c565693 · Security Portfolio

portfolio landing page for the four security projects

c565693 Zion Boggan committed on May 28, 2026 (3 weeks ago)

.gitignore +1 -0

		@@ -0,0 +1 @@
	+	.DS_Store

.nojekyll +0 -0

README.md +15 -0

		@@ -0,0 +1,15 @@
	+	# security-portfolio
	+
	+	Landing page for my security engineering projects, served with GitHub Pages.
	+
	+	Live at: https://zionboggan.github.io/security-portfolio/
	+
	+	It's a single static `index.html` - no build step. To publish, push this repo and
	+	enable Pages (Settings → Pages → Source: deploy from a branch → `main` / root).
	+
	+	The projects it links to:
	+
	+	- [soc-automation-lab](https://github.com/zionboggan/soc-automation-lab) - Wazuh + TheHive + Shuffle
	+	- [secure-cicd-pipeline](https://github.com/zionboggan/secure-cicd-pipeline) - GitHub Actions security gating
	+	- [cicd-supply-chain-security](https://github.com/zionboggan/cicd-supply-chain-security) - Cosign + SBOM + Kyverno
	+	- [cti-detection-automation](https://github.com/zionboggan/cti-detection-automation) - CTI feeds → Wazuh rules

assets/cicd.png +0 -0

Binary file not shown

assets/cti.png +0 -0

Binary file not shown

assets/soc.png +0 -0

Binary file not shown

assets/supply-chain.png +0 -0

Binary file not shown

index.html +145 -0

		@@ -0,0 +1,145 @@
	+	<!doctype html>
	+	<html lang="en">
	+	<head>
	+	<meta charset="utf-8">
	+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	+	<title>Zion Boggan - Security Engineering Projects</title>
	+	<meta name="description" content="Detection engineering and secure software supply chain projects: SOC automation, CI/CD security gating, container signing, and CTI-driven detection.">
	+	<style>
	+	:root{--bg:#0d1117;--panel:#161b22;--border:#21262d;--ink:#e6edf3;--muted:#8b949e;--accent:#58a6ff;--green:#3fb950;}
	+	*{box-sizing:border-box;}
	+	body{margin:0;background:var(--bg);color:var(--ink);font-family:-apple-system,Segoe UI,Roboto,Helvetica,Arial,sans-serif;line-height:1.6;}
	+	a{color:var(--accent);text-decoration:none;}
	+	a:hover{text-decoration:underline;}
	+	.wrap{max-width:980px;margin:0 auto;padding:0 22px;}
	+	header{padding:64px 0 40px;border-bottom:1px solid var(--border);}
	+	header h1{font-size:34px;margin:0 0 6px;}
	+	header .role{color:var(--muted);font-size:18px;margin:0 0 18px;}
	+	header p{color:var(--ink);max-width:680px;margin:0;}
	+	.links{margin-top:18px;font-size:15px;}
	+	.links a{margin-right:18px;}
	+	section{padding:46px 0;border-bottom:1px solid var(--border);}
	+	h2.section{font-size:14px;text-transform:uppercase;letter-spacing:1.5px;color:var(--muted);margin:0 0 26px;}
	+	.project{display:grid;grid-template-columns:1.05fr 1fr;gap:28px;align-items:center;margin-bottom:46px;}
	+	.project:last-child{margin-bottom:0;}
	+	.project.rev{grid-template-columns:1fr 1.05fr;}
	+	.project.rev .shot{order:2;}
	+	.shot{border:1px solid var(--border);border-radius:8px;overflow:hidden;background:#fff;}
	+	.shot img{width:100%;display:block;}
	+	.project h3{font-size:21px;margin:0 0 4px;}
	+	.project .tag{color:var(--muted);font-size:13px;margin:0 0 12px;font-family:ui-monospace,Menlo,monospace;}
	+	.project p{margin:0 0 14px;}
	+	.project ul{margin:0 0 16px;padding-left:18px;color:var(--ink);}
	+	.project li{margin-bottom:4px;}
	+	.stack{display:flex;flex-wrap:wrap;gap:7px;margin-bottom:16px;}
	+	.stack span{font-size:12px;background:var(--panel);border:1px solid var(--border);border-radius:5px;padding:3px 9px;color:var(--muted);}
	+	.repo{font-weight:600;}
	+	footer{padding:40px 0 70px;color:var(--muted);font-size:14px;}
	+	@media(max-width:760px){.project,.project.rev{grid-template-columns:1fr;}.project.rev .shot{order:0;}}
	+	</style>
	+	</head>
	+	<body>
	+	<div class="wrap">
	+
	+	<header>
	+	<h1>Zion Boggan</h1>
	+	<p class="role">Detection engineering · secure CI/CD · software supply chain</p>
	+	<p>Four projects I built to learn the defensive stack end to end - from endpoint
	+	telemetry and SOC automation through to signing the artifacts a pipeline ships and
	+	feeding live threat intel back into detection. Each one runs; the screenshots below
	+	are from the deployed labs.</p>
	+	<div class="links">
	+	<a href="https://github.com/zionboggan">GitHub</a>
	+	<a href="https://www.linkedin.com/in/zionboggan">LinkedIn</a>
	+	</div>
	+	</header>
	+
	+	<section>
	+	<h2 class="section">Projects</h2>
	+
	+	<div class="project">
