Building secure systems, investigating threats, and engineering resilient digital experiences — from SOC monitoring floors to forensic deep-dives.
I'm Grace — an aspiring security engineer and SOC analyst fascinated by the quiet space between signal and noise. I'm building my foundation in detection, incident response, and forensic tooling — one project, one packet capture, one CTF at a time.
My work lives at the intersection of defensive engineering, OSINT, and curious tinkering. I move with one principle: secure systems are made of careful details, repeated relentlessly.
The tools and disciplines I actively work with as I grow into security engineering.
A selection of security tools, investigations, and labs I've shipped.
Designed a centralized Identity & Access Management framework for NovaTech Solutions — RBAC, MFA enforcement, JML lifecycle automation, JIT privileged access, and audit logging across cloud-hosted HR, Finance, and Engineering platforms.
TLP:WHITE intelligence report on the Nigerian BEC collective tracked as G0083 — 480+ actors, 81,300+ malware samples, mapped to MITRE ATT&CK with sourcing from Unit 42, CISA, and Interpol.
Full incident report on an IDS-triggered alert: malicious email attachment executed on a workstation. VirusTotal pivoting, C2 domain analysis, timeline reconstruction, and remediation recommendations.
Reverse-engineered an AsyncRAT infection from a PCAP: traced the VBScript dropper, decoded a PowerShell payload disguised as mdm.jpg, extracted the executable, and confirmed the family via SHA-256 lookup.
Scotland Yard scenario: recovered a deleted partition with PhotoRec, brute-forced a ZIP with fcrackzip + rockyou, extracted a steghide payload from audio, decoded Base58, and pulled GPS coords from a spectrogram.
OPSEC-failure case study — extracted EXIF metadata with exiftool, recovered hidden comments and timestamps, then geo-located the suspect to Kathmandu via reverse image search.
Designed and ran a phishing simulation and awareness program as part of the Mastercard job simulation, measuring behavioral risk and crafting targeted training.
A collection of defensive utilities including a GPG-based cryptography app for symmetric and asymmetric encryption, key management, and secure file sharing — all wrapped in a Python interface.
Deployed AD DS on Windows Server 2019 in VMware: configured DNS, DHCP, joined Windows 10 clients to smith.local, designed OUs, and enforced GPOs (wallpaper, control-panel lockdown, software install).
Multi-zone IoT simulation chaining motion, smoke, and water-level sensors to security gates, sprinklers, sirens, and webcams — covering security, smoke detection, and smart irrigation.
Custom RFID-based door access system for a hotel: contactless authentication triggers lighting, HVAC, blinds, and webcam activation — modeling secure, auditable physical access.
Python desktop app for a supermarket (TREATS) backed by a XAMPP database — staff sign-up/sign-in, stock management, and text-to-speech feedback across six dedicated windows.
Multi-site enterprise network design and configuration — VLANs, routing, and inter-campus connectivity built and verified end-to-end.
A growing library of certifications, job simulations, and specialized training across security operations, forensics, threat intelligence, and OSINT.
Hands-on internships and virtual experience programs shaping my security foundation.
Open to security engineering roles, SOC opportunities, research collaborations, and speaking.