Portfolio

About me

Hi,
I am a Security Engineer, SOC Analyst and Cybersecurity Researcher from Aleppo, Syria. I specialize in helping organizations improve their overall security posture by designing and implementing robust security architectures, while also monitoring and responding to threats in real time. With experience supporting companies in Saudi Arabia and the UK, I assist in strengthening infrastructure security and developing effective defense strategies aligned with international cybersecurity standards. In addition, I am passionate about raising security awareness among companies and individuals, empowering them to protect their data and stay safe in today's digital world.

Skills

Strong understanding of networking and network protocols essential for securing infrastructures.
Solid knowledge of cybersecurity principles, common attacks, and effective detection methods.
Security Engineering: Skilled in designing, implementing, and maintaining security controls and architectures to protect systems and data.
Programming Skills: Proficient in Python and JavaScript, with experience developing automation scripts .
Analytical Skills: Experienced in identifying system vulnerabilities, analyzing security incidents, and applying practical solutions to mitigate risks.
Cyber Threat Intelligence (CTI): Proficient with Threat Intelligence Platforms such as OpenCTI and MISP for gathering, analyzing, and sharing threat information. Skilled in creating and using YARA rules for threat detection.
Communication Skills: Effective communicator, able to explain technical concepts clearly and work collaboratively within teams to build security solutions.
Proficient in English (B2).

Experience

SOC analyst - Cyberpedia

March 2023 – Present

At Cyberpedia, I helped build and set up the company’s Security Operations Center (SOC), creating security processes and choosing the right tools for detecting threats and responding to incidents.
I also supported clients in Saudi Arabia by improving their infrastructure security, including setting up and managing firewall rules. Alongside this,
I worked with tools like Splunk and Wazuh to monitor network traffic, find vulnerabilities, and reduce risks. As a SOC analyst, I monitored security alerts and responded quickly to protect our clients.
This experience gave me a solid understanding of both building strong security systems and handling real-time threats.

Certificates

Google Cybersecurity Certificate
Certified Ethical Hacker (CEH)
Cyber Security Fundamentals (CYBER OPS)
Technical Support Fundamentals (Google)
SOC L1 (TryHackMe)
Front-End Web Development (Presented by New Horizons)

Tools & Frameworks

Tools

SIEM (Splunk)
Wireshark
IDS/IPS (Snort)
Wazuh (EDR)

Frameworks

Pyramid Of Pain
Cyber Kill Chain
MITRE
Diamond Model

Contact me

Email: ramisharif@gmail.com

Phone: +963 994 288 642

LinkedIn: Rami Sharif

TryHackMe Badge

My Projects

install ModSecurity WAF on apache2 web server

installing ModSecurity WAF on apache2 web server and configuring it with OWASP 10 rules to block malicious traffic.

ModSecurity Apache2 Documentation

FIREWALL Simulation

built firewall simulation using python and scapy to block malicious traffic.

1-The IP address is extracted.

2-It is checked whether the address exists in the whitelist; if it does, the address is allowed.

3-If the address is in the blacklist, the packet is dropped, and a log is created using the log_event function.

4-The system then checks if the packet contains the Nimda worm pattern using the is_nimda_worm function; if it does, the packet is also dropped, and the event is logged.

5-The number of packets sent from the same address over a specified time period is calculated and compared with the THRESHOLD. If this number exceeds the threshold, the IP address is blocked and added to the blacklist to prevent DoS attacks. A log of the event is created afterward.

Python Scapy Code

Active diroctry project

Setting up a robust domain environment that aims to provide hands-on experience in IT administration, security, and threat detection.

Here's what I worked on:

1-Active Directory Setup: Configured a Windows Server 2022 as a domain controller, created user accounts, and managed group policies.

2-SIEM Implementation: Installed and configured Splunk on an Ubuntu Server to ingest and analyze security logs from Windows machines, with Splunk Forwarders installed on both Windows 10 and Windows Server.

3-Vulnerability Testing: Used Kali Linux to simulate attacks, such as conducting a brute force attack against a domain user, showcasing real-world attack scenarios.

4-Telemetry Analysis: Analyzed the telemetry data generated by my attack using Splunk to demonstrate my ability to detect and respond to security incidents.

5-Sysmon Configuration: Implemented Sysmon on both Windows 10 and Windows Server for enhanced logging.

6-Virtualization: Leveraged VirtualBox to create a safe and isolated lab environment for experimentation.

Why This Project Matters: This project is vital for my growth as a SOC Analyst. It has provided me with practical skills in setting up and managing an Active Directory environment and implementing a SIEM for security monitoring. By understanding attack vectors and analyzing security telemetry, I can better identify and respond to potential threats.

Key Takeaways:

-Gained hands-on experience with Active Directory administration and domain management.

-Learned how to set up a Splunk instance and ingest events from Windows servers.

-Developed red and blue team skills through practical application.

-Improved my troubleshooting abilities and confidence in technical skills.

Splunk Sysmon Active diroctry