Zion Boggan
repos/Security Portfolio/commits/a0051a8
zionboggan.com ↗
Code Commits Tags

redesign: flagship, labs, research and background sections

a0051a8   Zion Boggan committed on May 29, 2026 (3 weeks ago)
index.html +320 -115
@@ -3,144 +3,349 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Zion Boggan - Security Engineering Projects</title>
-<meta name="description" content="Detection engineering and secure software supply chain projects: SOC automation, CI/CD security gating, container signing, and CTI-driven detection.">
+<title>Zion Boggan - Security Engineering &amp; Research</title>
+<meta name="description" content="SOC analyst and independent security researcher. Detection engineering, vulnerability research, and applied cryptography - including Oversight Protocol, a post-quantum data-provenance system in Rust.">
+<link rel="icon" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 32 32'%3E%3Crect width='32' height='32' rx='6' fill='%230c0e12'/%3E%3Ctext x='16' y='22' font-family='monospace' font-size='15' fill='%236cc7b8' text-anchor='middle'%3Ezb%3C/text%3E%3C/svg%3E">
<style>
- :root{--bg:#0d1117;--panel:#161b22;--border:#21262d;--ink:#e6edf3;--muted:#8b949e;--accent:#58a6ff;--green:#3fb950;}
+ :root{
+ --bg:#0c0e12; --bg2:#0f1217; --panel:#14181f; --panel2:#171c24;
+ --line:#222936; --line2:#2c3543;
+ --ink:#e8eaed; --soft:#c3cad4; --muted:#8a94a3; --faint:#5d6675;
+ --accent:#6cc7b8; --accent-dim:#274b47;
+ --maxw:1020px;
+ }
*{box-sizing:border-box;}
- body{margin:0;background:var(--bg);color:var(--ink);font-family:-apple-system,Segoe UI,Roboto,Helvetica,Arial,sans-serif;line-height:1.6;}
+ html{scroll-behavior:smooth;}
+ body{margin:0;background:var(--bg);color:var(--ink);
+ font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Helvetica,Arial,sans-serif;
+ font-size:16px;line-height:1.65;-webkit-font-smoothing:antialiased;}
+ .mono{font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,monospace;}
a{color:var(--accent);text-decoration:none;}
- a:hover{text-decoration:underline;}
- .wrap{max-width:980px;margin:0 auto;padding:0 22px;}
- header{padding:64px 0 40px;border-bottom:1px solid var(--border);}
- header h1{font-size:34px;margin:0 0 6px;}
- header .role{color:var(--muted);font-size:18px;margin:0 0 18px;}
- header p{color:var(--ink);max-width:680px;margin:0;}
- .links{margin-top:18px;font-size:15px;}
- .links a{margin-right:18px;}
- section{padding:46px 0;border-bottom:1px solid var(--border);}
- h2.section{font-size:14px;text-transform:uppercase;letter-spacing:1.5px;color:var(--muted);margin:0 0 26px;}
- .project{display:grid;grid-template-columns:1.05fr 1fr;gap:28px;align-items:center;margin-bottom:46px;}
- .project:last-child{margin-bottom:0;}
- .project.rev{grid-template-columns:1fr 1.05fr;}
- .project.rev .shot{order:2;}
- .shot{border:1px solid var(--border);border-radius:8px;overflow:hidden;background:#fff;}
- .shot img{width:100%;display:block;}
- .project h3{font-size:21px;margin:0 0 4px;}
- .project .tag{color:var(--muted);font-size:13px;margin:0 0 12px;font-family:ui-monospace,Menlo,monospace;}
- .project p{margin:0 0 14px;}
- .project ul{margin:0 0 16px;padding-left:18px;color:var(--ink);}
- .project li{margin-bottom:4px;}
- .stack{display:flex;flex-wrap:wrap;gap:7px;margin-bottom:16px;}
