Three of my labs, explained the way I would in an interview: the real problem they tackle, my approach, and the skills they put on the table.
In a SOC, the difference between catching an intrusion and missing it comes down to knowing how to ask the logs the right questions. I wanted an environment to train that muscle βquery-driven threat huntingβ without deploying a full SIEM.
Build a browser-playable mini-SIEM: a set of logs with an attack hidden in the noise, and a console where the analyst writes KQL-style queries to isolate the actor.
Almost every company runs on Active Directory, and almost all of them have hidden attack paths: a chain of misconfigured permissions leading from any user to Domain Admin. Understanding how the attacker thinks is the best way to defend it.
Recreate the BloodHound experience βenumerate a domain and find the shortest path to full controlβ in a visual, interactive simulator.
Security does not start at the firewall, it starts at design. Translating business requirements (size, budget, compliance) into a defensible architecture is a senior-level skill I wanted to demonstrate tangibly.
A tool that, from a few parameters, generates a tailored security architecture: diagram, recommended controls and a cost estimate.