SOC / THREAT DETECTION / INCIDENT RESPONSE

Mohammad
Aldhafeeri.
// defender

Cybersecurity fresh graduate from University of Hafr Al-Batin.
I monitor, hunt, and respond — from SOC dashboards to MITRE ATT&CK chains, log pipelines and honeypots.

> view projects contact.me()
mohammad@soc-kfmc — ~/ops
$ whoami --verbose > mohammad_aldhafeeri > role: cybersecurity_analyst > location: Riyadh, KSA   $ cat ./stack.json {   "siem": ["ELK", "Wazuh", "Splunk"],   "offense": ["Metasploit", "Burp", "Nmap"],   "framework": "MITRE ATT&CK",   "compliance": ["NCA ECC", "SAMA"] }   $ ./status --check [OK] graduated · May 2026 [OK] co-op completed · KFMC [OK] open to opportunities   $
[ 01 ]

About.

// identity · origin · mission

I'm a cybersecurity fresh graduate with hands-on experience in security monitoring, network defense, and information security auditing.

My recent chapter includes a Cybersecurity Specialist co-op at King Fahad Medical City (KFMC), where I worked across SOC operations — real-time threat detection, log analysis, incident response, and endpoint protection across hospital infrastructure.

Outside the co-op, I build lab environments: a honeypot + SIEM pipeline for my capstone, offensive security exercises on TryHackMe and HackTheBox, and certifications from Cisco, SDAIA, and Tuwaiq Academy.

I'm aiming for SOC Analyst, Threat Hunter, or Security Audit roles — with a particular interest in the intersection of detection engineering and the Saudi regulatory landscape (NCA ECC, SAMA).

Education
BSc Cybersecurity
Univ. of Hafr Al-Batin
Feb 2022 — May 2026
Based in
Riyadh, Saudi Arabia
Languages
Arabic — Native
English — Professional
Status
● Available for hire
[ 02 ]

Experience_

// log entries
JUN — AUG
2025
Cybersecurity Specialist · Co-Op
King Fahad Medical City (KFMC), Riyadh

Monitored and analyzed cybersecurity systems and network protection, supporting real-time threat detection across hospital infrastructure.

Participated in incident response operations and log analysis, supported IT teams in managing security systems and endpoint protection.

SOC Monitoring Incident Response Log Analysis Endpoint Protection Healthcare Infra
FEB 2022
— MAY 2026
Bachelor in Cybersecurity
University of Hafr Al-Batin (UHB)

College of Computer Science & Engineering — coursework across network security, cryptography, secure systems, digital forensics, and governance/compliance. Capstone: Honeypot + SIEM Threat Detection Platform.

Network Security Cryptography Forensics Governance
[ 03 ]

Projects/

// selected works · 2025–2026
PROJECT 001 · CAPSTONE 2026 ACTIVE
Honeypot + SIEM
> Threat Detection & Centralized Security Monitoring Platform

Designed and deployed a Cowrie / T-Pot honeypot integrated with an ELK / Wazuh SIEM to capture and analyze real-world attacker behavior in a controlled environment. Built log collection pipelines, wrote threat detection rules, and created dashboards — mapping observed TTPs to MITRE ATT&CK and generating SOC-style incident reports.

[ ATTACKER ] ──► [ HONEYPOT: Cowrie / T-Pot ] ──► [ LOG PIPELINE ] [ Captured TTPs ] [ SIEM: ELK / Wazuh ] └──────────────► [ MITRE ATT&CK MAP ] ──► [ SOC REPORT ]
Cowrie T-Pot ELK Stack Wazuh MITRE ATT&CK Detection Rules Dashboards
PROJECT 002 · CO-OP 2025 COMPLETED
KFMC Monitoring
> Hospital SOC contribution

Contributed to security monitoring and incident response operations during the KFMC internship — supported log review, alert triage, and network protection workflows inside a live healthcare SOC environment.

SOC Alert Triage Log Review Network Defense
PROJECT 003 · LAB ONGOING
Pentest Lab
> Offensive security exercises

Hands-on vulnerability assessment and exploitation — web app testing, network recon, and privilege escalation chains — using Kali Linux, Metasploit, Nmap, Burp Suite, and Wireshark. Ongoing practice on TryHackMe and HackTheBox.

Kali Linux Metasploit Nmap Burp Suite Wireshark THM / HTB
[ 04 ]

Technical Stack*

// tools · frameworks · domains
[DEF]
SOC Operations & Monitoring
alerting · triage
[SIEM]
ELK · Wazuh · Splunk
log pipelines · dashboards
[OFF]
Penetration Testing
web · network · wireless
[HUNT]
Threat Intelligence & Hunting
IoC · behavioral
[VA]
Vulnerability Assessment
scanning · reporting
[IR]
Incident Response & Forensics
containment · analysis
[TOOL]
Kali · Metasploit · Nmap
offense toolkit
[TOOL]
Wireshark & Burp Suite
traffic · web testing
[FW]
MITRE ATT&CK Framework
TTP mapping
[NET]
Firewalls · IDS/IPS · VPN
perimeter defense
[DEV]
Log Analysis · Python
scripting · automation
[GOV]
NCA ECC · SAMA Compliance
KSA regulatory
[ 05 ]

Certifications#

// credentials · verified
40H
CERT
Information Security Systems Audit
Tuwaiq Academy · 40 hours
FEB 2026
NET
102
Network Security 102
Satr — Tuwaiq Academy
JAN 2026
CISCO
EH
Ethical Hacker
Cisco Networking Academy
JAN 2026
CISCO
ND
Network Defense
Cisco Networking Academy
JAN 2026
AI
HRZ
AI Horizons
IBM SkillsBuild & eYouth
JAN 2026
SDAIA
AI
Fundamentals of Artificial Intelligence
SDAIA (SAMAI)
SEP 2025
[ 06 ]

Contact.

// establish connection
let's build
something secure
together.
> email: Mohmmad.Aldhfeeri@outlook.com
> phone: +966 59 291 7727
> linkedin: /in/mohmmad-aldhfeeri
> github: @Mohmmadaldhfeeri