- .stack span{font-size:12px;background:var(--panel);border:1px solid var(--border);border-radius:5px;padding:3px 9px;color:var(--muted);}
- .repo{font-weight:600;}
- footer{padding:40px 0 70px;color:var(--muted);font-size:14px;}
- @media(max-width:760px){.project,.project.rev{grid-template-columns:1fr;}.project.rev .shot{order:0;}}
+ a:hover{color:#8fe0d2;}
+ .wrap{max-width:var(--maxw);margin:0 auto;padding:0 24px;}
+
+ /* nav */
+ nav{position:sticky;top:0;z-index:20;background:rgba(12,14,18,.82);
+ backdrop-filter:blur(10px);border-bottom:1px solid var(--line);}
+ nav .wrap{display:flex;align-items:center;justify-content:space-between;height:58px;}
+ nav .brand{font-weight:600;letter-spacing:.2px;}
+ nav .brand .dot{color:var(--accent);}
+ nav .links{display:flex;gap:26px;font-size:13.5px;}
+ nav .links a{color:var(--muted);}
+ nav .links a:hover{color:var(--ink);}
+ @media(max-width:680px){nav .links{display:none;}}
+
+ /* hero */
+ header.hero{padding:74px 0 54px;border-bottom:1px solid var(--line);
+ background:radial-gradient(900px 380px at 78% -10%, #11201e 0%, transparent 60%);}
+ .avail{font-size:12.5px;letter-spacing:1.5px;text-transform:uppercase;color:var(--accent);
+ display:flex;align-items:center;gap:9px;margin-bottom:20px;}
+ .avail .pulse{width:7px;height:7px;border-radius:50%;background:var(--accent);
+ box-shadow:0 0 0 0 rgba(108,199,184,.5);animation:p 2.4s infinite;}
+ @keyframes p{0%{box-shadow:0 0 0 0 rgba(108,199,184,.45)}70%{box-shadow:0 0 0 8px rgba(108,199,184,0)}100%{box-shadow:0 0 0 0 rgba(108,199,184,0)}}
+ h1{font-size:clamp(34px,6vw,52px);line-height:1.05;margin:0 0 8px;letter-spacing:-1px;font-weight:680;}
+ .hero .sub{font-size:clamp(16px,2.4vw,20px);color:var(--soft);margin:0 0 24px;font-weight:500;}
+ .hero .lede{max-width:660px;color:var(--soft);font-size:17px;margin:0 0 28px;}
+ .hero .lede b{color:var(--ink);font-weight:600;}
+ .cta{display:flex;flex-wrap:wrap;gap:12px;align-items:center;}
+ .btn{display:inline-flex;align-items:center;gap:8px;padding:10px 18px;border-radius:8px;
+ font-size:14.5px;font-weight:550;border:1px solid var(--line2);color:var(--ink);background:var(--panel);}
+ .btn:hover{border-color:var(--accent-dim);background:var(--panel2);color:var(--ink);}
+ .btn.primary{background:var(--accent);color:#06231f;border-color:var(--accent);font-weight:650;}
+ .btn.primary:hover{background:#8fe0d2;color:#06231f;}
+ .meta{margin-top:26px;display:flex;flex-wrap:wrap;gap:8px 22px;font-size:13px;color:var(--muted);}
+ .meta .mono{color:var(--faint);}
+
+ /* sections */
+ section{padding:64px 0;border-bottom:1px solid var(--line);}
+ .shead{display:flex;align-items:baseline;gap:14px;margin-bottom:30px;}
+ .shead .idx{font-size:13px;color:var(--accent);letter-spacing:1px;}
+ .shead h2{font-size:14px;letter-spacing:2px;text-transform:uppercase;color:var(--muted);margin:0;font-weight:600;}
+ .shead .rule{flex:1;height:1px;background:var(--line);}
+
+ /* flagship */
+ .flag{background:linear-gradient(180deg,var(--panel) 0%,var(--bg2) 100%);
+ border:1px solid var(--line2);border-radius:14px;overflow:hidden;}
+ .flag .top{padding:30px 32px 8px;}
+ .flag .tag{font-size:12px;letter-spacing:1.5px;text-transform:uppercase;color:var(--accent);margin-bottom:12px;}
