SOC ANALYST L1 · NOC · JUNIOR NETWORK / SECURITY

I build and run real network infrastructure on enterprise hardware — now going deep on security.

I'm Mihail Pascal — a career-changer moving into network and security operations. Nine years owning web, design and business outcomes taught me to finish things and stay calm under pressure. Now CCNA-certified, I run an enterprise-grade home lab I built, run, and rebuild every day.

↓ Download CV Explore the lab →

› Galați, RO · remote-friendly› CCNA (200-301) certified› English — professional working

LAB_STATUSonline

sinceFeb 2025

edgeMikroTik RB5009 · dual-WAN

firewallCisco ASA 5515-X

switchingHPE Aruba 2530 PoE+

computeDell Xeon · 88T · 256GB

segments6 purpose-based VLANs

soc_stackWazuh · Suricata · TheHive

monitoringZabbix · 14 hosts

soc_scopelearning env

years owning outcomes

purpose-based VLANs

hosts monitored

~1,700

metrics tracked

01 / ABOUT

A non-traditional path, on purpose.

No CS degree. Instead: a decade of owning real outcomes, and a lab that proves I can build and operate the real thing.

For most of the last decade I ran the business side of technology — I founded and led my own web and branding studios and worked as a UI/UX designer, frontend developer, and account manager. I owned the full lifecycle: finding clients, scoping, negotiating, delivering, and supporting what I shipped.

That work taught me things a certificate doesn't: how to communicate clearly with technical and non-technical people, how to stay calm when something is on fire, and how to take responsibility for an outcome rather than just a task.

In 2025 I started over in networking — from zero. I learn by doing, so I bought real enterprise gear and built a physical home lab I run and break every day: firewall configured end to end, the network segmented into purpose-based VLANs, dual-WAN with failover, and a full SOC learning stack to start developing blue-team skills. I'm honest about where I am — I've built real infrastructure, and I'm actively learning to operate it well.

Mihail Pascal working on his enterprise home-lab rack in Galați

› In the rack · Galați, RO

OWNERSHIP

A decade of owning outcomes end to end, not just tasks.

COMMUNICATION

Translating between technical and non-technical people daily.

COMPOSURE

Calm under pressure — built from years of live client work.

HANDS-ON

Real enterprise gear configured end to end — not just coursework.

02 / HOME LAB · THE CENTERPIECE

An enterprise-grade lab I built, run, and learn on — every day.

since Feb 2025 · physical rack

The networking is production-style and runs my home for real. The security/SOC stack is a deliberate learning environment I stood up to study blue-team fundamentals — not professional experience. The achievement is building and operating real infrastructure, and learning on it honestly.

TOPOLOGY — OVERVIEW

ISP 1

ISP 2

EDGE ROUTER

MikroTik RB5009

dual-WAN load balance + failover · NAT · firewall

10.0.0.0/30 transit

L3 FIREWALL

Cisco ASA 5515-X

inter-VLAN ACLs · NAT · sub-interfaces · syslog → SIEM

802.1Q trunk

L2 SWITCH

HPE Aruba 2530 PoE+

VLAN trunking · STP/BPDU guard · port security

UniFi U6+

segmented Wi-Fi 6

PoE IP cameras

VLAN 70 · isolated

Dell / Proxmox

server · SOC stack · EVE-NG

HARDWARE INVENTORY

Edge routerMikroTik RB5009 · dual-WAN

Firewall (L3)Cisco ASA 5515-X

Switch (L2, PoE+)HPE Aruba 2530-24

Lab gearCatalyst 2960 · ISR 4300

HypervisorDell Precision 7920

Wi-Fi APUbiquiti UniFi U6+

Virtual lab · powerEVE-NG · rack UPS

VLAN SEGMENTATION

VLAN 20

Personal / Home

192.168.20.0/24

VLAN 30

Wireless

192.168.30.0/24

VLAN 40

Kids

192.168.40.0/24

VLAN 50

Guest

192.168.50.0/24

VLAN 60

Server / Lab

192.168.60.0/24

VLAN 70

Surveillance

192.168.70.0/24

Default-deny between segments on the ASA, with explicit, logged exceptions. Wi-Fi segmented by SSID into matching VLANs.

