I created Cyber Actor Atlas as an open-source map and downloadable dataset for exploring the publicly reported origins of cyber actors. It is designed as a lightweight research and education resource for people who want a clearer geographic view of how named actors are described in public reporting.
The atlas brings together cybercrime groups, financial fraud actors, crypto-crime actors, darknet market operators, hacktivist collectives, state-linked theft groups, access brokers, and a limited set of defensive or white-hat organizations for context.
I created NowEDA (Python Library) as an open-source data analysis tool designed to make exploratory data analysis simple and accessible. Many software engineers and cybersecurity analysts work with data every day but are not specialists in data analysis, which can make initial exploration slow and inconsistent.
NowEDA provides a lightweight interface built on top of DataFrames, allowing users to quickly load datasets and generate summaries, insights, and data quality scores. It also includes a modular plugin system to detect patterns such as missing data, outliers, encoded fields, and potential sensitive information, helping users understand their data faster with minimal effort.
I created this research project to explore whether graph-based anomaly detection can improve the identification of post-compromise lateral movement in enterprise authentication logs.
The study uses 180,000 synthetic authentication events across 30 days, including 498 users, 150 hosts, and 16,391 labeled attack chains aligned with MITRE ATT&CK T1078 and T1021. I compared a simple rule-based baseline with a graph-based model using edge novelty, path rarity, and host degree deviation.
The graph-based method achieved higher precision and recall while reducing the false-positive rate. The repository includes the analysis notebook, dataset documentation, results, research poster.

