Skills Matrix
Cybersecurity Skills & Project Evidence
Search skills by topic, tool, project, attack type, or cybersecurity concept. Each skill explains what it is, what it means, how I use it, and which projects support it.
Showing 56 skills
Security Architecture
What it is
The practice of designing systems, networks, applications, and controls so they are secure, resilient, and easier to monitor.
What it means
It helps organizations reduce risk by planning security into the environment instead of adding it later.
How I use it
I use architecture diagrams, segmentation, control mapping, API controls, and risk notes to explain how systems should be protected.
Related Projects
What it is
A process for identifying threats, weaknesses, impact, likelihood, and recommended mitigations.
What it means
It helps prioritize the most important security problems instead of treating every issue the same.
How I use it
I document risks, explain business impact, and recommend practical controls in architecture and API security projects.
Related Projects
What it is
A structured way to think through how a system could be attacked.
What it means
It helps security teams identify abuse cases before attackers do.
How I use it
I use it to think through assets, trust boundaries, attack paths, and defensive controls for networks and APIs.
Related Projects
What it is
The practice of separating systems into zones so access can be controlled and limited.
What it means
It reduces blast radius if one system is compromised.
How I use it
I use segmentation concepts when designing secure network layouts and separating users, servers, and monitoring systems.
Related Projects
What it is
A security model based on never automatically trusting users, devices, or networks.
What it means
It requires verification, least privilege, monitoring, and strong access control.
How I use it
I plan to build a project showing identity-aware access, segmentation, and logging strategy.
Related Projects
SIEM & Detection Engineering
What it is
An open-source security monitoring platform for log collection, alerting, intrusion detection, and compliance monitoring.
What it means
It helps detect suspicious activity and gives analysts visibility across systems.
How I use it
I use Wazuh in my lab to collect logs, write custom rules, validate alerts, and document SSH brute-force activity.
Related Projects
What it is
The process of creating, testing, and improving logic that detects attacker behavior.
What it means
It turns raw logs and security events into useful alerts and investigation signals.
How I use it
I create custom Wazuh rules, simulate attacks, test alert behavior, tune detection logic, and capture security events from applications.
What it is
Writing detection logic that identifies specific suspicious events or patterns.
What it means
Custom rules help detect activity that default tools may miss.
How I use it
I write and test custom Wazuh rules for attack scenarios such as SSH brute-force attempts.
Related Projects
What it is
Reviewing security alerts to understand what happened, why it triggered, and what action is needed.
What it means
It helps separate real threats from noise.
How I use it
I analyze Wazuh alerts, confirm source activity, review logs, and document findings.
What it is
Improving alert rules to reduce false positives and make detections more useful.
What it means
Good tuning helps analysts focus on meaningful alerts.
How I use it
I plan to tune Wazuh alerts by adjusting rules, severity, thresholds, and expected behavior.
Related Projects
What it is
Reviewing system, application, and security logs to understand activity.
What it means
Logs are the evidence behind detection, investigation, and incident response.
How I use it
I review authentication logs, Wazuh alerts, API security logs, command output, and timelines to explain what happened.
SOC & Threat Analysis
What it is
Identifying repeated login attempts that may indicate password guessing or credential attacks.
What it means
It helps detect unauthorized access attempts early.
How I use it
I simulated SSH brute-force activity with Hydra and validated detection through Wazuh alerts. I also implemented API login rate limiting to reduce brute-force abuse risk.
What it is
Investigating suspicious emails, links, senders, headers, attachments, and indicators.
What it means
Phishing is one of the most common entry points for attackers.
How I use it
I plan to build a project analyzing phishing artifacts and documenting indicators of compromise.
Related Projects
What it is
Searching for suspicious PowerShell activity that may indicate malicious behavior.
What it means
Attackers often use PowerShell for execution, persistence, and defense evasion.
How I use it
I plan to use Windows logs, Sysmon, and SIEM alerts to hunt for suspicious PowerShell patterns.
Related Projects
What it is
Detecting when an attacker moves from one system to another inside a network.
What it means
It is important because many breaches expand after the first compromise.
How I use it
I plan to simulate movement activity and document detection opportunities in logs and SIEM alerts.
Related Projects
What it is
Using indicators of compromise such as IPs, domains, hashes, and file names to investigate threats.
What it means
IOCs help analysts connect activity to known suspicious behavior.
How I use it
I plan to enrich suspicious activity with threat intelligence and document investigation steps.
Related Projects
What it is
Reviewing malware-related alerts to decide severity, scope, and next steps.
What it means
Triage helps determine whether an alert is benign, suspicious, or a real incident.
How I use it
I plan to document alert review, evidence collection, and recommended containment steps.
Related Projects
System Hardening
What it is
Securing Linux systems by reducing unnecessary services, improving access control, and reviewing configurations.
What it means
Hardening reduces attack surface and makes systems more resistant to compromise.
