I'm Nazar

I'm a Junior SOC Analyst.

Blue Team Security.

AWS | Splunk | MITRE ATT&CK.

Welcome

based in Warsaw, Poland.

Hire Me

About Me

Know Me More

I'm Nazar Lysyk, Junior SOC Analyst | Blue Team Security

I'm a Junior SOC Analyst passionate about blue team security and threat detection. Over the past months I built a fully automated threat detection platform on AWS — a real SSH honeypot that attracted attackers from 8 countries within hours, integrated with Splunk SIEM for real-time monitoring and MITRE ATT&CK mapping.

My background in Linux, AWS and Terraform gives me a strong technical foundation to understand infrastructure — not just alerts. I detected a real Docker container escape attempt (MITRE T1611) from an IP confirmed malicious by 11/94 VirusTotal vendors, and documented it in a full IR Playbook. I'm looking for my first SOC L1 role where I can grow in threat analysis and incident response.

Download CV

500+

Events Indexed in Splunk

8

Countries — Real Attackers

3

IR Playbooks Written

2

AWS Certifications

What I Do

SOC & Security Operations

SIEM & Log Analysis

Building Splunk dashboards, writing SPL queries, configuring HEC pipelines and correlation rules to detect real-world threats in real time.

Threat Detection & Honeypot

Deploying and operating Cowrie SSH honeypots to collect real attack data, analyze attacker TTPs and map findings to MITRE ATT&CK framework.

Incident Response

Writing and executing IR Playbooks based on real incidents — SSH brute force, command execution, Docker escape attempts and suspicious country access.

Cloud Security (AWS)

Securing AWS environments with CloudTrail monitoring, IAM least privilege, Security Groups, VPC isolation and Terraform-managed infrastructure as code.

Network Security

Configuring firewalls (UFW, AWS Security Groups), VPN (Tailscale ACL), SSH hardening and analyzing network traffic with Wireshark.

Threat Intelligence

Analyzing malicious IPs using VirusTotal, AbuseIPDB, IPsum and NERD CESNET. Cross-referencing IoCs with multiple threat intelligence feeds.

Skills

My Skills

Security & SOC Skills

SIEM & Detection
Splunk Enterprise SPL Queries HEC Dashboards MITRE ATT&CK
Linux Security
Linux Hardening SSH UFW / iptables sudoers auditd fail2ban
Cloud Security · AWS
CloudTrail IAM VPC GuardDuty Security Hub S3 Policies
DevSecOps & IaC
Docker Kubernetes Terraform CI/CD
Monitoring & Incident Response
Prometheus Grafana CloudWatch IR Playbooks Threat Intelligence
Download CV

Projects

My Security Projects

🛡️ Threat Detection Platform — SOC Home Lab

A fully automated threat detection platform built on AWS. Deployed a public-facing Cowrie SSH honeypot that attracted real attackers from 8 countries within 24 hours. Integrated with Splunk SIEM via HEC pipeline for real-time log analysis, MITRE ATT&CK mapping, and Discord alerting.

  • 500+ events indexed — India (76), China (69), Brazil (17), USA (16)
  • Detected Docker escape attempt T1611 — 11/94 VirusTotal malicious
  • Splunk dashboard: geo map, MITRE ATT&CK, timeline, top attackers
  • Tailscale ACL, UFW, SSH hardening, CloudTrail → Splunk
  • 3 IR Playbooks based on real incidents
Splunk AWS EC2 Terraform MITRE ATT&CK Docker Tailscale
View on GitHub
# Real attack detected
31.56.209.39 [UAE]
SSH-2.0-Go client
login: root / "" → SUCCESS
CMD: cat /proc/1/mounts
⚠ T1611 Container Escape
VirusTotal: 11/94 malicious
→ IR Playbook triggered

Splunk SIEM Dashboard

6-panel dashboard with geo map, MITRE ATT&CK techniques, attack timeline, top attackers and password analysis.

Splunk SPL HEC
View Project

AWS CloudTrail → Splunk

Full CloudTrail integration with Splunk for AWS API monitoring. Detects suspicious IAM activity, EC2 changes and S3 access patterns.

CloudTrail S3 Splunk
View Project

Contact

Get in Touch

Address

Warsaw, Poland

(+48) 578 772 930

nazarlysyk.official@gmail.com

Follow Me

Send a message