After stabilising the Toshiba laptop, I needed a scalable, repeatable lab for SOC and AWS work — lightweight, structured, and portfolio-ready.
Part 1: Experimenting with Virtual Machines
Oracle VM VirtualBox (i7, 16 GB RAM)
- 30 GB disk filled quickly with logs and SOC tools
- Resizing to 100 GB failed due to snapshots and installation folders
- Result: unreliable, slow VM with I/O bottlenecks
VMware Workstation Pro (Prebuilt SOC VM)
- Large images (10–50 GB) stressed storage and USB2 hardware
- High CPU/RAM usage → sluggish performance
- Result: inconsistent, frustrating lab environment
Lesson Learned: Heavy VMs can hinder learning on mid-range setups. The lab needed lightweight, repeatable environments.
Part 2: WSL2 + Ubuntu 24.04 — The Optimal Setup
Advantages
- Lightweight, fast, minimal RAM overhead
- Full terminal experience with bash, Python, tcpdump, jq, SOC tools
- Structured filesystem for reproducibility
- AWS integration: CLI, SDK, IAM audits, S3 checks, CloudTrail parsing
- Reliable backups:
wsl --export/wsl --import - Portfolio-ready artefacts: scripts, logs, diagrams, directories
Practical Impact
- Focus on learning, automation, and reproducible outputs
- Foundation for Blue Team, DFIR, and cloud-security skill-building
Part 3: Lab Workflow & File Structure (Plain Text)
Workflow Steps:
- Set up WSL2 Ubuntu environment
- Install SOC tooling (nmap, tcpdump, Wireshark, Lynis, OpenVAS, fail2ban, UFW)
- Configure Python, Git, Geany, VS Code for automation
- Collect logs, captures, and screenshots
- Analyse and enrich logs
- Document investigations and artefacts
- Commit outputs to GitHub
File Structure:
lab-root/ ├─ logs/ ├─ scripts/ ├─ captures/ ├─ investigations/ ├─ screenshots/ └─ notes/
This structure ensures clean, repeatable, and verifiable outputs — easy to share with SMEs or clients.
Reflection & Career Relevance
- Strategic Lab Design: Mirrors real SOC + cloud workflows
- Process Discipline: Structured directories, reproducible scripts, measurable outputs
- Portfolio Impact: Artefacts are GitHub-ready for recruiters and clients
- Hybrid Skills: Blue Team fundamentals + cloud security automation
Key Takeaway: Lightweight, repeatable labs are far more effective than overcomplicated VMs or legacy hardware — essential for remote SOC roles and freelance opportunities in the UK and EU.
Links & Artefacts
- Portfolio / Project Page: Legacy Laptop Recovery & Linux Hardening
Tags: #CyberSecurity #SOC #BlueTeam #AWS #CloudSecurity #ThreatHunting #SecurityOperations #RemoteWork #PortfolioReady