#!/usr/bin/env python3
# ruthran_profile.py
class SOCAnalyst:
def __init__(self):
self.name = "Ruthran"
self.alias = "RUTHRAN-SEC"
self.location = "India 🇮🇳"
self.role = "Aspiring SOC Analyst | Blue Teamer"
self.degree = "B.Voc Data Science @ The American College (2024–2027)"
self.email = "ruthran.sec@gmail.com"
self.stack = [
"Splunk (SPL · Dashboards · Alerts)",
"Elastic Stack", "Wireshark", "Sysmon",
"Microsoft Defender", "CrowdStrike (Concept)",
"Cisco ASA Firewall", "Cisco Packet Tracer",
"VirusTotal · AbuseIPDB · Any.Run",
"MITRE ATT&CK · Cyber Kill Chain",
]
self.currently_learning = [
"🔴 Malware Reverse Engineering → Static & Dynamic Analysis",
"☁️ Cloud Security → AWS · Azure Sentinel",
"🐍 Python Scripting → Log Parsing · SOAR Automation",
"📜 Sigma Rules → Custom Detection Engineering",
]
self.fun_fact = "I map every suspicious event to MITRE ATT&CK before breakfast ☕"
def motto(self) -> str:
return "Detect. Investigate. Respond. Repeat."
me = SOCAnalyst()
print(me.motto())🖥️ SIEM & Log Analysis
🌐 Network Security & Analysis
🔍 Threat Intelligence & OSINT
🖱️ EDR / Endpoint
🔧 Tools & Frameworks
🛡️ SOC Analyst Self-Study Roadmap | Phases 1–10 | 2024 – 2026 | Remote
NetworkingWindows OSSysmonLinuxSplunk SIEMLog AnalysisSOC InvestigationsThreat DetectionMITRE ATT&CKEDR/XDR
- Completed a structured 10-phase SOC Analyst roadmap covering all core blue team disciplines from network fundamentals through advanced EDR/XDR operations.
- Mastered Splunk SPL query writing — built dashboards, alerts, and reports for real-world investigation scenarios including brute force, phishing, and malware triage.
- Developed deep expertise in Windows Event Log analysis (EIDs 4624/4625/4688/4720) and Sysmon correlation (EIDs 1/3/7/8/10/11/13/22) for endpoint threat hunting.
- Mapped every investigation finding to MITRE ATT&CK techniques, applying Cyber Kill Chain and Diamond Model frameworks for structured adversary behavior analysis.
📜 Google Cybersecurity Professional Certificate | Google / Coursera | 2024
Security FundamentalsNetwork SecurityLinuxPythonSIEMIncident ResponseSQL
- Completed all 8 courses covering threat analysis, vulnerability assessment, network hardening, and incident response lifecycle.
- Applied hands-on labs in Python scripting for security automation and SQL for log querying.
- Studied NIST CSF, security frameworks, and risk management principles applicable to real SOC environments.
- Earned certification validating foundational cybersecurity skills aligned with industry SOC Tier 1 role requirements.
🌐 Cisco Endpoint Security Certification | Cisco Networking Academy | 2024
Endpoint SecurityCisco TechnologiesMalware DefenseNetwork Access ControlAAA
- Studied endpoint protection strategies including antivirus/EDR deployment, host-based intrusion detection, and device compliance.
- Covered AAA (Authentication, Authorization, Accounting) and network access control architectures used in enterprise environments.
- Gained knowledge of Cisco security product ecosystem relevant to real-world SOC toolsets and vendor environments.
| Project | Stack | Highlights |
|---|---|---|
| 🔵 SOC Hands-On Investigations & DFIR Portfolio | Splunk Elastic Wireshark Any.Run VirusTotal MITRE ATT&CK |
176+ commits of real-world SOC investigations · Covers phishing, malware, brute force, crypto hijacking, NTA & CVE analysis · Full IOC extraction, enrichment & incident documentation |
| 🏛️ Enterprise Network Architecture 2026 | Cisco Packet Tracer ASA Firewall VLANs ACLs SIEM Syslog TACACS+ |
10 VLANs (HR/Finance/IT/SOC/DMZ) with Zero Trust inter-VLAN ACL policies · ASA firewall with 3 security zones, static NAT, PAT, extended ACLs · Full Layer 2 attack mitigations: DHCP Snooping, DAI, Port Security, BPDU Guard |
| 🏆 | Achievement | Details |
|---|---|---|
| 🎓 | Google Cybersecurity Professional Certificate | All 8 courses — Security, Linux, Python, SIEM, IR |
| 🌐 | Cisco Endpoint Security | Cisco Networking Academy certified |
| 📂 | SOC Portfolio — 176+ Commits | Comprehensive DFIR & SOC investigation portfolio on GitHub |
| 🗺️ | MITRE ATT&CK Practitioner | All investigations mapped to ATT&CK techniques |
| 🛡️ | SOC Roadmap — Phases 1–10 Complete | Self-study covering full blue team operations lifecycle |
| 🏗️ | Enterprise Network Architect | Designed banking/healthcare-grade network simulation from scratch |
| 🔍 | Multi-Platform SIEM Proficiency | Splunk SPL + Elastic Stack investigations |
| 🕵️ | Threat Intelligence Analyst | VirusTotal · AbuseIPDB · AlienVault OTX · urlscan.io · Any.Run |
| 🐍 | Python Scripting for Security | JSON · CSV · Regex · Requests · Log Parsing |
| 📋 | Incident Documentation Specialist | Structured IR reports with IOC extraction & remediation notes |
| Degree | Institution | Year | Status |
|---|---|---|---|
| B.Voc Data Science | The American College | 2024 – 2027 | 🟢 In Progress |
🔴 Malware Reverse Engineering → PE Analysis · Static Strings · Dynamic Sandboxing
☁️ Cloud Security → AWS Security Hub · Microsoft Azure Sentinel · CloudTrail
🐍 Python for Security → SOAR Automation · Log Parsing · API Integration
📜 Detection Engineering → Custom Sigma Rules · Alert Tuning · False Positive Reduction
🧠 Threat Hunting → Hypothesis-Driven Hunting · Living-Off-The-Land TTPs
🕵️ DFIR Deep Dive → Memory Forensics (Volatility) · Disk Forensics (Autopsy)
"In a world of noise, the SOC analyst finds the signal."
Detect. Investigate. Respond. Repeat. 🛡️
