Building a Reliable Blue Team + Cloud Security Lab Across Legacy Hardware, Modern Windows, and WSL2

Summary

This project demonstrates my ability to build stable, reproducible security lab environments under tight constraints. It spans hardware repair, Linux optimisation, VM evaluation, and the final move to a high-performance WSL2 + Ubuntu SOC workspace.
The result is a fully portable, cloud-ready environment used for Blue Team, DFIR, and AWS security practice.

1. Reviving a 2009 Toshiba Laptop: Practical Recovery and Linux Hardening

Hardware: Toshiba Satellite L500-13W (2009), 4 GB RAM, legacy BIOS, USB 2.0
Issues: failed cooling fan, thermal throttling, slow HDD, misconfigured keyboard

Why MX Linux 23

  • Lightweight Debian base
  • Low CPU and RAM footprint
  • Ideal for legacy Blue Team tooling (nmap, Wireshark, tcpdump, Lynis, ClamAV, OpenVAS)

Work Completed

  • Replaced failed cooling system
  • Migrated HDD → SSD
  • Installed and hardened MX Linux
  • Set up essential defensive tooling

Outcome

  • Boot time under 30 seconds
  • Stable under sustained load
  • Suitable for scripting and small defensive labs
  • Strengthened core skills in Linux, hardware diagnosis, and system optimisation

2. Scaling Up: Why I Moved My Main SOC Lab to Windows 11

Legacy hardware limited advanced learning:

  • 4 GB RAM blocked packet capture + AWS experiments
  • Disk filled quickly with logs and container images
  • CPU bottlenecks broke simulations

New Desktop: i7 CPU, 16 GB RAM, SSD storage
This offered space for larger Blue Team workloads and cloud tooling.

3. Why WSL2 Replaced Virtual Machines

I tested:

VirtualBox

  • Disk resizing issues
  • Unreliable I/O
  • Too much time spent maintaining the environment

VMware Pro

  • Very large images
  • Heavy CPU/RAM demand
  • Snapshot and networking friction

WSL2 + Ubuntu 24.04 (Final Choice)

  • Lightweight and extremely fast
  • Near-native SSD performance
  • Clean Windows integration
  • Perfect for AWS CLI, IaC tools, automation, and Blue Team scripting
  • Easy snapshotting: wsl --export / wsl --import

Outcome: Most time now goes into security work, not environment maintenance.

4. Lab Architecture: Simple, Reliable, and SOC-Aligned

Purpose-Driven Tools

  • Log analysis utilities
  • Threat-hunting tools
  • Python for automation
  • AWS CLI / SDK
  • Packet capture and network scanning

Structured File System

~/lab/
    logs/
    captures/
    scripts/
    investigations/
    screenshots/
    notes/

Clean, version-friendly, GitHub-ready.

Coverage Areas

  • IAM posture analysis
  • CloudTrail investigations
  • S3 security checks
  • Packet capture and triage
  • Endpoint + network fundamentals

Portfolio-Ready Outputs

Every investigation or script becomes:

  • a GitHub repo
  • a small write-up
  • a reproducible artefact

Reflection: Why This Matters for a SOC & Cloud Role

This multi-stage lab journey strengthened my ability to:

  • Diagnose and repair failing systems
  • Optimise OS performance under severe constraints
  • Build stable, reproducible environments
  • Work with cross-platform tools (Linux, Windows, cloud)
  • Think like an engineer: test, refine, eliminate friction
  • Produce verifiable artefacts for employers

Today, my WSL2 lab enables consistent practice in Blue Team operations, Python automation, and AWS security — all aligned with remote SOC and cloud-security roles across the UK and EU.