Author Image

I am Carlos Marquez

Recent Posts

Hero Image
Threat Intel Setup Part 3 (Grafana)

We’ve reached the culmination of our Threat Intel series for now… Throughout this journey, we’ve set up various systems—PFSense, Graylog, and now Grafana—to recreate a robust environment similiar to a Security Operations Center (SOC) right in your own home lab using open sourced software. Our ultimate goal is to build an ecosystem where you can seamlessly analyze network traffic and visualize data from ingested logs as we look to deploy more services in our lab.

Thursday, February 6, 2025 | 3 minutes Read
Hero Image
Threat Intel Setup Part 2 (Graylog)

Welcome back to the Threat Intel series! In this chapter, we’re rolling up our sleeves and diving deeper into Graylog’s powerful features to optimize the way it handles and enriches log data from PFSense and Suricata. If you’re ready to transform raw log messages into actionable insights, this guide is for you! What’s on the Agenda? We’ll configure essential Graylog settings to streamline parsing incoming log messages. By the end of this deep dive, you’ll have a setup capable of:

Thursday, February 6, 2025 | 6 minutes Read
Hero Image
Threat Intel Setup Part 1 (Graylog & PFSense)

In the ever-evolving landscape of cybersecurity, knowing what’s happening inside your network is crucial. Imagine being able to gain real-time insights into every action—what’s allowed, what’s blocked, and who’s trying to sneak in. This guide takes you through the process of setting up a powerful threat intelligence solution by pushing logs from pfSense (an open-source firewall) into Graylog (an open-source log aggregator and parser). By the end of this project, you’ll have not only a functional setup but also a deeper understanding of your network’s security posture. Think of it as a detective tool that helps you monitor, analyze, and respond to network threats more effectively—all while learning and having fun! Dive into the world of threat intelligence and take control of your network’s security today.

Thursday, February 6, 2025 | 6 minutes Read

Projects

AZ500 Study guide
AZ500 Study guide
Creator August 2020 - October 2020

Study Material for AZ500 Certification along with demo code for deployments.

security cloud
Star
Offensive Cyber Deception
Offensive Cyber Deception
User June 2021 - Present

Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.

hobby security purple-team
Star
Threat Intel
Threat Intel
Creator January 2025 - Present

Personal repo where I host Graylog and Grafana config settings. See my blog post incase you are interested in setting up your own Threat Intel platform.

hobby security purple-team
Star

Carlos Marquez

Senior Penetration Tester at Coalfire

During the day, I’m a dedicated penetration tester, uncovering vulnerabilities and solving cybersecurity challenges. After hours, I unwind through gaming or dive into experimenting with new tech stacks, deploying them into my home lab environment to explore and learn. Every moment in between is devoted to being a proud father, embracing the balance between family and career. Whether it’s debugging code, spending time with family, or chasing high K/D ratios, I’m driven by curiosity, passion, and a love for growth.

Certified Kubernetes Administrator (CKA)
OffSec Certified Professional (OSCP)
OffSec Wireless Professional (OSWP)
Azure Security Engineer (AZ-500)
Google Professional Cloud Security Engineer
Leadership
Team Work
Web App Pentest
API Pentest
Internal Pentest
Programming
Wireless Pentest

Skills

Kubernetes
Kubernetes

Skilled in deploying and managing Kubernetes infrastructure using kubeadm or independently configuring components when needed. Proficient with common Kubernetes resource types and committed to following industry best practices, such as NIST 800-53 and CIS Benchmarks, to ensure security and compliance.
Python Development
Python Development

Currently my coding prefernce to automate a variety of security tasks, including fuzzing API endpoints to identify vulnerabilities and ensure robustness during security testing. My experience includes interacting with services that have unique interfaces, such as gRPC, by building custom scripts to streamline testing processes. By writing tailored Python tools, I can efficiently manipulate payloads, handle edge cases, and integrate testing workflows for enhanced coverage and accuracy.
PowerShell
PowerShell

Used in conjuction with Azure to assist with automating cloud deployments while studying for AZ500. It also proves handy when performing Active Directory enumeration and exploitation during internal penetration testing engagements.
Cloud Computing
Cloud Computing

