Security, with texture

Karim Abdel‑Nasser

I design and defend systems where trust is never assumed. SOC analyst, detection engineer, and storyteller of incident response.

See the work →

01 / Presence

Who Am I

Not a resume. A journey.

I'm a SOC analyst and computer science student based in Cairo, living at the intersection of detection engineering and human instinct. I build security environments that don't just catch threats — they tell a story about how the breach happened, and how to stop it from happening again.

My work is not about collecting alerts. It's about understanding the rhythm of infrastructure, the anomalies that feel wrong, and the automation that gives analysts back their time. Every lab I build, every rule I write, is an invitation to think like an adversary — and then think better.

SOC

Analyst / Engineer

Production Labs

Detection engineering Incident response Splunk / ELK Python automation Zero Trust architecture IAM (FreeIPA/Keycloak) MITRE ATT&CK Wireshark / Volatility

02 / Foundation

Education

Where curiosity became method.

2023 – present

B.Sc. Computer Science

Cairo, Egypt — major in Cloud & Mobile Computing

Focus: distributed systems, security

2025 – 2026

Digital Egypt Pioneers Initiative (DEPI)

Information Systems Security / Information Assurance

Hands‑on IR & compliance

03 / Practice

Experience

Building the blue team, one lab at a time.

2025 – present

Security Research & Lab Engineering

Independent / Academic

Designing and deploying enterprise‑grade security labs: Zero Trust Architecture, Linux IAM with FreeIPA/Keycloak/Vault, and a full SOC investigation series. Each environment is documented, reproducible, and built to train analysts in real‑world detection and response.

VirtualBoxpfSenseWazuhSuricataSplunkFreeIPAAutheliaDFIR

04 / Offerings

Services

What I bring to the table.

SOC Operations

Threat monitoring, SIEM engineering, alert triage, and detection rule development aligned with MITRE ATT&CK.

Incident Response

Full lifecycle: containment, eradication, forensic analysis, and post‑incident reporting that tells a clear story.

Threat Intelligence & Automation

IOC enrichment, threat actor profiling, and Python‑based automation to reduce analyst fatigue.

05 / Artefacts

Projects

Every build has a story. Here are three of them.

Zero Trust — NIST 800-207

Dual‑site Zero Trust Architecture Lab

Two physical machines, four VLANs, IKEv2 IPsec tunnel, Suricata IDS, Splunk telemetry pipeline, and a Cloudflare‑wrapped access layer with Traefik + Authelia MFA. The lab validates that trust must never be implicit — not even between sites.

pfSenseSuricataSplunkVectorTraefikAutheliaCloudflare ZT

Read the full narrative →

Identity — Linux IAM

Linux Identity & Access Management Lab

Five VMs, FreeIPA for LDAP/Kerberos, Keycloak for OIDC federation, HashiCorp Vault for PKI/secrets, and ELK for audit trails. A complete, production‑style IAM environment built to understand identity as the new perimeter.

FreeIPAKeycloakVaultELKWireGuardDocker

Explore the identity story →

Blue Team — SOC Investigation Series

SOC Investigation Lab

Ten real‑world scenarios: phishing analysis, lateral movement hunting, memory forensics, and detection rule writing. Each lab produces a report, a rule, and a script — built to train analysts in the art of the hunt.

Splunk/ElasticVolatilityWiresharkSysmonMITRE

Read the investigation notes →

Automation — IOC Enrichment

IOC Enrichment Tool (Python)

A command‑line tool that queries VirusTotal and AbuseIPDB in parallel, reduces enrichment time from minutes to seconds, and outputs structured CSV reports ready for ticket ingestion.

PythonVirusTotal APIAbuseIPDB

See the code & workflow →

06 / Writing

Blog

Field notes from the SOC.

Visit the blog →

Deep dives into zero trust, detection engineering, and the human side of incident response.

07 / Connect

Let's build something secure together.

Open for IR consulting, lab collaborations, or just a conversation about threat hunting.

Karim_abdelnasser@proton.me linkedin.com/in/xkarim github.com/xLxZY