Eric Phan

⚡ About Me

I'm a Cybersecurity & Threat Management graduate student at Seneca Polytechnic, also holding an Advanced Diploma in Computer Engineering Technology with a 3.9 GPA. My focus is SOC operations — threat detection, log analysis, alert triage, and incident response.

I work hands-on with SIEM/SOAR platforms, EDR/XDR tools, and network monitoring tools including Zeek, Suricata, and Wireshark. I hold CompTIA Security+, CompTIA A+, ISC2 CC, and Azure AZ-900 certifications, and I actively build adversary simulation and detection labs mapped to the MITRE ATT&CK framework.

💡 Why Cybersecurity?

It started with a professor who showed me that cybersecurity isn't just IT — it's an adversarial discipline where understanding how things break is what makes you dangerous on defense.

What drives me now is the problem-solving: threat hunting, piecing together how an attack happened, and hardening systems against the future one. I really enjoy attending security conferences such as SecTor, the Official Cybersecurity Summit, and OWASP Toronto — where I show up to learn from the best, to discuss with minds that are shaping the industry.

The best blue teamers think like red teamers, and vice versa.

💼 Work Experience

Where I've contributed.

IT and security support roles at Seneca Polytechnic, building operational instincts alongside technical skills.

IT Interactive Technology & Lab Monitor Technician

Apr. 2025 – Present

Seneca Polytechnic · Toronto, ON

Supported 100 classrooms by troubleshooting AV equipment and deploying mobile projectors.
Assisted professors and 3,000+ students with hardware and software issues in real time, maintaining availability of critical classroom technology resources.

Information Technology System Technologist

Aug. 2024 – Jan. 2025

Seneca Polytechnic · Toronto, ON

Resolved technical and security-related issues for 3,000+ students and staff in a high-volume IT support environment, ensuring reliable and secure IT services.
Documented 200+ incidents, escalated suspicious activity, and coordinated follow-ups with internal teams using ServiceNow and Salesforce ticketing workflows.
Communicated 400+ technical issues to senior technicians and maintained accurate case records to support timely resolution and service continuity.

Supported Learning Group Leader

January 2024 – April 2024

Seneca Polytechnic

Facilitated weekly online sessions for 200+ Engineering students across two courses: Electricity and Basic C Programming.

🔬 Projects

Things I've built.

Hands-on security labs and research — each one deepening my understanding of real-world attack and defence techniques.

🌐

IoT Threat Detection & Response

Cloud / SIEM / IoT Security

Deployed ELK SIEM and Suricata EDR on AWS EC2 to monitor and triage 1,000+ security alerts across simulated IoT attack scenarios on a Raspberry Pi 4B. Analyzed VPC Flow Logs in S3, identified suspicious IPs and anomalous MQTT activity, and documented IOCs for DoS and Malformed Traffic techniques mapped to MITRE ATT&CK.

AWS EC2 ELK SIEM Suricata Raspberry Pi 4B MITRE ATT&CK

Write-up

📡

SOC Home Lab

Defensive Security / SIEM

Built a SOC-style lab to monitor alerts, correlate logs, and support incident detection across Windows and Linux hosts. Integrated host and network telemetry into Security Onion dashboards for centralised monitoring and performed network traffic analysis with Zeek to identify anomalies.

WAZUH SIEM Security Onion Elasticsearch Zeek

Write-up

🔍

Vulnerability Scanning & Risk Reporting

Vulnerability Management

Deployed OpenVAS & Nessus on Ubuntu to identify 360+ vulnerabilities across Windows 10 and Server 2008. Prioritised findings by CVSS score, documented remediation considerations, and produced detailed scan reports for stakeholder communication and audit evidence.

Nessus OpenVAS CVSS Ubuntu Windows Server

Write-up

⚔️

Adversary Simulation

Red Team / MITRE ATT&CK

Simulated adversary techniques on a local lab using Kali Linux against Windows 10 & Windows Server 2008 targets. Executed attacks mapped to MITRE ATT&CK, practised persistence and lateral movement, and analysed detections to sharpen blue-team visibility.

Kali Linux Windows 10 Windows Server 2008 MITRE ATT&CK

Demo

🛡️

DNS-Filtering Server

Network Security / Privacy

Configured a Pi-hole DNS sinkhole on a Raspberry Pi 4B to block ads, trackers, and malicious domains network-wide. Set up custom blocklists, monitored DNS query logs for suspicious activity, and documented the network-level filtering architecture.

Pi-hole Raspberry Pi 4B DNS Network Security