Hello, I'm Hussien Kofi a cybersecurity learner focused on detection, analysis, and threat response. I'm building a portfolio that reflects my commitment to practical security knowledge, clear communication, and structured, real-world learning.
This GitHub serves as my learning ground, documentation trail, and proof of progress as I prepare for a Tier 1 SOC Analyst role.
These projects simulate real-world tasks a SOC analyst might face from log analysis to threat profiling.
-
Log File Analysis using Python
A hands-on project simulating Tier 1 log review workflows. Focused on regex, pattern matching, and detection logic to identify signs of credential misuse and unusual activity. Built to reflect real SOC scenarios where accuracy and speed matter. -
APT29 Threat Actor Profile
An intelligence report on APT29 (Cozy Bear), aligned with real-world MITRE tactics and open-source data. Focused on mapping threat behaviour, IOCs, and implications for UK-based organisations designed to simulate analyst-led threat briefings. -
Splunk Cloud SIEM Simulation (in progress)
A simulation of SIEM-based alert creation and triage using Splunk Cloud. Includes log ingestion, correlation rule design, and analyst-style responses to synthetic alerts. Designed to reflect foundational SOC workflows in a live SIEM environment.
More Projects
- Incident Response Policy Review
A critical review of a sample IR policy based on NIST standards. Includes documentation breakdown, risk-based critique, and real-world SOC alignment. Written from the perspective of a junior analyst validating organisational readiness.
Coming Soon
-
Incident Response Playbook
Create a practical, SOC-ready IR playbook tailored to phishing, malware, and endpoint alerts. -
Nmap & Network Visual Map
Scan and map a sample network environment, using Nmap and visualisation tools. -
Phishing Email Manual Analysis
Investigate and dissect phishing emails using headers, VirusTotal, and sandbox tools. -
Vulnerability Scan Report (OpenVAS/Nessus)
Execute a scan, identify key findings, and write a professional risk-based report. -
Password Cracking Lab Explore brute-force and dictionary attacks using hash samples and cracking tools.
This roadmap reflects my progression toward a Tier 1 SOC Analyst role. Each phase aligns with real-world responsibilities in security operations from phishing triage and endpoint investigation to detection logic and documentation. Every project is chosen to reinforce a key capability, build muscle memory, and simulate actual workflows found in modern SOC environments.
| Phase | Focus Area | Projects | Status |
|---|---|---|---|
| 0 | Foundations & Tools | Bash, Regex, Git, Markdown, VS Code | ✅ Complete |
| 1 | Log Analysis & Detection Logic | Log File Analysis | ✅ Complete |
| 2 | Threat Intelligence & Profiling | APT29 Threat Actor Profile | 🚧 In Progress |
| 3 | SIEM Triage & Alerting Rules | Splunk Cloud Simulation | 🚧 In Progress |
| 4 | Phishing Alert Investigation | Phishing Email Manual Analysis (Planned) | 🔜 Planned |
| 5 | Incident Response & Documentation | IR Policy Review, IR Playbook (Planned) | 🔜 Planned |
| 6 | Endpoint Activity & Detection Logic | Sysmon Log Triage (Planned) | 🔜 Planned |
| 7 | Alert Handling & SOC Case Journaling | Analyst Alert Triage Logbook (Planned) | 🔜 Planned |
| 8 | Network Scanning & Threat Exposure | Nmap Mapping, Vulnerability Scan Report (Planned) | 🔜 Planned |
| 9 | Detection Engineering & Rule Writing | Custom Sigma/YARA Rule Dev (Planned) | 🔜 Planned |
| 10 | SOAR & Automation | SOC Automation Lab (Shuffle, TheHive) (Planned) | 🔜 Planned |
| 11 | MITRE ATT&CK Mapping | ATT&CK Matrix Overlay + IOC Tables (Planned) | 🔜 Planned |
| 12 | SOC Metrics & Dashboards | Mock SOC Dashboard (KPIs, Triage Times) (Planned) | 🔜 Planned |
Each phase was designed with purpose. I'm not just learning tools I'm learning workflows, judgement, and how to operate like a real SOC analyst.
- Google Cybersecurity Certificate (6 of 8 courses completed)
- CompTIA Security+ (planned – Q4 2025)
- Personal Projects: Log inspection, automation, SIEM analysis, Python scripting
- Regular practice: Regex, incident documentation, security research
Languages & Scripts
Python, Bash (basics), Regex, Markdown
Security Tools
Wireshark, Splunk (simulated), Elastic Stack, Suricata, Zeek, Microsoft Sentinel, Shuffle SOAR, TheHive
Productivity & Analysis
Git, GitHub Projects, Excel, SQL (basic), Google Workspace
I'm Hussien Kofi based in the UK, I'm focused, methodical, and fully committed to becoming a skilled SOC Analyst. I thrive in structured, high-responsibility environments and approach challenges with consistency, clarity, and purpose.
Each project in this profile represents a deliberate step forward not just in technical knowledge, but in thinking like a defender. I prioritise documentation, process, and critical reasoning the skills that make analysts effective under pressure.
I’m not just learning cybersecurity I’m actively building the habits, mindset, and hands-on skills of someone who will thrive in a fast-paced SOC environment.
Each project here reflects a deliberate step forward: identifying a gap, exploring a tool, writing clean documentation, and thinking like a defender. I believe in starting small, improving relentlessly, and learning in public because that’s how real security professionals grow.
This profile is more than a portfolio; it’s a map of where I’ve been and where I’m heading. If you value curiosity, discipline, and practical learning, you’ll find that spirit woven throughout every repo here.
Cybersecurity isn’t just a career pivot for me it’s a deliberate commitment to protecting systems, people, and data in a world that depends on digital trust. My background in customer service has taught me how to listen, adapt, and act under pressure the same qualities that define a responsive analyst in a SOC environment.
I’m drawn to this field because of its urgency and impact. Every log, alert, or indicator tells a story and I want to be the person who notices, investigates, and responds. I’m not just learning tools; I’m training to think like a defender, to act like one, and to grow into a professional that teams can rely on.
I welcome opportunities to connect with professionals, recruiters, or fellow learners in the cybersecurity space.
- 📧 Email: hussienkofi@gmail.com
- 🔗 LinkedIn: linkedin.com/in/hussien-kofi-99a012330
- 🧪 GitHub: github.com/Hussien-K11
Whether you have feedback, collaboration ideas, or just want to talk shop I’m always open to a conversation.