Portfolio

Projects built
from scratch.

A collection of cybersecurity projects applying threat detection, network forensics, and SIEM operations skills hands-on. Each project is fully documented with a case study, tech stack, and live GitHub link.

06 Active Projects
01

Phishing Email Detector

Hybrid rule-based + ML classification engine with Claude API integration

Active Flagship +

Case Study

Built an 8-module Python application integrating IMAP/SMTP, rule-based logic, and Naive Bayes ML classification to detect phishing emails — applying threat detection, alert triage, and security breach identification concepts in a hands-on engineering context.

Extended the detector with Claude API integration (Anthropic) to generate plain-language explanations of every verdict — so non-technical users understand exactly why an email was flagged and what action to take, mirroring how SOC analysts communicate findings to end users.

github.com/trevjacq/phishing-email-detector →

Status

Active Development

Category

Email Security / Detection

Stack

Pythonscikit-learnNaive BayesIMAPSMTPClaude API

Architecture

8-Module Pipeline

Detection Split

65% Rule-based / 35% ML

02

Network Traffic Analyzer

Live packet capture with real-time dashboard — 2,800+ packets captured in testing

Published +

Case Study

Built a fully functional 6-module Python tool that captures live network packets using Scapy, parses OSI Layer 3/4 headers (IP, TCP, UDP, ICMP), classifies traffic by protocol and port, and persists all data to a SQLite database — demonstrating hands-on packet inspection and network forensics skills.

Implemented a live terminal dashboard using the Rich library displaying real-time packet counts, total data transferred, top source IPs, and top services. Captured 2,800+ packets and 1.37 MB of traffic in initial testing on a live network interface.

github.com/trevjacq/network-traffic-analyzer →

Status

Published on GitHub

Category

Network Forensics

Stack

PythonScapySQLiteRichTCP/IP

Layers

OSI Layer 3 / 4

Test Results

2,800+ packets · 1.37 MB

03

SIEM Home Lab

Elastic Stack SIEM with KQL detection rules mapped to MITRE ATT&CK

Published +

Case Study

Built a home SIEM lab on Elastic Stack (Elasticsearch 9.3.3, Kibana, Winlogbeat) ingesting real-time Windows Security event logs from a live Windows 10 host — enabling continuous monitoring of authentication, privilege use, and process creation events across 383 indexed fields.

Developed KQL-based detection rules mapped to MITRE ATT&CK for brute force attempts (Event ID 4625), privilege escalation via group membership changes (4732), and process creation monitoring (4688) — simulated and validated each rule with live test activity generating real alerts in Kibana.

github.com/trevjacq/siem-home-lab →

Status

Published on GitHub

Category

SIEM / Threat Detection

Stack

Elastic StackKibanaWinlogbeatKQLWindows 10

Framework

MITRE ATT&CK Mapped

Indexed Fields

383

04

WireGuard VPN on OCI

Self-hosted VPN on Oracle Cloud Infrastructure — encrypted tunnel with kill switch & DNS leak protection

Active +

Case Study

Deployed a production WireGuard VPN server on Oracle Cloud Infrastructure (OCI) using a free-tier ARM compute instance — provisioning a hardened Ubuntu server, generating asymmetric key pairs, and establishing a fully encrypted peer-to-peer tunnel from a local client with verified kill switch behavior to prevent traffic leaks on dropped connections.

Configured UFW firewall rules, IP forwarding, and NAT masquerading to route all client traffic through the VPN egress point, with DNS leak protection validated via real-world testing. Documented the full deployment as a reproducible guide covering OCI instance provisioning, WireGuard installation, peer key exchange, and client configuration.

github.com/trevjacq/wireguard-oci-vpn →

Status

Active Development

Category

Network Security / Cloud

Stack

WireGuardOracle CloudUbuntuUFWSSHBash

Deployment

OCI Free Tier · ARM Instance

Security Controls

Kill Switch · DNS Leak Protection

05

AWS IAM Security Assessment

Prowler v4.6.0 cloud security scan — 63 checks, CIS AWS Foundations benchmark

Published +

Case Study

Conducted a baseline AWS security assessment against a personal AWS lab account using Prowler v4.6.0, an open-source cloud security scanner trusted by enterprise security teams — executing 63 checks in 17 seconds across all regions to identify IAM misconfigurations and validate the account's security posture against the CIS AWS Foundations benchmark.

Followed the principle of least privilege throughout: provisioned a dedicated read-only IAM user (prowler-scanner) scoped to SecurityAudit + ViewOnlyAccess with console access disabled — and confirmed the approach worked by passing all permission-scope checks. Produced findings in JSON-OCSF, CSV, and HTML formats with severity triage and mapped remediation steps.

