Skip to content
View andresscyber's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report andresscyber

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
andresscyber/README.md

Hi, I'm Andres 👋

Detection Engineering • Cloud Security • Threat Hunting
B.S. Information Technology • M.S. Cybersecurity & Information Assurance
Los Angeles, CA • EmailLinkedIn


Cybersecurity professional with hands-on experience designing and implementing enterprise-style Detection Engineering, DevSecOps, SIEM, Active Directory, and AWS Cloud Security projects focused on threat detection, security automation, continuous compliance, and incident response.


🧭 Focus

  • Detection Engineering
  • Threat Hunting
  • Security Monitoring & Incident Detection
  • SIEM Engineering
  • Cloud Security
  • DevSecOps
  • Infrastructure as Code
  • Windows Endpoint Telemetry

🛡️ Certifications

  • CompTIA PenTest+
  • CompTIA CySA+
  • CompTIA Security+
  • AWS Certified Cloud Practitioner
  • ITIL 4 Foundation
  • CompTIA Network+
  • CompTIA A+
  • LPI Linux Essentials

🧰 Technologies & Tools

Wazuh · Splunk · Sysmon · Elastic Stack

AWS (IAM, S3, Lambda, CloudWatch, SNS, EventBridge, CloudTrail, AWS Config, ECR)

Terraform · GitHub Actions · Checkov · TFLint · Python

Windows · Linux · PowerShell · Bash

Wireshark · MITRE ATT&CK · Git/GitHub


🚀 Featured Projects


Designed and implemented a detection engineering lab using Wazuh and Sysmon to create custom detections for PowerShell execution, user account creation, and privileged group membership changes mapped to MITRE ATT&CK techniques.

Key Skills

  • Detection Engineering
  • Threat Hunting
  • Custom SIEM Rule Development
  • Windows Security Monitoring
  • MITRE ATT&CK Mapping

Technologies

Wazuh · Sysmon · Windows 10 · Ubuntu Server


Designed and implemented an event-driven AWS DevSecOps pipeline that provisions secure cloud infrastructure using Terraform, validates Infrastructure as Code through GitHub Actions, Checkov, and TFLint, continuously monitors Amazon S3 compliance using AWS Config, and automatically remediates insecure cloud configurations with AWS Lambda and Amazon EventBridge.

Key Skills

  • Cloud Security Engineering
  • DevSecOps
  • Infrastructure as Code
  • Continuous Compliance
  • Security Automation
  • Event-Driven Architecture
  • Least Privilege IAM

Technologies

Terraform · GitHub Actions · Checkov · TFLint · AWS Config · Amazon EventBridge · AWS Lambda · Amazon S3 · CloudWatch · IAM · Python


Designed and implemented an enterprise Active Directory environment with a Windows Server domain controller, Windows 11 endpoint, Sysmon, and Wazuh to simulate identity attacks, privilege escalation, and security monitoring workflows.

Key Skills

  • Active Directory
  • Identity Security
  • Windows Security
  • Threat Detection
  • SIEM Monitoring

Technologies

Windows Server 2022 · Windows 11 · Active Directory · Sysmon · Wazuh


Built a Detection-as-Code pipeline using Sigma rules and GitHub Actions to automatically validate detection content before deployment, demonstrating modern security engineering workflows and CI/CD integration.

Key Skills

  • Detection Engineering
  • Detection-as-Code
  • CI/CD
  • Security Automation
  • Sigma Rule Validation

Technologies

GitHub Actions · Sigma · Python · YAML


Built a serverless malware scanning solution that automatically scans files uploaded to Amazon S3 using ClamAV running inside containerized AWS Lambda functions. The solution identifies malicious files, applies security tags, and generates automated notifications through Amazon SNS.

Key Skills

  • Cloud Security
  • Security Automation
  • Malware Detection
  • Serverless Security
  • AWS Security Monitoring

Technologies

AWS Lambda · Amazon S3 · Amazon ECR · Amazon SNS · CloudWatch · Docker · Python · ClamAV


Designed and implemented a SIEM detection lab focused on identifying and investigating SSH brute-force activity through centralized log collection, dashboards, and security monitoring workflows.

Key Skills

  • SIEM Monitoring
  • Log Analysis
  • Incident Investigation
  • Authentication Monitoring

Technologies

Splunk · Linux · SSH · Syslog


Built a serverless security monitoring solution leveraging AWS Lambda, CloudWatch, and Amazon SNS to automate event collection and alerting.

Key Skills

  • Cloud Monitoring
  • Event Logging
  • Security Alerting
  • AWS Services

Technologies

AWS Lambda · CloudWatch · Amazon SNS · IAM


🗺️ Project Roadmap

  • Linux User Management Script
  • AWS Serverless Security Logger
  • Splunk SSH Brute Force Detection Lab
  • AWS Serverless Malware Scanning Pipeline
  • Wazuh Detection Engineering Lab
  • Active Directory Attack & Defend Lab
  • Detection-as-Code Pipeline
  • AWS DevSecOps & Automated Cloud Remediation Pipeline

🎯 Career Focus

Current Target Roles

  • SOC Analyst
  • Security Analyst
  • Cybersecurity Analyst
  • Security Operations Analyst
  • Detection Engineer
  • Security Engineer
  • Cloud Security Engineer
  • DevSecOps Engineer

Long-Term Goal

  • Senior Cloud Security Engineer

📫 Contact

Pinned Loading

  1. wazuh-detection-engineering-lab wazuh-detection-engineering-lab Public

    Detection Engineering Lab using Wazuh, Sysmon, custom detections, threat hunting, and MITRE ATT&CK mapping.

  2. aws-devsecops-remediation-pipeline aws-devsecops-remediation-pipeline Public

    AWS DevSecOps pipeline using Terraform, GitHub Actions, Checkov, AWS Config, EventBridge, and Lambda for automated cloud compliance remediation.

    HCL

  3. active-directory-attack-defend-lab active-directory-attack-defend-lab Public

    Active Directory attack and defense lab using Windows Server 2022, Sysmon, Wazuh, custom detections, threat hunting, and MITRE ATT&CK mapping.

  4. detection-as-code-pipeline detection-as-code-pipeline Public

    Detection-as-Code pipeline using Sigma rules, GitHub Actions, and automated rule validation.

  5. splunk-ssh-bruteforce-lab splunk-ssh-bruteforce-lab Public

    Splunk SIEM lab detecting brute-force SSH attempts with forwarded logs from a Linux victim.

  6. aws-serverless-malware-scanning-pipeline aws-serverless-malware-scanning-pipeline Public

    Cloud security project demonstrating serverless malware scanning, event-driven automation, monitoring, and alerting using AWS S3, Lambda, ECR, CloudWatch, SNS, Docker, and Python.