How I use it
I plan to document SSH security, user permissions, firewall settings, updates, and audit checks.
Related Projects
What it is
Securing Windows systems through account controls, logging, policies, and defensive configuration.
What it means
It reduces common weaknesses attackers use on endpoints and servers.
How I use it
I plan to review Windows settings, Sysmon logging, local policies, and security baselines.
Related Projects
What it is
Protecting SSH access through secure configuration, monitoring, and authentication controls.
What it means
SSH is commonly targeted, so it needs strong protection and monitoring.
How I use it
I use SSH logs in my Wazuh lab to detect brute-force attempts and validate alerts.
Related Projects
What it is
Reviewing firewall rules to ensure only necessary traffic is allowed.
What it means
Firewall reviews help reduce exposure and enforce network boundaries.
How I use it
I plan to document rule purpose, risk, allowed services, and recommended changes.
Related Projects
What it is
Securing an Nginx web server through configuration, headers, TLS, logging, and access controls.
What it means
Web servers are exposed to the internet and need careful configuration.
How I use it
I plan to review Nginx security settings and document hardening recommendations.
Related Projects
What it is
Using tools to identify known weaknesses, outdated software, and misconfigurations.
What it means
It helps prioritize remediation before attackers exploit weaknesses.
How I use it
I plan to run scans, validate results, rank risk, and document remediation steps.
Related Projects
Cloud, API & Identity
What it is
Testing APIs for authentication, authorization, input validation, abuse prevention, and data exposure issues.
What it means
APIs often expose sensitive business logic and data, so they must be tested and hardened carefully.
How I use it
I built and tested a Node.js/Express API, identified exposed routes, and implemented JWT authentication, RBAC, rate limiting, Zod validation, and security logging.
Related Projects
What it is
Authentication verifies identity, while authorization controls what an authenticated user is allowed to access.
What it means
Strong auth and access control help prevent unauthorized data exposure, privilege abuse, and insecure endpoint access.
How I use it
I implemented JWT-based login and protected API routes, then used role-based access control to restrict an admin endpoint to authorized users only.
Related Projects
What it is
A token-based authentication method used to prove a user has successfully logged in and can access protected API routes.
What it means
JWTs help APIs avoid exposing protected data without a valid token, but they must be validated carefully.
How I use it
I configured login to issue JWTs and required a Bearer token in the Authorization header before allowing access to protected routes.
Related Projects
What it is
A method for controlling access based on assigned user roles.
What it means
RBAC helps enforce least privilege by making sure users only access functions appropriate to their role.
How I use it
I created an admin-only route and validated that a standard user was denied while an admin user was allowed.
Related Projects
What it is
Checking request data before the application processes it.
What it means
Input validation reduces unexpected behavior and helps protect APIs from malformed or risky requests.
How I use it
I used Zod schemas to validate login requests and reject weak or malformed input before authentication logic processed the request.
Related Projects
What it is
Restricting how many requests a client can make within a defined time window.
What it means
Rate limiting reduces brute-force attempts, abuse, and noisy attack behavior against authentication endpoints.
How I use it
I applied rate limiting to the API login route and validated that repeated failed attempts were blocked after the threshold.
Related Projects
What it is
Recording important security events so suspicious behavior can be reviewed and investigated.
What it means
Security logs support detection, troubleshooting, investigation, and future SIEM integration.
How I use it
I logged invalid input, failed logins, missing tokens, invalid tokens, and unauthorized admin access attempts in the API security project.
Related Projects
What it is
Understanding cloud identity, networking, storage, logging, and configuration risks.
What it means
Cloud environments require secure configuration and continuous monitoring.
How I use it
I use cloud security concepts when planning architecture, IAM review, API deployment, and misconfiguration projects.
What it is
Finding insecure cloud settings such as public exposure, weak permissions, or missing logging.
What it means
Misconfigurations are a common cause of cloud security incidents.
How I use it
I plan to document cloud findings, risk impact, and secure configuration recommendations.
Related Projects
What it is
Reviewing users, roles, permissions, and access patterns.
What it means
Strong IAM reduces the chance of privilege abuse and unauthorized access.
How I use it
I plan to review least privilege, excessive permissions, and account access risks.
Related Projects
What it is
Giving users and systems only the access they need to perform their job.
What it means
It limits damage if an account or system is compromised.
How I use it
I apply least privilege thinking to network architecture, IAM review, and API role-based access control.
What it is
Planning what events should be logged, where they should go, and how they should be reviewed.
What it means
Good logging makes detection, investigation, and compliance much stronger.
How I use it
I added security event logging to the API project and plan to expand this into broader SIEM/logging coverage.
Related Projects
Tools & Lab Environment
What it is
A local virtualization setup for running isolated lab machines.
What it means
VM labs let security learners safely simulate attacks, collect evidence, and test defenses.
