Weekly Letters

BTL1 Learning Journey

Every week I publish a detailed letter documenting what I’m learning through the BTL1 certification. Each letter combines technical concepts, practical examples, and real-world applications for SOC/Blue-Team roles.

What’s in Each Letter?

Blue Team Fundamentals: Detection engineering, log analysis, incident response, and defensive security
Practical Examples: Scripts, runbooks, detection rules, and real-world applications
Reflections: Challenges faced, lessons learned, and how concepts connect

Letter Archive

Letters are organized from newest to oldest. Each represents one week of focused learning and practical work.

Latest Letter

Week 06 - Taming the Cable Jungle and Setting Up Pi-hole →

Newly published! January 5, 2026

This week I tackled cable management and set up Pi-hole on a Raspberry Pi. Learn why cable management matters for SOC work, how Pi-hole provides network-wide ad blocking and DNS visibility, and the troubleshooting journey I went through to get the Raspberry Pi working.

Topics covered:

Why cable management matters in IT and security roles
Setting up Pi-hole on Raspberry Pi for DNS-level blocking
Network-wide ad blocking, tracker blocking, and DNS visibility
Troubleshooting Raspberry Pi SD card flashing issues
How DNS monitoring applies to SOC work

Read Week 06 now →

Subscribe on YouTube for video demonstrations!

Previous Letters

Week 05 - I Scanned My Home Network and Found More Than I Expected →

I took a break from BTL1 to actually secure my home network. Ran a full nmap scan, found over 20 devices and real vulnerabilities on my printers. Set up network segmentation with an ASUS router, implemented defense-in-depth strategies, and learned the real-world tradeoffs of practical security.

Week 04 - From Suspicious Email to Verdict: My Phishing Analysis Workflow →

This week I learned the complete phishing investigation workflow - from collecting artifacts to making the final verdict. I created a comprehensive SOP documenting the entire process, covering email authentication (SPF, DKIM, DMARC), reputation tools, sandboxing, and professional report writing.

Week 03 - AD + Phishing Analysis: Two Pillars of Blue Team Work →

This week I finally made it into the phishing analysis section of BTL1! But first, I had to master Active Directory fundamentals. Learn how to investigate compromised accounts with PowerShell, analyze credential harvesting emails, spot typosquatting attacks, and understand Kerberos authentication.

Week 02 - Cybersecurity Skills Transfer to the Real World →

How I avoided a real-life phishing attempt using cybersecurity training, plus reinforcing key SOC concepts like SIEM, EDR, HIDS/HIPS, Risk Management, and more!

Week 01 - Rediscovering Network Tools Through a Security Lens →

Diving deep into Netstat, Traceroute, Dig/Nslookup, and Nmap from both Blue Team and Red Team perspectives.

Why Weekly Letters?

Consistency - Committing to weekly output builds discipline
Teaching Reinforces Learning - Explaining concepts deepens understanding
Portfolio Building - Demonstrating capability through real work
Accountability - Public commitment keeps me on track

The format combines blog-style reflection with technical tutorial content, showing both the “what” and the “why” behind each concept.

New letters published weekly! Follow along on YouTube for video walkthroughs.