+ .flag h3{font-size:27px;margin:0 0 6px;letter-spacing:-.4px;}
+ .flag h3 .v{font-size:13px;color:var(--muted);font-weight:500;margin-left:8px;letter-spacing:0;}
+ .flag .grid{display:grid;grid-template-columns:1.25fr 1fr;gap:30px;padding:14px 32px 30px;}
+ .flag p{color:var(--soft);margin:0 0 16px;}
+ .flag .stats{display:grid;grid-template-columns:1fr 1fr;gap:12px;margin-top:6px;}
+ .stat{background:var(--bg);border:1px solid var(--line);border-radius:9px;padding:13px 15px;}
+ .stat .n{font-size:21px;font-weight:680;color:var(--ink);}
+ .stat .k{font-size:12px;color:var(--muted);margin-top:2px;}
+ .spec{background:var(--bg);border:1px solid var(--line);border-radius:10px;padding:18px 18px;}
+ .spec .sk{font-size:11px;letter-spacing:1.5px;text-transform:uppercase;color:var(--faint);margin-bottom:10px;}
+ .spec ul{margin:0;padding:0;list-style:none;font-size:13.5px;}
+ .spec li{padding:6px 0;border-top:1px solid var(--line);color:var(--soft);display:flex;justify-content:space-between;gap:14px;}
+ .spec li:first-child{border-top:none;}
+ .spec li span{color:var(--muted);}
+ .flag .foot{padding:0 32px 28px;display:flex;gap:18px;flex-wrap:wrap;font-size:14px;}
+ @media(max-width:720px){.flag .grid{grid-template-columns:1fr;}}
+
+ /* lab cards */
+ .cards{display:grid;grid-template-columns:1fr 1fr;gap:20px;}
+ @media(max-width:680px){.cards{grid-template-columns:1fr;}}
+ .card{border:1px solid var(--line);border-radius:12px;overflow:hidden;background:var(--panel);
+ display:flex;flex-direction:column;transition:border-color .15s,transform .15s;}
+ .card:hover{border-color:var(--accent-dim);transform:translateY(-2px);}
+ .card .thumb{height:172px;overflow:hidden;border-bottom:1px solid var(--line);background:#fff;}
+ .card .thumb img{width:100%;height:100%;object-fit:cover;object-position:top left;display:block;}
+ .card .body{padding:18px 20px 20px;display:flex;flex-direction:column;flex:1;}
+ .card h3{margin:0 0 9px;font-size:17px;}
+ .card p{margin:0 0 14px;font-size:14px;color:var(--soft);flex:1;}
+ .tags{display:flex;flex-wrap:wrap;gap:6px;margin-bottom:14px;}
+ .tags span{font-size:11.5px;color:var(--muted);background:var(--bg);border:1px solid var(--line);
+ border-radius:5px;padding:3px 8px;}
+ .card .lnk{font-size:13.5px;font-family:ui-monospace,Menlo,monospace;}
+ .card .lnk::after{content:" →";}
+
+ /* research */
+ .rlede{color:var(--soft);max-width:680px;margin:-6px 0 26px;}
+ .research{display:flex;flex-direction:column;gap:0;border:1px solid var(--line);border-radius:12px;overflow:hidden;}
+ .ritem{display:grid;grid-template-columns:120px 1fr auto;gap:18px;align-items:center;
+ padding:18px 22px;border-top:1px solid var(--line);}
+ .ritem:first-child{border-top:none;}
+ .ritem:hover{background:var(--panel);}
+ .ritem .cls{font-size:11px;letter-spacing:.5px;text-transform:uppercase;color:var(--accent);}
+ .ritem h3{margin:0 0 3px;font-size:16px;}
+ .ritem p{margin:0;font-size:13.5px;color:var(--muted);}
+ .ritem .go{font-family:ui-monospace,Menlo,monospace;font-size:13px;white-space:nowrap;}
+ @media(max-width:680px){.ritem{grid-template-columns:1fr;gap:6px;}.ritem .go{margin-top:4px;}}
+ .progs{margin-top:22px;}
+ .progs .sk{font-size:11px;letter-spacing:1.5px;text-transform:uppercase;color:var(--faint);margin-bottom:11px;}
