Live Feed

Press ` to open terminal

kelvin@portfolio ~ $
╔══════════════════════════════════════════╗
║ Kelvin Rose — Security Portfolio v3 ║
╚══════════════════════════════════════════╝
Type help for available commands.
kelvin@portfolio:~$ 

Press ` or ESC to close

About Trading Bot Work Journey CTF Certs Contact GitHub ↗

Cybersecurity Analyst · SIEM/XDR · SOC Operations

Kelvin
Rose

Cybersecurity analyst at ECS Fin. I monitor threats, triage alerts, and build detection infrastructure — in production and in the lab.

View Work ↓ Download CV
Scroll

01 — About

Security
is my
craft.

I'm a cybersecurity analyst at ECS Fin, supporting threat monitoring and security operations for production financial systems in a regulated client environment. Day-to-day I triage and investigate alerts across Wazuh SIEM/XDR, perform detection tuning, support incident response, and author SOPs and playbooks used across the team.

Outside work I run a hands-on homelab replicating real SOC workflows — and I build tools like Clawdbot and Velar to sharpen the engineering side.

KR
Kelvin Rose
Sec. Engineer
1+
Yr Professional
3+
Certifications
3+
Yrs in Security
Currently Pursuing
CISM — Certified Information Security Manager
ISACA · In Progress

Tools & Technologies

Wazuh SIEM/XDR
Alert Triage & Investigation
Incident Response
Detection Tuning
Python / Bash
Linux (Ubuntu 24.04)
Nmap / Wireshark
Site24x7
TCP/IP · DNS · VLANs
MITRE ATT&CK
SOPs & Playbooks
Docker / KVM
SIEM / Detection Pentesting Networking Linux / OS Scripting Forensics

02 — Infrastructure

Homelab
Architecture.

🛡️
pfSense
192.168.10.1
Firewall IDS/IPS VLAN GW
🔍
Wazuh SIEM
192.168.20.5
Log Ingest Detection Alerts
⚔️
Kali Linux
192.168.30.12
Attack Box Pentest Isolated VLAN
🖥️
Proxmox
192.168.40.3
Hypervisor 6 VMs Snapshots
Active Node
Monitored
Isolated

03 — Journey

How I Got
Here.

2022
Got Curious. Built a Homelab.

Started with a single VM running Kali Linux — just following tutorials and breaking things. Quickly expanded to a full network with pfSense, VLANs, and a dedicated attack machine.

Kali LinuxpfSenseVMs
2023 — Early
Google Cybersecurity Certificate

Completed the full Google Cybersecurity Professional Certificate on Coursera — solidified fundamentals in threat detection, incident response, network security, and Python automation.

GoogleCourseraPython
2023 — Mid
Wazuh + Tines + Clawdbot Pipeline

Deployed Wazuh across my homelab and built automated response playbooks with Tines. Built Clawdbot — a custom Slack bot that parses JSON alert payloads and fires formatted alert cards to my SOC channel. First time I saw a full detection-to-response pipeline work end-to-end.

WazuhTinesClawdbotSlack API
Aug 2024 – Jan 2025
Matlen Silver — Business Development Analyst

Built structured dashboards and analytical reports in Excel and SQL. Automated reporting workflows, sharpening data analysis and systematic problem-solving skills directly applicable to security operations.

SQLExcelAutomation
Jan 2025 → Now
ECS Fin — Cybersecurity Analyst

Supporting cyber threat monitoring and security operations for production financial systems in a regulated client environment. Triaging and investigating alerts across Wazuh SIEM/XDR, performing detection tuning, supporting incident response, authoring SOPs and playbooks, and contributing to CIS benchmark validation and audit readiness.

WazuhSOC OperationsIncident ResponseDetection TuningRegulated Env.
In Progress →
Pursuing CISM

Focusing on CISM — Certified Information Security Manager — to deepen the governance, risk, and program management side of security alongside hands-on operational work at ECS Fin.

CISMISACASecurity Management

04 — Featured Build

Velar — AI
Trading System.

Live System · Paper Trading Mode

Full-Stack
Algo Trading Engine

Velar is a complete AI-powered trading system — a FastAPI backend serving real-time data via WebSocket, a multi-tab futuristic dashboard (Chart.js, Orbitron UI), a Congressional trading tracker watching 535 members of Congress, a market sentiment gauge, ML algorithm panel, and a kill switch with a live-trading safety arm. Runs in Docker with one command.

