I'm a cybersecurity practitioner focused on Blue Team operations, including threat detection, incident investigation, SIEM, digital forensics, phishing analysis, and network forensics. I build hands-on SOC and DFIR projects through TryHackMe, CyberDefenders, and industry workshops.
Currently open to SOC Analyst L1 and Digital Forensics roles and blue team internships.
SIEM & Security Monitoring
Digital Forensics
Cryptography & PKI
Languages & Scripting
Platforms & Infrastructure
Phishing Investigation Case Study
| Attribute | Details |
|---|---|
| Objective | Conduct a structured phishing email investigation using header analysis, URL inspection, and sandbox detonation |
| Tools | Email header analyzers · URLScan.io · VirusTotal · Any.run · Wireshark |
| Detection Logic | SPF/DKIM/DMARC validation failures, suspicious sender patterns, C2 callback detection |
| MITRE ATT&CK Mapping | T1566.001 (Spearphishing Attachment), T1566.002 (Spearphishing Link), T1204 (User Execution) |
| Security Impact | Documented a complete phishing investigation playbook applicable to real SOC triage workflows |
| Repository | https://github.com/poojanoochila/phishing-incident-analysis |
EDR Threat Detection & Response
| Attribute | Details |
|---|---|
| Objective | Simulate an endpoint compromise and investigate it end-to-end using Microsoft Defender for Endpoint |
| Tools | Microsoft Defender for Endpoint · MITRE ATT&CK |
| Detection Logic | Investigated malicious process behavior, extracted IOCs including suspicious file paths and lateral network connections, and correlated each stage of the attack chain against MITRE ATT&CK |
| Security Impact | Produced a formal SOC-style incident report covering attack timeline, containment actions taken, and recommended remediation steps |
| Repository | https://github.com/poojanoochila/endpoint-malware-detection-response |
CyberOps — AI-Powered SOC Analyst Training Simulator
| Attribute | Details |
|---|---|
| Objective | Build an interactive training platform that simulates SOC alert triage scenarios using a live LLM backend |
| Stack | FastAPI · MongoDB (Motor) · Groq LLaMA 3.3 70B · React · JWT Auth |
| Key Features | Role-based login, scenario randomisation, session logging for review |
| Security Impact | Trainees investigate realistic synthetic alerts through guided prompts and receive AI-generated feedback on triage decisions without requiring access to a live SIEM |
| Repository | https://github.com/poojanoochila/cyberops-soc-analyst-training-platform |
SIEM Log Analysis Dashboard
| Attribute | Details |
|---|---|
| Objective | Build a visual log analysis interface that maps parsed security events to MITRE ATT&CK techniques |
| Stack | React (Vite + Tailwind) · Recharts · FastAPI · MITRE ATT&CK · VirusTotal API |
| Detection Logic | Ingests structured log data, enriches IOCs using the VirusTotal API, and displays detections with ATT&CK tactic and technique annotations |
| Security Impact | Designed to practice SPL-style querying logic and detection rule thinking outside of a full Splunk environment |
| Repository | https://github.com/poojanoochila/soc-dashboard-siem-simulator |
Login Anomaly Detection System
| Attribute | Details |
|---|---|
| Objective | Build an ML-powered detection system that identifies suspicious login behaviour and surfaces alerts through a web dashboard |
| Stack | Python · Scikit-learn · Pandas · NumPy · Flask · Matplotlib · Seaborn |
| Detection Logic | Random Forest classifier trained on login event features with preprocessing, model evaluation, and real-time anomaly scoring |
| Key Features | Secure authentication, admin dashboard, password hashing, session management, structured audit logging |
| Repository | https://github.com/poojanoochila/login-anomaly-detection |
Secure Password Strength Analyzer
| Attribute | Details |
|---|---|
| Objective | Evaluate password strength using entropy calculation and pattern analysis with real-time user feedback |
| Stack | Python · Flask · HTML/CSS/JS |
| Detection Logic | Entropy scoring and pattern detection including keyboard walks, common substitutions, and dictionary patterns |
| Key Features | Entropy-based scoring, pattern detection, real-time policy feedback |
| Repository | https://github.com/poojanoochila/Password-Strength-Analyzer |
Blue team learning path focused on SOC operations, SIEM detection, and incident response. Completed rooms covering Splunk, Wazuh, Microsoft Sentinel, network analysis, and threat hunting workflows.
→ | https://github.com/poojanoochila/tryhackme-challenges |
Blue team challenge platform — investigations across forensics, network traffic analysis, malware triage, and endpoint detection scenarios. Each challenge writeup includes methodology, tool usage, and key findings.
→ | https://github.com/poojanoochila/cyberdefenders-challeges |
Web Development Intern — The Web People (April 2026 – June 2026) Contributed to frontend development with a focus on secure coding practices: input validation, secure rendering, authentication handling, and minimising data exposure risks in client-server interactions. Applied OWASP principles throughout the development lifecycle and maintained documentation standards across cross-functional sprint deliverables.
| Cybersecurity & Digital Forensics Workshop | Industry-led hands-on training covering disk imaging with FTK Imager and Magnet Acquire, artifact analysis with Autopsy and HxD, and applied cryptography including PKI, RSA, and SHA hashing |
| CyberPeace First Responders | Incident response awareness training — digital first responder protocols |
| Ethical Hacking Workshop | Delivered a practical session covering Nmap, Wireshark, and VirusTotal for a student audience |
| picoCTF | Forensics and network security challenge track |