SOC Analyst & Security Engineer
Threat detection. Incident response. Security automation.
Embrace the Unknown
About
The person behind the handle — my background, focus, and what drives me.
A SOC Analyst and Computer Science student . My work lives at the intersection of detection engineering, incident response, and automation — building systems that find threats before they become breaches.
I've architected full Zero Trust environment, built IAM lab, and automated enrichment pipelines that cut triage time dramatically. Every project I ship reflects the same standard: rigorous, documented, and production-ready.
Core Stack
Security Professional
LxZy
SOC Analyst · CS Student
Background
Where the foundation was built — academic rigor meets hands-on practice.
2023 – Present
Cairo, Egypt · Currently enrolled
Major: Cloud & Mobile ComputingDec 2025 – Jul 2026
Computer and Information Systems Security / Information Assurance
Information Systems SecurityWork
Roles where I've operated, defended, and delivered.
Independent / Academic
Designing and deploying enterprise-grade security lab environments covering Zero Trust Architecture, Identity & Access Management, and Blue Team investigation workflows. Each lab is fully documented and built with production-grade open-source tooling.
2025 – Present
Certifications
A structured pursuit of industry-recognized credentials across the security landscape.
Microsoft Security Operations Analyst — SIEM, XDR, and Defender suite.
Foundational security domains: threats, architecture, implementation, and governance.
Networking fundamentals, routing/switching, and network security essentials.
Red Hat System Administration — Linux administration and command-line proficiency.
Blue Team Fundamentals — SOC analysis, DFIR, and analyst workflow.
Cloud fundamentals and AWS security services overview.
Certified Incident Responder.
What I offer
Security capabilities I provide — from detection engineering to full incident response cycles.
24/7 threat monitoring, SIEM management, alert triage, and detection rule development aligned to MITRE ATT&CK.
Full IR lifecycle — containment, eradication, forensic analysis, and documented post-incident reports.
IOC enrichment, threat actor profiling, and intelligence-driven detection engineering for your environment.
Python-based automation for enrichment pipelines, SOAR playbooks, and repetitive analyst workflows.
Portfolio
Production-quality labs and tools — fully documented, built with real open-source tooling.
A dual-pfSense, dual-device ZTA lab aligned to NIST SP 800-207. Spans two physical machines connected via IPsec site-to-site tunnel, with 4 VLANs, Suricata IDS on both firewalls, Wazuh SIEM aggregating cross-site logs, and a Docker stack serving Traefik + Authelia MFA behind Cloudflare Zero Trust WARP. Full attack simulation with an isolated Kali VM on VLAN 40.
A full Identity & Access Management lab running on VirtualBox across 5 VMs. FreeIPA handles LDAP, Kerberos, DNS, and the internal CA. Keycloak federates identities and enforces TOTP MFA via OIDC/SAML. HashiCorp Vault manages secrets and PKI. Wazuh (Docker) captures all authentication events. WireGuard connects the management plane.
A practical Blue Team lab series covering 10 real-world SOC scenarios: authentication anomaly detection, phishing analysis, PCAP investigation, SIEM correlation, lateral movement hunting, detection rule development, incident response execution, and memory forensics on fileless malware. All labs produce reportable artefacts — investigation reports, detection rules, and automation scripts.
A Python automation script integrating VirusTotal and AbuseIPDB to dramatically reduce analyst enrichment time. Accepts bulk IOC lists (IPs, hashes, domains), queries multiple threat intel sources in parallel, and outputs structured reports ready for ticket ingestion.
Get in touch
Open to IR consulting, managed SOC engagements, and collaboration on security automation. Reach out — I respond fast.