Security Portfolio

EmmanuelRuiz

Browse Projects ↗View Resume ↗Read Blog ↗GitHub ↗LinkedIn ↗
Scroll
00About
Emmanuel Ruiz presenting at a technical conference

Security and observability consultant at Dynatrace, focused on SIEM migrations, detection engineering, and workflow automation that reduces manual triage. I focus on making security monitoring dependable when ownership, routing, and enrichment have to work at scale.

My background includes application security, cloud-native environments, and automation work across GCP, Kubernetes, and Terraform. I like projects where security outcomes improve because the workflow gets cleaner, not because the tooling gets louder.

This portfolio collects selected projects, write-ups, and lab work in one place with room for longer technical breakdowns where they matter. It also includes talks built around practical demos and hands-on security workflows.

6+
Certifications
C1
English level
SecOps
Core focus
01Skills
Detection & SIEM
Elastic (ELK)SplunkDynatrace SIEMAlert TuningLog AnalysisCoverage Gap Analysis
Cloud & IaC
GCPKubernetesDockerTerraformAzure DevOps
Application Security
SASTDASTSCAOWASP Top 10Secure SDLCThreat Modeling
Automation & Tooling
PythonBashJavaScriptServiceNowJenkinsREST APIs
02Projects
01

KCD Security Observability Demo

A Kubernetes security observability demo built for my KCD Guadalajara talk, showing how Cilium Tetragon and eBPF can detect, correlate, and block an attack in real time.

Kubernetesk3sCilium TetragoneBPFGrafanaLokiPrometheusTempo
Conference Demo
02

Manual Triage Automation With Enrichment

An enrichment-driven workflow that replaced manual incident creation by adding routing metadata, onboarding teams through lookup tables, and making ownership decisions automatable.

DynatraceWorkflowsCustom MetadataLookup TablesSOC Automation
Production
03

Detection Lab with MITRE ATT&CK Scenarios

An ELK-based lab for simulating credential dumping, execution, and lateral movement so detections can be tuned against realistic behavior instead of theory.

ELK StackSigmaDockerAtomic Red TeamMITRE ATT&CK
In Progress
Project Archive ↗
03Talks
KCD Mexico conference presentation on Kubernetes security observability
KCD GuadalajaraConference Talk

KCD Security Observability Demo

A live Kubernetes security observability talk built around a reproducible demo that shows how Cilium Tetragon and eBPF can detect, correlate, observe, and block an attack in real time.

KubernetesCilium TetragoneBPFSecurity ObservabilityGrafana
Guadalajara, MexicoView Talk
Talks Archive ↗
04Blog
April 18, 20264 min read

Reducing Manual Triage With Enrichment

The bottleneck was not the monitoring platform itself. The real issue was using tools that could not route incidents cleanly and lacked the metadata needed for ownership, which forced manual incident creation until enrichment made automation possible.

AutomationMetadataIncident Routing
Read ↗
Blog Archive ↗
05Certifications
Earned
Google Associate Cloud Engineer
Earned
Dynatrace Advanced Security Specialist
Earned
Dynatrace Implementation Professional
Earned
Dynatrace Administration Professional
Earned
Dynatrace Advanced Observability Specialist
Earned
Certified Enterprise Chaos Engineer - Gremlin
In Progress
GCP Professional Cloud Security Engineer
06Contact

Get in touch.

If you want to talk about a project, a write-up, or security engineering work, send a message.

Send a message ↗
emmanuel03x@gmail.comgithub.com/manu03xlinkedin.com/in/manu03x+52 312 118 7322