The world is a series of vulnerabilities. I spend my time finding them before the wrong people do.

• $ ACADEMIC_FACADE= El Sewedy University of Technology.
• $ SOCIAL_CREDIT= 4.0/4.3 CGPA.
• $ SPECIALIZATION= Blue Team Ops. Incident Response. Defensive Architectures.
• $ ETHICS_CHECK= All tools and research conducted in controlled, authorized environments.

Tools are just extensions of the mind. Here’s what I’m currently using to keep the world from crashing:

{
"💻 Programming & Scripting": [ , , , , , , ],
"🛡️ Security & Monitoring": [ , , , , , ],
"⬢ Infrastructure & Operations": [ , , , ],
"▤ Frameworks & Standards": [ , ]
}

Me and my team didn't just build a tool; we built an ecosystem. Integrating SIEM, EDR, and NDR telemetry to automate the response. Mean Time To Respond? Minimized.

The Objective:

• Architected a fully containerized SOAR ecosystem using Docker, integrating SIEM, EDR, and NDR telemetry across distributed environments.
• Container Orchestration: Leveraged Docker to manage a modular stack including Wazuh, TheHive, Cortex, and Velociraptor, ensuring consistent deployment and isolation.
• Intelligence-Driven Automation: Engineered IR playbooks using REST APIs to execute real-time responses like endpoint isolation and IP blacklisting.
• AI Orchestration: Integrated an AI Decision Engine to trigger automated playbooks based on real-time threat detection patterns.
• LLM Log Analysis: Leveraged Large Language Models (LLMs) to classify attack types and reduce "alert fatigue" with confidence-rated summaries.
• Predictive Severity: Implemented machine learning to predict alert log severity scores for optimized prioritization.

Finding the C2 communication hidden in the PCAP noise. Using machine learning to detect what the human eye misses.

The Objective:

• Developed a machine learning pipeline to identify anomalous traffic patterns indicative of C2 communication and data exfiltration.
• ML Pipeline: Analyzed PCAP data using Scikit-learn to detect anomalies that traditional signature-based IDS might miss.
• Feature Engineering: Implemented custom features based on flow duration and packet entropy to increase detection of zero-day exploits.
• Deep-Dive Forensics: Integrated Arkime (Moloch) for full-packet indexing, allowing for visual metadata analysis and breach reconstruction.
• Tool Synergy: Utilized Zeek, Suricata, and Wireshark for multi-layered network traffic validation.

The university projects. Cryptography tools. Secure storage. Every lab is a lesson in how to stay invisible.

• Current Objective -> CompTIA Security+ & Stanford Cryptography I & Cyber Security 101.
• Training Grounds -> BTLO, TryHackMe.
• Human Interface -> Arabic (Native), English (Technical), French (DELF B2).

Don't follow the white rabbit. Hire it.

• LinkedIn: paula-maged
• Encrypted Mail: paulamagedcyber@gmail.com
• Org: IEEE Student Branch (Tech & R&D)