ROUTING & EDGE · MIKROTIK

›Dual-WAN PCC load balancing + failover (verified by simulating a WAN outage)
›NAT/masquerade · default-deny WAN input chain
›DNS forwarding to a filtering resolver over DNS-over-TLS
›Scheduled daily config backups · dynamic DNS
›SSH hardened, management restricted to the admin VLAN; Telnet/FTP/HTTP disabled

FIREWALL · CISCO ASA

›End-to-end perimeter policy; inter-VLAN ACLs with explicit deny + logging
›No "permit ip any any" — least exposure by default
›NAT and per-VLAN sub-interfaces · basic threat detection
›Remote syslog to the SIEM · AAA · login banner · RSA 2048

SWITCHING · HPE ARUBA

›802.1Q VLAN trunking · STP with BPDU protection on edge ports
›Port security · LLDP · SNMP monitoring
›SSHv2-only management (Telnet/web disabled)
›Consistent NTP across every device

MONITORING · ZABBIX

›Zabbix 7.0 LTS watching 14 hosts (~1,700 metrics) across the lab
›Agentless Proxmox + agents on Linux hosts + SNMP on ASA / MikroTik / Aruba
›Email alerting on high-severity events: host/link/service down, resource pressure
›Dashboards for dual-WAN ISP throughput and device health

SECURITY / SOC — LEARNING ENVIRONMENT

built to learn blue-team fundamentals

Centralized syslog from the firewall, switch and router feeds the SIEM, with email alerting on high-severity events. This stack is how I practice — not production or professional experience.

Wazuh

SIEM — log collection & analysis

Suricata

Network intrusion detection (IDS)

TheHive + Cortex

Case management & analysis

Velociraptor

Endpoint detection & response

AdGuard Home

Network-wide DNS filtering

WireGuard

VPN for secure remote access

RACK_CAM_01online

The home-lab rack: patch panel, HPE Aruba switch, Cisco ASA and ISR 4300 with structured cabling

› structured cabling · 6 VLANsGalați, RO

THE PHYSICAL BUILD

Cabled to be maintained — not just to work.

Rack-mounted with structured cabling: a modular patch panel, labeled and color-coded runs, and PoE to the access points and cameras — built to stay readable a year from now, not just to work today.

patch panel

modular · labeled

cabling

color-coded runs

power

rack UPS

online since

Feb 2025

03 / PROJECTS

PacketFlow

web-based network simulator

A modern, fully web-based network simulator I built (with AI assistance) as a cleaner, more usable alternative to Packet Tracer and GNS3 — no installation, accessible from anywhere, with a modern UI.

I built it primarily for my own studying, then made it freely available for others. It doubles as a place to sketch and validate the topologies I run in the lab.

View PacketFlow →no install · runs in the browser · free

Drop a PacketFlow screenshot

or browse files

04 / CERTIFICATION PATH

Where I am, and where I'm headed.

VERIFIED CREDENTIALS2 credentials issued by Cisco Networking Academy

CCNA · MODULE 1

Introduction to Networks

✓ Verifiedview certificate ↗

CCNA · MODULE 2

Switching, Routing & Wireless Essentials

✓ Verifiedview certificate ↗

DONE

CCNA (200-301)

Cisco certified

NOW

CompTIA Security+ & Linux

in progress

Python

automation focus

PLANNED

Microsoft Azure

fundamentals → admin → security

GOAL

Cloud security

the long-term direction

05 / ARTICLES

Write-ups from the lab.

build notes · concepts · later, incident triage

NETWORKING

Why I split my home network into six VLANs — and what segmentation actually buys you

A flat network is one compromised device away from total compromise. Here's how I segmented my home lab into six purpose-based zones, and the reasoning behind each decision.

June 26, 2026 · read →

FIREWALL · DRAFT

Configuring the Cisco ASA from scratch: lessons learned

Perimeter policy, inter-VLAN ACLs, NAT and the mistakes I made getting there.

coming soon →

SOC LAB · DRAFT

Building a home SOC lab: what each tool does, and what I'm learning

Wazuh, Suricata, TheHive and Velociraptor — how the pieces fit, from a learner's view.