Cybersecurity & Systems Engineering Portfolio¶
About¶
Paul Leone | Aspiring Security Analyst & Infrastructure Engineer
Welcome to my professional portfolio. This site showcases my journey into cybersecurity, documenting the technical labs, security frameworks, and automation workflows I've built to defend modern hybrid infrastructure.
My focus is on bridging the gap between IT Operations (SysAdmin) and Security Operations (Blue Teaming). Through these projects, I demonstrate a commitment to continuous learning, a "secure-by-design" mindset, and the technical proficiency required to mitigate risks across on-premises and cloud environments.
Projects¶
| Project | Description |
|---|---|
| Business Intelligence & Data Analytics | Engineered data pipelines using SQL Server and Power Query to transform raw data into actionable insights. Developed automated reporting dashboards in Power BI for executive decision support. |
| Threat Intelligence Brief & SOC Improvement Plan | Enhanced threat intelligence brief with TTP breakdown mapped to MITRE ATT&CK framework. Strategic improvement plan aligned to NIST CSF 2.0 and CIS Controls 8.1 with custom YARA and Sigma detection rules. |
| Security Homelab: Overview and Landing Page | Enterprise-grade security laboratory demonstrating production-ready capabilities across SecOps, systems engineering, and network defense. Multi-layered architecture with SIEM, IDS/IPS, SOAR automation, zero trust controls and hybrid-cloud connectivity. |
Featured Project: Security Homelab¶
Enterprise-Grade Security Engineering Environment
A fully segmented, detection-focused homelab built to simulate real SOC workflows and enterprise infrastructure.
Key Capabilities:
- Advanced Threat Detection: Behavioral threat intelligence (CrowdSec), network anomaly detection (Suricata/Snort), and SIEM correlation (ELK Stack/Splunk)
- Automated Incident Response: SOAR workflows integrate TheHive case management, Cortex/MISP enrichment, and automated remediation
- Defense-in-Depth Architecture: Multi-layer controls spanning network perimeter, application layer, identity management, and hybrid-cloud exit nodes
- Infrastructure as Code: Terraform and Ansible enable version-controlled, repeatable deployments across Proxmox, AWS, GCP, and Azure with full audit trails
- Full-Stack Observability: Unified metrics collection (Prometheus), visualization (Grafana), and real-time alerting
Architecture Principles:
- Defense in Depth: Network segmentation, WAF protection, endpoint EDR, and identity verification create overlapping defensive barriers
- Secure by Design: All services default to encrypted communications (TLS), authenticated access (SSO/MFA), and least-privilege authorization (RBAC)
- Zero Trust Architecture: No implicit trust based on network location; continuous authentication and authorization for every request, extending to cloud-hosted assets
What I Do¶
Security Engineering
Building detection pipelines, log ingestion workflows, and monitoring architectures that provide actionable threat visibility across on-prem and multi-cloud environments.
Threat-Informed Defense
Mapping adversary behaviors to detections and controls using MITRE ATT&CK framework. Creating custom detection rules (YARA, Sigma) based on threat intelligence.
Data Analytics & Automation
Transforming raw security data into dashboards and insights. Automating repetitive tasks through Python, PowerShell, and workflow orchestration (n8n, Shuffle).
Cloud & Infrastructure
Designing secure, scalable environments using virtualization (Proxmox, Docker), infrastructure as code (Terraform, Ansible), and public cloud providers (AWS, Azure, GCP).
Technical Writing & Documentation
Creating clear, structured documentation for complex systems. Translating technical implementations into business value for stakeholders.
Compliance & Frameworks
Aligning security controls to industry standards (NIST CSF 2.0, CIS Controls v8, ISO 27001, MITRE ATT&CK) with audit-ready documentation.
