Martha-Waithaka
π‘οΈ Cybersecurity
I am passionate about cybersecurity and actively building skills in security operations, threat detection, automation, and incident response.
Through hands-on labs, continuous learning, and certifications, I am developing the expertise needed to contribute to modern Security Operations Centers (SOCs).
π Objective
I aim to break into the cybersecurity field and contribute as a Tier 1 SOC Analyst.
My focus is on gaining practical skills, mastering security tools, and building automation that improves incident detection and response.
π οΈ Skills
| Skill | Associated Lab/Project |
|---|---|
| SIEM Implementation and Log Analysis | TryHackMe: Wazuh |
| Network Traffic Monitoring and Attack Detection | LetsDefend SOC Lab |
| Security Fundamentals | TryHackMe: Cyber Kill Chain, Pyramid of Pain |
| Web Traffic / Protocol Analysis | TryHackMe: HTTP In Detail, DNS In Detail |
| OS Fundamentals | TryHackMe: Linux Fundamentals, Windows Fundamentals 1, Windows Fundamentals 2 |
| Governance, Risk, and Compliance | TryHackMe: Cyber Governance Regulation |
| Entry SOC Analyst Concepts | TryHackMe: Jr Security Analyst Intro |
| Report Writing and Risk Communication | Penetration Testing Report Template |
| Passive Reconnaissance & Penetration Testing | Uber Passive Recon Project |
π§ Tools
Network & Analysis
SIEM & Monitoring
Vulnerability Scanning
π Certifications
The ISC2 Candidate program reflects my commitment to advancing in cybersecurity through continuous learning, networking, and preparing for globally recognized certifications.
π Labs Completed
- TryHackMe: Wazuh
- TryHackMe: Cyber Kill Chain
- TryHackMe: Pyramid of Pain
- TryHackMe: Jr Security Analyst Intro
- TryHackMe: HTTP In Detail
- TryHackMe: DNS In Detail
- TryHackMe: Linux Fundamentals Part 1
- TryHackMe: Windows Fundamentals 1
- TryHackMe: Windows Fundamentals 2
- TryHackMe: Cyber Governance Regulation
- LetsDefend SOC Lab
- Penetration Testing Report Template
π Reports & Deliverables
π Penetration Testing Report Template
As part of my cybersecurity learning journey, I designed a professional penetration testing report template that covers:
- Executive summary for non-technical audiences
- Scope, methodology, rules of engagement
- CVSS v3.1-based risk ratings with color-coded visuals
- Detailed findings, evidence, and recommendations
π View Report
π¨ Uber Penetration Testing Report (Passive Recon Project)
This hands-on project involved conducting passive reconnaissance on Uber, using open-source intelligence (OSINT) methods while adhering to ethical standards and Uberβs public security guidelines.
Key highlights:
- Identified employee names, email naming conventions, and exposed assets
- Mapped Uberβs external attack surface using passive tools and Google dorking
- Followed professional reporting structure and risk communication formats
- Delivered findings in a formal report similar to industry penetration tests
π‘ A real-world, regulation-aligned pentest simulation demonstrating practical skills in passive reconnaissance, reporting, and professional documentation.
π‘ This project demonstrates my ability to perform realistic assessments against a known company while maintaining ethical and legal boundaries, as required in professional penetration testing.
π‘ More reports will be added soon as I complete additional labs and projects.