Akhil
SOC status: active
Portfolio • Real security delivery • Evidence-first

Projects

A selection of cybersecurity work I lead and execute: detection, endpoint security, governance, and ISO-ready documentation. Each project is structured around risk, evidence, and repeatable operations.

Log Analysis EDR / XDR Vulnerability Management ISO 27001 Documentation Incident Readiness
akhil@portfolio:~/projects
deliver
$ status --summary
Detection: operational | logs + endpoint telemetry
Governance: documented | SOPs + evidence mapping
Risk: tracked | CVE workflow + remediation verification
$ echo "Evidence > assumptions"

Project 01 — EDR Implementation & Operations

Objective: deploy endpoint detection that becomes usable security operations, not just an installed agent.

Scope

  • Agent deployment strategy (pilot → waves)
  • Policy baseline + exclusions governance
  • Alert tuning & response actions
  • Operational dashboards and reporting

Deliverables

  • EDR rollout plan + endpoint coverage tracking
  • Alert triage SOP (evidence capture + containment)
  • Monthly metrics: agent health, detections, trends
  • Incident runbooks for common scenarios

Project 02 — Log Analysis & Threat Triage Workflow

Objective: reduce uncertainty using correlation across identity, endpoint, and network logs.

Workflow

  • Alert → normalize into facts (who/what/when/where)
  • Correlate: identity + endpoint + network
  • Build a timeline and confidence rating
  • Containment decisions with minimal business impact

Outputs

  • Evidence-driven incident notes
  • Common detection patterns and playbooks
  • Top recurring causes (misconfig, weak controls)
  • KPIs: triage time, closure time, recurrence rate

Project 03 — Vulnerability Management (CVE Lifecycle)

Objective: treat vulnerabilities as a measurable lifecycle: discover → prioritize → remediate → verify.

Core controls

  • Risk-based prioritization (exposure + exploitability + impact)
  • Patch SLAs per severity
  • Exception handling with approvals
  • Verification and retesting

Deliverables

  • Vulnerability Management SOP
  • Monthly risk note for leadership
  • Patch compliance reporting
  • “Known issues” register + mitigation tracking

Project 04 — ISO 27001 Documentation & Audit Readiness

Objective: create defensible documentation and evidence mapping that matches how the organization actually operates.

Documentation

  • Security policies + standards
  • SOPs (onboarding, patching, IR, backups)
  • Risk register + treatment plans
  • Evidence mapping for key controls

Audit-ready evidence

  • Access reviews (records + approvals)
  • Patch reports + remediation tracking
  • Incident logs and post-incident actions
  • Backup drills + recovery evidence

Project 05 — Network Security Hardening (NGFW + Segmentation)

Objective: reduce blast radius using segmentation, least privilege policies, and controlled egress.

Hardening focus

  • Firewall policy baseline + review cadence
  • Segmentation for sensitive systems
  • VPN access control and monitoring
  • Logging and alert visibility for key flows

Outcome

  • Reduced unnecessary exposure
  • Clear change control and approvals
  • Better incident containment options
  • Improved audit traceability

Case Files (sanitized)

Real-world patterns, written in a professional, evidence-first style. Details are sanitized to protect confidentiality.

akhil@case-files:~/archive
read-only
$ ls
CASE-001 CASE-002 CASE-003 CASE-004 CASE-005
$ open CASE-001
Evidence → confidence → containment → lessons learned

CASE-001 — Suspicious Sign-in + New Device Registration

  • Signal: unusual sign-in + new device enrolled
  • Evidence: identity logs + device inventory + session timeline
  • Action: revoke sessions, enforce MFA reauth, conditional access tightening
  • Outcome: access contained without business disruption

CASE-002 — Endpoint Alert Noise → Tuning & Control

  • Signal: excessive alerts reducing analyst efficiency
  • Evidence: top alert categories + false-positive root causes
  • Action: policy refinement, minimal exclusions, baseline adjustments
  • Outcome: alert quality improved, faster triage

CASE-003 — Risky Exposure Found in Network Segment

  • Signal: exposed service discovered during review
  • Evidence: firewall logs + port exposure mapping
  • Action: restrict inbound, segment critical systems, document change control
  • Outcome: reduced attack surface and blast radius

CASE-004 — Vulnerability → Patch → Verification Loop

  • Signal: CVE with real exploit likelihood
  • Evidence: exposure + asset criticality + feasibility assessment
  • Action: prioritize, patch, validate closure via scanning + logs
  • Outcome: measurable remediation with proof

CASE-005 — ISO Evidence Gap Closed

  • Signal: control exists but evidence not traceable
  • Evidence: missing records, unclear SOP, inconsistent approvals
  • Action: SOP + record template + monthly evidence routine
  • Outcome: audit-ready proof without operational overhead

Case file format (your standard)

  • Signal → what triggered attention
  • Evidence → what confirmed/denied it
  • Action → safe containment steps
  • Outcome → measurable result
  • Prevention → control added to stop recurrence