Skip to content
View adamalizeerj's full-sized avatar

Highlights

  • Pro

Block or report adamalizeerj

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
adamalizeerj/README.md

Adam

Cybersecurity undergraduate focused on detection engineering, cloud security, and security automation. I design, build, and document defensive systems end to end, telemetry pipelines, behavioral detections, and automated incident response, as reproducible IaC, then validate them with adversary emulation.

CompTIA Security+ certified. CySA+ in progress. Graduating 2028.

Focus Areas

  • Detection Engineering — behavioral and signature-based detections, alert tuning, false-positive reduction, MITRE ATT&CK mapping
  • Cloud Security — AWS and Azure telemetry, IAM analysis, audit logging, threat detection
  • Security Automation / SOAR — orchestrated, auditable incident response with human-in-the-loop controls
  • Incident Response — triage, containment, forensic evidence capture, runbook development
  • Infrastructure-as-Code — reproducible security infrastructure built and torn down with Terraform

Certifications

  • CompTIA Security+
  • CompTIA CySA+ (in progress)

Selected Projects

AWS Behavioral Anomaly Detection with SOAR Auto-Response

A behavioral detection-and-response pipeline built entirely on native AWS services and managed with Terraform. It learns each IAM principal's normal behavior, flags activity that deviates from that baseline, and runs an automated, human-gated incident response playbook, containment, forensic evidence capture, notification, and incident ticketing.

  • Per-principal behavioral baselining with ASN enrichment and a warm-up guard, backed by DynamoDB
  • Six-step Step Functions playbook with a native callback-token human-approval gate
  • Detections and responses mapped to MITRE ATT&CK for Cloud and D3FEND
  • SOC-style runbooks and a full architecture diagram included

View repository →

DNS Tunneling Detection & Vulnerability Management

A full vulnerability-management-lifecycle lab, from discovery through verified remediation, simulating a covert C2 channel tunneled through DNS, a technique that evades perimeter controls because firewalls rarely inspect DNS contents.

  • Five-VM isolated lab on Apple Silicon (pfSense, Windows victim, BIND9 resolver, Kali attacker, Wazuh SIEM)
  • Discovered via internal red-team simulation, scored with CVSS 4.0, mapped to ATT&CK T1071.004 and T1572
  • Four-control defense-in-depth remediation aligned to NIST SP 800-40r4 and the CISA Vulnerability Management Lifecycle
  • Custom Suricata rules, BIND9 Response Policy Zones, manual ARM64 Wazuh stack, and Slack alerting, with end-to-end remediation verification

View repository →

Skills & Tooling

Cloud & SOC

AWS Microsoft Azure Microsoft Sentinel

SIEM & Detection

Wazuh Elastic Sysmon Suricata

Automation & Infrastructure-as-Code

Terraform Python Docker Bash Git

Network Security

pfSense Wireshark

Adversary Emulation & Detection Validation

Kali Linux Nmap

Frameworks & Standards

MITRE ATT&CK NIST

GitHub Activity

GitHub Stats Top Languages

Pinned Loading

  1. dns-tunnel-vuln-mgmt dns-tunnel-vuln-mgmt Public

    End-to-end vulnerability management exercise for DNS tunneling, following NIST 800-40r4 and CISA VM lifecycle