Cybersecurity MSc · University West · Sweden

Security

Lab builder.

MSc Cybersecurity student based in Sweden. I build real-world defensive infrastructure, break things to understand them, and research emerging threats at the intersection of AI and cybersecurity.

View Projects → Pi Lab Status GitHub ↗
CPU %
RAM %
Temp °C
Services Up
alphonse@pilab ~ — live
alphonse@pilab:~$ ./system-status
──────────────────────────────────
hostname pilab.local
os Raspberry Pi OS (Bookworm)
kernel 6.12.62+rpt-rpi-2712
uptime fetching...
cpu fetching...
ram fetching...
temp fetching...
services fetching...
──────────────────────────────────
alphonse@pilab:~$
433K
DNS Blocked
15K+
IPs Banned
11
Services
About

Studying security.
Building it.

I'm Alphonse Joseph, a Cybersecurity MSc student at University West, Sweden. My research focuses on AI-based threat detection, network defense, and hands-on security engineering.

My philosophy: you can't defend what you don't understand. So I build real infrastructure, break it deliberately, analyse the failures, and build better. My Raspberry Pi 5 runs a full enterprise-grade security stack — honeypots, SIEM, IDS/IPS, threat intelligence — all on $100 hardware.

I'm actively seeking opportunities in penetration testing, threat intelligence, and security research. Open to internships, collaborations, and interesting problems.

2025 — Present
MSc Cybersecurity
University West · Trollhättan, Sweden
AI-based cyber risk assessment, ML for security anomaly detection, network defense architectures, and hands-on security lab work.
2026 — Thesis · In Progress
Comparative Evaluation of Open-Source SOAR Tools
MSc Thesis · University West
Benchmarking Shuffle vs. Wazuh/Cortex/TheHive integrated with a FortiGate 50G NGFW and T-Pot honeypot to generate real attack data. Building automated playbooks and Python metrics pipelines — first empirical benchmark of open-source SOAR tools.
2026
Raspberry Pi 5 Security Operations Lab
Personal Project
Designed and built a comprehensive home security lab: Pi-hole + Unbound DNS, WireGuard VPN, nftables firewall, Cowrie SSH honeypot, CrowdSec threat intelligence, Grafana + Loki monitoring stack.
2025
PLC Programming — Industrial Automation
University West · Department of Engineering Science
IEC 61131-3 Structured Text, two-PLC handshake protocol design, HMI indicator systems.
LocationSweden 🇸🇪
UniversityUniversity West
DegreeMSc Cybersecurity
Emailalphonse.joseph@proton.me
GitHub63n713m4n
LinkedInalphonse-joseph
Twitter/X@Al_FonZ_
StatusSeeking: Pentesting / SOC internships
Repos80+ on GitHub
InterestsResearch · Travel · Gaming
Skills

What I know.
What I build.

Network Defense
Designing and implementing layered network security — firewalls, DNS filtering, VPN hardening, and intrusion prevention.
nftablesWireGuardPi-holeFail2banUnboundCrowdSec
Penetration Testing
Vulnerability assessment, network reconnaissance, exploit development and post-exploitation across web, network and physical vectors.
MetasploitnmapHydrasqlmapBurp Suiteaircrack-ng
AI for Security
Applying machine learning to cybersecurity: anomaly detection, threat classification, and AI-based cyber risk assessment frameworks.
Random ForestSVMKNNIsolation Forestscikit-learn
Security Monitoring
Building observability stacks for security — log aggregation, real-time alerting, threat visualization, and SIEM pipelines.
GrafanaPrometheusLokiPromtailDiscord Webhooks
Infrastructure
Self-hosted service deployment, container orchestration, Linux server administration and security automation.
DockerPortainerBashPythonLinuxsystemd
Hardware Security
Embedded systems security, RF signal analysis, BadUSB payload development, and physical penetration testing.
Flipper ZeroRaspberry PiBadUSBSub-GHzNFC/RFID
Courses & Training
MSc CybersecurityUniversity West, SwedenIn Progress
AI-Based Cyber Risk AssessmentUniversity West — AIR600Completed
Network Security & DefenseUniversity WestCompleted
PLC Programming — IEC 61131-3University WestCompleted
Projects

Things I've built.