+ .progs .row{display:flex;flex-wrap:wrap;gap:7px;}
+ .progs .row span{font-size:12.5px;color:var(--soft);background:var(--panel);border:1px solid var(--line);
+ border-radius:6px;padding:4px 10px;}
+
+ /* credentials */
+ .cred{display:grid;grid-template-columns:1.1fr 1fr;gap:28px;}
+ @media(max-width:680px){.cred{grid-template-columns:1fr;}}
+ .cred p{color:var(--soft);margin:0 0 14px;}
+ .cred .role{font-size:14px;color:var(--muted);}
+ .cred .role b{color:var(--ink);font-weight:600;}
+ .certs{list-style:none;margin:0;padding:0;}
+ .certs li{padding:9px 0;border-top:1px solid var(--line);font-size:14px;color:var(--soft);
+ display:flex;gap:10px;align-items:baseline;}
+ .certs li:first-child{border-top:none;}
+ .certs li .c{color:var(--accent);font-family:ui-monospace,Menlo,monospace;font-size:12px;}
+
+ footer{padding:46px 0 64px;}
+ footer .row{display:flex;flex-wrap:wrap;justify-content:space-between;gap:18px;align-items:center;}
+ footer .links a{color:var(--soft);margin-right:20px;font-size:14px;}
+ footer .note{color:var(--faint);font-size:12.5px;max-width:520px;}
</style>
</head>
<body>
-<div class="wrap">
-<header>
- <h1>Zion Boggan</h1>
- <p class="role">Detection engineering &middot; secure CI/CD &middot; software supply chain</p>
- <p>Four projects I built to learn the defensive stack end to end - from endpoint
- telemetry and SOC automation through to signing the artifacts a pipeline ships and
- feeding live threat intel back into detection. Each one runs; the screenshots below
- are from the deployed labs.</p>
- <div class="links">
+<nav><div class="wrap">
+ <span class="brand mono">zion_boggan<span class="dot">.</span></span>
+ <span class="links">
+ <a href="#oversight">Oversight</a>
+ <a href="#labs">Labs</a>
+ <a href="#research">Research</a>
+ <a href="#background">Background</a>
<a href="https://github.com/zionboggan">GitHub</a>
- <a href="https://www.linkedin.com/in/zion-boggan">LinkedIn</a>
- <a href="https://oversightprotocol.dev/">oversightprotocol.dev</a>
- </div>
-</header>
+ </span>
+</div></nav>
-<section>
- <h2 class="section">Projects</h2>
+<header class="hero"><div class="wrap">
+ <div class="avail"><span class="pulse"></span>Open to detection engineering &amp; security roles · relocation OK</div>
+ <h1>Zion Boggan</h1>
+ <p class="sub">SOC analyst · independent security researcher · applied cryptography</p>
+ <p class="lede">I work a SOC desk at a managed security provider by day and build and break
+ security systems the rest of the time. This is the work I can show: <b>detection
+ pipelines and labs</b> that run end to end, <b>vulnerability research</b> across
+ cryptographic and database internals, and <b>Oversight Protocol</b> - a post-quantum
+ data-provenance system I maintain in Rust. Almost all of it runs on my own homelab.</p>
+ <div class="cta">
+ <a class="btn primary" href="#oversight">See the work</a>
+ <a class="btn" href="https://github.com/zionboggan">GitHub</a>
+ <a class="btn" href="https://www.linkedin.com/in/zion-boggan">LinkedIn</a>
+ <a class="btn" href="https://oversightprotocol.dev/">oversightprotocol.dev</a>
+ </div>
+ <div class="meta mono">
+ <span>Memphis, TN</span><span>zionboggan@gmail.com</span>
+ <span>Security+ · SC-200 · AZ-104</span><span>Bugcrowd · HackerOne</span>
