Threat Detection & Monitoring
Engineering SIEM pipelines, log analysis workflows, and continuous network monitoring to identify anomalies across systems.
Cyber Security Analyst
MOHAMMAD FAVAS S
Cyber Security Analyst | SOC Analyst | Certified CSA
Certified SOC Analyst (CSA) with a strong foundation in threat detection, incident response, and system hardening. Highly proficient in Linux administration and experienced in engineering complex virtual network environments for security testing.
I care about practical security work: useful monitoring, hardened Linux systems, clean incident response habits, and small tools that make investigation faster.
Based in Kerala, India. You can reach me at favassalam88@gmail.com or see my code on GitHub.
Profile
Defense-first monitoring, hardened infrastructure, and practical security engineering.
Employs a proactive, defense-first mindset to analyze network traffic, monitor logs, and rapidly mitigate vulnerabilities across systems.
Core Focus
Primary areas of work.
Incident Response & Hardening
Implementing system hardening, configuring secure virtual environments, and mitigating active vulnerabilities with a defense-first mindset.
Security Automation
Developing lightweight security tooling and automating defensive workflows for faster triage, investigation, and response.
Skills
Tools and platforms.
SIEM & Threat Monitoring
Wazuh
Log Analysis
Endpoint Detection and Response (EDR)
Intrusion Detection Systems (IDS)
Network & Traffic Analysis
Wireshark
Packet Analysis
TCP/IP
DNS
DHCP
HTTP/S
Security Assessment & VAPT
Burp Suite
Metasploit
Nmap
Hashcat
Systems & Infrastructure
Arch Linux
Kali Linux
System Hardening
UFW
Docker
Scripting & Automation
Bash
Go
JavaScript
ProjectsHardened Sensor & Compliance Baseline Lightweight JavaScript scanner Intentionally vulnerable machine
Selected work.
Linux Hardening & SIEM Orchestration
Architected a Defense-in-Depth posture by remediating 100+ misconfigurations to meet CIS Benchmarks. Successfully elevated the host's compliance score from 26% to 83% by implementing kernel module blacklisting, filesystem restrictions, and a high-fidelity auditd telemetry engine integrated with a Dockerized Wazuh stack.
View projectPeelr
Built a lightweight JavaScript scanner in Go to accelerate local recon and triage. It identifies hardcoded secrets, risky client-side sinks, prototype pollution patterns, and GraphQL clues through a CLI and local web UI using only the standard library.
Open repositoryInfinity Castle
Configured hidden entry points, system misconfigurations, and cryptographic challenges to practice reconnaissance, request manipulation, traffic interception, and vertical privilege escalation while studying both offensive paths and defensive detection.
Education & CertificationsApr 2026 Feb 2026 Feb 2026 2025 - 2026 2021 - 2025
Academic and professional credentials.
Certified SOC Analyst (CSA)
EC-Council
Certified in Cybersecurity (CC)
ISC2
Jr Penetration Tester Learning Path
TryHackMe
Certified IT Infrastructure and Cyber SOC Analyst
RedTeam Hacker Academy
B.Tech, Computer Science & Engineering
Vidya Academy of Science & Technology Technical Campus
ExperienceApr 2024 - Sep 2025
Professional experience.
Freelance Software Developer
Managed the end-to-end development of multiple applications, integrating security-first practices into the development lifecycle. Oversaw project workflows and delivered responsive support to ensure secure, stable product delivery.
Current Focus
- Threat detection engineering
- Incident response readiness
- Linux system hardening
- Virtual lab security testing
Professional Strengths
- Defense-first analysis of logs, endpoints, and network traffic
- Hands-on experience building isolated virtual lab environments
- Strong Linux administration and hardening foundation
- Practical automation for faster triage and investigation
Research & Threat Intel24 Apr 2026 01 Apr 2026
Recent Writeups
🐧 Linux Infrastructure Hardening & SIEM Orchestration
Technical walkthrough covering the remediation of 100+ misconfigurations on a minimalist Arch Linux endpoint to achieve an 83% CIS Benchmark score. Demonstrates a defense-in-depth methodology, shifting from a vulnerable baseline to a production-hardened posture via layered kernel, filesystem, and identity-level controls.
Open writeup🧅 Peelr: Peel back every secret!
Peelr is a fast JavaScript security scanner for bug bounty hunters and security researchers. Point it at a .js file and it highlights the lines worth opening first: exposed secrets, dangerous sinks, prototype pollution gadgets, GraphQL clues, and source-to-sink taint flows.