How I use it
I use VirtualBox to run Kali, Linux, Windows, and Wazuh lab systems.
What it is
A Linux distribution commonly used for security testing and lab simulations.
What it means
It provides tools used for scanning, testing, and controlled attack simulation.
How I use it
I use Kali in my lab to simulate attacker activity against test systems.
Related Projects
What it is
A tool used to test login brute-force scenarios in controlled environments.
What it means
It helps defenders understand what brute-force activity looks like in logs.
How I use it
I used Hydra to generate SSH brute-force activity for Wazuh detection testing.
Related Projects
What it is
A VS Code extension used to test API requests and responses.
What it means
It helps validate how APIs behave, including authentication, headers, request bodies, and security responses.
How I use it
I used Thunder Client to test login, JWT-protected routes, admin access controls, rate limiting, input validation, and security logging evidence.
Related Projects
What it is
A JavaScript runtime and web framework used to build backend APIs.
What it means
Understanding backend API development helps identify where security controls must be implemented.
How I use it
I built a REST API in Node.js/Express and then hardened it with authentication, authorization, validation, rate limiting, and logging.
Related Projects
What it is
A schema validation library used to verify application input before processing it.
What it means
Schema validation helps reduce malformed input and unexpected behavior in APIs.
How I use it
I used Zod to enforce login request requirements and return validation errors for invalid input.
Related Projects
What it is
An Express middleware used to limit repeated requests to an endpoint.
What it means
It helps reduce brute-force attempts and abusive request patterns.
How I use it
I used Express Rate Limit to restrict repeated login attempts and validate that abusive behavior was blocked.
Related Projects
What it is
A network scanning tool used to discover hosts, ports, and services.
What it means
It helps identify exposed services and possible attack surface.
How I use it
I use Nmap concepts for discovery, validation, and vulnerability scan planning.
Related Projects
What it is
A packet analysis tool used to inspect network traffic.
What it means
It helps analysts understand communication patterns and suspicious network behavior.
How I use it
I plan to use Wireshark in phishing, web log, and traffic analysis projects.
Related Projects
What it is
A Windows system monitoring tool that records detailed endpoint activity.
What it means
It gives defenders deeper visibility into process, network, and file activity.
How I use it
I plan to use Sysmon logs for Windows hardening and PowerShell threat hunting.
Related Projects
Documentation & Reporting
What it is
Writing clear technical and professional security documents.
What it means
Good documentation helps others understand risks, evidence, decisions, and next steps.
How I use it
I document project goals, lab setup, API controls, commands, screenshots, findings, and lessons learned.
What it is
Collecting screenshots, logs, alerts, commands, and timelines to prove what happened.
What it means
Evidence makes a project credible and reviewable.
How I use it
I collect Wazuh alerts, terminal output, API responses, configuration files, and troubleshooting notes.
What it is
Clear explanations of technical work, including setup, process, results, and lessons learned.
What it means
Writeups show how someone thinks, solves problems, and communicates technical findings.
How I use it
I write project case studies that explain the problem, lab, detection logic, API controls, and results.
What it is
Documenting risks, severity, likelihood, impact, and recommended actions.
What it means
Risk registers help track and prioritize security work.
How I use it
I use risk registers to support architecture and assessment-style projects.
Related Projects
What it is
Short, clear summaries written for non-technical readers.
What it means
Security findings need to be understandable to managers, not just technical teams.
How I use it
I summarize project goals, findings, risks, controls, and recommendations in plain language.
Engineering & Development Background
What it is
A React framework used to build modern web applications and websites.
What it means
For cybersecurity, development knowledge helps with secure design, API security, and technical communication.
How I use it
I use Next.js to build this cybersecurity portfolio and organize projects, skills, and evidence.
Related Projects
What it is
A JavaScript library for building reusable user interface components.
What it means
It helps me build structured, maintainable portfolio pages and security dashboards.
How I use it
I use React components for project cards, skill cards, navigation, and portfolio layout.
Related Projects
What it is
A typed version of JavaScript that helps catch errors and improve code quality.
What it means
Strong typing supports safer, more maintainable applications.
How I use it
I use TypeScript to structure project and skill data in my portfolio.
Related Projects
What it is
Building backend application logic and APIs using JavaScript-based tools.
What it means
Backend development knowledge helps identify where authentication, authorization, validation, and logging controls belong.
How I use it
I built a Node.js/Express REST API and used that foundation to demonstrate practical API hardening.
Related Projects
What it is
Building both front-end interfaces and back-end application logic.
What it means
It helps me understand how applications are built and where security risks can appear.
How I use it
I use my development background to understand API security, web risks, architecture, and secure design.
Related Projects
What it is
Using data, reporting, and analysis to support better decisions.
What it means
In security, BI thinking helps turn logs, alerts, and findings into useful reports.
How I use it
I use BI skills to organize findings, explain trends, and make security information easier to understand.