Identified 2 critical findings (root account MFA gaps) and 2 lower-severity findings — with 19 checks passing (54%) including no root access keys, no admin policy on the scanner user, and no root usage in the assessment window. Prioritized a remediation plan by risk impact, demonstrating structured vulnerability triage aligned with real-world SOC workflows.

Result Count Coverage
● Passed 19 54.29%
● Failed 16 45.71%
Total Checks 63 17 seconds
github.com/trevjacq/aws-security-assessment →

Status

Published on GitHub

Category

Cloud Security / GRC

Stack

Prowler v4.6.0AWS CLIPython 3.11IAMS3

Benchmark

CIS AWS Foundations

Scope

IAM · S3 · All Regions

Output Formats

JSON-OCSF · CSV · HTML

Framework

MITRE ATT&CK T1078

06

IT Asset Management Lab

Snipe-IT deployment on OCI with full asset lifecycle SOP — mock 10-person org environment

Active +

Case Study

Deployed Snipe-IT, an open-source IT asset management platform, on an existing Oracle Cloud Infrastructure (OCI) Ubuntu instance alongside a WireGuard VPN server — provisioning a fully functional ITAM system for a simulated 10-person organization ("SNA Technologies") with realistic hardware inventory, user accounts, and license tracking.

Populated the system with a mock asset inventory spanning laptops, desktops, monitors, networking equipment, and software licenses — assigning assets to users, configuring asset tags (format: TT-XXX), and defining locations (Main Office, Server Closet, Conference Room A, Storage Room, Remote). Demonstrated the full asset lifecycle: procurement onboarding, checkout, transfer, check-in, and retirement with DoD 5220.22-M wipe documentation.

Authored a formal Asset Lifecycle Standard Operating Procedure covering six procedures — new asset onboarding, assignment, transfer, return, retirement/disposal, and annual audit — with direct ties to security operations outcomes including vulnerability management, incident response, and offboarding security. Grounded in compliance frameworks referenced by HIPAA and SOC 2.

github.com/trevjacq →

Status

Active Development

Category

ITAM / Security Operations

Stack

Snipe-ITOracle CloudUbuntuMySQLNginxPHP

Deployment

OCI Free Tier · Self-hosted

Scope

10-user org · Hardware + Licenses

Procedures

6-procedure Asset Lifecycle SOP

Compliance

HIPAA · SOC 2 · DoD 5220.22-M

For Non-Technical Visitors

What these projects
actually do.

No jargon. Just what was built, why it matters, and what problem it solves in the real world.

01

Phishing Email Detector

Every day, people receive emails impersonating their bank, employer, or a trusted service — designed to steal passwords or financial information. This tool reads incoming emails and automatically flags suspicious ones before a person even opens them. It combines a rules checklist with a machine-learning model trained to spot patterns, then explains its verdict in plain language so anyone on the team understands what was flagged and why.

Think of it as — a trained security screener sitting in your inbox 24/7
02

Network Traffic Analyzer

A network is like a highway — data packets are the cars. Most are normal, but occasionally something suspicious slips through. This tool watches all traffic in real time, logs where data is coming from and going to, and builds a live dashboard showing the busiest sources and unusual patterns. It captured and analyzed over 2,800 packets in its first live test run on a real network.

Think of it as — a traffic camera and logbook for everything crossing your network
03

SIEM Home Lab

Large organizations use Security Information & Event Management (SIEM) systems to monitor thousands of devices at once and alert on suspicious activity. This is a fully built, working version of that — running on real hardware, ingesting live Windows event logs, and triggering alarms when things like repeated failed logins or unauthorized privilege changes occur. Built to mirror what enterprise security analysts use every day.

Think of it as — a security operations center in miniature — alarms, dashboards, and all
04

WireGuard VPN on OCI

A VPN creates an encrypted tunnel between your device and the internet so your traffic can't be intercepted. This is a self-hosted version — no third-party VPN company has access to your data. Deployed on a free cloud server, configured to automatically cut off all traffic if the connection drops (so data can never leak unprotected), and tested to confirm no DNS leaks under real-world conditions.

Think of it as — a private, encrypted internet connection you fully own and control
05

AWS IAM Security Assessment

Many companies store sensitive data in the cloud and misconfigure access settings without realizing it — leaving data exposed to anyone who knows where to look. This project runs an automated audit of a cloud environment using the same tool trusted by enterprise security teams, checking 63 security controls against federal benchmarks. Found and documented critical gaps, then produced a prioritized remediation plan ranked by risk severity.

Think of it as — a full security inspection of a cloud environment with a written report card
06

IT Asset Management Lab

Organizations need to know exactly which devices, software licenses, and equipment they own — who has what, where it is, and whether it's been returned or properly disposed of. This simulates a full asset tracking system for a 10-person company: every laptop, monitor, and license tracked from purchase to retirement, with documented procedures for checking equipment in and out, transferring it between staff, and securely wiping it before disposal.

Think of it as — a complete inventory control system for an organization's technology assets