+ </div>
+</div></header>
- <div class="project">
- <div class="shot"><img src="assets/soc.png" alt="Wazuh Threat Hunting dashboard with MITRE ATT&CK mapping"></div>
- <div>
- <h3>SOC Automation Lab</h3>
- <p class="tag">wazuh + thehive + shuffle</p>
- <p>A working SOC pipeline: endpoint telemetry into Wazuh, automated enrichment
- and case creation through Shuffle, analyst triage in TheHive. The screenshot is
- the live Threat Hunting view after replaying an SSH brute force against an
- enrolled agent - alerts arrive already mapped to MITRE ATT&CK.</p>
- <ul>
- <li>Custom rules for Sysmon, LSASS access, persistence, and brute force</li>
- <li>SOAR playbook: reputation lookup &rarr; scored TheHive case &rarr; notify</li>
- <li>Active response that firewalls a CTI-flagged IP while triage runs</li>
- </ul>
- <div class="stack"><span>Wazuh</span><span>TheHive</span><span>Shuffle</span><span>Docker</span><span>MITRE ATT&CK</span></div>
- <p class="repo"><a href="https://github.com/zionboggan/soc-automation-lab">github.com/zionboggan/soc-automation-lab &rarr;</a></p>
+<section id="oversight"><div class="wrap">
+ <div class="shead"><span class="idx mono">01</span><h2>Flagship</h2><span class="rule"></span></div>
+ <div class="flag">
+ <div class="top">
+ <div class="tag mono">Open-source · Rust + Python</div>
+ <h3>Oversight Protocol<span class="v mono">v0.4.11</span></h3>
+ </div>
+ <div class="grid">
+ <div>
+ <p>A cryptographic data-provenance system: a verifiable, tamper-evident record of
+ where data came from and what happened to it, designed to hold up against a future
+ with quantum computers. I'm the lead maintainer and primary contributor.</p>
+ <p>The hard part is correctness across two languages - the Rust implementation and
+ the Python reference are built to produce <b>bit-identical</b> output, enforced by a
+ shared conformance suite. It pairs classical and post-quantum primitives so signatures
+ and key exchange stay sound even if one side breaks.</p>
+ <div class="stats">
+ <div class="stat"><div class="n">12 crates</div><div class="k">~10.3k lines of Rust</div></div>
+ <div class="stat"><div class="n">~13.4k lines</div><div class="k">Python reference impl</div></div>
+ <div class="stat"><div class="n">141 tests</div><div class="k">125 Rust · 16 Python conformance</div></div>
+ <div class="stat"><div class="n">FIPS 203/204</div><div class="k">ML-KEM-768 · ML-DSA-65</div></div>
+ </div>
+ </div>
+ <div class="spec">
+ <div class="sk mono">Cryptography</div>
+ <ul>
+ <li>Key exchange <span>X25519</span></li>
+ <li>AEAD <span>XChaCha20-Poly1305</span></li>
+ <li>Signatures <span>Ed25519</span></li>
+ <li>KDF <span>HKDF-SHA256</span></li>
+ <li>PQ KEM <span>ML-KEM-768</span></li>
+ <li>PQ signatures <span>ML-DSA-65</span></li>
+ <li>Transparency <span>Sigstore Rekor v2</span></li>
+ <li>Timestamping <span>RFC 3161 TSA</span></li>
+ </ul>
+ </div>
+ </div>
+ <div class="foot">
+ <a class="mono" href="https://oversightprotocol.dev/">oversightprotocol.dev →</a>
+ <a class="mono" href="https://github.com/oversight-protocol/oversight">github.com/oversight-protocol/oversight →</a>
+ <span class="mono" style="color:var(--faint)">Targeting USENIX Security &amp; Black Hat EU 2026</span>
</div>
</div>
+</div></section>
