EVIDENCE-FIRST SECURITY PORTFOLIO

Detection content that’s tested, mapped, and deployable.

Sigma, Wazuh, and Splunk detections plus IR playbooks and a triage simulator. Everything is auditable in GitHub.

Proof over vibes:
• Clone the repo
• Run the verify commands
• Match the counts

Verified artifacts Reproducible commands

Open to roles SOC Analyst (T1/T2) Detection Engineer Security Automation DFIR (Junior)

Clone the repo See the proof pack Email me

Huntsville-adjacent • North Alabama

Counts and links align to raylee-ops/HawkinsOperations (verified, reproducible today).

142

Verified detections (today)

105

Verified Sigma rules

Verified Wazuh blocks

Verified Splunk queries

Verified IR playbooks

Only verified counts are shown. "Total library" is intentionally omitted.

Verify lane: pwsh -NoProfile -File .\scripts\verify\verify-counts.ps1 and pwsh -NoProfile -File .\scripts\verify\generate-verified-counts.ps1 -OutFile .\PROOF_PACK\VERIFIED_COUNTS.md.

Tools

Platform fluency at a glance

WazuhRule blocks + validation

SplunkSPL detections and pivots

SigmaPortable detection rules

AutomationTines/Torq-ready workflow mindset

About

Who I am and what this portfolio proves

I am targeting Huntsville-area security roles and I built this portfolio to make recruiter and technical screening fast.

My current base is Gadsden, Alabama, about an hour from Huntsville, and I can commute now while I interview.

I am relocating soon, and my lease is flexible month-to-month after May, so location logistics are already planned.

My focus is SOC Analyst (T1/T2), Junior Detection Engineering, and Security Automation where I can contribute quickly.

Every claim here is tied to reproducible commands and repository artifacts, so teams can validate fit without guesswork.

Featured projects

Three things recruiters can verify fast

Homepage stays lean. Details live on the dedicated pages.

Click →

Proof Pack (90-sec path)

Start here, run counts, validate structure, move on.

START_HERE.mdVERIFIED_COUNTS.mdNo hand-waving

Click →

Detections Library

Sigma + Wazuh + Splunk detections, mapped and organized.

Sigma 105Wazuh 29Splunk 8

Click →

RH_MIGRATION_2026_V2

Migration proof trail and execution artifacts (portfolio-grade).

RunbooksEvidenceChange control

Click →

Mini Case Study

How I built + validated 29 Wazuh rule blocks in a reproducible workflow.

Case studyWazuhVerification

Writing

Technical write-up

Read →

Migrating Legacy Detection Rules from Python 2 to Python 3

A practical migration path for legacy-heavy environments and SOC engineering teams.

Featured work

Pick a lane, then drill down

These tiles are interactive and expandable on their pages. No dead squares.

Open →

Security & Playbooks

Deployable rules, IR playbooks, and validation commands.

Open →

Home Lab

Proxmox + Wazuh + Splunk testbed. Redacted screenshots supported.

Open →

Triage Simulator

SOC workflow practice: context, pivots, and evidence checklist.

Open →

Resume

Project-heavy resume + downloadable PDF.