SIEM monitoring
Wazuh lab showing telemetry flow, alert review, custom rule logic, and threat-hunting validation.
Aaron Johnson Tech / AJT
I build practical security workflows that turn noisy alerts, lab telemetry, and analyst notes into clear investigations, tuned detections, and repeatable response playbooks.
B.S. Cybersecurity & Information Assurance, WGU
AI security credential layered onto SOC and detection work
Cyber apprenticeship with lab, team, and purple-team leadership
Cybersecurity experience across operations, labs, and documented projects
Proof, not claims
The site is built as a recruiter-ready evidence trail: what I can do, where I proved it, and why it matters in a real SOC or detection workflow.
Wazuh lab showing telemetry flow, alert review, custom rule logic, and threat-hunting validation.
Custom detection work with MITRE ATT&CK mapping and a focus on reducing noisy alerts.
Linux hardening baseline with SSH key-only access, UFW default-deny, validation, and rollback planning.
Private RAG stack for local SOC notes using Ollama, OpenWebUI, Qdrant, Docker Compose, and FastAPI.
Hiring alignment
Featured case studies
SSH key-only authentication, UFW default-deny, root-login reduction, validation, logging, and rollback planning.
View case study →
Controlled SSH activity converted into Windows telemetry, Wazuh rule logic, and threat-hunting review.
View case study →Local AI-assisted SOC knowledge retrieval using Ollama, OpenWebUI, Qdrant, Docker Compose, and FastAPI.
View case study →Tool stack
The portfolio emphasizes tools that show up in security operations work: logs, rules, endpoints, Linux, playbooks, and workflow automation.
Career story
My background combines high-pressure operations leadership with an HSOC Cyber apprenticeship, a cybersecurity degree, security certifications, and hands-on labs. The result is a security-operations profile built around process, documentation, escalation, and measurable improvement.
More about AJTHiring packet
This one-page recruiter packet pulls together role fit, certifications, resume, proof matrix, interview angles, and contact paths.
Next step
Targeting remote SOC, MDR, Detection Analyst, and Incident Response roles where SIEM tuning, phishing defense, documentation, and AI-assisted workflows matter.
Playbook library
A dedicated playbooks page now shows how I document investigations, escalation logic, evidence, validation, rollback, and AI-assisted guardrails.
View playbooks →Recruiter packet
A fast PDF summary for recruiters and hiring managers who need target roles, certifications, project proof, and contact links in one page.