- <div class="project rev">
- <div class="shot"><img src="assets/cicd.png" alt="Custom Semgrep rules failing the SAST gate"></div>
- <div>
- <h3>Secure CI/CD Pipeline</h3>
- <p class="tag">github actions + semgrep + gitleaks + pip-audit</p>
- <p>A GitHub Actions pipeline that gates every push on four security checks
- before merge - static analysis, secret scanning, dependency audit, and tests -
- then reports the run to the SOC. The shot shows my custom Semgrep rules catching
- command injection, a JWT signature bypass, and a Flask debug RCE.</p>
- <ul>
- <li>Parallel gates so a failure points at exactly what broke</li>
- <li>Custom Semgrep rules reviewed like any other code in the repo</li>
- <li>Findings surfaced as SARIF in the Security tab and routed to Shuffle</li>
- </ul>
- <div class="stack"><span>GitHub Actions</span><span>Semgrep</span><span>gitleaks</span><span>pip-audit</span><span>SARIF</span></div>
- <p class="repo"><a href="https://github.com/zionboggan/secure-cicd-pipeline">github.com/zionboggan/secure-cicd-pipeline &rarr;</a></p>
+<section id="labs"><div class="wrap">
+ <div class="shead"><span class="idx mono">02</span><h2>Security Labs</h2><span class="rule"></span></div>
+ <div class="cards">
+
+ <a class="card" href="https://github.com/zionboggan/soc-automation-lab">
+ <div class="thumb"><img loading="lazy" src="assets/soc.png" alt="Wazuh Threat Hunting dashboard with MITRE ATT&CK mapping"></div>
+ <div class="body">
+ <h3>SOC Automation Lab</h3>
+ <p>Wazuh detection into Shuffle SOAR into TheHive case management. Endpoint telemetry,
+ custom MITRE-mapped rules, automated enrichment and case creation. Deployed and shown
+ live with an enrolled agent and a replayed SSH brute force.</p>
+ <div class="tags"><span>Wazuh</span><span>TheHive</span><span>Shuffle</span><span>MITRE ATT&CK</span></div>
+ <span class="lnk mono">soc-automation-lab</span>
+ </div>
+ </a>
+
+ <a class="card" href="https://github.com/zionboggan/secure-cicd-pipeline">
+ <div class="thumb"><img loading="lazy" src="assets/cicd.png" alt="Custom Semgrep rules failing the SAST gate"></div>
+ <div class="body">
+ <h3>Secure CI/CD Pipeline</h3>
+ <p>A GitHub Actions pipeline that gates every merge on four checks - SAST, secret
+ scanning, dependency audit, tests - with custom Semgrep rules and findings routed
+ back to the SOC.</p>
+ <div class="tags"><span>GitHub Actions</span><span>Semgrep</span><span>gitleaks</span><span>pip-audit</span></div>
+ <span class="lnk mono">secure-cicd-pipeline</span>
+ </div>
+ </a>
+
+ <a class="card" href="https://github.com/zionboggan/cicd-supply-chain-security">
+ <div class="thumb"><img loading="lazy" src="assets/supply-chain.png" alt="Cosign signing and tamper detection"></div>
+ <div class="body">
+ <h3>CI/CD Supply-Chain Security</h3>
+ <p>Proves the artifact, not just the source: keyless Cosign signing, a signed SBOM,
+ grype scanning, and a Kyverno admission policy that refuses anything it can't verify.</p>
+ <div class="tags"><span>Cosign</span><span>Sigstore</span><span>syft</span><span>Kyverno</span></div>
+ <span class="lnk mono">cicd-supply-chain-security</span>
+ </div>
+ </a>
+
+ <a class="card" href="https://github.com/zionboggan/cti-detection-automation">
