Available for Opportunities

Daniel
Melendez

Cybersecurity Professional & Detection Engineer

10+ years in IT and security. Building detection infrastructure, hunting threats, and translating technical risk into business outcomes. Based in Durham, NC.

CISSP Wazuh SIEM Honeypot Operations Threat Intelligence

// capabilities

Technical Skills

🛡️

SIEM & Detection Engineering

Wazuh deployment, custom decoder and rule authoring, OpenSearch dashboards, threat intel pipeline automation via AbuseIPDB.

🍯

Honeypot Operations

Cowrie SSH honeypot deployment on segmented DMZ. Deception environment design with canary credentials and AWS CloudTrail alerting.

🔍

Threat Intelligence

Live attacker analysis corroborated with VirusTotal, GreyNoise, Criminal IP. MITRE ATT&CK mapping and community threat intel contribution.

🔥

Network Security

pfSense firewall rule authoring, NAT configuration, VLAN segmentation, DMZ design on Proxmox hypervisor infrastructure.

☁️

Cloud Security

AWS IAM canary user deployment, CloudTrail logging, CloudWatch alerting, SNS notification pipelines for credential abuse detection.

🤝

Client & Stakeholder Management

10+ years translating technical risk to business outcomes. Proven track record de-escalating critical client situations and mediating vendor relationships.

// threat intelligence

Recent Honeypot Findings

High

80.94.92.184 — Bulletproof Hosting SSH Brute Force

DMZHOST Netherlands infrastructure. 17 vendors malicious. 571 sessions/day against honeypots. Multi-purpose campaign: SSH brute force + phishing. Recommend blocking entire /24 subnet.

2026-03-02 DigitalOcean NL

High

165.245.135.50 — OS Fingerprinting Campaign

373 connection attempts, 370 successful logins. Single payload per session: uname -s -v -n -r -m. Pure inventory building — cataloging targets for later exploitation. Coordinated with 170.64.192.224.

2026-03-02 DigitalOcean US

Medium

46.101.103.24 — Go-Based MySQL Scanner

Custom SSH-2.0-Go scanner targeting mysql system accounts. HASSH fingerprint 2ec37a7cc8daf20b10e1ad6221061ca5. Post-auth GPU/CPU recon consistent with cryptominer staging. Flagged by Cluster25, Criminal IP, GreyNoise.

2026-03-02 DigitalOcean DE

Low

159.203.173.197 — Cryptominer Reconnaissance

OpenSSH Windows client targeting ubuntu/123456. Automated CPU/GPU/architecture enumeration consistent with cryptominer deployment staging. 0/93 VirusTotal but flagged Suspicious by GreyNoise.

2026-03-01 DigitalOcean US

// background

About

CISSP-certified security professional with over a decade in IT and cybersecurity. I build detection infrastructure, investigate real threats, and bridge the gap between technical security operations and business stakeholders.

Currently operating a home lab with a Cowrie SSH honeypot exposed to the internet, Wazuh SIEM with custom detection rules, automated threat intelligence feeds, and AWS canary credential traps — generating and analyzing real attacker data daily.

My background includes client-facing security work, vendor relationship management, and scoping infrastructure and security projects for organizations of varying technical maturity.

10+

Years Experience

163+

Unique Attackers Tracked

10K+

Live Threat IPs in Feed

CISSP

Certified

// get in touch

Contact

Open to SOC Analyst, Detection Engineer, and cybersecurity consulting opportunities.
Based in Durham, NC. Available for remote and hybrid roles.

[email protected]

DanielMelendez