$ whoami

ETHAN ANTHONY BAILEY

Cybersecurity Student • Security+ • SOC & SIEM Focus

$ ./get_profile.sh

Name: Ethan Anthony Bailey

Role: Cybersecurity Student

Focus: SOC Operations, Detection, Automation

Certifications: CompTIA Security+

Status: Seeking internship / entry-level cyber role

$ _

View ProjectsContactGitHub

#About Me

Cybersecurity student focused on SOC workflows, SIEM monitoring, and security automation through hands-on labs. Security+ certified and building job-ready projects around alert triage, detection tuning, and incident response playbooks.

Security+
Certified
SOC
Blue Team Focus
SIEM
Detection + Triage

I’m building everything with clean documentation so recruiters can quickly see what I did, what I detected, how I validated it, and what I would improve next.

about.ts
const candidate = {
name: "Ethan Bailey",
focus: ["SOC", "SIEM", "Detection", "Automation"],
toolkit: ["Splunk", "Chronicle", "XSOAR", "Linux"],
frameworks: ["NIST", "MITRE ATT&CK"],
certifications: ["Security+", "Google Cybersecurity"],
};

#Home Lab Architecture

Virtual SOC Network Topology

Isolated virtual environment designed to simulate attacker behavior, network controls, endpoint activity, and centralized detection for SOC practice.

Kali LinuxAttacker
Simulated offensive traffic:
  • • reconnaissance & scanning
  • • authentication attempts
  • • payload simulation
NmapMetasploitBurp
traffic filtered
pfSenseFirewall
Network enforcement & logging:
  • • segmentation & zones
  • • allow / deny rules
  • • NAT & traffic logs
RulesLoggingSegmentation
logs forwarded
Windows VMEndpoint
Event generation & telemetry:
  • • authentication events
  • • process execution
  • • network connections
Event LogsSysmon
SIEMDetection
Centralized monitoring & alerts:
  • • log ingestion
  • • detection rules
  • • alert triage
SplunkChronicleMITRE
Input: simulated attacks
Output: alerts & timelines
Goal: SOC decision practice

What This Lab Demonstrates

End-to-End Visibility

From attacker activity through firewall enforcement to endpoint telemetry and SIEM alerts.

SOC Workflow

Alert triage, evidence correlation, MITRE mapping, and response notes.

Defensive Thinking

Validating detections, tuning noise, and confirming expected network behavior.

VirtualizationNetwork SecuritySOC PracticeDetection Engineering
Detailed write-up: coming soon →

#Skills

skills.sh

$ cat skills.txt

[SOC & Detection]
SIEM MonitoringLog AnalysisAlert TriageInvestigationMITRE ATT&CKIR Workflow
[Tools]
SplunkGoogle ChronicleCortex XSOARHoneypotsLab Environments
[Systems & Concepts]
Linux HardeningNetworkingNIST CSFSecurity AutomationBaseline Checks

$ _

Current Focus

Building SOC-ready projects that show alert triage, detection logic, and repeatable response playbooks with clear documentation and verification steps.

Detection & Triageprimary
Automation (SOAR)building
Linux Hardeningsupporting
Updated as I build new SOC labs →

#Projects

SIEM SOC Dashboard (Splunk)

Lab

Dashboards for authentication anomalies and brute-force patterns. Built a simple triage flow with alert context, severity cues, and follow-up steps.

SplunkDashboardsDetectionTriage
View write-up →

Incident Response Automation (Cortex XSOAR)

Lab

Created playbooks to automate repetitive response steps including enrichment, notification, and case workflow for simulated incidents.

XSOARAutomationIRPlaybooks
View write-up →

Honeypot Deployment & Analysis

Lab

Deployed honeypots to observe attacker behavior, extract indicators of compromise, and document common scanning and credential attempts.

HoneypotIOCsLinuxThreat Intel
View write-up →

Linux Security Hardening Lab

Lab

Hardened a Linux host using SSH best practices, firewall rules, and baseline checks with validation steps.

LinuxHardeningSSHFirewall
View write-up →

#YouTube

Cipherstitious

Cybersecurity content focused on SOC workflows, SIEM analysis, detection reasoning, and practical blue team thinking.

Channel
SOCSIEMDetectionBlue Team
Visit Channel
youtube.com/@Cipherstitious

Featured Videos

Watch selected videos directly on this site. Video IDs can be swapped anytime.

SOC Alert Triage Walkthrough
Video
Add YouTube video ID
SIEM Detection Logic Explained
Video
Add YouTube video ID
Blue Team Lab Breakdown
Video
Add YouTube video ID

#Certifications

🛡️
CompTIAEnterprise Security

CompTIA Security+

Learned the core building blocks of enterprise security: how threats happen, how defenses are designed, and how teams respond. Covered identity concepts, secure networking basics, risk management, and incident response workflow.

• Threats & vulnerabilities
• Identity & access basics
• Controls & hardening
• Incident response workflow
Earned: 2025
🔎
GoogleSOC Foundations

Google Cybersecurity Professional

Built practical SOC fundamentals: how to think through alerts, document incidents, and follow escalation workflows. Reinforced security concepts with hands-on exercises and repeatable processes.

• SOC workflow & escalation
• Alert triage mindset
• Incident documentation
• Security tooling basics
Earned: 2025

#Education

California State University, San Bernardino

B.S. Information Systems — Cybersecurity

2025 – 2027

Studying cybersecurity fundamentals, information assurance, and enterprise systems with an emphasis on SOC operations, incident response, and security controls.

Cybersecurity FocusInformation AssuranceSystems

Chaffey College

Associate Degree — Computer Science

2023 – 2025

Built a strong foundation in programming, algorithms, and systems thinking used in scripting, automation, and security labs.

ProgrammingProblem SolvingSystems Thinking

#Get In Touch

✉️
Email
eabaileyedu@gmail.com
preferred contact
💼
GitHub
github.com/ethnbail
projects & write-ups
🔗
LinkedIn
linkedin.com/in/ethan-a-bailey
professional profile
$ contact

Quickest response via email. This form sends directly to my inbox.

Example: Recruiter / Hiring Manager

When you deploy, update the redirect URL to your live domain.