Rogue Wi-Fi Access Point
Creates a fake access point with captive portal to demonstrate credential harvesting. Includes internet spoofing and session logging for security awareness training.
Python
⭐ 2
Offensive
Pi 5 Security Operations Lab
Full enterprise-grade security stack on Raspberry Pi 5: DNS filtering, VPN, firewall, SSH honeypot, threat intelligence, SIEM, and real-time monitoring dashboards. Running live.
Shell / Python
Defensive
Infrastructure
Profile
ML Security Classifier
Machine learning pipeline for network intrusion detection. Implements Decision Tree, Random Forest, KNN, and SVM classifiers with comparative analysis and feature importance visualization.
Python
ML/AI
Research
MSc Thesis — SOAR Evaluation
Comparative evaluation of open-source SOAR platforms integrated with FortiGate firewall and Cowrie honeypot. Assessing automation, alert triage, and incident response capabilities in a real environment. Joint thesis with Filmon Meharii @ University West.
Python / Research
Thesis
Collaborative
In Progress
Profile
Flipper Zero Payload Suite
BadUSB payload collection for Windows, macOS and Linux performing system reconnaissance and reporting findings via Discord webhooks. Built for authorized security assessments.
DuckyScript
Hardware
Offensive
Pi Lab

Live infrastructure.

Fetching status...
CPU Usage
percent
RAM Used
percent
Temperature
°C
Disk Used
of 470GB NVMe
Threat Activity — Live · View Full Intelligence →
Honeypot Sessions
today
Unique Attacker IPs
today
Login Attempts
today
IPs Blocked
by CrowdSec
Services
Loading...
System Load
CPU—%
RAM—%
Disk—%
Temperature—°C
Uptime
fetching...
Hardware
BoardRaspberry Pi 5 8GB
Storage512GB NVMe M.2
OSPi OS Lite 64-bit
NetworkGigabit Ethernet
Stack

Everything running
on the Pi.

ServicePurposeCategoryNotes
Pi-hole v6DNS-level ad & tracker blockingNetwork433K+ domains blocked
UnboundRecursive DNS resolverNetworkDNSSEC, no upstream
WireGuardVPN serverNetworkDuckDNS endpoint, full-tunnel, UDP 51820
nftablesStateful firewallSecurityDefault DROP, rate limiting, NAT masquerade
Fail2banBrute force protectionSecuritySSH jails, 3600s bans
CrowdSecCollaborative threat intelligenceSecurity15K+ IPs blocked via CAPI
CowrieSSH/Telnet honeypotSecurityInternet-facing, logs real attacker sessions & commands
alphonsejoseph.techPortfolio site hardeningSecurityDNSSEC, HSTS, CSP, security.txt, Cloudflare WAF
GrafanaMetrics & log dashboardsMonitoringNode Exporter + Cowrie panels
PrometheusTime-series metricsMonitoring30-day retention
Loki + PromtailLog aggregationMonitoringCowrie JSON logs ingested
Docker + PortainerContainer managementInfrav29.3.0, ARM64 native
HeimdallService homepage dashboardInfraAll services in one place
DuckDNSDynamic DNSNetworkAuto-updates every 5 min
Flipper ZeroHardware security testingHardwareMomentum firmware
Contact

Let's work together.

I'm open to internships, research collaborations, and interesting security projects. Whether you want to talk about home labs, threat intelligence, or just geek out about cybersecurity — reach out.

Email
alphonse.joseph@proton.me
GitHub
github.com/63n713m4n
LinkedIn
linkedin.com/in/alphonse-joseph
Twitter/X
@Al_FonZ_