The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.

Proxilion MCP Security Gateway is a self-hosted, Docker-ready security gateway that provides real-time threat detection (<50ms P95 latency) against insider threats, compromised accounts, and rogue AI agents by analyzing tool calls from assistants like Copilot and Claude Code, achieving a 75-85% detection rate against sophisticated attacks.

Insider Incident Data Exchange Standard

Pentastic is a UEBA-based insider threat detection system that uses behavioral analysis, risk scoring, and deception techniques to detect and prevent malicious user activity in real time.

A curated technical resource for Insider Threat Management, Data Loss Prevention (DLP), and User Activity Monitoring (UAM).

A digital immune system designed to detect and neutralize identity-based threats from within an organization

Bowtie risk model analysis of insider data theft at Tesla - identifying crown jewel assets, mapping threat pathways, and evaluating preventive and mitigative security controls.

Personal data analysis project combining insider threat detection, cybersecurity, and exploratory data analytics. Built for portfolio showcase and practical skills demonstration.

SENTINEL is an immersive insider threat detection and training platform designed for security analysts, SOC teams, and IT professionals. Featuring a fully simulated UEBA (User and Entity Behavior Analytics) environment, interactive threat simulations, and comprehensive indicators of compromise (IOCs) library🔒👨🏿‍💻.

A Hybrid Approach for Insider Threat Detection Using System Call Analysis and Malware API Monitoring.

Insider Threat Monitor

Simulated threat detection project using Splunk with custom logs, dashboard, and MITRE ATT&CK mapping

Simulated and detected a stealthy insider threat ‘Alex’, who moved from file snooping to SSH brute-forcing. Includes PCAPs, Zeek logs, NetworkMiner analysis, and a full incident report.

The Common Criteria for Insider Threat

Docker-based security tool for monitoring privileged access and insider threats in financial institutions (Nigerian banking security context)

Insider threat detection and incident response playbook aligned with NIST, combining SOC workflows, escalation protocols, and security policies to manage internal risks.

Thesis project

The Public Distribution List and Mailbox Forward Reports are developed to enhance security auditing in Microsoft 365’s Exchange Online and on-premises Exchange environments.​

9-layer ML pipeline that predicts insider threats 3–14 days before they occur. Validated on CERT r6.2 (4,000 users) and LANL (12,416 users). ROC-AUC 0.8554.

생성형 AI를 활용한 국가안보 침해 내부자 행위 선제 감시 체계 설계