Portfolio
A collection of cybersecurity projects applying threat detection, network forensics, and SIEM operations skills hands-on. Each project is fully documented with a case study, tech stack, and live GitHub link.
Hybrid rule-based + ML classification engine with Claude API integration
Case Study
Built an 8-module Python application integrating IMAP/SMTP, rule-based logic, and Naive Bayes ML classification to detect phishing emails — applying threat detection, alert triage, and security breach identification concepts in a hands-on engineering context.
Extended the detector with Claude API integration (Anthropic) to generate plain-language explanations of every verdict — so non-technical users understand exactly why an email was flagged and what action to take, mirroring how SOC analysts communicate findings to end users.
github.com/trevjacq/phishing-email-detector →Live packet capture with real-time dashboard — 2,800+ packets captured in testing
Case Study
Built a fully functional 6-module Python tool that captures live network packets using Scapy, parses OSI Layer 3/4 headers (IP, TCP, UDP, ICMP), classifies traffic by protocol and port, and persists all data to a SQLite database — demonstrating hands-on packet inspection and network forensics skills.
Implemented a live terminal dashboard using the Rich library displaying real-time packet counts, total data transferred, top source IPs, and top services. Captured 2,800+ packets and 1.37 MB of traffic in initial testing on a live network interface.
github.com/trevjacq/network-traffic-analyzer →Elastic Stack SIEM with KQL detection rules mapped to MITRE ATT&CK
Case Study
Built a home SIEM lab on Elastic Stack (Elasticsearch 9.3.3, Kibana, Winlogbeat) ingesting real-time Windows Security event logs from a live Windows 10 host — enabling continuous monitoring of authentication, privilege use, and process creation events across 383 indexed fields.
Developed KQL-based detection rules mapped to MITRE ATT&CK for brute force attempts (Event ID 4625), privilege escalation via group membership changes (4732), and process creation monitoring (4688) — simulated and validated each rule with live test activity generating real alerts in Kibana.
github.com/trevjacq/siem-home-lab →Self-hosted VPN on Oracle Cloud Infrastructure — encrypted tunnel with kill switch & DNS leak protection
Case Study
Deployed a production WireGuard VPN server on Oracle Cloud Infrastructure (OCI) using a free-tier ARM compute instance — provisioning a hardened Ubuntu server, generating asymmetric key pairs, and establishing a fully encrypted peer-to-peer tunnel from a local client with verified kill switch behavior to prevent traffic leaks on dropped connections.
Configured UFW firewall rules, IP forwarding, and NAT masquerading to route all client traffic through the VPN egress point, with DNS leak protection validated via real-world testing. Documented the full deployment as a reproducible guide covering OCI instance provisioning, WireGuard installation, peer key exchange, and client configuration.
github.com/trevjacq/wireguard-oci-vpn →Prowler v4.6.0 cloud security scan — 63 checks, CIS AWS Foundations benchmark
Case Study
Conducted a baseline AWS security assessment against a personal AWS lab account using Prowler v4.6.0, an open-source cloud security scanner trusted by enterprise security teams — executing 63 checks in 17 seconds across all regions to identify IAM misconfigurations and validate the account's security posture against the CIS AWS Foundations benchmark.
Followed the principle of least privilege throughout: provisioned a dedicated read-only IAM user (prowler-scanner) scoped to SecurityAudit + ViewOnlyAccess with console access disabled — and confirmed the approach worked by passing all permission-scope checks. Produced findings in JSON-OCSF, CSV, and HTML formats with severity triage and mapped remediation steps.
Identified 2 critical findings (root account MFA gaps) and 2 lower-severity findings — with 19 checks passing (54%) including no root access keys, no admin policy on the scanner user, and no root usage in the assessment window. Prioritized a remediation plan by risk impact, demonstrating structured vulnerability triage aligned with real-world SOC workflows.
Snipe-IT deployment on OCI with full asset lifecycle SOP — mock 10-person org environment
Case Study
Deployed Snipe-IT, an open-source IT asset management platform, on an existing Oracle Cloud Infrastructure (OCI) Ubuntu instance alongside a WireGuard VPN server — provisioning a fully functional ITAM system for a simulated 10-person organization ("SNA Technologies") with realistic hardware inventory, user accounts, and license tracking.
Populated the system with a mock asset inventory spanning laptops, desktops, monitors, networking equipment, and software licenses — assigning assets to users, configuring asset tags (format: TT-XXX), and defining locations (Main Office, Server Closet, Conference Room A, Storage Room, Remote). Demonstrated the full asset lifecycle: procurement onboarding, checkout, transfer, check-in, and retirement with DoD 5220.22-M wipe documentation.
Authored a formal Asset Lifecycle Standard Operating Procedure covering six procedures — new asset onboarding, assignment, transfer, return, retirement/disposal, and annual audit — with direct ties to security operations outcomes including vulnerability management, incident response, and offboarding security. Grounded in compliance frameworks referenced by HIPAA and SOC 2.
github.com/trevjacq →For Non-Technical Visitors
No jargon. Just what was built, why it matters, and what problem it solves in the real world.
Every day, people receive emails impersonating their bank, employer, or a trusted service — designed to steal passwords or financial information. This tool reads incoming emails and automatically flags suspicious ones before a person even opens them. It combines a rules checklist with a machine-learning model trained to spot patterns, then explains its verdict in plain language so anyone on the team understands what was flagged and why.
A network is like a highway — data packets are the cars. Most are normal, but occasionally something suspicious slips through. This tool watches all traffic in real time, logs where data is coming from and going to, and builds a live dashboard showing the busiest sources and unusual patterns. It captured and analyzed over 2,800 packets in its first live test run on a real network.
Large organizations use Security Information & Event Management (SIEM) systems to monitor thousands of devices at once and alert on suspicious activity. This is a fully built, working version of that — running on real hardware, ingesting live Windows event logs, and triggering alarms when things like repeated failed logins or unauthorized privilege changes occur. Built to mirror what enterprise security analysts use every day.
A VPN creates an encrypted tunnel between your device and the internet so your traffic can't be intercepted. This is a self-hosted version — no third-party VPN company has access to your data. Deployed on a free cloud server, configured to automatically cut off all traffic if the connection drops (so data can never leak unprotected), and tested to confirm no DNS leaks under real-world conditions.
Many companies store sensitive data in the cloud and misconfigure access settings without realizing it — leaving data exposed to anyone who knows where to look. This project runs an automated audit of a cloud environment using the same tool trusted by enterprise security teams, checking 63 security controls against federal benchmarks. Found and documented critical gaps, then produced a prioritized remediation plan ranked by risk severity.
Organizations need to know exactly which devices, software licenses, and equipment they own — who has what, where it is, and whether it's been returned or properly disposed of. This simulates a full asset tracking system for a 10-person company: every laptop, monitor, and license tracked from purchase to retirement, with documented procedures for checking equipment in and out, transferring it between staff, and securely wiping it before disposal.