# Mission

## The one-liner
Become competent enough in cybersecurity and Wazuh to run an **MSSP that
monitors security for multiple hotel clients** — confidently standing up
detection, triaging alerts, and explaining the value to hotel owners.

## Who I am
- Founder of a new **MSSP (Managed Security Service Provider)**.
- Comfortable on the **Linux command line** (SSH, editing configs, servers).
- Newer to **security operations** specifically — building the skill set now.

## What I'm building toward
A repeatable service where I can:
1. Onboard a hotel as a client.
2. Deploy Wazuh agents across their IT (servers, POS, PMS, staff machines).
3. Monitor multiple hotels from one console without mixing their data up.
4. Detect, triage, and respond to security events.
5. Help hotels meet obligations like **PCI-DSS** (they handle card payments).

## Why hotels
Hotels are a high-value, under-secured niche: they process credit cards,
hold guest PII, run legacy Property Management Systems (PMS) and
Point-of-Sale (POS) terminals, and often have no in-house security team.
That gap is the business.

## Current focus (zone of proximal development)
**Fundamentals first.** Understand what a SIEM/Wazuh actually does and the
core security concepts — before standing up infrastructure. Then move to a
hands-on lab, then to onboarding a first hotel.

## Roadmap (rough, will evolve)
1. ✅ Define the mission.
2. ✅ Fundamentals: SIEM, the detection lifecycle, where Wazuh fits. (L1)
3. ✅ Wazuh architecture: server / indexer / dashboard / agents. (L2)
4. ✅ Hands-on lab: stand up Wazuh + an agent, trigger a real detection. (L3–L4)
5. ✅ Detection engineering: decoders, rules, custom detections. (L5)
6. ✅ Multi-tenancy: monitor several hotels cleanly (groups, RBAC, tenants). (L6–L7)
7. ✅ Hotel threat model + PCI-DSS: POS, PMS, guest Wi-Fi, compliance. (L8–L9)
8. ✅ Onboard a first (pilot) hotel — the full runbook. (L10)

**Foundational course complete.** Plus operating lessons:
9. ✅ Operate a live setup: enable FIM/SCA/vuln-detection/active-response. (L11)
10. ✅ Production capstone: full component map + go-live hardening checklist. (L12)

Deployment model: **native package install** (moved off Coolify/Docker). Next
frontiers, when ready: reading & triaging live alerts in the dashboard (alert
anatomy + severity→action), real-lab practice, clustering for many hotels, and
producing PCI evidence reports. Start at `index.html`.

_Last updated: 2026-06-26_