WILKLINS NYATTENG
// Cybersecurity Engineer  ·  Cyber Defender  ·  @thatosintguy //
[ Visual Interface ]
Full portfolio experience — animated sections, projects, certifications, and complete operator profile.
Standard Access
[ CLI Interface ]
Navigate by command. Query any data point via the terminal. No GUI required.
Recommended: Operators
SESSION ACTIVE
WAZUH AMBASSADOR
AWS COMMUNITY BUILDER
main.sh
profile.sh
skills.sh
ops.sh
 ██╗    ██╗██╗██╗      ██╗  ██╗██╗     ██╗███╗  ██╗███████╗
 ██║    ██║██║██║      ██║ ██╔╝██║     ██║████╗ ██║██╔════╝
 ██║ █╗ ██║██║██║      █████╔╝ ██║     ██║██╔██╗██║███████╗
 ██║███╗██║██║██║      ██╔═██╗ ██║     ██║██║╚████║╚════██║
 ╚███╔███╔╝██║███████╗ ██║  ██╗███████╗██║██║ ╚███║███████║
  ╚══╝╚══╝ ╚═╝╚══════╝ ╚═╝  ╚═╝╚══════╝╚═╝╚═╝  ╚══╝╚══════╝
SYSTEM READY.  Type help to see all commands, or start with whoami to load the operator profile.
wilklins @ wn-sec :~$
TAB: autocomplete  |  ↑↓: history
ONLINE  ·  OPEN TO COLLABORATION

WILKLINS

NYATTENG

Cybersecurity Engineer Threat Hunter Threat Analyst Incident Responder Cloud Security Wazuh Ambassador AWS Community Builder CEH Trace Labs Member @thatosintguy
View Projects Certifications Read Articles
5+
Yrs Active
50+
Publications
Ambassador
CEH
Certified
GitHub LinkedIn Medium Dev.to 🎯TryHackMe HackTheBox 🔵Blue Team Labs 🏅Credly Badges
SCROLL
Identity

OPERATOR PROFILE

operator_profile.sh
$ cat /etc/operator/identity

NAME       Wilklins Nyatteng
ALIAS      @thatosintguy
TITLE      Cybersecurity Engineer
CERT       CEH — Certified Ethical Hacker
MENTOR     Cybersecurity Career Mentor
TRACE LABS  Member ✓
STATUS     ● ACTIVE

$ cat /etc/operator/roles

→ Threat Hunter & Analyst
→ Incident Responder
→ Cloud Security (AWS / Azure)
→ OSINT Specialist
→ Wazuh Ambassador
→ AWS Community Builder
→ Technical Writer

$ _
5+
Yrs Active
50+
Publications
CEH
Certified
🛡
Wazuh Ambassador

Wilklins Nyatteng is a Cybersecurity Engineer and Cyber Defender known globally as @thatosintguy, operating across the full spectrum of modern cyber defence — from threat hunting and intelligence analysis to incident response and cloud security architecture.

A Certified Ethical Hacker (CEH) and active Cybersecurity Career Mentor, Wilklins invests in the next generation of security professionals — sharing knowledge, guiding career development, and making the security community stronger. As a member of Trace Labs, he participates in OSINT-driven missing persons investigations, applying intelligence tradecraft where it matters most.

As a Wazuh Ambassador, he contributes enterprise-grade detection rules, integration guides, and educational content to the global open-source security community. As an AWS Community Builder in the Security category, he shares battle-tested cloud security architectures that help organisations build resilient cloud environments.

His prolific technical writing on Medium and Dev.to translates complex security engineering — threat intelligence pipelines, detection engineering, IR playbooks, OSINT methodology — into actionable knowledge for defenders at every level.

Threat HuntingThreat IntelligenceIncident Response OSINTCloud SecurityAWSAzure WazuhDetection EngineeringCEH Trace LabsCareer MentoringMITRE ATT&CK
Credentials

CERTIFICATIONS & BADGES

Verified industry credentials and digital badges. All certifications are independently verifiable on Credly.

