░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░ ░
░ ██╗ ██████╗ ██████╗ ██████╗ ██╗ ████╗ ░
░ ██║ ██╔══██╗ ██╔══██╗ ██╔════╝ ╚═╝ ╚═██║ ░
░ ██║ ██║ ██║ ██████╔╝ ██║ ███╗ ██║ ██║ ░
░ ██ ██║ ██║ ██║ ██╔══██╗ ██║ ██║ ██║ ██║ ░
░ ╚█████╔╝ ██████╔╝ ██║ ██║ ╚██████╔╝ ██║ ██║ ░
░ ╚════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ░
░ ░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
◄ THREAT DETECTION ► ◄ DETECTION ENGINEERING ► ◄ SECURITY AUTOMATION ►
{
"handle" : "JDRGit",
"designation" : "Information Security Analyst",
"clearance" : "ELEVATED",
"threat_model" : "attacker-informed defense",
"primary_mission": ["Threat Detection", "Alert Triage", "Detection Engineering"],
"augmentations" : ["Full-Stack Development", "Security Automation", "IR Support"],
"certs_equipped" : ["CompTIA A+", "CompTIA Security+", "CompTIA CySA+"],
"doctrine" : "Build what you protect. Protect what you build.",
"uptime" : "24/7 — always learning, always hunting",
"status" : "🟢 ONLINE"
}I came up as a software engineer. Now I use that lens to defend systems from the inside out. Half builder, half hunter. Fully operational.
╔══════════════════════════════════════════════════════════════════════╗
║ OBJECTIVE PRIORITY PROGRESS ║
╠══════════════════════════════════════════════════════════════════════╣
║ Detection Engineering [CRITICAL] ████████████░░ 85% ║
║ Threat Hunting Techniques [HIGH] ██████████░░░░ 75% ║
║ Security Automation & SOAR [HIGH] █████████░░░░░ 65% ║
║ Incident Response Workflows [MEDIUM] ████████████░░ 80% ║
║ Cloud Defensive Operations [LOADING] ██████░░░░░░░░ 45% ║
╚══════════════════════════════════════════════════════════════════════╝
@@ ACTIVE RESEARCH NODES @@
+ [NODE_01] Detection Engineering — Precision rules over noisy signatures
+ [NODE_02] Threat Hunting — Proactive. Pattern-first. Hypothesis-driven.
+ [NODE_03] Security Automation — Shrink MTTD. Amplify analyst throughput.
+ [NODE_04] Incident Response — When prevention fails, response wins.
- [NODE_05] Cloud Defensive Ops — Expanding coverage to cloud-native environments
! [STATUS] Continuous improvement. No static defenses. Always adapting./JDRGit
│
├── /security-ops
│ ├── detection-rules/ # Custom detection logic & alert tuning
│ ├── ir-playbooks/ # Incident response runbooks
│ └── automation-scripts/ # Python tooling for SOC workflows
│
├── /full-stack-builds
│ ├── react-apps/ # Frontend projects
│ └── java-spring-api/ # Backend services
│
├── /research
│ ├── threat-analysis/ # Case studies & investigation write-ups
│ └── mitre-mappings/ # ATT&CK framework documentation
│
└── README.md # ← YOU ARE HERE
⚠ STATUS: PORTFOLIO POPULATING — UPDATES INCOMING
┌──[JDRGit@soc-node-01]─[~/investigations]
└─$ whoami --full-profile
> resolving operator identity...
> cross-referencing threat intel feeds...
> decrypting dossier... ████████████████ 100%
[OUTPUT]──────────────────────────────────────────────────────────
OPERATOR : Jaime D. Rodriguez
ROLE : Information Security Analyst
NODE : soc-node-01
SESSION : ACTIVE ✔
UPTIME : 24/7 — no downtime logged
──────────────────────────────────────────────────────────────────
┌──[JDRGit@soc-node-01]─[~/investigations]
└─$ run threat-profile --operator self --classify
> scanning attack surface awareness...
> mapping detection coverage...
> correlating MITRE ATT&CK knowledge...
> compiling output...╔══════════════════════════════════════════════════════════════════╗
║ ░░ OPERATOR THREAT PROFILE ░░ ║
╠══════════════════════════════════════════════════════════════════╣
║ ║
║ THREAT_ACTOR_TYPE : [ DEFENDER ] ████████████████████ 100% ║
║ DETECTION_COVERAGE : [ HIGH ] ██████████████████░░ 92% ║
║ ADVERSARY_EMPATHY : [ ELEVATED ] █████████████████░░░ 85% ║
║ AUTOMATION_INDEX : [ ACTIVE ] ████████████████░░░░ 80% ║
║ CODE_PROFICIENCY : [ FLUENT ] ██████████████████░░ 90% ║
║ INCIDENT_RESPONSE : [ ONLINE ] ██████████████████░░ 88% ║
║ ║
╠══════════════════════════════════════════════════════════════════╣
║ ║
║ KNOWN_TTPS : Credential theft ◈ Infostealer analysis ║
║ Ransomware triage ◈ Identity attack chains ║
║ LOLBins ◈ Process injection ◈ Lateral movement ║
║ ║
║ MITRE_COVERAGE: TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 ║
║ TA0007 TA0008 TA0009 TA0010 TA0011 [+MORE] ║
║ ║
║ THREAT_LEVEL : ██ TO ADVERSARIES CLASSIFICATION: ALPHA ║
║ CLEARANCE : [████████████████████] ELEVATED ║
║ VERDICT : ✔ AUTHORIZED — PROCEED WITH CAUTION ║
║ ║
╚══════════════════════════════════════════════════════════════════╝
┌──[JDRGit@soc-node-01]─[~/investigations]
└─$ tail -f /var/log/operator/activity.log
[2026-03-11 00:00:01] INFO — Detection rule tuned: lateral movement via RDP
[2026-03-11 00:00:04] INFO — Threat hunt initiated: credential harvesting TTPs
[2026-03-11 00:00:07] WARN — Anomalous process tree detected: investigating...
[2026-03-11 00:00:09] INFO — Automation playbook triggered: auto-triage active
[2026-03-11 00:00:12] INFO — Alert closed: benign confirmed. MTTD: 00:04:31
[2026-03-11 00:00:15] INFO — New repo pushed: detection-engineering-toolkit
[2026-03-11 00:00:18] INFO — Status: ALL SYSTEMS NOMINAL ✔
[2026-03-11 00:00:21] INFO — Operator online. Watching the wire. 👁
┌─────────────────────────────────────────────────────────────────┐
│ [ HANDSHAKE: READY ] [ ENCRYPTION: ACTIVE ] [ PING: <1ms ] │
└─────────────────────────────────────────────────────────────────┘
"The attacker only has to be right once. The defender has to be right every time."
— Making that asymmetry work in our favor.