// CHARACTER SHEET • v6.0 • BUILD: ANALYST/DEFENDER
Skill Tree
Six years deep into the campaign. Below is the live build sheet — unlocked talents, in-progress training, and locked endgame nodes mapped across the Defender, Engineer, GRC, and Hunter trees. Hover any node for detail.
N⧸S
nicholas@southern
// CLASS: CYBERSECURITY ANALYST • SUBCLASS: SOC / GRC HYBRID
LEVEL 26 — ANALYST
XP: 72% → LVL 27 (CISSP UNLOCK)
DEF
18
+SIEM
DET
17
+HUNT
GRC
16
+NIST
SYS
19
+ADMIN
NET
17
+N+
AI
14
+RED
7 / 8 NODES UNLOCKED
[✓] UNLOCKED
TIER 1
Log Analysis
Read raw events, correlate sources, and triage at speed across Windows, Linux, and network telemetry.
[✓] UNLOCKED
TIER 1
Splunk SIEM
Search Processing Language (SPL), data models, indexes, and alert tuning across enterprise volumes.
[✓] UNLOCKED
TIER 2
Incident Response
NIST 800-61 lifecycle: prepare, detect, contain, eradicate, recover, post-mortem with lessons learned.
[✓] UNLOCKED
TIER 2
EDR / XDR
CrowdStrike, SentinelOne, Defender for Endpoint — endpoint telemetry, isolation, forensic timeline.
[✓] UNLOCKED
TIER 2
MITRE ATT&CK
Map alerts to TTPs, build coverage matrices, drive detection engineering against real adversary playbooks.
[✓] UNLOCKED
TIER 3
Threat Hunting
Hypothesis-driven hunts using F3EAD, lateral-movement patterns, beaconing detection, LOLBin abuse.
[✓] UNLOCKED
TIER 3
Detection Engineering
Author and tune correlation rules, reduce false-positive rate, manage detection-as-code pipelines.
[△] TRAINING
TIER 4
SOAR Automation
Playbook orchestration across SIEM, ticketing, EDR — reduce mean time to respond on commodity alerts.
8 / 8 NODES UNLOCKED
[✓] UNLOCKED
TIER 1
Active Directory
Forests, trusts, GPOs, Kerberos delegation, AD attack surfaces (Kerberoasting, AS-REP, DCSync awareness).
[✓] UNLOCKED
TIER 1
Windows Server
AD DS, Group Policy, PowerShell admin, hardening to DoD STIG baselines, patch / WSUS workflows.
[✓] UNLOCKED
TIER 1
Linux / RHEL
CLI fluency, systemd, package mgmt, file ACLs, SELinux, kernel hardening, log forwarding.
[✓] UNLOCKED
TIER 2
Networking
OSI layer fluency, TCP/IP, routing, switching, VLANs, firewalls, packet capture, SOC-relevant fundamentals.
[✓] UNLOCKED
TIER 2
PowerShell
Automation, Active Directory queries, log parsing, cmdlet chaining — analyst-grade scripting.
[✓] UNLOCKED
TIER 2
Bash / Python
Shell pipelines, Python for analyst tooling: log parsing, IOC enrichment, regex, API calls.
[✓] UNLOCKED
TIER 3
Virtualization
VMware, Hyper-V, lab construction, snapshot workflows for malware detonation and triage.
[✓] UNLOCKED
TIER 3
24/7 NOC Ops
Mission tempo at Ramstein — alert handling, change control, after-action reporting under pressure.
5 / 7 NODES UNLOCKED
[✓] UNLOCKED
TIER 1
NIST 800-53
Control families AC, AU, CM, IR, RA, SI — fluent in baseline application across federal systems.
[✓] UNLOCKED
TIER 1
NIST 800-171
CUI protection on contractor systems — control mapping, SSP authoring, gap remediation.
[✓] UNLOCKED
TIER 2
RMF
Categorize → Select → Implement → Assess → Authorize → Monitor; ATO sustainment workflow.
[✓] UNLOCKED
TIER 2
POA&M / Audit
Track findings, evidence collection, audit prep, control assessor coordination at Lockheed.
[✓] UNLOCKED
TIER 2
STIG / SCAP
DoD baseline application, scan / remediate cycles, deviation documentation.
[△] TRAINING
TIER 3
CMMC
L2 / L3 maturity, third-party assessment prep, defense industrial base posture.
[△] TRAINING
TIER 3
ISO 27001 / 27002
ISMS scoping, Annex A controls, internal audit techniques — commercial-side compliance.
3 / 6 NODES UNLOCKED • ENDGAME PATH
[✓] UNLOCKED
TIER 1
AI Threat Analysis
Active role at Invisible Technologies — train and red-team frontier models on cybersecurity reasoning.
[✓] UNLOCKED
TIER 1
LLM Red Team
Adversarial prompting, jailbreak taxonomy, evaluation harness design for safety / security domains.
[✓] UNLOCKED
TIER 2
Zero Trust
NIST 800-207 architecture: identity, device, network, application, data — enforced at every transaction.
[△] TRAINING
TIER 2
Cloud Security
AWS / Azure shared responsibility, IAM hygiene, CSPM, log routing into SIEM, key-mgmt patterns.
[○] LOCKED
TIER 3
Purple Team
Adversary emulation + detection co-design. Unlocks at SOC seniority + offensive certification.
[○] LOCKED
TIER 3
DFIR Forensics
Disk / memory analysis, timeline reconstruction, chain-of-custody. Unlocks with GCFA / GREM track.
$ cat ./quest_log.txt
Active Quests
[!] MAIN QUEST
The CISSP Crucible
Eight domains. Six months of disciplined study. The certification that gates senior cybersecurity roles industry-wide. Currently grinding security architecture, asset security, and software development security cycles.
+ REWARD: ISC2 Certified • Senior-track unlock • Salary tier shift
[!] MAIN QUEST
B.S. Cybersecurity — WGU
Conferral: March 2026. Capstone in progress — stacking certs that count toward course credit while operating in production environments.
+ REWARD: Bachelor’s degree • Education milestone unlocked
[~] SIDE QUEST
Home Lab v2 — Detection Range
Splunk + Sysmon + Atomic Red Team in a virtualized AD lab. Build, break, detect, document. Proves detection-engineering chops outside of production guardrails.
+ REWARD: Portable detection rule set • Public lab writeups
[~] SIDE QUEST
Public Intel — Blog Cadence
Weekly publication on detection patterns, GRC mechanics, and AI red-team observations. Body of work that scales beyond a résumé line item.
+ REWARD: Industry visibility • Inbound recruiter pipeline
[✓] COMPLETED
CompTIA Network+ N10-009
Network fundamentals re-baseline against the latest objectives. Closes any gap left from years of operational practice without recent textbook coverage.
+ EARNED: 2026 • Network fundamentals certified
[✓] COMPLETED
USAF NOC Tour — Ramstein AB
Four years on a 24/7 mission floor. Hardened 241 systems in a 24-hour sprint. Earned the operational reflexes nothing in a classroom can teach.
+ EARNED: TS/SCI clearance • Mission-tempo conditioning