Security Projects

Welcome to my security portfolio. This section showcases hands-on projects focused on cloud security, identity architecture, threat detection, encryption, network segmentation, privilege management, and governance across AWS and Azure environments.

Web Application Security

Web Application Security Fundamentals & Vulnerability Analysis Role: Web Application Security Analyst
Focus: XSS, HTML Injection, Sensitive Data Exposure, Parameter Tampering, CVE Analysis
Skills: HTTP Analysis, Input Validation Testing, Vulnerability Classification, Secure Coding Principles, CVSS Risk Assessment
Web Requests Analysis & HTTP Protocol Manipulation using cURL Role: Web Application Security Analyst
Focus: HTTP Protocol Analysis, Request Manipulation, API Interaction, Session Handling
Skills: cURL, HTTP Methods (GET/POST), Header Analysis, Cookie Handling, API Testing, Browser DevTools
Web Application Traffic Analysis & HTTP Request Manipulation Role: Web Application Security Analyst
Focus: HTTP Protocol Analysis, Request Manipulation, API Interaction
Skills: cURL, HTTP Methods (GET/POST), Header Analysis, Session Handling, API Testing, Browser DevTools

Network Traffic Analysis & Monitoring

Network Traffic Analysis & Threat Detection using Wireshark and Tcpdump Role: Network Security Analyst
Focus: Threat Detection, Packet Analysis, Network Forensics, Suspicious Traffic Investigation
Skills: Wireshark, Tcpdump, TCP/IP Analysis, DNS/HTTP/HTTPS Inspection, PCAP Analysis, Incident Response
Network Traffic Analysis using Wireshark (ICMP Packet Inspection) Role: Network Security Analyst
Focus: Packet Inspection, ICMP Analysis, ARP Resolution, Layer 2 vs Layer 3 Behavior
Skills: Wireshark, ICMP, ARP, Packet Capture Analysis, Network Troubleshooting, Traffic Inspection

Cloud Security Assessment & Governance

Conducting a Cloud Misconfiguration & Privilege Escalation Security Assessment on AWS Role: Cloud Security Analyst (Offensive Security & Risk Analysis)
Focus: IAM Privilege Escalation, Snapshot Exposure, Metadata Exploitation, Cloud Attack Surface Analysis
Skills: AWS IAM, Amazon S3, EC2 Snapshots, Instance Metadata Service (IMDS), AWS CLI, Policy Inspection, Privilege Escalation Analysis, Risk Mitigation Strategy
Serverless Security Assessment: IAM Privilege Escalation via Vulnerable AWS Lambda Role: Cloud Security Analyst (Serverless Application Security & IAM Assessment)
Focus: Lambda Code Vulnerability Analysis, Role Assumption Exploitation, Policy Injection, Secrets Exposure
Skills: AWS Lambda, IAM Role Assumption, AWS Secrets Manager, SQL Injection Analysis, Privilege Escalation Path Mapping, Secure Coding Review
AWS IAM Privilege Escalation Assessment: Policy Version Rollback Abuse (CloudGoat) Role: Cloud Security Analyst (IAM Governance & Privilege Escalation Assessment)
Focus: IAM Policy Versioning Risk, Least Privilege, Governance Controls
Skills: AWS IAM, Managed Policy Versioning, AWS CLI, CloudTrail Audit Concepts, Privilege Escalation Path Mapping

Azure Security & Monitoring Architecture

Azure Security and Monitoring Implementation Role: Cloud Security Engineer
Focus: Centralized Monitoring, Threat Detection & Incident Response
Skills: Azure Monitor, Log Analytics, Microsoft Sentinel, KQL, Logic Apps, Microsoft Defender for Cloud, Just-In-Time VM Access

Network Security Architecture

Layer 2 Network Segmentation & Switch Security Architecture Role: Network Security Engineer
Focus: VLAN Segmentation, Switch Hardening, DHCP Snooping, Port Security
Skills: Cisco IOS, VLANs, 802.1Q Trunking, Port Security, BPDU Guard, DHCP Snooping
Building a Routed and Switched Cisco Network in Packet Tracer Role: Network Security / Infrastructure Engineer
Focus: Inter-Subnet Routing, Default Gateway Design, Connectivity Verification
Skills: Cisco IOS, Routing, Switching, IPv4/IPv6 Addressing, Packet Tracer, Troubleshooting
Enterprise Wireless Network Security Architecture using Cisco WLC Role: Network Security Engineer
Focus: Secure WLAN Deployment, WPA2 Authentication, RADIUS Integration, VLAN Segmentation
Skills: Cisco WLC, WPA2-Personal, WPA2-Enterprise, RADIUS Authentication, VLAN Design, Wireless Network Security
Secure Network Connectivity Architecture: Site-to-Site IPsec VPN Implementation Role: Network & Cloud Security Engineer
Focus: Network-Layer Encryption, Secure Tunnel Establishment, IPsec & ISAKMP Configuration
Skills: IPsec, ISAKMP (IKEv1), Cisco IOS, Crypto Maps, ACL-Based Traffic Classification, Secure Tunnel Verification
Implementing Network Security with Azure Firewall Role: Cloud Security Engineer
Focus: Network Segmentation & Traffic Inspection
Skills: Azure Firewall, Network Rules, Application Rules, DNS Configuration, Route Tables, Azure Virtual Networks
Implementing Network Security with Azure NSGs and ASGs Role: Cloud Security Engineer
Focus: Access Control & Network-Level Isolation
Skills: Azure Networking, Network Security Groups (NSG), Application Security Groups (ASG), RDP & Web Traffic Filtering

Data Protection & Encryption

Implementing Data Encryption with Azure Key Vault and SQL Always Encrypted Role: Cloud Security Engineer
Focus: Data Encryption & Secure Key Management
Skills: Azure Key Vault, SQL Always Encrypted, Data Protection, Application Authentication, Microsoft Entra ID, ARM Templates

Felix Otieno Arogo