Skip to content
View RUTHRAN-SEC's full-sized avatar
♾️
♾️

Block or report RUTHRAN-SEC

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
RUTHRAN-SEC/README.md
Profile Views Typing SVG

👾 About Me

#!/usr/bin/env python3
# ruthran_profile.py

class SOCAnalyst:
    def __init__(self):
        self.name            = "Ruthran"
        self.alias           = "RUTHRAN-SEC"
        self.location        = "India 🇮🇳"
        self.role            = "Aspiring SOC Analyst | Blue Teamer"
        self.degree          = "B.Voc Data Science @ The American College (2024–2027)"
        self.email           = "ruthran.sec@gmail.com"

        self.stack = [
            "Splunk (SPL · Dashboards · Alerts)",
            "Elastic Stack", "Wireshark", "Sysmon",
            "Microsoft Defender", "CrowdStrike (Concept)",
            "Cisco ASA Firewall", "Cisco Packet Tracer",
            "VirusTotal · AbuseIPDB · Any.Run",
            "MITRE ATT&CK · Cyber Kill Chain",
        ]

        self.currently_learning = [
            "🔴 Malware Reverse Engineering → Static & Dynamic Analysis",
            "☁️  Cloud Security → AWS · Azure Sentinel",
            "🐍 Python Scripting → Log Parsing · SOAR Automation",
            "📜 Sigma Rules → Custom Detection Engineering",
        ]

        self.fun_fact  = "I map every suspicious event to MITRE ATT&CK before breakfast ☕"

    def motto(self) -> str:
        return "Detect. Investigate. Respond. Repeat."

me = SOCAnalyst()
print(me.motto())


🛡️ Tech Stack & Tools

🖥️ SIEM & Log Analysis

Splunk Elastic Stack Windows Event Logs Sysmon Linux Logs

🌐 Network Security & Analysis

Wireshark Tcpdump Cisco ASA Cisco Packet Tracer Wireshark

🔍 Threat Intelligence & OSINT

VirusTotal AbuseIPDB AlienVault OTX MITRE ATT&CK Any.Run urlscan.io

🖱️ EDR / Endpoint

Microsoft Defender CrowdStrike SentinelOne Sysinternals

🔧 Tools & Frameworks

CyberChef Autopsy Sigma Rules Python Hybrid Analysis


🔥 Streak Stats


📈 Activity Graph


💼 Work Experience & Learning Journey

🛡️ SOC Analyst Self-Study Roadmap  |  Phases 1–10  |  2024 – 2026  |  Remote

Networking Windows OS Sysmon Linux Splunk SIEM Log Analysis SOC Investigations Threat Detection MITRE ATT&CK EDR/XDR

  • Completed a structured 10-phase SOC Analyst roadmap covering all core blue team disciplines from network fundamentals through advanced EDR/XDR operations.
  • Mastered Splunk SPL query writing — built dashboards, alerts, and reports for real-world investigation scenarios including brute force, phishing, and malware triage.
  • Developed deep expertise in Windows Event Log analysis (EIDs 4624/4625/4688/4720) and Sysmon correlation (EIDs 1/3/7/8/10/11/13/22) for endpoint threat hunting.
  • Mapped every investigation finding to MITRE ATT&CK techniques, applying Cyber Kill Chain and Diamond Model frameworks for structured adversary behavior analysis.
📜 Google Cybersecurity Professional Certificate  |  Google / Coursera  |  2024

Security Fundamentals Network Security Linux Python SIEM Incident Response SQL

  • Completed all 8 courses covering threat analysis, vulnerability assessment, network hardening, and incident response lifecycle.
  • Applied hands-on labs in Python scripting for security automation and SQL for log querying.
  • Studied NIST CSF, security frameworks, and risk management principles applicable to real SOC environments.
  • Earned certification validating foundational cybersecurity skills aligned with industry SOC Tier 1 role requirements.
🌐 Cisco Endpoint Security Certification  |  Cisco Networking Academy  |  2024

Endpoint Security Cisco Technologies Malware Defense Network Access Control AAA

  • Studied endpoint protection strategies including antivirus/EDR deployment, host-based intrusion detection, and device compliance.
  • Covered AAA (Authentication, Authorization, Accounting) and network access control architectures used in enterprise environments.
  • Gained knowledge of Cisco security product ecosystem relevant to real-world SOC toolsets and vendor environments.