🎓
Certified Ethical Hacker (CEH)
EC-COUNCIL
ACTIVE
☁️
AWS Security Specialty
Amazon Web Services
ACTIVE
🛡
Wazuh Certified Engineer
WAZUH
ACTIVE
🔍
Security Operations & Detection
Various Issuers
ACTIVE
📡
Threat Intelligence Analyst
Various Issuers
ACTIVE
🏅
View All Verified Badges
CREDLY
credly.com
View All Badges on Credly →
Capabilities

CORE EXPERTISE

🎯
Threat Hunting & Intelligence
Proactive, hypothesis-driven adversary hunting across endpoint, network, and cloud telemetry. Builds threat intelligence pipelines, IOC enrichment workflows, and MITRE ATT&CK-mapped hunt campaigns.
VelociraptorMITRE ATT&CKKQLSigmaYARA
🚨
Incident Response
End-to-end IR from initial detection through containment, eradication, and post-incident analysis. Experienced with cloud infrastructure compromises, endpoint incidents, and identity-based attacks.
TheHiveCortexDFIRMemory ForensicsTimeline
🔍
OSINT & Trace Labs
Advanced open-source intelligence for threat actor attribution, infrastructure mapping, and defensive enrichment. Active Trace Labs member — applying OSINT to real-world missing persons investigations.
MaltegoRecon-ngShodanTrace LabsPassive DNS
☁️
Cloud Security
Securing AWS and Azure environments at architecture level — IAM hardening, cloud-native SIEM, posture management, and building detection pipelines for cloud workloads and identity control planes.
GuardDutySecurity HubCloudTrailDefender for Cloud
🛡
SIEM & Detection Engineering
Precision detection content at scale with Wazuh, Microsoft Sentinel, and Elastic. Writes detection rules that minimise false positives while reliably surfacing high-fidelity adversary behaviour.
Wazuh XDRSentinelElasticSuricataLogstash
🎓
Career Mentoring
Cybersecurity Career Mentor — guiding aspiring security professionals through certifications, skill-building, and entering the industry. Committed to growing and diversifying the next generation of defenders.
CEHSOC CareersSkill BuildingCommunity
Proficiency

TECHNICAL ARSENAL

☁ Cloud Security
AWS Security95%
Azure Security85%
IAM / Zero Trust90%
Cloud Architecture87%
GuardDutySecurity HubWAFCloudTrail
🎯 Threat Hunting & Intel
Threat Hunting93%
Threat Intelligence90%
Incident Response88%
Digital Forensics84%
MITRE ATT&CKSigmaYARAVelociraptor
🛡 SIEM / Detection
Wazuh XDR98%
Microsoft Sentinel88%
Elastic SIEM80%
Detection Engineering92%
KQLSplunkSuricataLogstash
🔍 OSINT & Offensive
OSINT95%
Penetration Testing85%
Python / Automation88%
Bash / PowerShell91%
MaltegoShodanRecon-ngNmap
Operations

FEATURED PROJECTS

01 // DETECTION
ACTIVE
🛡
Wazuh Detection Rules Engine
Production-grade Wazuh detection rules and decoders for real adversary TTPs. Cloud workloads, Linux/Windows endpoints, and containers — all MITRE ATT&CK mapped with false-positive tuning.
WazuhXMLPythonMITRE ATT&CK
→ VIEW ON GITHUB
02 // CLOUD SEC
ACTIVE
☁️
AWS Security Posture Automation
IaC solution for automated AWS security baseline enforcement across multi-account environments. Deploys GuardDuty, Security Hub, CloudTrail, and Config rules — zero manual intervention.
TerraformAWSPythonLambda
→ VIEW ON GITHUB
03 // OSINT
ACTIVE
🔍
OSINT Investigation Toolkit
Modular Python-based OSINT framework for threat actor attribution and digital forensics. Aggregates public APIs, social platforms, domain registries, and passive DNS records into structured reports.
PythonREST APIsMaltegoOSINT
→ VIEW ON GITHUB
04 // HUNT
ACTIVE
🎯
Threat Hunting Playbook Library
Structured threat hunting playbooks mapped to MITRE ATT&CK. Includes KQL queries for Sentinel, Wazuh rules, and behavioural analytics for proactive adversary detection across enterprise environments.
KQLSentinelMITRESigma
→ VIEW ON GITHUB
05 // IR
ACTIVE
🚨
Incident Response Automation
TheHive + Cortex integration for automated alert triage, IOC enrichment, and incident case management. Orchestrates response playbooks triggered by Wazuh and Sentinel alerting pipelines.
TheHiveCortexPythonWazuh
→ VIEW ON GITHUB
06 // INTEGRATION
ACTIVE
📡
Cloud SIEM Integration Hub
Wazuh-to-cloud SIEM integration pipelines with custom log parsers, threat intel feed enrichment, and automated incident response workflows for AWS and Azure environments.
WazuhAzureLogstashBash
→ VIEW ON GITHUB
View All on GitHub →
Knowledge Transfer

