After stabilising the Toshiba laptop, I needed a scalable, repeatable lab for SOC and AWS work — lightweight, structured, and portfolio-ready. The goal was to apply SOC methodology in a cloud-ready environment and create artefacts that demonstrate practical, employable skills.
Part 1: Early VM Experiments
- Oracle VM VirtualBox (i7, 16 GB RAM)
- 30 GB disk quickly filled with logs and SOC tools
- Resizing to 100 GB failed due to snapshots
- Result: unreliable, slow VM, I/O bottlenecks
- VMware Workstation Pro (Prebuilt SOC VM)
- Large images (10–50 GB) stressed storage
- High CPU/RAM usage → sluggish performance
- Result: inconsistent, frustrating lab environment
Lesson Learned: Heavy VMs hindered reproducibility and learning. A lightweight, structured setup was essential.
Part 2: WSL2 + Ubuntu 24.04 — The Optimal Lab Environment
- Minimal RAM overhead and fast performance
- Full terminal experience: bash, Python, tcpdump, jq, SOC tools
- Structured filesystem for reproducibility
- AWS integration: CLI, SDK, IAM audits, S3 checks, CloudTrail parsing
- Reliable backups:
wsl --export/wsl --import - Portfolio-ready artefacts: scripts, logs, diagrams, directories
Practical Impact:
- Enables parallel SOC and AWS lab exercises without interference
- Provides reproducible outputs for portfolio, GitHub, and clients
- Directly supports Cloud SOC Analyst progression: IAM → Detection → Identity-Centric
Part 3: Lab Workflow & File Structure
Workflow Steps:
- Set up WSL2 Ubuntu environment
- Install SOC and AWS SOC tooling (nmap, tcpdump, Wireshark, Lynis, OpenVAS, fail2ban, UFW)
- Configure Python, Git, VS Code for automation and scripting
- Collect logs, captures, and screenshots
- Analyse and enrich logs, mapping to SOC + cloud detection methodology
- Document investigations and artefacts
- Commit outputs to GitHub under SOC Labs and AWS Labs
Folder Structure:
There are two main lab folders — SOC Labs and AWS Labs — each following the same internal structure:
1. Environment & Scope 2. Baselines 3. Attack Surface & Exposure 4. Logging & Visibility 5. Threats & Techniques 6. Detection & Analysis 7. Response & Hardening 8. Automation & Continuous Improvement
This ensures repeatable, verifiable outputs for both SOC fundamentals and AWS Cloud SOC progression.
Reflection & Career Relevance
- Strategic Lab Design: Mirrors real SOC + cloud workflows
- Process Discipline: Structured directories, reproducible scripts, measurable outputs
- Portfolio Impact: Artefacts are GitHub-ready for recruiters or clients
- Hybrid Skills: SOC methodology + AWS Cloud readiness + automation
Key Takeaway: Lightweight, structured labs — separated by SOC and AWS focus but sharing the same architecture — are essential for building a portfolio that demonstrates Cloud SOC Analyst (IAM → Detection → Identity-Centric) capabilities, suitable for UK/EU remote roles or freelance work.
Links & Artefacts
- Portfolio / Project Page: Legacy Laptop Recovery & Linux Hardening
Tags: #CyberSecurity #SOC #BlueTeam #AWS #CloudSecurity #ThreatHunting #SecurityOperations #RemoteWork #PortfolioReady