Cybersecurity Engineer Β· Beirut, Lebanon
CS Graduate Β· Top 5.1% on TryHackMe Β· Building security tools from scratch
I'm a computer science graduate focused on defensive security β threat detection, log analysis, SIEM architecture, and penetration testing. I don't just study security concepts; I build the tools that implement them.
My projects mirror real enterprise security workflows: from a full SIEM pipeline mapped to MITRE ATT&CK, to a hybrid phishing detection engine, to a two-phase penetration test with 18 custom detection rules.
- π‘οΈ Focused on: SOC Analysis Β· Threat Detection Β· Detection Engineering
- π§ Open to: internship opportunities and entry-level security roles in Lebanon
- πΌ LinkedIn: linkedin.com/in/tony-doumit
- π§ TryHackMe: tryhackme.com/p/tonydoumit15
Python Β· Flask Β· MITRE ATT&CK Β· Scapy Β· REST APIs
Python-based modular NIDS with 16 independent attack detectors spanning reconnaissance, credential theft, denial-of-service, web exploitation, and data exfiltration. Every alert mapped to a MITRE ATT&CK technique across 9 tactics. Includes a real-time Flask dashboard with live replay mode and PDF/CSV export.
Python Β· MITRE ATT&CK Β· STIX 2.0 Β· AbuseIPDB API Β· Jinja2
Built a multi-source threat detection engine mirroring enterprise SIEM architecture (Splunk, IBM QRadar). Deployed a 4-layer pipeline (Parser β Detector β Correlator β Reporter) across 10 modules with detectors for brute force, insider threat, credential stuffing, and web attacks. Cross-source correlator links multi-stage kill chains into a single attack narrative. Mapped to 8 MITRE ATT&CK techniques via STIX 2.0. Backed by a 41-page technical document.
Python Β· Flask Β· VirusTotal API v3 Β· Regex Β· Unicode Normalisation
Hybrid phishing detection engine combining an 11-rule heuristic scoring system with live VirusTotal threat intelligence (70+ security engines). Targets 6 attack vectors including domain typosquatting, Reply-To header forgery, and brand impersonation. Achieved 100% correct classification with zero false positives across all test cases. Backed by a 19-page technical report.
Kali Linux Β· Metasploit Β· Wireshark Β· Nmap Β· Snort/Suricata Β· VirtualBox
Two-phase security assessment on Metasploitable 2. Phase 1: full TCP recon across 30 open ports, exploited 7 vulnerabilities across 6 attack categories, achieved root access (uid=0) on 4 of 7 exploits β compiled into a 122-page report. Phase 2: re-executed all exploits with Wireshark capture, wrote 18 Snort/Suricata detection rules, documented IOCs from the SOC analyst perspective.
Security Tools
Wireshark Nmap Metasploit Snort/Suricata Burp Suite Netcat msfvenom Tcpdump
Security Domains
Threat Detection SIEM Architecture Log Analysis Penetration Testing Detection Engineering Incident Response Email Security Vulnerability Assessment
Frameworks
MITRE ATT&CK STIX 2.0
Development
Python JavaScript PHP C++ C# SQL React REST APIs
Platforms & Tools
Linux CLI VirtualBox Git/GitHub MySQL PostgreSQL
- π TryHackMe Cybersecurity Foundations β Bronze League Winner, 1st Place (Top 5.1%)
- β Cisco β Endpoint Security (Score: 91%)
- β Cisco β Introduction to Cybersecurity (Score: 80%)
"Most security students use pre-built tools. I build the tools β because understanding the internals is what makes a great defender."