+ <div class="thumb"><img loading="lazy" src="assets/cti.png" alt="CTI rule-approval email with MITRE techniques"></div>
+ <div class="body">
+ <h3>CTI Detection Automation</h3>
+ <p>Pulls indicators from live threat-intel feeds, dedupes across them, extracts the
+ MITRE techniques, generates Wazuh rules - and emails an analyst for sign-off before
+ anything goes live.</p>
+ <div class="tags"><span>Python</span><span>ThreatFox / OTX</span><span>Wazuh CDB</span><span>ATT&CK</span></div>
+ <span class="lnk mono">cti-detection-automation</span>
+ </div>
+ </a>
+
+ </div>
+</div></section>
+
+<section id="research"><div class="wrap">
+ <div class="shead"><span class="idx mono">03</span><h2>Vulnerability Research</h2><span class="rule"></span></div>
+ <p class="rlede">Coordinated-disclosure research on Bugcrowd and HackerOne, focused on the
+ places bugs are easy to miss and expensive to get wrong: cryptographic libraries, database
+ engine internals, blockchain consensus, and authorization layers. Source-code analysis,
+ protocol review, reproducible proof-of-concept.</p>
+
+ <div class="research">
+ <div class="ritem">
+ <span class="cls mono">MPC / crypto</span>
+ <div><h3>Fireblocks MPC research notebook</h3>
+ <p>Findings against an MPC threshold-signature library - memory safety, signature
+ verification, and zero-knowledge proof soundness, with reproducible PoCs.</p></div>
+ <a class="go" href="https://github.com/zionboggan/security-research-notebook">notebook →</a>
+ </div>
+ <div class="ritem">
+ <span class="cls mono">JWT / auth</span>
+ <div><h3>Schism - JWT differential fuzzer</h3>
+ <p>Differentially tests JWT libraries against each other and the RFCs to surface
+ algorithm-confusion and parsing-divergence bypasses.</p></div>
+ <a class="go" href="https://github.com/zionboggan/jwt-differential-fuzzer">fuzzer →</a>
+ </div>
+ <div class="ritem">
+ <span class="cls mono">Markets / quant</span>
+ <div><h3>Prediction-market bot postmortem</h3>
+ <p>A trading bot taken from edge hypothesis to a documented, honest negative result -
+ the evaluation harness and why the edge didn't survive fees.</p></div>
+ <a class="go" href="https://github.com/zionboggan/prediction-market-bot-postmortem">postmortem →</a>
</div>
</div>
- <div class="project">
- <div class="shot"><img src="assets/supply-chain.png" alt="Cosign signing and tamper detection"></div>
- <div>
- <h3>CI/CD Supply Chain Security</h3>
- <p class="tag">cosign + sbom + kyverno</p>
- <p>Proves the artifact, not just the source. The pipeline signs every image
- keylessly with Cosign, attaches a signed SBOM, and a Kyverno policy refuses to
- admit anything that can't produce both. The shot shows a signature verifying,
- then being rejected the instant the artifact is modified.</p>
- <ul>
- <li>Keyless signing via the GitHub OIDC identity - no key to leak</li>
- <li>syft SBOM + grype scan, failing the build on high-severity CVEs</li>
- <li>Admission policy that resolves tags to digests and requires a signature</li>
- </ul>
- <div class="stack"><span>Cosign</span><span>Sigstore</span><span>syft</span><span>grype</span><span>Kyverno</span></div>
- <p class="repo"><a href="https://github.com/zionboggan/cicd-supply-chain-security">github.com/zionboggan/cicd-supply-chain-security &rarr;</a></p>
