S.AbdulRehman Cyber Portfolio

About Me

💥 From curiosity to capability — I don't just study cybersecurity, I practice it daily.

🎓 BCA student targeting an L1 SOC Analyst role, passionate about AI-driven threat detection and real-world SOC operations.

🛡️ Hands-on with Microsoft Defender XDR, SIEM investigations, Malware Traffic Analysis, OSINT Intelligence, Phishing Analysis, and Web Attack Investigation — validated through LetsDefend SOC skill badges.

🌍 Open to SOC Analyst internships and global opportunities in Saudi Arabia, UAE, and beyond.

Core Skills

Threat Detection

SIEM Investigation

Microsoft Defender XDR

OSINT Intelligence

Cybersecurity Skill Intelligence

🔍 Real-World Security Case Studies

AI Security SOC Assistant – Agentic AI

Automated SOC workflow using AI multi-agent architecture to optimize threat detection and reduce response time.

Problem: Manual SOC operations caused delays in alert triage and incident response, increasing attacker dwell time and mean time to respond (MTTR).

Detection Logic: AI agents handled both noisy exploit chains — such as mass failed login attempts and port scans — and subtle logic bypasses like slow lateral movement and low-frequency beaconing that single-rule SIEM alerts would miss. Alerts were correlated across multiple log sources to build high-confidence threat chains before escalation.

Automated Playbook:

🔴 Alert Triggered in SIEM
🤖 AI Triage Agent auto-scores severity
🔍 Log Correlation Engine cross-checks endpoint + network logs
⚡ If high severity → Auto-Escalate to L2 + create incident ticket
✅ If false positive → Auto-Close with documented reasoning
📊 MTTR tracked and logged per incident automatically

MTTR Impact: Automated triage reduced mean time to respond by ~60%, cutting manual investigation from ~45 minutes to under 18 minutes per alert — directly limiting attacker dwell time.

Business Impact: Faster response reduces breach exposure window, lowers cost per incident, and allows the SOC team to focus on high-priority threats instead of manual triage.

Tools: Python, AI Agents, Log Analysis, SIEM

🤖 View full AI SOC automation workflow

OSINT Threat Investigation

Real-world threat validation using OSINT tools and intelligence correlation to identify phishing infrastructure before it impacts users.

Problem: Identifying active phishing infrastructure early — preventing credential theft, data loss, and unauthorized access to internal systems.

Detection Logic: Investigation targeted both noisy indicators — newly registered domains with obvious phishing patterns — and subtle bypasses like aged domains with clean history that were recently weaponized. Cross-correlated domain registration data, IP reputation scores, and SSL certificate history across VirusTotal, Urlscan.io, and Whois — identifying 3 confirmed malicious IOCs linked to an active phishing campaign.

Automated Playbook:

🚨 Suspicious URL or domain reported
🔍 Auto OSINT scan — VirusTotal + Urlscan.io + Whois
🔗 IOC Correlation across threat intel platforms
⚡ If malicious confirmed → Auto-block at firewall + DNS level
📝 Auto-generate incident report with evidence
📊 MTTR logged — from report to block in under 20 minutes

MTTR Impact: Structured OSINT playbook reduced investigation and response time from hours to under 20 minutes — enabling faster containment before the phishing campaign could reach users.

Business Impact: Early identification of phishing infrastructure prevented potential credential compromise — protecting user accounts and reducing risk of unauthorized access to internal systems.

Tools: VirusTotal, Urlscan.io, Whois, Threat Intelligence Platforms

🌐 Investigation Evidence Included in Report