From Network Administration to Cybersecurity Operations 1 gsDFFFFFFSSSSSSSSSSSSSSSSSSSSSSHHHHHHHHHHHHSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

OVERVIEW
In this session, I presented a practical approach to investigating SSH brute force attempts against internet-facing systems in enterprise environments. The talk focused on how security analysts can collect evidence from authentication logs, firewall telemetry, and SIEM alerts to determine whether an event is simply malicious noise or a genuine security incident requiring escalation.

The presentation was built around a realistic enterprise security workflow, showing how repeated login failures, attacker source IP behavior, username targeting patterns, and service exposure can reveal the intent and severity of an attack. I also explained the importance of contextual analysis, especially when systems are located in segmented areas such as a DMZ and protected by centralized monitoring controls.

The session was designed for students, junior SOC analysts, and IT professionals who want to strengthen their understanding of log-based detection, triage discipline, and incident validation in real-world defensive operations.

RESPONSIBILITIES
- Researched and structured the full technical topic for presentation delivery
- Prepared the speaking material based on practical SOC and network security concepts
- Explained how SSH brute force attacks are detected using logs and alert rules
- Demonstrated how to validate whether authentication attempts were successful or failed
- Presented methods for correlating SIEM alerts with firewall and host-level evidence
- Highlighted the difference between alert noise, suspicious activity, and confirmed incidents
- Guided the audience through a practical escalation mindset used in security operations

HIGHLIGHTS
- Delivered a practical, operations-focused cybersecurity presentation
- Explained the full triage flow from alert generation to validation and escalation
- Covered SSH authentication behavior, repeated login failures, and attacker patterns
- Connected SOC analysis with real infrastructure concepts such as DMZ exposure
- Emphasized evidence-based decision making instead of assumptions
- Shared defensive lessons useful for both network administrators and SOC analysts

RESULTS
The session helped translate security monitoring concepts into a practical investigation workflow that attendees could immediately understand and apply. It showed how even a common alert, such as repeated SSH login failures, can provide valuable learning opportunities when analyzed correctly.

The presentation improved understanding of:
- how brute force behavior appears in logs
- how SIEM alerts should be validated before escalation
- how failed authentication differs from confirmed compromise
- how infrastructure context influences incident severity
- how blue team analysts should document and communicate findings clearly

Overall, the talk reinforced a disciplined and methodical approach to threat investigation in enterprise environments.

LESSONS LEARNED
One of the main lessons from this speaking session was that technical knowledge becomes far more valuable when it is communicated clearly and in a structured way. Security analysis is not only about detecting suspicious activity, but also about explaining what happened, why it matters, and what action should follow.

I also reinforced the importance of:
- validating alerts with multiple sources of evidence
- understanding the business and network context of each event
- avoiding over-escalation when activity is unsuccessful but still suspicious
- using practical case-based explanations to make cybersecurity topics easier to understand
- combining networking knowledge with SOC workflows for stronger defensive analysis

This experience strengthened both my technical communication skills and my ability to present security operations topics in a professional and understandable way.