🚀 Featured Projects

Project Stack Highlights
🔵 SOC Hands-On Investigations & DFIR Portfolio Splunk Elastic Wireshark Any.Run VirusTotal MITRE ATT&CK 176+ commits of real-world SOC investigations · Covers phishing, malware, brute force, crypto hijacking, NTA & CVE analysis · Full IOC extraction, enrichment & incident documentation
🏛️ Enterprise Network Architecture 2026 Cisco Packet Tracer ASA Firewall VLANs ACLs SIEM Syslog TACACS+ 10 VLANs (HR/Finance/IT/SOC/DMZ) with Zero Trust inter-VLAN ACL policies · ASA firewall with 3 security zones, static NAT, PAT, extended ACLs · Full Layer 2 attack mitigations: DHCP Snooping, DAI, Port Security, BPDU Guard

🏅 Achievements & Certifications

🏆 Achievement Details
🎓 Google Cybersecurity Professional Certificate All 8 courses — Security, Linux, Python, SIEM, IR
🌐 Cisco Endpoint Security Cisco Networking Academy certified
📂 SOC Portfolio — 176+ Commits Comprehensive DFIR & SOC investigation portfolio on GitHub
🗺️ MITRE ATT&CK Practitioner All investigations mapped to ATT&CK techniques
🛡️ SOC Roadmap — Phases 1–10 Complete Self-study covering full blue team operations lifecycle
🏗️ Enterprise Network Architect Designed banking/healthcare-grade network simulation from scratch
🔍 Multi-Platform SIEM Proficiency Splunk SPL + Elastic Stack investigations
🕵️ Threat Intelligence Analyst VirusTotal · AbuseIPDB · AlienVault OTX · urlscan.io · Any.Run
🐍 Python Scripting for Security JSON · CSV · Regex · Requests · Log Parsing
📋 Incident Documentation Specialist Structured IR reports with IOC extraction & remediation notes

🎓 Education

Degree Institution Year Status
B.Voc Data Science The American College 2024 – 2027 🟢 In Progress

📚 Currently Learning

🔴  Malware Reverse Engineering  →  PE Analysis · Static Strings · Dynamic Sandboxing
☁️   Cloud Security              →  AWS Security Hub · Microsoft Azure Sentinel · CloudTrail
🐍  Python for Security          →  SOAR Automation · Log Parsing · API Integration
📜  Detection Engineering        →  Custom Sigma Rules · Alert Tuning · False Positive Reduction
🧠  Threat Hunting               →  Hypothesis-Driven Hunting · Living-Off-The-Land TTPs
🕵️   DFIR Deep Dive              →  Memory Forensics (Volatility) · Disk Forensics (Autopsy)

🤝 Connect With Me

LinkedIn GitHub Email


"In a world of noise, the SOC analyst finds the signal."

Detect. Investigate. Respond. Repeat. 🛡️

Pinned Loading

  1. SOC-Hands-on-Investigation-and-Challenges SOC-Hands-on-Investigation-and-Challenges Public

    SOC / DFIR investigations portfolio with hands-on lab cases covering SIEM alert triage, Phishing Analysis, Malware analysis, Endpoint detection, Network Analysis. Built to demonstrate practical SOC…

    1

  2. Enterprise-Network-Architecture-2026 Enterprise-Network-Architecture-2026 Public

    Modern Enterprise Network Architecture (2026) built in Cisco Packet Tracer with VLAN segmentation, ASA firewall, DMZ, Zero Trust security, AAA, HSRP redundancy, enterprise monitoring, wireless secu…

  3. Cloud-Security-Monitoring-Hardening-in-AWS Cloud-Security-Monitoring-Hardening-in-AWS Public

    AWS Cloud Security Monitoring & Hardening project demonstrating cloud threat detection, incident investigation, automated alerting, and security hardening using CloudTrail, GuardDuty, SNS, Lambda, …

    Python