[email protected]:~$ whoami

Ersin Uyanik

Junior Cybersecurity Analyst  ·  Blue Team  ·  SOC L1

CompTIA A+ and Security+ certified career changer based in Germany, currently completing a Cybersecurity Weiterbildung at Masterschool and preparing for CompTIA Network+. I have a genuine passion for learning — within a few months I made rapid theoretical progress across networking, security fundamentals, and threat detection. But theory alone isn't enough. Every concept I study gets translated into a real lab scenario: building SIEM pipelines, deploying IDS rules, simulating attacks, and documenting the results. I'm eager to bring this foundation into a real SOC or Blue Team environment — to work alongside experienced analysts, grow through real incident work, and continue building my skills in parallel with hands-on professional experience.

Actively seeking SOC L1 / Blue Team roles — Germany & remote

Certifications

CompTIA Security+

March 2026

✓ CERTIFIED View Credential →

CompTIA A+

January 2026

✓ CERTIFIED View Credential →

CompTIA Network+

In Progress

⧗ IN PROGRESS

Home Lab Projects

homelab-foundation 4 / 4 completed → GitHub

LAB_00

Network Discovery & Host Enumeration

Mapped a live multi-device home network using nmap, arp-scan and ping sweeps. Identified active hosts, open ports and running services. Lab hardware: MacBook Pro (management), iMac 12,1 Ubuntu lab server, ThinkPad Kali, Fritz!Box + TP-Link RE190 repeater discovered via MAC OUI analysis. Documented with privacy masking — OUI-only MAC addresses, anonymised hostnames.

nmaparp-scanping sweepifconfigHost EnumerationMAC Analysis

LAB_01

Wireshark Traffic Analysis

Captured and analysed live traffic across five protocol layers: ICMP (echo/reply, TTL), DNS (query/response, A records), HTTP (cleartext headers, response codes), ARP (who-has, is-at, gratuitous ARP), TLS/QUIC (handshake, certificate exchange). JA3 fingerprinting applied. Cross-lab finding: passive traffic identified unknown device as Amazon Fire Stick via UPnP + Spotify Connect signatures.

WiresharkICMPDNSHTTPARPTLSQUICJA3

LAB_02

Wi-Fi Security — WPA2 Assessment (Own Network)

Controlled wireless assessment against own Fritz!Box. WPA2 4-way handshake capture, PMKID attack, deauthentication, MAC spoofing, offline dictionary attack with rockyou.txt. Key finding: strong passphrase not found in dictionary — positive security confirmation. BSSID filter applied throughout — no third-party networks captured.

aircrack-nghcxdumptoolhashcatmacchangerWPA2PMKIDDeauth

LAB_03

Firewall & Network Segmentation

Host firewall rules designed and implemented using ufw and iptables. Zone-based segmentation across lab network, rules validated via nmap, brute force detection tested using Hydra against SSH. ufw log analysis confirmed block effectiveness. Cross-lab finding: brute force packet patterns from Wireshark lab confirmed in firewall logs.

ufwiptablesnmapHydraZone SegmentationLog Analysis
homelab_AEGIS 2 / 7 completed → GitHub

CH_01

IDS Deployment & First Detection

Deployed Suricata IDS 7.0.3 + Wazuh SIEM 4.14.4 across a 4-node lab: MacBook Pro management (172.20.10.4), Wazuh OVA via VirtualBox SIEM server (172.20.10.9), Kali laptop attacker (172.20.10.8), aegis-sentinel Ubuntu VM sensor (172.20.10.6). Full pipeline: Suricata eve.json → Wazuh Agent → Manager → Dashboard. Two attack simulations validated: nmap -sS -A -T4 recon detected as ICMP anomaly (T1595), Hydra SSH brute force triggered rule 40112 at level-12 critical (T1078 + T1110). Full MITRE ATT&CK mapping confirmed on Dashboard.

Suricata 7.0.3Wazuh 4.14.4Hydranmapeve.jsonMITRE ATT&CKT1595T1110

CH_02

Active Defense & Detection Engineering

Transitioned aegis-sentinel from passive detection to active defense. Three independent layers deployed and tested against live Hydra SSH brute force: (1) Wazuh Active Response — firewall-drop on rule 5763, attacker IP auto-blocked via iptables DROP within seconds; (2) Custom Suricata rule sid:9000001 — lab-specific SSH brute force signature; (3) fail2ban integration — syslog → Wazuh Agent → Manager → Dashboard, rule 100100, T1110 confirmed. Core Ch.01 finding ("passive detection only") fully resolved.

Wazuh Active Responsefirewall-dropiptablesfail2banCustom Suricata RulesDetection EngineeringT1110

CH_03 → CH_07

Upcoming: PCAP Forensics · Exploitation · Lateral Movement · Rule Writing · Incident Response

Advanced SOC scenarios in progress — offline network forensics and timeline reconstruction, offensive simulation, lateral movement detection, custom detection rule engineering, and full incident response playbook execution.

PCAP ForensicsExploitationLateral MovementRule WritingIncident Response

Contact

Currently seeking Junior SOC Analyst / entry-level Cybersecurity roles in Germany (Berlin, Leipzig) or remote.
Feel free to reach out — I respond within 24 hours.

email ersin [at] ersinuyanik.de
linkedin linkedin.com/in/ersinuyanik
github github.com/cyb-ersin
location Lutherstadt Wittenberg, Germany