SOC ANALYST // CYBERSECURITY

LEWIS SAWE

0 BREACHES
9 CTF WRITEUPS
6 SEC CERTS
SCROLL TO INVESTIGATE
// THREAT PROFILE

About

AWS Security Specialty certified professional who monitors threats, responds to incidents, and builds detection workflows.

I built the entire security posture for multiple SME clients from nothing: monthly assessments, IDS deployment, incident response procedures, endpoint protection. Zero security incidents since the audit.

Before that, I recovered a client from ransomware without paying a cent. Restored critical systems under pressure. Trained non-technical staff to recognize phishing.

I train on TryHackMe and HackTheBox to stay sharp. SOC Level 1 & 2 certified, completed the HTB SOC Analyst path. The work is real: Splunk queries, MITRE ATT&CK mapping, log analysis, malware triage.

threat_profile.json 
"name": "Lewis Sawe",
"location": "Kenya (UTC+3)",
"clearance": "AWS Security Specialty",
"threat_level": "to adversaries: HIGH",
"focus": [
  "Threat Detection",
  "Incident Response",
  "Cloud Security",
  "Network Defense"
],
"status": "ACTIVE"
// CAPABILITIES

Arsenal

SIEM & Detection

  • Splunk
  • ELK Stack
  • CloudWatch / CloudTrail
  • GuardDuty
  • Wireshark
  • Windows Event Logs

Incident Response

  • MITRE ATT&CK Framework
  • Threat Hunting
  • Malware Analysis
  • Digital Forensics
  • Log Analysis
  • Incident Triage

Network Security

  • Firewalls / IDS / IPS
  • VPN / VLAN Segmentation
  • Packet Analysis
  • Network Monitoring
  • Endpoint Protection
  • Vulnerability Assessment

Cloud Security

  • AWS IAM / Security Groups
  • CloudTrail / VPC Flow Logs
  • Security Hub / Config
  • KMS / Secrets Manager
  • Container Security
  • Infrastructure as Code

Scripting & Automation

  • Python
  • Bash
  • Detection Rule Authoring
  • Log Parsing
  • Automated Alerting
  • Security Orchestration

Systems

  • Linux Administration
  • Windows Server / AD
  • Docker
  • Prometheus / Grafana
  • Git / CI/CD Security
  • Terraform
// OPERATIONS LOG

Experience

2024 Apr - Present
ACTIVE

Network & Systems Administrator

Eloho
  • Built security monitoring and incident response workflows from scratch
  • Monthly security assessments with enforced remediation timelines
  • Deployed endpoint protection, IDS, firewall rules, network security policies
  • Handled real incidents: brute force via IDS, compromised accounts, USB control
  • Zero security incidents across all client environments since audit
2022 Jan - Mar 2024

IT Support Technician

Elpris Kenya
  • Multi-layered security frameworks across 15 independent client sites
  • Ransomware recovery: isolated, assessed, restored from backup, hardened
  • Automated alerting for suspicious activity detection
  • 95% resolution rate, zero client churn
2022 Nov - Dec

DevOps Intern

HNG Internship (Remote)
  • Security-first IAM policies and network segmentation on AWS
  • CI/CD pipelines with security gates and automated testing
  • Reduced AWS costs ~33% through right-sizing and usage analysis
2017 Jun - Dec

IT Intern

United Nations Office at Nairobi
  • 500+ users supported under UN enterprise security standards
  • 100% network uptime for critical operations
  • Enterprise access controls, data protection, compliance
// DEPLOYMENTS

Projects

MLH WINNER

Kadi

Won Incident Response category. Full observability: Prometheus, Grafana, Alertmanager. 0% error rate at 500 concurrent users. Complete runbook and failure mode docs.

PrometheusGrafanaDockerk6
SECURITY LEAD

ChamaPesa

Security lead on 6-person team. Threat modeling, secure architecture, secrets management, CI/CD security review.

AWSTerraformSecrets Mgr

Guardian

Security monitoring and protection system. Automated threat detection and alerting.

PythonMonitoring

Prisma Cloud DevSecOps

Infrastructure security scanning, policy-as-code, compliance automation.

PrismaTerraformHCL

Agent Containment Protocol

Automated containment and isolation for compromised systems.

TypeScriptIR

Incident Runbook

Structured IR procedures for SOC teams. Standardized response playbooks.

TypeScriptSOC
// INTELLIGENCE

Writeups & Certs

CTF Walkthroughs

RESEARCH What Happens When You Red-Team Your Own Agent THM Juicy Details - Challenge Room Walkthrough THM Hunt Me II: Typo Squatters THM Slingshot Walkthrough THM Fixit Walkthrough THM Hunt Me I: Payment Collectors HTB JavaScript De-obfuscation HTB Introduction to Malware Analysis THM SigHunt Walkthrough

Certifications

AWS Security Specialty
THM SOC Level 1
THM SOC Level 2
HTB SOC Analyst Path
CISCO CCNA
AWS Solutions Architect Associate
AWS CloudOps Engineer Associate
CNCF KCNA
Verify on Credly ↗
// ESTABLISH CONNECTION

Let's Talk Security

Open to SOC Analyst, Security Engineer, and Cybersecurity roles.

HTTPS:// linkedin.com/in/lewisawe HTTPS:// github.com/lewisawe HTTPS:// lewisawe.hashnode.dev