Register your call sign. Progress saves automatically to this browser. If you've registered before on this machine, your data loads on refresh.
Use your real name or a clean variant. Recruiters cross-reference LinkedIn, GitHub, and your résumé — they must match.
Real photo. Clean banner — dark theme, your specialization in 3 words. Avoid stock hacker hoodies.
Format: "[Role] · [Specialty] · [Proof]". Example: "Cyber Ops Analyst · Threat Detection & ML · Security+, CySA+, MS Data Science".
Create a repo named exactly your username. The README.md renders on your profile page.
Mix: 2 cyber, 2 data science, 1 automation, 1 writeup. Order by impact, not date.
Archive or delete old class assignments, broken forks, "hello world" repos. Curate ruthlessly.
Pin email, LinkedIn, and a Calendly link in the profile README.
Aim for 3–5 days/week. Discipline, not raw output.
Build one master repo with this structure, mark it as "template" in GitHub settings. Every future project clones from it.
One .github/workflows/ci.yml running lint + tests + secret scan. Reuse across repos.
Pick MIT or Apache 2.0 as default. Add to template.
Save the template above as a reusable block in your template repo.
Build, license, language, coverage. Copy into top of every project README.
Standardize capture/crop (Flameshot / CleanShot). Consistency reads as polish.
Build a repo called credentials/ with one folder per cert/degree containing: verification link, study log, lab work, and a writeup of what you actually built with that knowledge.
Each gets: verification badge URL, study notes, 2–3 lab writeups (TryHackMe / HackTheBox / your own VM lab), date earned.
Pair each with a Kaggle notebook or real analysis. Show the capstone — and the rejected hypotheses.
If publicly disclosable, link verification page. For clearance-related items, follow agency disclosure guidance carefully.
3–5 strongest course projects as standalone repos. Thesis/capstone gets its own polished repo with PDF in /docs.
Master index README listing every cert with status (earned / in-progress / planned).
Folder per cert: verification link, study log, 2 lab writeups, key concepts.
Each paired with a notebook/repo of real analysis you completed.
3–5 strongest course projects polished and linked from credentials index.
Order matters. Start entry-level, ladder up. The flagship at the bottom gets you past the screen. Each project's checkbox represents shipping it end-to-end — README, diagram, screenshots, the works.
Stand up a virtual SOC: vulnerable Windows/Linux victim, Kali attacker, SIEM stack (Wazuh / Security Onion / ELK). Generate attacks, watch detections fire, document everything.
Proves you understand the full detection lifecycle. Almost every blue-team interview asks "describe your home lab" — this is the answer.
Train a classifier that flags phishing URLs in real time. Public datasets (PhishTank, OpenPhish), engineered features, multi-model benchmark.
Ties your DS degree to your security certs. Most common "ML+Sec" hybrid interview narrative.
Poll NVD for new CVEs, filter by CVSS + product, enrich with EPSS scores, post daily digest to Slack/Discord/email.
You can ship and operate something. CI/CD piece signals DevSecOps maturity.
Real labeled IDS dataset (CICIDS2017 / UNSW-NB15 / CTU-13). Compare supervised vs unsupervised. Honest about class imbalance.
Real benchmark hiring managers recognize. Doing it well separates you from Coursera grads.
Collect Sysmon/Windows logs, stream through Kafka, apply Sigma rules, route hits to dashboard. Write 5+ of your own Sigma rules.
Detection engineering is the highest-leverage SecOps skill. Rules + pipeline together is rare in junior portfolios.
Take a PE/ELF binary or document, run static analysis (entropy, imports, strings, YARA, hash lookups), produce triage report. Public sandbox samples only — never run live malware outside isolation.
YARA fluency is gold for malware/IR. A working UI shows you think about analyst experience.
Ingest STIX 2.1 from MISP / OTX / abuse.ch / OpenCTI, normalize, load into Neo4j. Build queries answering analyst questions: actor infrastructure reuse, IOC overlap.
CTI and threat-hunting teams live in graph data. Most candidates never touched Neo4j — instantly top decile.
Take your phishing/malware classifier and attack it. Craft adversarial examples, then defend. Rarest portfolio piece in the field.
AI red-teaming is one of the fastest-growing roles. Breaking + hardening ML systems is senior-level signal.
CI tool scanning Terraform / CloudFormation for misconfigurations, commenting on PRs, opening auto-remediation PRs for low-risk fixes.
Cloud sec + DevSecOps is highest-paying intersection right now. Shipping a working GitHub App is a "call this person" moment.
The capstone. Self-contained range: victim env, automated red-team scripts on schedule, telemetry through your Project 5 pipeline, ML detections from Projects 2 & 4 running on it, live dashboard, CI that rebuilds the whole range on every commit.
Proves you operate at the intersection of red, blue, data science, and DevOps. Unicorn profile. Pin it first.
Replace adjectives with numbers. "Fast" → "1.4s median latency". Numbers beat enthusiasm.
Deep-dive on one technique (Kerberoasting detection, prompt-injection defenses).
One merged PR to Sigma / MISP / OpenCTI / Wazuh is worth three solo projects.
Run gitleaks or trufflehog in CI. Badge it.
Loom or asciinema. Recruiters share videos in Slack.
Every nontrivial repo needs an architecture diagram.
"What I'd do differently" makes you look senior.
SemVer, CHANGELOGs, tagged releases.
Profile → projects. LinkedIn → GitHub. Résumé → GitHub URLs.
30-min weekly "portfolio shift" — README, badge, screenshot.
Profile, credentials repo with 2+ certs documented.
Home SOC + phishing classifier. Polished, diagrammed, pinned.
CVE Watcher plus one of 04–06.
Pick 07, 08, or 09 based on target roles.
Architecture + skeleton repo for Project 10.
After Projects 01–03 ship, start applying.