gabrielreissantos – Gabriel's mind

About Me

I come from a business operations background and am building my career in cybersecurity through hands-on practice, structured learning, and real-world simulations. My focus is on understanding how security teams detect, investigate, and respond to threats, and how technical decisions translate into operational and business impact.

I work mainly with detection, incident response workflows, log analysis, and security automation in lab and volunteer SOC environments. I am particularly interested in how offensive techniques inform better defensive detection and response, and I approach this from a practical, learning-driven perspective rather than a theoretical one.

This page highlights the tools, projects, and skills I am actively developing as I grow into a well-rounded cybersecurity professional.

Core Focus Areas

Security Operations & Incident Response
Threat detection, alert triage, investigation workflows, and structured incident reporting.

Threat Analysis & Enrichment
IOC enrichment using OSINT and threat intelligence sources, behaviour-based analysis, and detection gap awareness.

Security Automation
Basic automation and scripting to support investigations, enrichment, and SOC workflows.

Foundational Security Knowledge
Networking, endpoint behaviour, cloud fundamentals, and attacker techniques from a defensive viewpoint.

Tools & Technologies

Detection & Monitoring
Wazuh (lab) · Splunk (lab) · Elastic · Wireshark · SIEM concepts

Investigation & Response
TheHive · Shuffle · Log analysis · Incident documentation

Security & Assessment Tools
Nmap · Burp Suite · Metasploit · Nessus · OSINT frameworks

Scripting & Environments
Python · Bash · Linux · Windows · Basic AWS & Azure exposure

Highlighted Projects

Cloud SOC & Incident Response Pipeline (AWS)

Built a lab-based SOC and incident response environment on AWS to better understand how modern security teams detect, investigate, and respond to threats. Integrated Wazuh for host and log-based detection, DFIR-IRIS for incident management and investigation tracking, and Shuffle for basic SOAR automation.

Used simulated phishing and ransomware scenarios to practice alert ingestion, enrichment, incident creation, investigation workflows, and response actions such as notifications and conditional blocking. The focus of this project is learning how detection, investigation, and documentation work together in real-world SOC operations.

Malware & Ransomware Analysis (Defensive Research)

Conduct defensive analysis of malware and ransomware samples in isolated lab environments to understand execution flow, behaviour, persistence techniques, and encryption logic. Focus on identifying indicators of compromise (IOCs), detection opportunities, and investigation techniques rather than exploit development.

Insights from this research are used to improve detection logic, response playbooks, and security awareness, and to better understand how attacker behaviour appears in logs and telemetry from a defender’s perspective.

SecOpsCode – Security Operations as Code (GitHub)

Developed a learning-focused platform to explore how detection rules can be created, tested, versioned, and deployed across multiple SIEM platforms from a single place. The project focuses on detection engineering concepts such as log normalisation, rule consistency, audit logging, and controlled deployment workflows.

This project helps me understand how scalable and governed detection practices support SOC efficiency, investigation readiness, and long-term maintainability of security operations.

Goal

To contribute as a cybersecurity professional in a SOC, incident response, or security consulting environment, where I can continue learning, support investigations, and help improve detection and response capabilities over time.

“Security isn’t a product, it’s a process.” — Bruce Schneier

If you’d like to connect — whether to discuss projects, learning paths, or collaboration ideas — feel free to reach out.