// Computer Engineering · ENISO · Tunisia · Class of 2027

Oussama
Ghali

Cybersecurity Engineer  ·  SOC Builder  ·  Top 5% TryHackMe

Building proof-driven security work: Azure honeypots, SIEM monitoring, Cisco NetAcad certifications, and offensive labs that show real-world impact.

View Projects Hire Me Download CV Book Intro Call

Hands-on labs, cloud defense, and internship-ready proof

Top 5%
TryHackMe Rank
2
Cisco NetAcad Certs
100+
Alerts Analyzed
Azure
Cowrie Honeypot

// 01 · About

Who Am I?

Interactive Security Console
Type help to list commands
oussama@oussamaghali.me:~$
Education
ENISO — Tunisia
Applied Computer Science Engineering · Expected 2027
Prep School
IPEIEM El Manar
Physics & Technology Track · Ranked 171
Club Role
Cyberguards — ENISO
General Secretary · 50+ students impacted
Certifications
Certification Status
Ethical Hacker - Cisco Networking Academy CyberOps Associate - Cisco Networking Academy

// 02 · Experience

Field Work

2025 — Present
Personal Lab
Personal SOC Lab — Wazuh SIEM
Security Analyst (Self-Directed)
  • Deployed SIEM monitoring multiple endpoints — generated and analyzed 100+ security alerts from simulated attack scenarios
  • Detected brute-force, privilege escalation, and suspicious process execution patterns
  • Tuned detection rules to reduce noise and improve alert relevance during testing
  • Performed log correlation across system, auth, and network events to reconstruct attack timelines
2024 — Present
TryHackMe · Top 5% · PicoCTF
CTF Competition Practice
Offensive Security
  • Ranked in the top 5% on TryHackMe through consistent practice and challenge completion.
  • 50+ hands-on challenges covering web exploitation, Linux privesc, and network enumeration
  • Applied real-world recon → exploitation → post-exploitation methodology on vulnerable systems
  • Sharpened analytical speed under time-constrained, competitive scenarios
2025 — Present
ENISO
Cyberguards Cybersecurity Club
General Secretary
  • Coordinated cybersecurity workshops and events impacting 50+ students
  • Led internal organization, communications, and execution of technical sessions and CTF prep

// 03 · Projects

Featured Work

Honeypot · Cloud Defense
Cowrie-Honeypot-On-Azure
SSH/Telnet honeypot built with Cowrie and hosted on Azure to observe brute-force activity, capture attacker behavior, and present the results in a full dashboard for IP, credential, and command analysis.
Cowrie Azure Linux VM Telemetry Dashboard
Proof of Work
  • Deployed the honeypot on Azure and exposed it for controlled internet-facing observation.
  • Tracked attacker IPs, passwords, usernames, and shell commands to understand real-world probing patterns.
  • Packaged the findings into a dashboard view for faster triage and reporting.
Cowrie honeypot dashboard showing attacker IPs, passwords tried, usernames tried, and commands on Azure
Detection Engineering · SOC
Network-Intrusion-Detection-Platform
End-to-end network intrusion detection lab that simulates real attack traffic, captures packets, detects threats with Suricata signatures, and enriches alerts with a machine learning model before forwarding everything to Wazuh for correlation and visualization.
Suricata Python Wazuh Random Forest Ubuntu Server
Proof of Work
  • Built a full traffic pipeline from attack generation to packet capture, detection, and SIEM correlation.
  • Combined signature-based detection (Suricata) with ML-based scoring to improve visibility on suspicious flows.
  • Integrated alert artifacts (eve.json and ml_alerts.json) into Wazuh to centralize logs and investigation context.
  • Validated the ML stage on NSL-KDD with 99.62% accuracy in lab evaluation.
Network intrusion detection platform workflow: attack traffic, Suricata and ML detection, and Wazuh SIEM correlation
View on GitHub
Web Security · AppSec
Web-App-Security-Lab
Deliberately vulnerable web app simulating SQL Injection, XSS, and IDOR attack vectors — built for attack analysis, detection testing, and understanding exploitation paths vs. defensive countermeasures.
Python Flask SQLite
Proof of Work
  • Attack scenarios implemented: SQL Injection, XSS payload injection, and IDOR access bypass.
  • Detection scenario: suspicious input patterns and auth/resource events correlated for analysis.
  • Defense scenarios documented: parameterized queries, output encoding, and authorization checks.
Web-App-Security-Lab architecture and attack/defense workflow preview
View on GitHub

// 04 · Skills

Arsenal

SIEM & Monitoring
Wazuh Log Analysis Alert Triage Threat Detection
Offensive Security
Web Exploitation Privilege Escalation Network Enumeration Recon
Systems & Networking
Linux Windows TCP/IP SSH VMware
Programming
Python C Java SQL .NET

// 05 · Contact

Let's Connect

Looking for a
cybersecurity internship.

SOC analyst, blue team, or offensive security roles —
ready to contribute from day one with real hands-on skills.

Email oussama.ghali@eniso.u-sousse.tn LinkedIn linkedin.com/in/oussama-ghali GitHub github.com/oussama-ghali Phone +216 29 840 281
Available for Internships

Currently seeking a cybersecurity internship opportunity where I can apply SIEM, offensive testing, and AI automation skills in a real security environment.

SOC Analyst Blue Team Penetration Testing AppSec
Send Message