	+	<div class="shot"><img src="assets/soc.png" alt="Wazuh Threat Hunting dashboard with MITRE ATT&CK mapping"></div>
	+	<div>
	+	<h3>SOC Automation Lab</h3>
	+	<p class="tag">wazuh + thehive + shuffle</p>
	+	<p>A working SOC pipeline: endpoint telemetry into Wazuh, automated enrichment
	+	and case creation through Shuffle, analyst triage in TheHive. The screenshot is
	+	the live Threat Hunting view after replaying an SSH brute force against an
	+	enrolled agent - alerts arrive already mapped to MITRE ATT&CK.</p>
	+	<ul>
	+	<li>Custom rules for Sysmon, LSASS access, persistence, and brute force</li>
	+	<li>SOAR playbook: reputation lookup → scored TheHive case → notify</li>
	+	<li>Active response that firewalls a CTI-flagged IP while triage runs</li>
	+	</ul>
	+	<div class="stack"><span>Wazuh</span><span>TheHive</span><span>Shuffle</span><span>Docker</span><span>MITRE ATT&CK</span></div>
	+	<p class="repo"><a href="https://github.com/zionboggan/soc-automation-lab">github.com/zionboggan/soc-automation-lab →</a></p>
	+	</div>
	+	</div>
	+
	+	<div class="project rev">
	+	<div class="shot"><img src="assets/cicd.png" alt="Custom Semgrep rules failing the SAST gate"></div>
	+	<div>
	+	<h3>Secure CI/CD Pipeline</h3>
	+	<p class="tag">github actions + semgrep + gitleaks + pip-audit</p>
	+	<p>A GitHub Actions pipeline that gates every push on four security checks
	+	before merge - static analysis, secret scanning, dependency audit, and tests -
	+	then reports the run to the SOC. The shot shows my custom Semgrep rules catching
	+	command injection, a JWT signature bypass, and a Flask debug RCE.</p>
	+	<ul>
	+	<li>Parallel gates so a failure points at exactly what broke</li>
	+	<li>Custom Semgrep rules reviewed like any other code in the repo</li>
	+	<li>Findings surfaced as SARIF in the Security tab and routed to Shuffle</li>
	+	</ul>
	+	<div class="stack"><span>GitHub Actions</span><span>Semgrep</span><span>gitleaks</span><span>pip-audit</span><span>SARIF</span></div>
	+	<p class="repo"><a href="https://github.com/zionboggan/secure-cicd-pipeline">github.com/zionboggan/secure-cicd-pipeline →</a></p>
	+	</div>
	+	</div>
	+
	+	<div class="project">
	+	<div class="shot"><img src="assets/supply-chain.png" alt="Cosign signing and tamper detection"></div>
	+	<div>
	+	<h3>CI/CD Supply Chain Security</h3>
	+	<p class="tag">cosign + sbom + kyverno</p>
	+	<p>Proves the artifact, not just the source. The pipeline signs every image
	+	keylessly with Cosign, attaches a signed SBOM, and a Kyverno policy refuses to
	+	admit anything that can't produce both. The shot shows a signature verifying,
	+	then being rejected the instant the artifact is modified.</p>
	+	<ul>
	+	<li>Keyless signing via the GitHub OIDC identity - no key to leak</li>
	+	<li>syft SBOM + grype scan, failing the build on high-severity CVEs</li>
	+	<li>Admission policy that resolves tags to digests and requires a signature</li>
	+	</ul>
	+	<div class="stack"><span>Cosign</span><span>Sigstore</span><span>syft</span><span>grype</span><span>Kyverno</span></div>
	+	<p class="repo"><a href="https://github.com/zionboggan/cicd-supply-chain-security">github.com/zionboggan/cicd-supply-chain-security →</a></p>
	+	</div>
	+	</div>
	+
	+	<div class="project rev">
	+	<div class="shot"><img src="assets/cti.png" alt="CTI rule-approval email with MITRE techniques"></div>
	+	<div>
	+	<h3>CTI Detection Automation</h3>
	+	<p class="tag">python + threat feeds + wazuh rule generation</p>
	+	<p>Pulls indicators from live threat-intel feeds, deduplicates across them,
	+	extracts the MITRE techniques behind them, generates Wazuh detection rules - and
	+	emails an analyst for sign-off before anything goes live. The shot is the
	+	generated approval email; no rule reaches the SIEM without a human approving it.</p>
	+	<ul>
	+	<li>Connectors for ThreatFox, Feodo, URLhaus, OTX, and OpenPhish</li>
	+	<li>Cross-feed dedup and ATT&CK technique extraction</li>
	+	<li>Signed, time-limited approval link gating deployment to Wazuh</li>
	+	</ul>
	+	<div class="stack"><span>Python</span><span>Flask</span><span>abuse.ch / OTX</span><span>Wazuh CDB</span><span>MITRE ATT&CK</span></div>
	+	<p class="repo"><a href="https://github.com/zionboggan/cti-detection-automation">github.com/zionboggan/cti-detection-automation →</a></p>
	+	</div>
	+	</div>
	+
	+	</section>
	+
	+	<footer>
	+	<p>Built and deployed on a self-hosted Proxmox homelab. Source for every project is
	+	linked above.</p>
	+	</footer>
	+
	+	</div>
	+	</body>
	+	</html>