Passionate Security Engineer with a focus on cloud security, network defense, and threat detection.
I design, secure, and automate systems to ensure business continuity and data protection.
I enjoy solving complex security challenges, building detection pipelines, and creating automated responses to evolving cyber threats. My approach blends both the offensive and defensive sides of cybersecurity β from identifying misconfigurations to engineering secure architectures.
Currently advancing my expertise in cloud-native security, zero trust frameworks, and threat hunting. My long-term goal is to become a Cloud Security Architect, helping organizations implement scalable, secure, and compliant infrastructures.
Core Competencies
- Cloud Security (AWS | Azure | GCP)
- SIEM & Threat Detection (Splunk | Wazuh)
- Network Defense & Firewall Management (pfSense | Suricata | Snort)
- Incident Response & Digital Forensics
- Security Automation (Python, Bash, PowerShell)
- Identity & Access Management (IAM, SSO, MFA)
Certifications
In progress:
Skills: Cloud SOC Architecture, AWS Security (GuardDuty, Security Hub), Automated Incident Response, Threat Hunting, MITRE ATT&CK, Compliance (HIPAA/GxP), AWS Organizations
Designed a multi-account AWS architecture (using AWS Organizations) to isolate production ("Ground Zero"), SOC tools ("Containment Lab"), and log archive ("Archive Ward") environments for a biotech firm. Architected a cloud-native detection pipeline to aggregate findings from AWS GuardDuty, Security Hub, and Inspector into a central SOC account. Planned automated containment playbooks using AWS Lambda and EventBridge to quarantine EC2 instances and respond to ransomware-style threats in real-time.
Key Achievements:
- Developed domain-aware detection logic mapped to MITRE ATT&CK for biotech-specific threats (e.g., anomalous genomic data access, research database exfiltration).
- Integrated HIPAA and FDA/GxP compliance requirements directly into the SOC architecture, logging standards, and automated response playbooks.
- Designed a centralized logging and threat-hunting solution using S3, CloudTrail, and Amazon Athena to query for adversary TTPs.
- Produced a complete project charter, 6-sprint roadmap, RACI matrix, and detailed service topology for the SOCaaS build-out.
Tools: AWS Organizations, GuardDuty, Security Hub, Inspector, Detective, Lambda, Step Functions, EventBridge, Athena, S3, CloudTrail, MITRE ATT&CK, NIST, Terraform (planned)
Skills: Network Security Monitoring (NSM), Intrusion Detection (IDS), pfSense Configuration, Virtualization, Red Team (Scanning), Blue Team (Alert Analysis)
Built an isolated, multi-VM lab (Attacker, Target, Firewall) using Oracle VirtualBox and an internal-only network. Deployed and configured pfSense as the network firewall/gateway and integrated Snort as a package for intrusion detection on the LAN interface. Executed simulated attacks from a Kali Linux machine (using Nmap and Nikto) against a Metasploitable2 target to test the defensive monitoring setup.
Key Achievements:
- Successfully configured the network to route all attacker (Kali) and victim (Metasloitable2) traffic through the pfSense IDS for complete inspection.
- Generated and validated real-time Snort alerts that correctly identified Nmap TCP scans and Nikto web vulnerability scanning patterns.
- Created a reusable lab to demonstrate the practical application of network topology, DHCP, routing, and interpreting IDS alerts.
Tools: Oracle VirtualBox, pfSense, Snort, Kali Linux, Nmap, Nikto, Metasploitable2
Skills: Terraform (IaC), AWS GuardDuty, Security Hub, EC2, VPC, CloudWatch
Designed and deployed a multi-account AWS lab environment using Terraform to simulate EC2 compromise scenarios. Integrated AWS GuardDuty for automated threat detection and AWS Security Hub for centralized security finding analysis. Developed automation scripts (PowerShell/Bash) to simulate attacks and configure the lab environment.
Highlights:
- Built a reusable, fully automated lab (Infrastructure as Code) for hands-on security training and demonstrations.
- Configured real-time threat alerting by forwarding GuardDuty findings to SNS notifications.
Tools: Terraform, AWS GuardDuty, AWS Security Hub, AWS EC2, AWS VPC, AWS IAM, CloudWatch, SNS, PowerShell, Bash
- SOC Tools: Wazuh, Splunk, Security Onion
- Pen Testing: Nmap, Metasploit, Burp Suite
- Languages: Python, Bash, PowerShell
- Automation: Terraform, GitHub Actions
- Cloud Services: EC2, S3, IAM, CloudTrail, Azure Defender
- Built secure AWS infrastructure with GuardDuty and Config monitoring
- Cybersecurity Fellowship Graduate
Currently Exploring:
- Zero Trust Security Architecture
- SOC Automation with SOAR tools
- AWS Detective & CloudTrail Lake
- Reverse Engineering & Malware Analysis
Recent Training:
- Coursera β Google Cybersecurity Professional Certificate
- TryHackMe β Cloud Security Engineer Path
π§ Email: [email protected]
πΌ LinkedIn: linkedin.com/in/rmaliz
π» GitHub: github.com/zizigoloo
All research, labs, and tests showcased here were conducted in authorized lab environments following ethical hacking practices and compliance standards.
Last Updated: November 2025
"Security is not about perfectionβitβs about resilience." β