecurityLinuxPythonSIEMIncident ResponseSQL
- Completed all 8 courses covering threat analysis, vulnerability assessment, network hardening, and incident response lifecycle.
- Applied hands-on labs in Python scripting for security automation and SQL for log querying.
- Studied NIST CSF, security frameworks, and risk management principles applicable to real SOC environments.
- Earned certification validating foundational cybersecurity skills aligned with industry SOC Tier 1 role requirements.
๐ Cisco Endpoint Security Certification ย |ย Cisco Networking Academy ย |ย 2024
Endpoint SecurityCisco TechnologiesMalware DefenseNetwork Access ControlAAA
- Studied endpoint protection strategies including antivirus/EDR deployment, host-based intrusion detection, and device compliance.
- Covered AAA (Authentication, Authorization, Accounting) and network access control architectures used in enterprise environments.
- Gained knowledge of Cisco security product ecosystem relevant to real-world SOC toolsets and vendor environments.
| Project | Stack | Highlights |
|---|---|---|
| ๐ต SOC Hands-On Investigations & DFIR Portfolio | Splunk Elastic Wireshark Any.Run VirusTotal MITRE ATT&CK |
176+ commits of real-world SOC investigations ยท Covers phishing, malware, brute force, crypto hijacking, NTA & CVE analysis ยท Full IOC extraction, enrichment & incident documentation |
| ๐๏ธ Enterprise Network Architecture 2026 | Cisco Packet Tracer ASA Firewall VLANs ACLs SIEM Syslog TACACS+ |
10 VLANs (HR/Finance/IT/SOC/DMZ) with Zero Trust inter-VLAN ACL policies ยท ASA firewall with 3 security zones, static NAT, PAT, extended ACLs ยท Full Layer 2 attack mitigations: DHCP Snooping, DAI, Port Security, BPDU Guard |
| ๐ | Achievement | Details |
|---|---|---|
| ๐ | Google Cybersecurity Professional Certificate | All 8 courses โ Security, Linux, Python, SIEM, IR |
| ๐ | Cisco Endpoint Security | Cisco Networking Academy certified |
| ๐ | SOC Portfolio โ 176+ Commits | Comprehensive DFIR & SOC investigation portfolio on GitHub |
| ๐บ๏ธ | MITRE ATT&CK Practitioner | All investigations mapped to ATT&CK techniques |
| ๐ก๏ธ | SOC Roadmap โ Phases 1โ10 Complete | Self-study covering full blue team operations lifecycle |
| ๐๏ธ | Enterprise Network Architect | Designed banking/healthcare-grade network simulation from scratch |
| ๐ | Multi-Platform SIEM Proficiency | Splunk SPL + Elastic Stack investigations |
| ๐ต๏ธ | Threat Intelligence Analyst | VirusTotal ยท AbuseIPDB ยท AlienVault OTX ยท urlscan.io ยท Any.Run |
| ๐ | Python Scripting for Security | JSON ยท CSV ยท Regex ยท Requests ยท Log Parsing |
| ๐ | Incident Documentation Specialist | Structured IR reports with IOC extraction & remediation notes |
| Degree | Institution | Year | Status |
|---|---|---|---|
| B.Voc Data Science | The American College | 2024 โ 2027 | ๐ข In Progress |
๐ด Malware Reverse Engineering โ PE Analysis ยท Static Strings ยท Dynamic Sandboxing
โ๏ธ Cloud Security โ AWS Security Hub ยท Microsoft Azure Sentinel ยท CloudTrail
๐ Python for Security โ SOAR Automation ยท Log Parsing ยท API Integration
๐ Detection Engineering โ Custom Sigma Rules ยท Alert Tuning ยท False Positive Reduction
๐ง Threat Hunting โ Hypothesis-Driven Hunting ยท Living-Off-The-Land TTPs
๐ต๏ธ DFIR Deep Dive โ Memory Forensics (Volatility) ยท Disk Forensics (Autopsy)
"In a world of noise, the SOC analyst finds the signal."
Detect. Investigate. Respond. Repeat. ๐ก๏ธ