Security Research · Applied Cryptography · Detection Engineering

Hi, I'm Joshua Berkoh

PhD Candidate · Security Researcher · Detection Engineer

Learn More LinkedIn View CV

~/philosophy

$ cat /etc/philosophy.conf

"Each problem that I solved became a rule which served afterwards to solve other problems."

# — René Descartes

Research

Applied cryptography, secure systems, and privacy-preserving infrastructure.

Practice

Threat detection engineering, security tooling, and telemetry-driven validation.

Direction

Bridging academic rigor with operationally useful security outcomes.

About

Researcher first, builder always

My work sits at the intersection of rigorous security research and practical implementation.

Joshua Berkoh is a PhD candidate in Information Technology at the University of Cincinnati, where his dissertation develops a cross-layer graph framework for measuring the I2P anonymous overlay network. His research fuses network-layer router data with application-layer eepsite crawls into a single directed multiplex graph, making it possible to study how anonymity infrastructure and the hidden services that ride on top of it interact as one system rather than two disconnected layers. Joshua's broader research interests center on the application of graph theory to complex, real-world systems, with extensions into anonymous communications, applied cryptography, detection engineering, and machine learning for security. He is particularly interested in research and applied settings, including national laboratories, federal research programs, and industry research labs where graph-theoretic methods can be brought to bear on hard problems in security, infrastructure, and large-scale networked systems.

Alongside his academic work, Joshua is a practicing detection engineer and SOC analyst. He previously served as a Security Operations Center Analyst at Virtual Infosec Africa, defending the security systems of financial institutions, and as a Security Engineering Intern at Intuit, where he integrated automated compliance checks into the security pipeline. He maintains a home detection lab built on Elastic Stack, Sysmon, and KQL rules mapped to MITRE ATT&CK, which he uses both for self-directed research and as a teaching platform.

Joshua's professional path has been shaped by a long history of community involvement and applied practice. He has served as an adjunct instructor at the University of Cincinnati, mentored at the OWASP Cincinnati Chapter, contributed to ISC2 as a certification examination developer, and held an AWS Community Builder role. He is also a former bug bounty researcher, with hall-of-fame recognition across multiple programs, and has competed in cybersecurity capture-the-flag events including Security Innovation, Hacker101, MetaCTF, and Tracelabs OSINT.

Writing

Recent work and technical notes

A mix of research reflections, study notes, and engineering write-ups grounded in security practice.

Project CryptoStealer: Credential Misuse & Exfiltration

June 21, 2026 • Threat Detection Engineering • Case Study

Deconstructing a high-risk internal data diversion scheme. Correlating identity authentication logs with endpoint process arguments to map out unauthorized internal reconnaissance and decode obfuscated, reverse-string PowerShell command arrays.

Operation DOCKSHOCK: ICS Blueprints Compromise

June 20, 2026 • Threat Detection Engineering • Case Study

Triaging a complex supply-chain intrusion targeting regional energy distribution. Tracks the complete lifecycle from perimeter XSS probing and weaponized phishing documents to lateral movement and source-code exfiltration using raw web...

Valdoria Votes: Advanced Persistent Threat Analysis

June 18, 2026 • Threat Detection Engineering • Case Study

Investigating a high-stakes, state-sponsored campaign targeting election infrastructure. Reconstructing attacker persistence mechanisms, multi-hop C2 structures, and domain registrar anomalies.

View All Posts →

Projects

Public repositories and ongoing builds

Selected work that reflects my current engineering interests and experimentation.

Selected public repositories I actively build and maintain.

joshberk/joshberk.github.io

June 22, 2026 • SCSS • ★ 1 • Forks 0

This is my Personal Website

joshberk/Agentic-Threat-Intel-Feed

February 23, 2026 • Python • ★ 2 • Forks 0

This is my agentic threat intelligence feed project.

joshberk/PVE-Resource-monitor

March 03, 2026 • Python • ★ 1 • Forks 0

A Python-based telemetry tool for Proxmox Virtual Environments running on Supermicro hardware. This script provides daily resource utilization reports and real-time hardware power consumption stats via Slack.

Capabilities

Technical focus areas

Core languages, security domains, and systems skills that shape my research and engineering work.

Programming Languages

Python HTML & CSS JavaScript SQL Rust

Cybersecurity & Cryptography

Applied Cryptography Security Analysis Vulnerability Assessment Incident Response Secure Systems Design

Tools & Frameworks

Git & Version Control Linux / Unix AWS Docker Research & Academic Writing

Publications

Research in progress

Current academic work and emerging directions in secure systems and privacy-preserving infrastructure.

A Behavioural Graph Temporal Neural Network Framework Under Review

IEEE Transactions on Network and Service Management (TNSM) • 2026

Contact

Open to research and security collaboration

If your work sits near applied cryptography, secure systems, or detection engineering, let’s talk.

Ready to collaborate on cryptography research or cybersecurity projects? Let's connect.

LinkedIn: Joshua Berkoh
GitHub: @joshberk