The engineering decisions here map directly to security work: hardened API endpoints, CORS policy, credential management for broker auth, safe defaults (paper mode), and a kill switch for emergency stop — the same risk-first mindset I bring to SOC automation.

Python FastAPI WebSocket Chart.js Docker Pandas / NumPy SQLite Slack Alerts REST API Nginx
View Source → Write-Up ↗
VELAR
PAPER MODE
BOT ACTIVE
Daily P&L
+$2,847
Win Rate
78.4%
ML Accuracy
87.3%
News
Congress
Sentiment
AI Insights
Performance
Bot Controls
Start / Stop
Live Trading Arm
⚠ Kill Switch
Recent Activity
09:31BUYNVDA$891
09:44SELLAAPL$182
10:02ALERTTSLA→ Slack
10:17BUYSPY$524

05 — Selected Work

What I've
Built.

Project 01
SIEMWazuhTinesClawdbotSlack API

Wazuh & Tines
SOAR Automation

End-to-end SOC pipeline — Wazuh detects and forwards alerts as JSON payloads to Tines, which parses fields and triggers automated responses: host isolation, ticket creation, and real-time Slack notifications via Clawdbot, a custom Slack bot I built to deliver formatted alert cards to my SOC channel. Reduced MTTR from hours to seconds.

Write-Up →GitHub ↗
Project 02
NetworkingpfSenseVLANsProxmox

Homelab Network
Architecture

Segmented homelab with 6 VLANs, pfSense firewall with IDS/IPS, Proxmox hypervisor, and a dedicated attack network — simulating enterprise-grade infrastructure for realistic red/blue team exercises.

Diagram →GitHub ↗
Project 03
PentestingBurp SuiteOWASP Top 10Windows Tablet

Web App Pentest
Report

Full-scope web application pentest documenting 12 vulnerabilities across the OWASP Top 10. Conducted assessments running Burp Suite on a Windows tablet — demonstrating toolset adaptability across hardware. Delivered exploitation PoCs, CVSS ratings, and remediation guidance.

Full Report →GitHub ↗
Project 04
Active DirectoryBloodHoundSplunkMimikatz

Active Directory
Attack & Defend

Simulated full AD environment — ran Kerberoasting, Pass-the-Hash, and BloodHound path discovery offensively, then tuned Splunk detection rules and hardened GPOs on the defensive side.

Write-Up →GitHub ↗

06 — Practice

Platforms &
CTF Activity.

TryHackMe
Top 5%
Global Ranking
Rooms Completed42
Linux FundamentalsJr Penetration Tester SOC Level 1Advent of Cyber
HackTheBox
User
Current Rank
Machines Owned8
LameBlue JerryNibbles
CTF Competitions
Events Competed
Challenges Solved24
PicoCTFCTFtime OSINTWeb Exploitation

07 — Writing

Writeups &
Notes.

Coming Soon
How I Built a $0 SOC in My Bedroom

A walkthrough of my homelab architecture — from bare metal to a fully segmented network with SIEM, IDS/IPS, and automated incident response. Everything I wish someone had told me starting out.

Homelab
Coming Soon
Kerberoasting from Scratch: Attack to Detection

Step-by-step offensive walkthrough of Kerberoasting in a lab AD environment — then flipping to write Splunk detection rules that catch it reliably without alert fatigue.

Active Directory
Coming Soon
Automating Alert Triage with Tines + Clawdbot

How I connected Wazuh alerts to Tines workflows that auto-classify severity, enrich with threat intel, and push formatted cards to Slack via Clawdbot — all without human intervention.

SOAR

08 — Credentials

Certifications.

🎯
Google Cybersecurity
Google · Coursera
Active
🏆
CompTIA Security+
CompTIA
Active
🌐
CCNA
Cisco
Active
🔐
CISM
ISACA · Certified Information Security Manager
In Progress
📋
CSP Assessors Director
Certified Security Professional
Planned

09 — Testimonials

What People
Say.

Coming Soon

A quote from a professor, instructor, or colleague will appear here.

Coming Soon

A quote from a CTF teammate, lab partner, or peer will appear here.

10 — Contact

Let's
Work
Together.

Currently working as a Cybersecurity Analyst at ECS Fin. Open to conversations about senior SOC, detection engineering, and security consulting roles.