Personal log · Systems & Cybersecurity

reiderer

Hi, I'm Juan Rodríguez

Systems · Cloud · Cybersecurity · Blue Team → Red Team

I live between systems and security. I build labs, document what I learn and share the journey. This is my home: where I tell who I am and keep a record of what I build.

SystemsCloud / AzureBlue TeamRed Team
See projects → Read the blog GitHub
Juan Rodríguez Castellano
Juan Rodríguez Castellano
Córdoba, Andalusia · ES
identity

About me

I’m Juan Rodríguez Castellano and I live between two worlds I love: systems and cybersecurity.

I come from systems administration (ASIR) and it’s where I feel at home: networks, Windows and Linux, virtualization, Microsoft 365, Entra ID, cloud... building things, understanding how they fit together and keeping them running. I never want to let that part go.

Cybersecurity came later, almost by accident. It started as curiosity with an ethical hacking course, became a hobby and ended up a passion. Today I work mostly on Blue Team —detection, response, SIEM— and look eagerly toward Red Team and the OSCP.

For me systems and security always go together. I use reiderer as my place to build labs, document what I learn and share the journey.

And if there’s one thing I’m sure of, it’s that this isn’t about piling up tools, alerts or dashboards, but about understanding things well and telling signal from noise.

Windows ServerLinuxNetworking / TCP-IPVirtualizationMicrosoft 365Entra IDAzureMicrosoft SentinelWazuhMITRE ATT&CKBash / PythonPowerShell
technical work

Projects & Labs

What I build, across my three areas: systems (my base), defense and offense. Labs close to a real environment, not demos.

SYSTEMS — the base I love

High Availability Cluster

High-availability cluster with Pacemaker and Corosync on Linux, with MariaDB load balancing and automatic failover.

#Pacemaker#Corosync#HA#Linux
View documentation →

Microsoft 365 deployment at scale

Real migration of 230+ endpoints with Windows Autopilot, Entra ID and Intune in a corporate environment.

#Autopilot#EntraID#Intune#M365
Coming soon

Systems homelab

Virtualization with Proxmox, Active Directory, network services and automation. To keep growing in the systems side I love.

#Proxmox#ActiveDirectory#Homelab
BLUE TEAM — defense and detection
Featured

Wazuh SIEM Lab

Full Wazuh lab with a monitored Metasploitable3 and Kali as the offensive box. MITRE ATT&CK detection, 22 CVEs with CVSS prioritization, custom XML rules and VirusTotal API integration.

#Wazuh#MITREATTACK#VirusTotal
View on GitHub →
In progress

Microsoft Sentinel Lab

Cloud-native lab in Azure: log ingestion, 5 KQL analytic rules mapped to MITRE ATT&CK and validation with controlled events. Where my two worlds meet: cloud and security.

#Sentinel#KQL#Azure
RED TEAM — CTF & write-ups
Medium

DarkHole: 1

Web enumeration, SQL injection and privilege escalation via SUID binaries, with internal service analysis.

#SQLi#SUID#PrivEsc
View write-up →
Medium

Psycho: 1

Thorough enumeration, LFI exploitation, log analysis and privilege escalation through scripts with special permissions.

#LFI#LogAnalysis#PrivEsc
View write-up →
The horizon

Road to OSCP

The next chapter: more boxes, more offensive labs and progress toward the OSCP. In red, because that’s the direction.

#RedTeam#OSCP#OffSec
log

Blog

reiderer is, above all, a log. Here I post what I learn, what I build and what I think about systems and security.

Reflection

One year in cybersecurity: telling signal from noise

A year ago I didn’t know what a SIEM was. A look back at the road and the lesson I value most.

20 May 2026Read →
 Blue Team

Building a Microsoft Sentinel lab: less is more

The most useful part of building the lab wasn’t the detections, but deciding what made sense to include.

12 May 2026Read →
See all posts →
method

How I work

I work the same way building a system as investigating an alert: understand first, prioritize and document everything well.

01

Understand before touching

Before launching anything, I try to understand what the system exposes, how it’s built and the context around it.

02

Prioritize, don’t pile up

I don’t obsess over having more rules or more sources. I prefer fewer things, but understood in depth.

03

Correlate over time

An isolated alert is usually a medium signal. The real value is how several signals fit together.

04

Document the process

I care about leaving work well documented: reviewable, reproducible and easy to explain.

05

Connect systems and security

I understand how infrastructure is built and how it’s defended. That full context is my biggest advantage.

experience

Experience

Mar 2026 — present · Córdoba · On-site
IT Support Technician — Microsoft 365 Migration
ECOINTEGRAL INGENIERÍA, SL (via GI Group)
Deployment and migration of 230+ Windows endpoints to Microsoft 365, within the integration into Bureau Veritas. Windows Autopilot, identities in Entra ID, compliance policies and user support.Windows 11 · Autopilot · Entra ID · Microsoft 365 · Intune
Oct 2025 — Dec 2025 · Córdoba · On-site
IT Technician
Fersoft Informática
Support and rollout of business management software in SMBs (Verifactu project). SQL Server, billing software and on-site and remote user support.Windows · SQL Server · Remote support
Mar 2025 — Jun 2025 · Córdoba · Hybrid
Cybersecurity Analyst — SOC N1
IaaS365 · Internship
24/7 multi-client SOC: monitoring, triage and alert escalation. SIEM (LogPoint, Wazuh) and EDR/XDR (Vision One, Cynet), IOCs and MITRE ATT&CK, Nessus/OpenVAS scans, GoPhish phishing and ENS audits.LogPoint · Wazuh · Vision One · Cynet · MITRE ATT&CK · ENS
education

Certifications

I certify what I learn. Right now the focus is Microsoft Security; in the future, the OSCP.

eLearnSecurity · INE

eJPTv2

Junior Penetration Tester · Dec 2025
Verify credential ↗
CompTIA · SY0-701

Security+ (ce)

Nov 2025 → Nov 2028
Verify credential ↗
Google · Coursera

Google Cybersecurity

Professional Certificate
Verify credential ↗
Microsoft

SC-200

Security Operations Analyst · in progress

Plus more training in ethical hacking, malware analysis and OT security. On the horizon: SC-200, AZ-104, AZ-500 and OSCP.

what they say about me

Recommendations

From the start of ASIR, Juan showed great interest in cybersecurity. He always went a step further, learning on his own. Very dynamic, with a constant drive to improve.

Gonzalo Cabada AñónSystems Technician · ASIR classmate

Juan stood out for his interest and curiosity in cybersecurity. Always learning on his own, beyond class. Very proactive and eager to keep improving.

Irene Aragonés SánchezASIR Technician · ASIR classmate
contact

Let's talk systems and security

reiderer is my place to share what I do and what I learn. If you want to comment, propose a collaboration or just connect, here I am.

Email me → Download CV
[email protected] LinkedIn GitHub