Cybersecurity Analyst | SOC Analyst
Behind every byte I protect, there’s a human life. That’s why I analyze, monitor, investigate, and mitigate cybersecurity threats, not just to ensure the safety of digital systems, networks, and data, but to defend the people whose safety and dreams depend on them.
Hello world, my name is Ricardo, self-taught Cybersecurity professional, I have always been interested in technology and computing since I was a kid, but my real cyber adventure began in 2017 when I performed phishing attacks to my friends and obtained Wi-Fi passwords through WPS mode, Handshakes, Evil Twin Attack, etc.
Fast forward to now, I am more interested in to defend against cyberattacks, protect networks, endpoint devices, servers, analyze alerts and mitigate threats.
I find this field very interesting and exciting because every day there's a new threat in the world, a new zero-day discovered, or a new device that can be potentially dangerous in wrong hands.
I'm currently preparing to get my CompTIA Security+ by the end of 2025!
Antivirus o Antimalware ¿Cuál es mejor?
Los ciberataques han evolucionado ¿En 2025 deberías usar un antivirus, un antimalware o ambos? Al final, sabrás exactamente qué necesitas para proteger tu computadora sin gastar de más. 💻
🌟My Journey
Blue Diamond Hotels & Resorts
Cybersecurity Analyst | November 2023 - Now
Analyzed security alerts and threats, providing actionable remediation steps to mitigate risks and reduce incident resolution time.
Configured and administered CrowdStrike Falcon console to enforce endpoint security policies, including USB access control, application whitelisting, DLP (Data Loss Prevention) and Host-based Firewall for malicious websites.
Created and maintained cybersecurity documentation, including playbooks, policies, standards, and procedures to standardize incident response and operational workflows.
Led recertification of the corporate website and first-time certification of hotel systems for PCI DSS, ensuring full compliance with payment security standards.
Collaborated in the development of the organization’s cybersecurity strategy, aligning tools and processes with business objectives.
Effective Monitoring, Investigations, and Responses with Splunk
SOC Analyst | April 2023 - September 2023
Utilized Splunk to analyze logs and identify suspicious file extensions and binaries, the source web address, and the PowerShell command used for malicious execution.
Employed CyberChef to decode hidden web addresses and Virustotal to analyze the hash of a malicious script.
Monitored suspicious activities, including spear phishing attacks and malware infections, identifying key indicators of compromise.
Analyzed and interpreted logs using Splunk and other security tools to investigate a cyber-attack where a website was defaced and extracted critical information about the cyberattacker.
Wireshark Traffic Analysis
SOC Analyst | March 2023
Analyzed network logs to detect anomalies and malicious activities on network traffic.
Investigated cleartext protocols, such as FTP and HTTP, for security issues like MITM attacks and credential stealing.
Conducted HTTP analysis to detect web attacks, and data exfiltration, using methods like identifying request methods and response status codes.
Research with MITRE Framework
SOC Analyst | February 2023
Conducted research on MITRE ATT&CK and D3FEND to stay up to date with the latest trends and best practices.
Developed practical skills utilizing threat intelligence to identify and defend against real-world malware, techniques, APTs and mitigation procedures.
Freelance Remote Technician Support
IT Help Desk Technician | January 2022 - December 2022
Provided technical assistance and troubleshooting for printers, hardware, software, and Windows OS to a diverse range of clients using TeamViewer.
Achieved high levels of customer satisfaction through remote support and efficient problem-solving skills.
💡My Creative Lab
Responded to a phishing alert ticket with a Playbook
As an SOC Analyst, I am responsible for monitoring and responding to security incidents. I received a phishing alert about a suspicious file being downloaded on an employee's computer. I used my organization's playbook to investigate the incident and determine the appropriate course of action. Upon digging deeper, I noticed several red flags: inconsistencies in sender information, grammatical errors in the email, a password-protected attachment, and a malicious hash. My investigation confirmed the attachment was indeed malicious.
Effective Cybersecurity Investigation Through SQL Filtering
This project focuses on harnessing the power of SQL filtering to enhance cybersecurity investigations. By leveraging SQL queries, I efficiently extract vital insights from databases, aiding in the detection of potential security issues. I've employed SQL to identify after-hours failed login attempts, investigate specific date-based events, and pinpoint login activities from unexpected locations.
Incident Report Analysis Development
I led an Incident Report Analysis based on a disruptive DDoS attack to a company applying NIST CSF principles, I gave recommendations implemented risk management strategies and identified various security aspects, fortified the defenses by implementing comprehensive protection measures, and bolstered our detection capabilities through vigilant monitoring and analysis. All this project help to understand the importance to learn from previous mistakes/attacks.
Security Audit and Compliance Checklist Execution
Led an internal Security Audit, establishing robust safeguards through meticulous control and compliance evaluation. Strategically assessed IT objectives, risk landscape, goals, and alignment of assets. Prioritized and executed control assessment, alongside a comprehensive compliance checklist, ensuring seamless operations within EU regulations, online payment systems, and user permissions.
Information Security Password Protection Policy
Wrote a full policy to enhance security by defining password complexity, expiration rules and implementing multi-factor authentication, etc., according to SANS Institute Guidelines.
🌱My Learning Path (Courses and Certificates)
These are my certificates so far from the newest to the oldest:
SOC Level 2 | TryHackMe - In progress
Certified in Cybersecurity (CC) | ISC2 - January 2025
Google Cybersecurity | Google - September 2023
Junior Cybersecurity Analyst | Cisco - August 2023
Cyber Threat Management | Cisco - August 2023
Network Defense | Cisco - July 2023
Cyber Defense | TryHackMe - June 2023
SOC Level 1 | TryHackMe - May 2023
Networking Devices and Initial Configuration | Cisco - March 2023
Endpoint Security | Cisco - February 2023
Pre-security | TryHackMe - December 2022
Complete Beginner | TryHackMe - December 2022
Networking Basics | Cisco - September 2022
Introduction to Cybersecurity | TryHackMe - August 2022
Introduction to Cybersecurity | Cisco - July 2022
Introduction to web development HTML and CSS | Google - June 2020
Let’s Connect📧
If like to say hi or have a question, my inbox is open to you :)
I’ll try my best to get back to you!