Cybersecurity portfolio focused on SIEM monitoring, endpoint and network telemetry, DFIR and SOC-style investigations.
Live site: https://Nikki-65.github.io
Resume (PDF): Nikki_Sadvand_Cybersecurity_Analyst_Resume.pdf
Cybersecurity Analyst with experience in SIEM monitoring, endpoint telemetry, log analysis, and SOC investigations. Founder of NS Cybersecurity, delivering Elastic SIEM ingestion pipelines, Sysmon and Zeek telemetry, and Windows security assessments aligned with MITRE ATT&CK.
M.S. in Cybersecurity Technology (UMGC, GPA 4.0, President’s List).
- SIEM & SOC Monitoring: Elastic SIEM, Splunk, alert triage, KQL, dashboards
- Endpoint Telemetry: Sysmon, Windows Event Logs, authentication, process, and network events
- Network Telemetry: Zeek, Filebeat, Kibana Discover validation, Wireshark analysis
- DFIR & Investigation: Autopsy, FTK Imager, Autoruns, artifact review, IOC extraction
- Framework Alignment: MITRE ATT&CK, NIST, SOX ITGC
- Automation & Scripting: Python, PowerShell, Bash
Founder & Cybersecurity Consultant
- Engineered a Fleet-managed Elastic SIEM endpoint pipeline using Sysmon v15+; ingested process creation, network connections, and PowerShell events; validated visibility using KQL.
- Deployed Zeek on Ubuntu 24.04; ingested 1,500+ structured network events into Elastic SIEM via Filebeat; validated real-time telemetry in Kibana Discover.
- Conducted Windows endpoint security audits covering authentication failures, firewall rules, and active connections; validated outbound traffic and delivered hardening recommendations.
Cybersecurity & IT Support Technician
- Supported and secured Windows endpoints; performed malware investigations, MFA enforcement, endpoint troubleshooting, and system imaging.
- Maintained security documentation and resolved high-volume support tickets across operational systems.
-
Elastic SIEM + Fleet + Sysmon (Endpoint Telemetry Pipeline)
Endpoint event collection, enrichment, and SIEM validation for SOC visibility.Artifacts:
-
Zeek + Filebeat → Elastic SIEM (Network Telemetry Ingestion)
Network sensor deployment, structured log ingestion, and Kibana validation.Artifacts:
-
SOC Dashboarding & Alert Triage (Splunk SIEM)
SOC dashboards and detection queries for monitoring Windows authentication activity and privilege escalation signals.Artifacts:
-
Network Reconnaissance & SOC Automation (Python)
Nmap-based automation wrapper with structured output and report generation.Artifacts:
-
Threat Intelligence & Malware Analysis
Static and behavioral analysis of suspicious artifacts; IOC extraction and validation for SOC and DFIR use.Artifacts:
- PDF: Malware Sandbox Analysis & IOC Extraction
- Screenshot: IOC Reputation Validation
-
DFIR & Incident Investigation
Investigated a simulated web server intrusion using IIS log analysis, Base64 decoding, SSH exfiltration review, and Windows persistence artifact analysis with Autoruns and scheduled tasks, supported by additional DFIR tooling (Autopsy, FTK Imager, Wireshark).Artifacts:
- PDF: DFIR Incident Investigation & Forensic Analysis
- Screenshot: IIS Logs – Suspicious requests
- Screenshot: IIS Logs – Exfiltration evidence
- Screenshot: Hidden directory persistence artifact
- Screenshot: Startup folder persistence
- Screenshot: Scheduled task persistence XML
- Frontend: HTML5, CSS3
- Layout: CSS Grid, Flexbox, Responsive Design
- Hosting: GitHub Pages
- Tooling: GitHub, custom assets, basic SEO meta tags
- Goal: recruiter-friendly navigation and fast scanning
/
├── index.html
├── projects.html
├── certifications.html
├── contact.html
├── assets/
│ ├── site-banner.png
│ ├── project images
│ ├── certification logos
│ └── icons
└── Nikki_Sadvand_Cybersecurity_Analyst_Resume.pdf
- Python Basics for Data Science (IBM)
- Location: Matthews, NC
- Email: sadvandniknaz0@gmail.com
- GitHub: https://github.com/Nikki-65