Career Focus¶
I'm focused on roles where I can combine security engineering, analytics, and operational problem-solving:
- SOC Analyst / Security Operations: Monitoring, detection, incident response, and threat hunting
- Security Engineer: Building security controls, automation, and defensive architecture
- Infrastructure Security: Securing hybrid-cloud infrastructure, identity management, and network defense
- Detection Engineer: Creating custom detection rules, tuning SIEM, and improving alert fidelity
Professional Development¶
Certifications¶
Completed:
- Cisco Certified Network Associate (CCNA) — July 2024
- CompTIA Security+ — February 2025
- TryHackMe SOC Level 1 — August 2025
- TryHackMe Jr Penetration Tester — October 2025
- Fortinet Certified Fundamentals in Cybersecurity — October 2024
In Progress:
- EC-Council Certified Ethical Hacker (CEH)
Continuous Learning¶
Active participant in hands-on security training platforms (TryHackMe) and CTF competitions through EC Council to maintain current knowledge of attack techniques and defensive strategies.
Technical Skills Summary¶
Security Operations¶
Wazuh XDR • Splunk • ELK Stack • Suricata • Snort • CrowdSec • SafeLine WAF • TheHive • Cortex • Shuffle SOAR • MISP • Nessus • OpenVAS • VirusTotal • AbuseIPDB • Shodan • Hybrid Analysis • Malware Bazaar • OWASP ZAP
Network & Infrastructure¶
pfSense • OPNsense • FortiGate • PAN-OS • Cisco IOS/IOS XE • OSPF • VLANs • Proxmox VE • Docker • Kubernetes (K3s) • VMware ESXi • Traefik • Cloudflare • Tailscale • DNS • HTTP/HTTPS • NetFlow • AWS • Azure • Google Cloud Platform
Identity & Access Management¶
Authentik • Active Directory • StepCA PKI • OAuth2/OIDC/SAML • MFA (TOTP/FIDO2) • RBAC • Entra ID • Cloud IAM (AWS/GCP)
Security Tooling & DFIR¶
Wireshark • Brim/ZUI • Zeek • ntopng • NetworkMiner • tcpdump • Sysinternals • CyberChef • Volatility • KAPE • Autopsy • Eric Zimmerman Tools • Velociraptor • Nmap • Hydra • Burp Suite • Metasploit
Monitoring & Analysis¶
Grafana • Prometheus • Checkmk • Uptime Kuma • NetAlertX • Pulse • Blackbox Exporter • Kibana
Automation & Scripting¶
PowerShell • Bash • SQL • Ansible • Terraform • n8n • Git/GitHub • JSON/YAML/XML • REST API
Compliance & Frameworks¶
NIST CSF 2.0 • NIST SP 800-53 • NIST SP 800-207 (Zero Trust) • CIS Controls v8.1 • CIS Benchmarks • CISA ZT Maturity Model v2.0 • ISO 27001 • MITRE ATT&CK • OWASP Top 10 • PCI-DSS v4.0
Operating System Administration¶
Windows 11 • Windows Server • Linux (Debian/Ubuntu/Red Hat/Fedora) • FreeBSD • macOS • iOS • Android
Why Work With Me¶
Hybrid Skillset: Background in both IT operations (systems administration) and security operations (blue team) provides a comprehensive understanding of infrastructure security across physical, virtual, and cloud layers.
Hands-On Experience: Extensive homelab demonstrates production-ready capabilities with enterprise-grade tools and architectures directly transferable to SOC, security engineering, and infrastructure roles.
Business-Focused: Projects emphasize operational outcomes and business value, not just technical implementation. Documentation targets both technical and executive audiences.
Continuous Learner: Active certification pursuit and homelab expansion demonstrate commitment to staying current with evolving threat landscape and security technologies.
Process-Driven: Security controls aligned to industry frameworks (NIST, CIS, MITRE) with audit-ready documentation and policy enforcement.
Resume & Contact¶
Download Resume
Connect With Me¶
LinkedIn • GitHub • pnleone@outlook.com
This portfolio is actively maintained and updated with new projects, certifications, and technical implementations. Last updated: April 2026