SaintValTech
Cybersecurity Portfolio

SaintValTech

SOC, SIEM, Incident Response, SOAR, and Network Security

Hands-on cybersecurity portfolio by Emeka Valentine Ogbu showcasing enterprise-style lab projects across security operations, network defense, vulnerability management, hybrid identity, Zero Trust access, and multi-source SOAR integration.

Built around practical, well-documented projects using Microsoft Sentinel, Wazuh, Security Onion, pfSense, TheHive, Cortex, Shuffle, and Cloudflare Zero Trust.

View Projects GitHub LinkedIn Contact
About SaintValTech

Technical portfolio built around real projects, real troubleshooting, and structured documentation

SaintValTech is my technical portfolio and project platform, built to document hands-on work across security operations, SIEM monitoring, incident response, vulnerability management, hybrid identity, and network security engineering. The projects on this site are organized as practical case studies that show how infrastructure, identity, detection, automation, and analyst workflow fit together in a real-world security environment.

While I am currently focused on opportunities in IT Support, NOC, Tier 1 SOC, and security operations, this portfolio reflects the deeper technical work I actively build, validate, and document.

Core Focus Areas

Hands-on technical areas that define the SaintValTech portfolio

The SaintValTech portfolio is built around the following areas of practical technical focus:

SIEM Monitoring & Alert Triage

Practical work in event visibility, alert review, incident validation, and investigation workflows using tools such as Microsoft Sentinel and Wazuh.

Incident Response & Case Documentation

Projects involving alert handling, containment logic, evidence preservation, incident workflow design, and structured documentation for analyst use.

Vulnerability Management & Detection Validation

Credentialed scanning, remediation testing, contextual risk analysis, and validation of how security tools detect and report meaningful activity.

Firewalling, VLAN Segmentation & Network Security

Enterprise-style lab architecture using pfSense, pfBlockerNG, VLANs, Cisco switching, mirrored traffic visibility, and controlled trust boundaries.

Hybrid Identity & Microsoft Security

Domain controller hardening, Azure AD Connect, Hybrid Azure AD Join, Defender for Endpoint integration, and identity-aware Microsoft security workflows.

SOAR Integration & Analyst Workflow Design

Automation architecture using Azure Logic Apps, Shuffle, TheHive, and Cortex to separate detection, orchestration, enrichment, and case handling.

Featured Projects

Core projects in the SaintValTech portfolio

These projects represent the core of the SaintValTech portfolio. Together, they show how infrastructure, identity, detection, automation, and case management can be integrated into a realistic enterprise-style SOC environment.

Enterprise SOC Homelab & Network Security Architecture

Designed and deployed a segmented enterprise-style SOC lab using pfSense, VLANs, Cisco switching, Wazuh, and Security Onion. This project established the network, monitoring, and visibility foundation for the broader SaintValTech environment, including mirrored traffic inspection, SIEM support, and controlled separation between lab systems, user traffic, and monitoring infrastructure.

Focus Areas: Network segmentation, pfSense, VLANs, packet visibility, Security Onion, Wazuh, infrastructure design
View Project

Domain Controller Hardening & Hybrid Identity Foundation

Built and hardened a Tier-0 Windows Domain Controller using Kerberos, NTLM, LDAP, SMB, audit policy, PowerShell logging, and firewall baseline controls, then extended the identity environment into Microsoft Entra ID using Azure AD Connect and Hybrid Azure AD Join.

Focus Areas: Active Directory, Group Policy, Kerberos hardening, audit logging, hybrid identity, Microsoft Entra ID
View Project

Microsoft Sentinel SOAR Pipeline & Incident Automation

Created and validated an incident-driven Microsoft Sentinel SOAR foundation using Defender telemetry, NRT analytics rules, automation rules, and Azure Logic Apps. This project verified the full Microsoft-native path from detection to incident creation and playbook execution.

Focus Areas: Microsoft Sentinel, Defender XDR, analytics rules, Logic Apps, incident automation, SOAR validation
View Project

Defender for Endpoint Onboarding & Connectivity Troubleshooting in a Filtered Enterprise Network

Investigated and resolved a Microsoft Defender for Endpoint connectivity enforcement issue on a Windows Server Domain Controller inside a filtered network protected by pfBlockerNG. The work traced the problem to DNSBL-based interference with required Microsoft cloud endpoints and restored healthy communication through controlled whitelisting and validation.

Focus Areas: Microsoft Defender for Endpoint, DNS troubleshooting, pfBlockerNG, endpoint connectivity, Windows Server validation
View Project

Zero Trust Exposure of TheHive Using Cloudflare Tunnel, Access, and Microsoft Entra ID

Published TheHive securely without opening inbound firewall ports by using Cloudflare Tunnel and Cloudflare Access backed by Microsoft Entra ID and MFA. This project replaced traditional port forwarding with a Zero Trust publication model that supported both analyst access and secure Microsoft Sentinel-to-TheHive workflow integration.

Focus Areas: Cloudflare Tunnel, Cloudflare Access, TheHive, Zero Trust, Microsoft Entra ID, MFA, secure service exposure
View Project

Multi-Source SOAR Integration with Sentinel, Security Onion, Wazuh, Shuffle, TheHive, and Cortex

Designed a multi-source SOAR architecture that routes Microsoft Sentinel incidents and high-signal network and endpoint detections into TheHive using Azure Logic Apps, Wazuh, and Shuffle. The project established case-versus-alert routing, deduplication-aware ingestion, and a modular workflow separating detection, orchestration, enrichment, and case management.

Focus Areas: SOAR, TheHive, Shuffle, Wazuh, Security Onion, Cortex, Logic Apps, case management, multi-source alert routing
View Project
Certifications

Credentials supporting the portfolio

My hands-on project work is supported by industry certifications in security operations, networking, and defensive security fundamentals.

CompTIA CySA+

Security operations, threat detection, incident response, and vulnerability management.

CompTIA Security+

Core defensive security concepts, identity, risk management, and foundational security controls.

CompTIA Network+

Networking fundamentals, TCP/IP, routing, switching, segmentation, and troubleshooting.

Tools & Platforms

Technologies used across the portfolio

The SaintValTech portfolio is built across a mix of security, infrastructure, identity, and orchestration platforms used throughout these projects.

SIEM, Detection & Monitoring

  • Microsoft Sentinel
  • Wazuh
  • Security Onion
  • Zeek
  • Suricata

SOAR, Case Management & Enrichment

  • Azure Logic Apps
  • Shuffle
  • TheHive
  • Cortex

Network, Firewall & Infrastructure

  • pfSense
  • pfBlockerNG
  • VLANs
  • Cisco CBS350
  • NAT
  • WireGuard
  • OpenVPN

Identity, Endpoint & Microsoft Security

  • Microsoft Defender for Endpoint
  • Microsoft Defender XDR
  • Microsoft Entra ID
  • Active Directory
  • Hybrid Azure AD Join
Current Professional Direction

Where the portfolio connects to my career focus

I am currently focused on opportunities in IT Support, NOC, Tier 1 SOC, and security operations, while continuing to deepen my hands-on experience in SIEM monitoring, alert triage, incident response, vulnerability management, hybrid identity, and SOAR architecture.

SaintValTech serves as the technical proof layer behind that direction, showing how I approach infrastructure, detection, troubleshooting, automation, and case workflow design in practice.

Connect

Get in touch

For recruiters, hiring managers, collaborators, or anyone interested in my work, the best ways to connect are through LinkedIn, GitHub, or email.

LinkedIn GitHub Email