William | Cybersecurity & SOC Analyst

5/ The path I am following: Understanding first. Practice second. Certifications as a result not the other way around. Cybersecurity is not a field for people who stop learning. If you are building real skills not just collecting certs, this page is for you.

Everyone told me to get Security+. Nobody told me what to do after. That gap between certification advice and real career readiness is exactly what I'm building in public. 1/5

If you make assumptions, communicate unclearly, or base findings on guesswork, you are not helping the business. Evidence. Facts. Clear findings. That is the job.

- Re-scan → all ports now filtered - ufw.log → block corroborated on defender side README in SOC Tier 1 Incident Report format. MITRE T1046 mapped. Evidence documented end to end. https://t.co/DJEjkZA8ec 5/5

The full evidence chain: - Baseline → documented open ports before attack - tcpdump → 2198 packets captured during scan - Detector → flagged 1000 ports in 37.7ms - Alert log → SIEM-ready structured output - UFW → deny rule inserted at position 1

The full breakdown. A SOC without a baseline reacts to everything and understands nothing. The tool tells you something happened. The baseline tells you whether you should care. That's what turns someone who detects events into someone who investigates them.

The technical payoff: Once a baseline exists, deviation becomes the signal. Failed logins at 3am from a new IP? Only suspicious if you know the box never sees that. A process spawning cmd.exe? Only matters if it never did before. Context turns noise into evidence.