Skill & Artifact Reflection
Skill 1: Incident Response
Incident response is a critical skill in cybersecurity because it involves identifying, investigating, and responding to potential security incidents in a timely and effective manner. One of the strongest examples of this skill comes from my SOC internship experience. During this time, I was responsible for reviewing security alerts and determining whether activity was malicious or normal. I analyzed login activity, reviewed logs, and used tools such as Microsoft Defender and SIEM platforms to gather more context. I followed a structured process to investigate alerts and documented my findings to ensure clarity and consistency.
Another example includes handling phishing investigations, where I reviewed email activity, analyzed user behavior, and helped determine if an account was compromised. This required quick decision making and an understanding of how to contain potential threats.
These experiences strengthened my ability to respond to incidents in a real world environment. This skill is valuable in professional roles because organizations rely on analysts to quickly identify and contain threats before they cause further damage.
Artifact 1: Phishing Investigation
Problem:
During my SOC internship, I was responsible for reviewing phishing emails and determining whether they were malicious or safe.
Action:
I analyzed the email content, checked sender domains, reviewed embedded links, and used Microsoft Defender and URL analysis tools to gather more context. I also reviewed user activity to see if there was any interaction with the email.
Result:
This demonstrates my ability to investigate phishing incidents, identify threats, and prevent potential account compromise.
Artifact 2: User Account Compromise Investigation
Problem:
I investigated alerts related to suspicious login activity and potential compromised accounts.
Action:
I reviewed authentication logs, analyzed risky user alerts in Entra ID, and checked MFA logs to determine if the activity was legitimate or malicious.
Result:
This shows my ability to analyze identity based threats and take action to secure accounts in a real environment.
Artifact 3: SIEM Alert Review
Problem:
I was responsible for reviewing security alerts generated in the SIEM to determine if they required further action.
Action:
I analyzed logs, correlated activity across systems, and compared behavior to normal patterns to determine if the alert was a false positive or a real threat.
Result:
This demonstrates my ability to work with SIEM tools and make informed decisions during incident response.
Skill 2: Threat Analysis
Threat analysis involves identifying patterns, understanding attacker behavior, and determining whether activity poses a real risk to a system or organization. Through my SOC internship, I developed this skill by analyzing different types of alerts and correlating information across multiple sources. I reviewed authentication logs, endpoint activity, and network behavior to determine whether actions were suspicious. I learned how to distinguish between false positives and real threats by comparing activity to normal behavior patterns. My network and security coursework helped strengthen this skill by requiring me to analyze system activity and identify unusual patterns. These assignments required attention to detail and the ability to interpret technical data in a meaningful way.
This skill is important in cybersecurity because analysts must be able to identify threats accurately and make informed decisions based on available data. Strong threat analysis helps reduce risk and improves overall security posture.
Artifact 1: Threat Hunting and Alert Correlation
Problem:
During my SOC internship, I needed to identify potential threats by analyzing alerts across multiple security tools.
Action:
I correlated data from Azure, CrowdStrike, Palo Alto firewalls, and QRadar SIEM to identify patterns and determine whether activity was suspicious.
Result:
This demonstrates my ability to analyze complex data and identify real threats across multiple systems.
Artifact 2: Authentication Log Analysis
Problem:
I was tasked with reviewing authentication activity to determine if login attempts were suspicious.
Action:
I analyzed login patterns, reviewed IP addresses, and compared activity to normal user behavior to identify anomalies.
Result:
This shows my ability to detect abnormal behavior and assess potential security risks.
Artifact 3: Network Traffic Analysis Lab
Problem:
In my coursework, I was required to analyze network traffic to identify unusual or suspicious behavior.
Action:
I used tools like Wireshark to review packet data and identify patterns that could indicate malicious activity.
Result:
This demonstrates my ability to interpret network data and apply threat analysis skills in a technical environment.
Skill 3: Risk Management
Risk management focuses on identifying potential vulnerabilities and ensuring systems are configured securely to reduce exposure to threats. One example of this skill is my cloud security project. In this project, I built a cloud environment and was responsible for configuring access controls and reviewing system settings. I made sure that the environment was properly secured by identifying misconfigurations and correcting them before they could become security issues. Another example is my client server application project, where I implemented authentication and encrypted communication. This project required me to think about how data could be exposed and how to protect it through secure design.
These experiences helped me understand how to evaluate systems from a security perspective and reduce potential risks. Risk management is essential in cybersecurity because it focuses on preventing issues before they occur, rather than only reacting to them.
Artifact 1: Cloud Security Configuration Project
Problem:
I was assigned to build a cloud environment and ensure it was securely configured.
Action:
I set up access controls, reviewed system configurations, and identified any misconfigurations that could create vulnerabilities.
Result:
This demonstrates my ability to secure systems and reduce risk through proper configuration.
Artifact 2: Client Server Application Security
Problem:
I developed a client server application that needed to securely handle user authentication and data.
Action:
I implemented secure login functionality and added encrypted communication to protect data being transmitted.
Result:
This shows my ability to design systems with security in mind and reduce potential exposure.
Artifact 3: Firewall Rule Review and Implementation
Problem:
During my SOC internship, I worked with firewall rules to ensure proper network security.
Action:
I reviewed existing firewall policies and helped create or adjust rules to improve security and reduce unnecessary exposure.
Result:
This demonstrates my understanding of network security controls and how to reduce risk at the network level.