+ <div class="progs">
+ <div class="sk mono">Programs researched</div>
+ <div class="row">
+ <span>Aiven (PostgreSQL · MySQL · ClickHouse · Valkey · Kafka)</span>
+ <span>Fireblocks MPC</span><span>Electroneum</span><span>Cloudinary</span>
+ <span>AXIS OS</span><span>Mattermost</span><span>GitLab</span><span>Databricks</span>
+ <span>The Trade Desk</span><span>New Relic</span><span>Automattic / WordPress</span>
+ <span>Snapchat</span><span>Vimeo</span><span>Airtable</span>
</div>
</div>
+</div></section>
- <div class="project rev">
- <div class="shot"><img src="assets/cti.png" alt="CTI rule-approval email with MITRE techniques"></div>
+<section id="background"><div class="wrap">
+ <div class="shead"><span class="idx mono">04</span><h2>Background</h2><span class="rule"></span></div>
+ <div class="cred">
<div>
- <h3>CTI Detection Automation</h3>
- <p class="tag">python + threat feeds + wazuh rule generation</p>
- <p>Pulls indicators from live threat-intel feeds, deduplicates across them,
- extracts the MITRE techniques behind them, generates Wazuh detection rules - and
- emails an analyst for sign-off before anything goes live. The shot is the
- generated approval email; no rule reaches the SIEM without a human approving it.</p>
- <ul>
- <li>Connectors for ThreatFox, Feodo, URLhaus, OTX, and OpenPhish</li>
- <li>Cross-feed dedup and ATT&CK technique extraction</li>
- <li>Signed, time-limited approval link gating deployment to Wazuh</li>
- </ul>
- <div class="stack"><span>Python</span><span>Flask</span><span>abuse.ch / OTX</span><span>Wazuh CDB</span><span>MITRE ATT&CK</span></div>
- <p class="repo"><a href="https://github.com/zionboggan/cti-detection-automation">github.com/zionboggan/cti-detection-automation &rarr;</a></p>
+ <p>Two years on a SOC desk at a managed security provider - triaging 150-300 alerts a
+ shift across Splunk, Microsoft Sentinel, SentinelOne, and Stellar Cyber, running
+ forensic investigations on ransomware intrusions (Cactus, BlackByte), and managing
+ vulnerability remediation against NIST 800-171 / CMMC baselines.</p>
+ <p class="role"><b>SOC Analyst</b> · Cyber Guards (MSSP) · 2024-present<br>
+ <b>Prior:</b> Relationship Banker · Bank of America</p>
</div>
+ <ul class="certs">
+ <li><span class="c">SEC+</span> CompTIA Security+ (SY0-701)</li>
+ <li><span class="c">SC-200</span> Microsoft Security Operations Analyst</li>
+ <li><span class="c">AZ-104</span> Microsoft Azure Administrator</li>
+ <li><span class="c">AZ-900</span> Microsoft Azure Fundamentals</li>
+ <li><span class="c">S1</span> SentinelOne Incident Responder</li>
+ <li><span class="c">CySA+</span> CompTIA - scheduled June 2026</li>
+ </ul>
</div>
+</div></section>
-</section>
-
-<footer>
- <p>Built and deployed on a self-hosted Proxmox homelab. Source for every project is
- linked above.</p>
-</footer>
+<footer><div class="wrap row">
+ <div class="links">
+ <a href="https://github.com/zionboggan">GitHub</a>
+ <a href="https://www.linkedin.com/in/zion-boggan">LinkedIn</a>
+ <a href="https://oversightprotocol.dev/">Oversight</a>
+ <a href="mailto:zionboggan@gmail.com">Email</a>
+ </div>
+ <div class="note">Built and deployed on a self-hosted Proxmox homelab. Source for every
+ project is linked above.</div>
+</div></footer>
-</div>
</body>
</html>