SaintValTech
Cybersecurity Portfolio

SaintValTech

SOC, SIEM, Incident Response, SOAR, and Security Infrastructure

SaintValTech is an independent cybersecurity engineering and technical portfolio platform by Emeka Valentine Ogbu, focused on documenting enterprise-style security operations, security engineering, incident response, detection workflows, and infrastructure security through practical implementation and structured technical research.

The portfolio demonstrates practical implementations across security operations, SIEM engineering, incident response, security automation, network security, vulnerability management, hybrid identity, and infrastructure defense using platforms such as Wazuh, Security Onion, Microsoft Sentinel, pfSense, TheHive, Cortex, Shuffle SOAR, Microsoft Defender XDR, and Cloudflare Zero Trust.

View Projects GitHub LinkedIn Contact
About SaintValTech

Technical portfolio built on security engineering, operational workflows, and structured documentation

SaintValTech is my independent cybersecurity engineering and technical portfolio platform, built to document practical work across security operations, SIEM monitoring, incident response, security automation, infrastructure security, and vulnerability management.

The projects documented here are structured as practical technical case studies designed to demonstrate how infrastructure, detection engineering, analyst workflows, automation, and security operations integrate within modern enterprise security environments.

This platform serves as a technical proof of continuous development through structured lab engineering, professional certifications, operational research, and practical implementation of enterprise-style security workflows.

Core Focus Areas

Hands-on technical areas that define the SaintValTech portfolio

The SaintValTech portfolio is built around practical technical work across security operations, infrastructure, monitoring, and incident response.

SIEM Monitoring & Alert Triage

Practical work in event visibility, alert review, incident validation, and investigation workflows using platforms such as Microsoft Sentinel and Wazuh.

Incident Response & Case Documentation

Projects involving alert handling, containment logic, evidence preservation, incident workflow design, and structured documentation for analyst use.

Vulnerability Management & Detection Validation

Credentialed scanning, remediation testing, contextual risk analysis, and validation of how security tools detect and report meaningful activity.

Firewalling, VLAN Segmentation & Security Infrastructure

Enterprise-style lab architecture using pfSense, pfBlockerNG, VLANs, Cisco switching, mirrored traffic visibility, and controlled trust boundaries.

Hybrid Identity & Microsoft Security

Domain controller hardening, Azure AD Connect, Hybrid Azure AD Join, Defender for Endpoint integration, and identity-aware Microsoft security workflows.

SOAR Integration & Analyst Workflow Design

Automation architecture using Azure Logic Apps, Shuffle, TheHive, and Cortex to separate detection, orchestration, enrichment, and case handling.

Featured Projects

Core projects in the SaintValTech portfolio

These projects represent the core of the SaintValTech portfolio. Together, they show how infrastructure, identity, detection, automation, and case management can be integrated into a realistic enterprise-style SOC environment.

Enterprise SOC Homelab & Network Security Architecture

Designed and deployed a segmented enterprise-style SOC lab using pfSense, VLANs, Cisco switching, Wazuh, and Security Onion. This project established the network, monitoring, and visibility foundation for the broader SaintValTech environment, including mirrored traffic inspection, SIEM support, and controlled separation between lab systems, user traffic, and monitoring infrastructure.

Focus Areas: Network segmentation, pfSense, VLANs, packet visibility, Security Onion, Wazuh, infrastructure design
View Project

Domain Controller Hardening & Hybrid Identity Foundation

Built and hardened a Tier-0 Windows Domain Controller using Kerberos, NTLM, LDAP, SMB, audit policy, PowerShell logging, and firewall baseline controls, then extended the identity environment into Microsoft Entra ID using Azure AD Connect and Hybrid Azure AD Join.

