Nikki-65/Nikki-65.github.io

 # Nikki Sadvand **Cybersecurity Analyst | SOC Monitoring | Incident Response | SIEM Engineering** Cybersecurity Analyst with hands-on experience in SIEM operations, alert triage, endpoint and network telemetry validation, and structured incident investigations aligned with MITRE ATT&CK and NIST 800-61. 🔗 **Live Site:** https://nscybersecurity.com/ 📄 **Resume:** Niknaz_Sadehvandi_SOC_Resume.pdf **Professional Summary** Cybersecurity Analyst experienced in designing and operating an Elastic-based SIEM environment for endpoint and network visibility. Practical experience includes: - Windows authentication anomaly investigations (Event ID 4624, 4625, 4672) - Endpoint telemetry validation using Sysmon v15+ - Network telemetry analysis using Zeek - Alert triage, escalation, and structured case documentation - Detection validation using KQL and Kibana Discover - Incident response aligned with NIST 800-61 lifecycle M.S. Cybersecurity Technology (UMGC, GPA 4.0, President’s List) **Core Competencies** **SIEM & Monitoring** Elastic SIEM Splunk Kibana Discover KQL log validation Alert triage & escalation **Endpoint Telemetry** Sysmon v15+ Windows Event Logs Process & authentication analysis PowerShell monitoring **Network Telemetry** Zeek (Ubuntu 24.04) DNS & connection log analysis Filebeat ingestion Wireshark **Incident Response** NIST 800-61 lifecycle MITRE ATT&CK behavioral mapping IOC validation Structured case documentation **DFIR & Analysis** Autopsy FTK Imager Autoruns Artifact and log analysis ## Professional Experience ### NS Cybersecurity (Independent Lab Environment) **Security Operations Engineer | Remote | Dec 2024 – Present** - Designed and deployed Fleet-managed Elastic SIEM endpoint pipeline using Sysmon v15+. - Deployed Zeek network monitoring on Ubuntu and ingested structured DNS/HTTP telemetry into Elastic. - Validated detection reliability using targeted KQL queries and Kibana Discover analysis. - Analyzed Windows authentication events, process execution logs, firewall logs, and outbound network activity. - Executed structured SOC investigations aligned with NIST 800-61. - Performed tiered alert triage and documented full investigation workflows. ### Sunset Auto Sales - Supported and secured 60+ Windows endpoints in an Active Directory-based environment. - Resolved 25–30 weekly tickets involving MFA enforcement, malware triage, and endpoint remediation. - Reduced recurring malware incidents by approximately 50% through security hardening and policy enforcement. - Maintained structured incident and operational documentation. ## Security Projects ### Elastic SIEM + Fleet + Sysmon (Endpoint Pipeline) Endpoint event ingestion, enrichment, and SIEM validation. Artifacts: - PDF: [Endpoint Detection – Elastic SIEM + Sysmon](artifacts/Endpoint_Detection_Elastic_Sysmon.pdf) - Screenshot: [Kibana – Sysmon Process Events](artifacts/kibana_sysmon_process_events.png) ### Zeek + Filebeat → Elastic (Network Telemetry) Network sensor deployment, log ingestion, and detection validation. Artifacts: - PDF: [Zeek Log Ingestion & Validation](artifacts/Elastic_SIEM_Zeek_Log_Ingestion_and_Validation.pdf) - Screenshot: [Zeek DNS & Connection Events](artifacts/kibana_zeek_conn_dns_events.png) ### SOC Dashboarding & Alert Triage (Splunk) Authentication anomaly monitoring and escalation workflows. Artifacts: - PDF: [Failed Login Assessment](artifacts/SOC_Log_Analysis_Failed_Login_Assessment.pdf) - Screenshot: [Splunk Authentication Dashboard](artifacts/dashboard_preview.png) ### Network Reconnaissance & SOC Automation (Python) Nmap automation wrapper with structured output for security reporting. ### Threat Intelligence & Malware Analysis Processed 30,000+ threat indicators from open-source feeds and malware sandboxes. Extracted actionable IOCs for detection use cases. ### DFIR Incident Investigation Simulated web server intrusion investigation including: - IIS log analysis - Base64 decoding - SSH exfiltration review - Persistence analysis (Autoruns, scheduled tasks) - Autopsy and FTK artifact review Artifacts: - PDF: [DFIR Investigation Report](artifacts/DFIR_Incident_Investigation_Forensic_Analysis.pdf) ## Technical Stack (Portfolio Site) Frontend: HTML5, CSS3 Layout: CSS Grid, Flexbox, Responsive Design Hosting: GitHub Pages Tooling: GitHub, SEO meta tags ## Certifications - Python Basics for Data Science (IBM) ## Contact Location: Matthews, NC Email: [ nikkisadvand@gmail.com](mailto:nikkisadvand@gmail.com) GitHub: [github.com/Nikki-65](https://github.com/Nikki-65) Portfolio: [nscybersecurity.com](https://nscybersecurity.com/)

标签：后端开发