Based in Jordan 🇯🇴 | Building defensive security solutions one log at a time
name: Ahmad Abuzarqa
role: SOC Analyst Trainee
location: Jordan 🇯🇴
education: B.Sc. Cybersecurity (Graduating Oct 2026)
focus_areas:
- Threat Detection & Response
- Detection Engineering
- Ransomware Defense Research
- Linux Endpoint Security (eBPF)
currently_learning:
- CyberDefenders CCDL1
- Advanced Threat Hunting
- Sigma Rule DevelopmentReal-time ransomware detection and auto-containment system for Linux endpoints. Combines entropy analysis, canary files, process lineage scoring, and AI threat classification.
Stack: Python • eBPF • FastAPI • Celery • Redis • PostgreSQL • React
Open-source Managed Detection & Response home lab. Full stack: Wazuh + TheHive + Cortex + n8n SOAR + pfSense/Suricata. Mapped to MITRE ATT&CK techniques.
Stack: Wazuh • Docker • TheHive • Cortex • n8n • pfSense • Suricata
A real-world PUP incident response case study following the PICERL framework. Demonstrates CPU time accumulator analysis, multi-layer persistence hunting, and MITRE ATT&CK mapping.
Stack: PowerShell • MITRE ATT&CK • Sigma • Windows Forensics
- 🛡️ CyberDefenses CCDL1 — Blue Team Level 1 (Active)
- 🔐 Microsoft SC-900 — Security, Compliance, and Identity Fundamentals
- 🌐 Cisco Cybersecurity Essentials
- TryHackMe SOC Level 1 Path
- BTL1 (Blue Team Level 1) Labs
- CyberDefenders Blue Team Labs
$ whoami --interests
├── 🔍 Threat Hunting (Sigma + KQL + SPL)
├── 🧬 Detection Engineering at Scale
├── 🐧 eBPF for Endpoint Security
├── 🤖 SOAR Automation (n8n + TheHive)
└── 📊 Statistical Anomaly Detection for SOC