Worked with most of the major clouds such as GCP, AWS, Azure and Oracle.
Docker
Docker

I have experience containerizing applications and services using Docker, emphasizing secure and efficient deployments. My expertise includes scanning container images for vulnerabilities and implementing network policies to restrict container-to-container communication, thereby enhancing network isolation and supporting a defense-in-depth security strategy.
Burp Suite Pro
Burp Suite Pro

Main web application security testing tool. Used for manual testing scenarios and fuzz automation. If I am performing API testing, then I would use this along with Bruno to automate the fuzzing process which is an opensource IDE For Exploring and Testing APIs.
Linux
Linux

Using Ubuntu as my main operating system. I have developed a solid proficiency in bash/shell scripting, allowing me to automate tasks, streamline workflows, and manage system operations efficiently.
Git
Git

Experienced with git-based development. Mostly, use Github. Additionally, I have worked with GitLab, broadening my expertise in version control and collaborative development.
Network Vulnerability Scanning
Network Vulnerability Scanning

I have utilized both commercial scanners and open-source tools to support my efforts from the reconnaissance phase through the entire engagement. My approach adapts based on findings and the evolving scope of the assessment.
CI/CD
CI/CD

I maintain a Proxmox server at home, leveraging OpenTofu (a Terraform fork) to efficiently provision and decommission worker nodes for Kubernetes deployments. Currently, I am exploring the automation of Command and Control (C2) infrastructure deployment using CI/CD pipelines to gain hands-on experience and identify common pitfalls or security challenges associated with CI/CD workflows.
Offensive Cyber Deception
Offensive Cyber Deception

I utilize Cowrie as an SSH honeypot to intercept and log malicious activity. This allows me to analyze attacker behavior and tactics, providing daily insights into the latest threats and techniques used by adversaries.
Security Operations Center (SOC)
Security Operations Center (SOC)

I have some experience as a purple teamer / incident response analyst, utilizing Security Onion as a centralized platform to analyze network traffic. I try to identify Indicators of Compromise (IOCs) from hacking tools used during penetration testing exercises to simulate real-world attack scenarios. Additionally, I have deployed Graylog for centralized log ingestion, integrating logs from my pfSense firewall and other sources.

Job Experience

1
Coalfire

May 2021 - Present

Greenwood Village, CO

Coalfire is a cybersecurity consulting firm serving clients in the cloud and technology, financial services, government, healthcare, and retail markets. Coalfire has expertise in the areas of cloud, cybersecurity, and compliance.

Senior Consultant / Penetration Tester

May 2021 - Present

Responsibilities:
  • Mentored junior penetration testers by providing hands-on guidance in vulnerability assessment, exploitation techniques, and report writing.
  • Conducted training sessions on topics such as network penetration, web application security, and API testing to help upskill team members.
  • Performed application and API penetration tests across public and private networks.
  • Acted as a technical point of contact, assisting team members in troubleshooting complex vulnerabilities and testing challenges.
  • Conducted penetration tests aligned with the latest industry standards, including PCI DSS, FedRAMP, and other compliance frameworks, ensuring adherence to best practices for security and risk management.
Avaya

July 2016 - May 2021

Santa Clara, CA

An American multinational technology company that provides cloud communications and workstream collaboration services.

Security Engineer

July 2016 - May 2021

Responsibilities:
  • Organize and plan assessments in collaboration with project teams, performing OWASP ASVS automated testing, fuzzing, and exploitation of identified vulnerabilities. Deliver high-quality executive summaries and PoCs to help teams reproduce findings and facilitate effective remediation.
  • Establish engineering criteria for developers to help prevent common weaknesses in web applications (OWASP Top 10) and identify potential impacts.
  • Project Lead for Avaya CVE Numbering Authority (CNA), responsible for assigning CVE IDs to vulnerabilities found in Avaya products.
  • Maintain python code used to automate pulling third party advisories into a database for software bill of materials tracking.
  • Cloud Audit and Security Assurance.
2

Education
Cal Poly Pomona
2012-2016
Computer Information Security