Skip to content
View ibernal1815's full-sized avatar
🎯
Focusing...
🎯
Focusing...
2 followers · 3 following

Achievements

Achievement: Pull Shark

Achievements

Achievement: Pull Shark

Block or report ibernal1815

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ibernal1815/README.md

Isaiah Bernal

Purple Team Engineer  ·  SOC Analyst  ·  Detection Engineering / DFIR

LinkedIn CySA+ Security+ CC

My background is in IT infrastructure, but I found my passion on the defensive side of security. I spend time in my home lab simulating attacks and digging through Windows Event Logs, Sysmon telemetry, and memory dumps to understand how things actually work under the hood.

Lately I've been focused on reconstructing attack timelines around techniques like persistence and privilege escalation using Elastic SIEM, Volatility, and Suricata. Currently interning as a Cloud Windows Systems Administrator at CSUN while building out my security research labs.

Finishing my B.S. in Computer Information Technology at CSUN and starting my M.S. in Information Security at Cal Poly Pomona in the fall.

Projects

Project Focus Stack Status
Sysmon Detection Lab MITRE ATT&CK simulation, Sigma rule authoring, alert correlation Sysmon, Elastic SIEM, Wazuh In Progress
Malware Analysis Lab Static/dynamic analysis, memory forensics, IOC reporting FLARE-VM, REMnux, Volatility, YARA In Progress
Python Log Normalizer & IOC Extractor Multi-format log parsing, IOC extraction, CLI tooling Python Testing
Enterprise Active Directory Lab Domain administration, incident simulation, GPO, provisioning Windows Server, PowerShell Complete
Windows Internals Lab Process analysis, system behavior documentation Sysinternals, Sysmon, VMware Complete
GuardQuote Full stack web platform with ML pricing engine React, NestJS, PostgreSQL, FastAPI, XGBoost Capstone

Skills

Security       Splunk · Elastic SIEM · Wazuh · Sysmon · Suricata · Wireshark · Volatility · Sysinternals · CyberChef
Scripting      Python · Bash · PowerShell · SQL
OS             Linux (Ubuntu, Fedora) · Windows 10/11 · Windows Server · macOS
Infrastructure VMware · VirtualBox · Proxmox · pfSense · Active Directory · Azure / Entra ID

Education & Certifications

B.S. Computer Information Technology  ·  California State University, Northridge  ·  Exp. 2026

M.S. Information Security  ·  Cal Poly Pomona  ·  Incoming Fall 2026

A.S. Cybersecurity  ·  Los Angeles Mission College  ·  2023

 

CompTIA Security+  ·  CompTIA CySA+  ·  ISC2 CC  ·  HTB CDSA (In Progress)

Pinned Loading

  1. active-directory-lab active-directory-lab Public

    Simulated enterprise Active Directory environment for Silverline Technologies — covering AD DS, DNS, GPOs, file permissions, PowerShell automation, and IT support workflows.

    PowerShell

  2. log-normalizer log-normalizer Public

    Python tool to parse and normalize raw security logs into a structured format for analysis or SIEM ingestion

    Python 1

  3. malware-analysis-lab malware-analysis-lab Public

    A structured malware analysis lab covering static analysis, dynamic behavioral analysis, memory forensics, and detection engineering with Sigma and Wazuh.

    1

  4. sysmon-sysinternals-detection-lab sysmon-sysinternals-detection-lab Public

    Detection engineering lab using Sysmon and Sysinternals to identify attacker TTPs, map to MITRE ATT&CK, and build detection logic.

    1

  5. windows-internals-lab windows-internals-lab Public

    Windows internals investigation lab using Microsoft Sysinternals and Sysmon, documented through structured scenarios in a controlled VMware environment.

    1

  6. jag18729/guard-quote jag18729/guard-quote Public

    Security guard service quoting platform with ML-powered pricing

    TypeScript 3 2