Skills & Development

A transparent view of what I’m building: foundational security competencies, investigative methods, and hands-on practice aligned to digital forensics, incident response, and defense-oriented cybersecurity.

Security+ Certified Cybersecurity Student EE Foundation Academic / Simulated Work

Evidence-Backed Skills

Skills mapped to documented casework. “Planned” items are scoped for Case-002 and will be validated during execution.

View Case Files →
CASE-001 • COMPLETED

After-Hours Network Activity Investigation

  • • Baseline vs anomalous traffic comparison (PCAP-driven)
  • • Packet-level interpretation (protocol behavior, endpoints, timing)
  • • Evidence notes + structured reporting discipline
  • • Timeline reconstruction from observed network artifacts
CASE-002 • PLANNED

Linux Web Server Compromise Investigation

  • • Web log correlation (Apache access/error) with host logs
  • • Privilege escalation proof via misconfiguration (sudoers/SUID/cron)
  • • Persistence validation (authorized_keys + systemd service)
  • • Exfil proof (scp/curl) + timeline reconstruction with SIFT tooling

Development Domains

Investigative Method

Practicing

  • • Evidence inventory & documentation discipline
  • • Hypothesis-driven analysis (prove / disprove)
  • • Timeline-first reconstruction mindset
  • • Clear limitations and next steps

Linux & Systems

Practicing

  • • Ubuntu/Kali VM administration
  • • User/group permissions & basic hardening
  • • Command-line fluency (Bash fundamentals)
  • • Environment setup for labs and tooling

Networking & Packet Analysis

Practicing

  • • TCP/IP, DNS, DHCP behavior observation
  • • PCAP triage and basic protocol interpretation
  • • Scanning fundamentals and documentation (e.g., Nmap)
  • • Noting anomalies without premature attribution

Programming & Scripting

Foundational → Practicing

  • • Python fundamentals for automation and parsing
  • • Bash scripting basics for workflow support
  • • C exposure from engineering background
  • • Git/GitHub for version control and traceability

Forensics Foundations

Foundational

  • • Evidence handling concepts and documentation habits
  • • Artifact awareness (files, logs, timestamps)
  • • “What can be proven” vs. speculation discipline
  • • Structured reporting practice (redacted)

Embedded & Cyber-Physical Context

Foundational

  • • Microcontroller exposure (ESP32/Arduino)
  • • Serial comms and telemetry behavior observation
  • • Reliability mindset (failure modes, traceability)
  • • Security interest: resilient comms & secure autonomy
Domain choices reflect current training priorities and documented experience.

Tools & Platforms

Listed as tools used in labs or tools scoped for upcoming casework (explicitly labeled).

Networking

Wiresharkcase/lab
Nmaplab
tcpdumplearning
TCP/IP, DNS, DHCPfundamentals

Systems

UbuntuVM
KaliVM
VirtualBoxlab
Bashpractice

Forensics

SIFT Workstationplanned
Autopsy / Sleuth Kitplanned
Plaso (log2timeline)planned
sha256sum / stat / findpractice

Web & Lab Targets

Apacheplanned
DVWAplanned
SSH / scppractice
Git / GitHubactive
“Planned” tools are explicitly scoped for Case-002 and will be updated to “used” only after validation.

Near-Term Build Plan

A realistic roadmap for turning “interest” into repeatable capability

1) Networking Discipline

  • • Daily packet-reading reps (DNS/DHCP/TCP)
  • • PCAP triage checklists and notes
  • • Small weekly writeups (what/why/how proven)

2) Linux + Automation

  • • One lab per week: users/permissions/hardening
  • • Python scripts: parsing logs, summarizing artifacts
  • • Git commits as proof of iteration

3) Forensics Foundation

  • • Build “evidence register” habit for every lab
  • • Draft redacted reports from simulations
  • • Complete Case-001 → then start Case-002