SECURITY+ CERTIFIED
NETWORK+ CERTIFIED
BLUE TEAM LVL 1
ARCTIC WOLF
Triage Security Analyst · Arctic Wolf

MUHIZ
"BTuff" BADA

Real detections. Real escalations. Every shift.
Analyst, builder, and this is what the climb looks like at 20.

4 Certifications
SUMMA CUM LAUDE SNHU · CS · InfoSec
US Remote-Friendly

The Name

What is
BTuff?

Growing up playing sports, I learned one thing that transfers to everything else: showing up consistently when it would be easier not to is the only separator that actually matters. Overcoming real obstacles in school. Staying ahead when the pace gets uncomfortable. Working a full-time job to fund my own education while refusing to let the grades slip.

In cybersecurity, it means the same thing. When the investigation gets harder, I look deeper. When the answer is not obvious, I stay longer. When I fail, I find the pattern and do it better. Staying ahead of the pack is not luck. It is a practice.

BTuff is not a persona. It is an identity built on one belief: everything is a skill, and every skill responds to consistent, honest pressure. Show up anyway.

About

Every credential
earned.
Not claimed.

I work with real detections every single day. As a Triage Security Analyst at Arctic Wolf, I handle security events across an enterprise customer pool spanning Managed Detection and Response, Managed Risk, Managed Awareness, and EDR. Not labs. Not simulations. Real true positives, real escalations, and real decisions made fast with incomplete information.

At 20, I hold a B.S. in Computer Science with an Information Security concentration from SNHU, graduated Summa Cum Laude, and earned four industry certifications. I paid for my entire degree by working full-time at Sam's Club while maintaining that GPA. No shortcuts. No co-signers.

Everything here is documented: technical analysis, honest takes on the industry, and projects built to solve real problems, not pad a resume.

LinkedIn YouTube
Muhiz BTuff Bada
Current Role
Triage Security Analyst
Arctic Wolf · United States
Feb 2026 · Present
Education
B.S. Computer Science
SNHU · InfoSec Concentration
Summa Cum Laude
Certifications
Security+ Network+ BTL1 Google Cybersec

Blog

The journey,
in public.

A living record of security work, real learnings from the industry, and what it looks like to build a career from scratch.

All Posts
Dec 2024 Blue Team
From Suspicious Email to Verdict: My Phishing Analysis Workflow

How SOC analysts go from "this looks phishy" to "confirmed malicious, here's the evidence." Email artifacts, web artifacts, sandboxing. Why you never run a malDoc on a non-isolated machine.

WEEKLY LETTER 04 Read
Dec 2024 Network
I Scanned My Home Network and Found More Than I Expected

I ran a full Nmap scan expecting 10-15 devices. I found over 20. Smart TVs, IoT devices, and actual vulnerabilities on my printers. Here is what I did about it.

WEEKLY LETTER 05 Read
Nov 2024 Off the Clock
The Humbling Experience of Learning Content Creation

Recording took 4 hours for an 8-minute video. Editing took 10 more. I thought I would knock it out in one session. Here is everything I learned from that humbling first attempt.

OFF THE CLOCK Read
May 2026 Milestone
6 Months to SOC: Challenge Complete. I Did It in 3.

I set out to get a SOC job within 6 months, documented the whole journey publicly, and got hired at Arctic Wolf in 3. The challenge is officially closed.

CHALLENGE COMPLETE Read

Expertise

What I bring
to the table.

💬

Communication

Clear technical writing and verbal communication with teammates and stakeholders. Translating complex security events into plain language that drives decisions, not confusion.

🔍

Threat Detection and Triage

Assessing inbound security events at scale, distinguishing real threats from false positives, and escalating with context that saves engineers time. Working with true positives daily across a live enterprise customer pool.

📊

SIEM and Log Investigation

Daily work across SIEM platforms investigating logs, identifying anomalies, and building detection context. Also built a Python auto-triage system on Wazuh in a personal lab to deepen understanding hands-on.

Incident and Forensic Response

Blue Team Level 1 certified. Trained in forensic response workflows, memory analysis, network forensics, and structured incident handling. Runbooks that work under pressure, not just in theory.

🎧

Client Communication

Communicating with customers directly to explain security events, manage expectations, and provide clear escalation paths. Making technical findings understandable to non-technical stakeholders without losing accuracy.

🎫

Ticketing Workflows

Working directly with customers through ticketing systems with structured follow-through and documentation. Maintaining audit trails and ensuring no security event falls through the cracks.

🕵️

Threat Intelligence

Staying current with the threat landscape, TTPs, and emerging attacker techniques. Using OSINT frameworks to build context around security events and inform better detection decisions.

🌐

Network Security

Network+ certified. Hands-on with Wireshark, Nmap, and DNS monitoring. Built and secured a personal network with 12 active security layers and strict access control. Understanding from the packet level up.

🐍

Python Automation

Scripting security tooling and analysis workflows in Python. Built log parsers, SIEM auto-triage systems, and automation pipelines that run in production on personal hardened infrastructure.

🛡️

Vulnerability Management

Understanding the vulnerability lifecycle from scanning through remediation prioritization. Contextualizing CVEs within real environments and staying current on exposure windows that actually matter.

🤖

AI Development and Homelab

Building and running a fully self-hosted AI infrastructure from scratch. Custom security tools, web apps, and monitoring systems on personal hardened infrastructure. Prompt engineering and an AI-first approach to every workflow.

📋

Security Reporting

Writing clear, thorough documentation on security findings. From incident reports to technical write-ups built to be understood by engineers and executives alike. If it is not documented, it did not happen.

Arsenal

Tools I work
with daily.

AI Tooling Wazuh SIEM Splunk Wireshark Nmap Python Bash Kali Linux Linux Ticketing Systems OSINT Frameworks Log Analysis Malware Triage Memory Forensics Network Monitoring Detection Engineering Threat Intelligence Volatility AI Tooling Prompt Engineering Vulnerability Management

Projects

Real work.
Not theory.

Project

Wazuh SIEM + Python Auto-Triage

Self-hosted SIEM with automated alert triage. Rule-based detection, custom dashboards, and escalation scripts running on personal hardened infrastructure.

Wazuh Python SIEM
Project

Vulnerable Network Lab

Purposefully vulnerable network environment for hands-on attack and defense practice. Nmap recon, traffic analysis, and custom detection rule tuning.

Networking Nmap Wireshark
Infrastructure

Self-Hosted AI Infrastructure

Fully self-hosted AI system built on personal hardware. Custom web apps, Discord and Telegram bots, health monitoring, and 12 active security layers. Zero cloud exposure.

AI Development Python Linux

Contact

Let's connect.

I love talking cybersecurity with anyone. Pros I can learn from, people working to break in, anyone serious about the space. If that's you, send me a message on LinkedIn or shoot me an email.

LinkedIn Email YouTube