Focus Areas: Active Directory, Group Policy, Kerberos hardening, audit logging, hybrid identity, Microsoft Entra ID
View Project

Microsoft Sentinel SOAR Pipeline & Incident Automation

Created and validated an incident-driven Microsoft Sentinel SOAR foundation using Defender telemetry, NRT analytics rules, automation rules, and Azure Logic Apps. This project verified the full Microsoft-native path from detection to incident creation and playbook execution.

Focus Areas: Microsoft Sentinel, Defender XDR, analytics rules, Logic Apps, incident automation, SOAR validation
View Project

Defender for Endpoint Onboarding & Connectivity Troubleshooting in a Filtered Enterprise Network

Investigated and resolved a Microsoft Defender for Endpoint connectivity enforcement issue on a Windows Server Domain Controller inside a filtered network protected by pfBlockerNG. The work traced the problem to DNSBL-based interference with required Microsoft cloud endpoints and restored healthy communication through controlled whitelisting and validation.

Focus Areas: Microsoft Defender for Endpoint, DNS troubleshooting, pfBlockerNG, endpoint connectivity, Windows Server validation
View Project

Zero Trust Exposure of TheHive Using Cloudflare Tunnel, Access, and Microsoft Entra ID

Published TheHive securely without opening inbound firewall ports by using Cloudflare Tunnel and Cloudflare Access backed by Microsoft Entra ID and MFA. This project replaced traditional port forwarding with a Zero Trust publication model that supported both analyst access and secure Microsoft Sentinel-to-TheHive workflow integration.

Focus Areas: Cloudflare Tunnel, Cloudflare Access, TheHive, Zero Trust, Microsoft Entra ID, MFA, secure service exposure
View Project

Multi-Source SOAR Integration with Sentinel, Security Onion, Wazuh, Shuffle, TheHive, and Cortex

Designed a multi-source SOAR architecture that routes Microsoft Sentinel incidents and high-signal network and endpoint detections into TheHive using Azure Logic Apps, Wazuh, and Shuffle. The project established case-versus-alert routing, deduplication-aware ingestion, and a modular workflow separating detection, orchestration, enrichment, and case management.

Focus Areas: SOAR, TheHive, Shuffle, Wazuh, Security Onion, Cortex, Logic Apps, case management, multi-source alert routing
View Project
Certifications

Credentials supporting the portfolio

My hands-on project work is supported by industry certifications in security operations, networking, and defensive security fundamentals.

CompTIA CySA+

Security operations, threat detection, incident response, and vulnerability management.

CompTIA Security+

Core defensive security concepts, identity, risk management, and foundational security controls.

CompTIA Network+

Networking fundamentals, TCP/IP, routing, switching, segmentation, and troubleshooting.

Tools & Platforms

Technologies used across the portfolio

The SaintValTech portfolio is built across a mix of security, infrastructure, identity, endpoint, and orchestration platforms used throughout these projects.

SIEM, Detection & Monitoring

  • Microsoft Sentinel
  • Wazuh
  • Security Onion
  • Zeek
  • Suricata

SOAR, Case Management & Enrichment

  • Azure Logic Apps
  • Shuffle
  • TheHive
  • Cortex

Network, Firewall & Infrastructure

  • pfSense
  • pfBlockerNG
  • VLANs
  • Cisco CBS350
  • NAT
  • WireGuard
  • OpenVPN

Identity, Endpoint & Microsoft Security

  • Microsoft Defender for Endpoint
  • Microsoft Defender XDR
  • Microsoft Entra ID
  • Active Directory
  • Hybrid Azure AD Join
Technical Direction

Where the portfolio is developing

SaintValTech continues to evolve through practical engineering across security operations, incident response, SIEM engineering, infrastructure security, vulnerability management, identity security, and security automation.

The platform reflects continuous technical progression through real-world lab engineering, structured operational workflows, and technical documentation designed to strengthen both practical and academic cybersecurity foundations.

Connect

Contact

Connect through LinkedIn, GitHub, or email for professional networking, collaboration, or discussion related to the projects documented on this site.

LinkedIn GitHub Email