TECHNICAL WRITING

MEDIUM
THREAT INTELLIGENCE
Building a Threat Intelligence Pipeline: From Raw IOCs to Actionable Detections
A hands-on walkthrough of designing a full threat intel pipeline — ingesting feeds, normalising indicators, enriching with context, and pushing detection-ready IOCs directly into your SIEM.
Medium·11 min readREAD →
DEV.TO
DETECTION ENGINEERING
Writing Precision Wazuh Detection Rules: Minimising Noise, Maximising Signal
Deep-dive into detection engineering with Wazuh — rule syntax, decoder chaining, false-positive tuning strategies, and deploying coverage for cloud and on-premises workloads at scale.
Dev.to·14 min readREAD →
MEDIUM
INCIDENT RESPONSE
Cloud IR Playbook: Investigating Compromised AWS IAM Credentials
Step-by-step IR playbook for responding to IAM credential compromise in AWS — initial detection via GuardDuty, containment with policy revocation, forensic log analysis, and root cause determination.
Medium·13 min readREAD →
DEV.TO
OSINT
OSINT for Cyber Defenders: Turning Open-Source Intelligence into Detection Advantage
How to leverage OSINT defensively — enriching IOCs, profiling threat actors, mapping adversary infrastructure, and feeding intelligence directly into SOC detection workflows.
Dev.to·10 min readREAD →
All on Medium → All on Dev.to →
Affiliations

COMMUNITY ROLES

🛡
WAZUH · OPEN SOURCE XDR & SIEM
Wazuh Ambassador
● ACTIVEOPEN SOURCEDETECTION ENGINEERING
Recognised by Wazuh as an official Ambassador for outstanding contributions to the open-source security community. Creates educational content, enterprise deployment guides, and custom detection rule sets that empower security teams worldwide to deploy and fully leverage Wazuh across cloud and on-premises environments.
View Ambassador Profile →
☁️
AMAZON WEB SERVICES · SECURITY CATEGORY
AWS Community Builder
● ACTIVECLOUD SECURITY@THATOSINTGUY
Selected by Amazon Web Services as a Community Builder in the Security category — recognising technical contributions to cloud security. Shares AWS security architecture patterns, threat detection strategies, and hands-on tutorials under @thatosintguy, empowering the global AWS community to build secure, resilient cloud environments.
View AWS Builder Profile →
🔎
TRACE LABS · OSINT FOR GOOD
Trace Labs Member
● ACTIVEOSINTMISSING PERSONS
Active member of Trace Labs — the world's largest crowd-sourced OSINT organisation focused on finding missing persons. Participates in CTF-style intelligence gathering competitions where OSINT skills are applied to real-world missing persons cases in collaboration with law enforcement.
Field Exercises

CTF & PLATFORMS

TRYHACKME
@thatOSINTguy
Top 5%
GLOBAL
200+
ROOMS
★★★★
LEVEL
View THM Profile →
HACKTHEBOX
@thatosintguy
HTB
HACKER
RANK
★★★
LEVEL
View HTB Profile →
BLUE TEAM LABS ONLINE
Public Profile
🔵
BTLO
SOC
FOCUS
★★★
LEVEL
View BTLO Profile →
SPECIALIZATIONS
Focus Domains
SOC & Blue Team Operations
OSINT & Digital Forensics
Cloud Security Challenges
Malware Analysis & Reverse Engineering
Active Directory & Identity Attacks
Network Forensics & Traffic Analysis
Secure Channel

ESTABLISH CONTACT

Whether you're looking to collaborate on security research, need a Wazuh deployment consultation, explore cloud security architecture, seek career mentoring, or build something great together — reach out.

💼LinkedIn/in/wilklins ⌨️GitHub@WILKLINS 🏅Credly Badgeswilklins-nyatteng 📝Medium@WILKLINS 💻Dev.to@wilklins 🎯TryHackMe@thatOSINTguy HackTheBoxHacker Rank 🔵Blue Team Labs OnlinePublic Profile
secure_message.sh
FROM:
SUBJ:
MSG: