The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.

Pentastic is a UEBA-based insider threat detection system that uses behavioral analysis, risk scoring, and deception techniques to detect and prevent malicious user activity in real time.

Proxilion MCP Security Gateway is a self-hosted, Docker-ready security gateway that provides real-time threat detection (<50ms P95 latency) against insider threats, compromised accounts, and rogue AI agents by analyzing tool calls from assistants like Copilot and Claude Code, achieving a 75-85% detection rate against sophisticated attacks.

Fraud detection MCP server: Isolation Forest + Autoencoder ensemble, behavioral biometrics, agent-to-agent transaction protection, defense compliance (NITTF/SIEM/SEAD). 24 tools, 831 tests.

Insider Incident Data Exchange Standard

A curated technical resource for Insider Threat Management, Data Loss Prevention (DLP), and User Activity Monitoring (UAM).

Bowtie risk model analysis of insider data theft at Tesla - identifying crown jewel assets, mapping threat pathways, and evaluating preventive and mitigative security controls.

A digital immune system designed to detect and neutralize identity-based threats from within an organization

Personal data analysis project combining insider threat detection, cybersecurity, and exploratory data analytics. Built for portfolio showcase and practical skills demonstration.

SENTINEL is an immersive insider threat detection and training platform designed for security analysts, SOC teams, and IT professionals. Featuring a fully simulated UEBA (User and Entity Behavior Analytics) environment, interactive threat simulations, and comprehensive indicators of compromise (IOCs) library🔒👨🏿‍💻.

A Hybrid Approach for Insider Threat Detection Using System Call Analysis and Malware API Monitoring.

Threat hunt investigation using Microsoft Defender for Endpoint and KQL to detect unauthorized TOR browser installation, execution, and network activity on a corporate Windows endpoint.

Simulated and detected a stealthy insider threat ‘Alex’, who moved from file snooping to SSH brute-forcing. Includes PCAPs, Zeek logs, NetworkMiner analysis, and a full incident report.

Insider Threat Monitor

Simulated threat detection project using Splunk with custom logs, dashboard, and MITRE ATT&CK mapping

Patent-aligned cybersecurity prototype implementing dynamic trust-based adaptive access control using credential integrity, competence evidence, behavioral risk, and event-driven trust recomputation.

SOC-based Python project for detecting suspicious login behavior and insider threats

Docker-based security tool for monitoring privileged access and insider threats in financial institutions (Nigerian banking security context)

Insider threat detection and incident response playbook aligned with NIST, combining SOC workflows, escalation protocols, and security policies to manage internal risks.

The Common Criteria for Insider Threat