Cybersecurity • Engineering • Governance
Building a hands-on security lab focused on attack simulation, detection engineering, automation, and governance.
Roadmap
This roadmap outlines the systems I’m building to simulate attacks, detect them, and automate response inside a personal security lab.
Each phase builds toward a practical SOC-style environment.
PHASE 1 · FOUNDATION
Simulates real-world attacks in a controlled environment using attacker and victim virtual machines. Generates realistic logs and artifacts for detection experiments.
Focus areas
Build a personal SOC-style monitoring environment that collects and analyzes logs from the attack lab.
Stack
PHASE 2 · DETECTION & AUTOMATION
A Python tool that parses security logs, enriches suspicious IP addresses, and generates automated incident reports.
Features
Aggregates threat intelligence feeds and normalizes indicators of compromise for use in the SOC lab.
Sources
PHASE 3 · HUMAN + AI
Simulates phishing campaigns to measure user awareness and analyze click behavior.
Metrics
Explores how organizations can safely use local AI models for security workflows.
Focus
Building detection logic and telemetry pipelines inside the SOC lab.
Designing the infrastructure that powers attack simulation, monitoring, and automation.
Mapping operational controls to measurable security outcomes and ownership.
Case studies
The roadmap above outlines the lab build sequence for 2026. Detailed case studies will be added here as projects move from Planned to In Progress to Completed.