Security Research · Applied Cryptography · Detection Engineering

Hi, I'm Joshua Berkoh

PhD Candidate · Security Researcher · Detection Engineer

Learn More LinkedIn View CV

~/philosophy

$ cat /etc/philosophy.conf

"Each problem that I solved became a rule which served afterwards to solve other problems."

# — René Descartes

Research

Applied cryptography, secure systems, and privacy-preserving infrastructure.

Practice

Threat detection engineering, security tooling, and telemetry-driven validation.

Direction

Bridging academic rigor with operationally useful security outcomes.

About

Researcher first, builder always

My work sits at the intersection of rigorous security research and practical implementation.

Joshua Berkoh is a PhD candidate in Information Technology at the University of Cincinnati, where his dissertation develops a cross-layer graph framework for measuring the I2P anonymous overlay network. His research fuses network-layer router data with application-layer eepsite crawls into a single directed multiplex graph, making it possible to study how anonymity infrastructure and the hidden services that ride on top of it interact as one system rather than two disconnected layers. Joshua's broader research interests center on the application of graph theory to complex, real-world systems, with extensions into anonymous communications, applied cryptography, detection engineering, and machine learning for security. He is particularly interested in research and applied settings, including national laboratories, federal research programs, and industry research labs where graph-theoretic methods can be brought to bear on hard problems in security, infrastructure, and large-scale networked systems.

Alongside his academic work, Joshua is a practicing detection engineer and SOC analyst. He previously served as a Security Operations Center Analyst at Virtual Infosec Africa, defending the security systems of financial institutions, and as a Security Engineering Intern at Intuit, where he integrated automated compliance checks into the security pipeline. He maintains a home detection lab built on Elastic Stack, Sysmon, and KQL rules mapped to MITRE ATT&CK, which he uses both for self-directed research and as a teaching platform.

Joshua's professional path has been shaped by a long history of community involvement and applied practice. He has served as an adjunct instructor at the University of Cincinnati, mentored at the OWASP Cincinnati Chapter, contributed to ISC2 as a certification examination developer, and held an AWS Community Builder role. He is also a former bug bounty researcher, with hall-of-fame recognition across multiple programs, and has competed in cybersecurity capture-the-flag events including Security Innovation, Hacker101, MetaCTF, and Tracelabs OSINT.

Writing

Recent work and technical notes

A mix of research reflections, study notes, and engineering write-ups grounded in security practice.

Building a Malware Reversing Lab on Proxmox

March 26, 2026 • Threat Detection Engineering • Malware Reverse Engineering

A walkthrough of the full architecture for a dual-purpose home lab: a Windows-based reversing environment for static and dynamic malware analysis, running alongside a detection engineering stack on the same...

Week 4 - Modern Encryption Primitives Beyond the Basics

August 25, 2025 • cryptography • Study Notes

Building on probability and secrecy, this week I explore advanced cryptographic primitives: Format-Preserving Encryption, Fully Homomorphic Encryption, Searchable Encryption, and Tweakable Encryption. I also examine how weak ciphers and wrong...

Week 3 - Probability, Perfect Secrecy, and the One-Time Pad

August 25, 2025 • cryptography • Study Notes

My third week dives into probability, conditional distributions, and formal definitions of secrecy. I work through shift cipher examples, Bayes’ Theorem, and the rigorous proof that the One-Time Pad achieves...

View All Posts →

Projects

Public repositories and ongoing builds

Selected work that reflects my current engineering interests and experimentation.

Selected public repositories I actively build and maintain.

joshberk/joshberk.github.io

May 14, 2026 • SCSS • ★ 1 • Forks 0

This is my Personal Website

joshberk/Agentic-Threat-Intel-Feed

February 23, 2026 • Python • ★ 1 • Forks 0

This is my agentic threat intelligence feed project.

joshberk/PVE-Resource-monitor

March 03, 2026 • Python • ★ 1 • Forks 0

A Python-based telemetry tool for Proxmox Virtual Environments running on Supermicro hardware. This script provides daily resource utilization reports and real-time hardware power consumption stats via Slack.

Capabilities

Technical focus areas

Core languages, security domains, and systems skills that shape my research and engineering work.

Programming Languages

Python HTML & CSS JavaScript SQL Rust

Cybersecurity & Cryptography

Applied Cryptography Security Analysis Vulnerability Assessment Incident Response Secure Systems Design

Tools & Frameworks

Git & Version Control Linux / Unix AWS Docker Research & Academic Writing

Publications

Research in progress

Current academic work and emerging directions in secure systems and privacy-preserving infrastructure.

A Behavioural Graph Temporal Neural Network Framework Under Review

IEEE Transactions on Network and Service Management (TNSM) • 2026

Contact

Open to research and security collaboration

If your work sits near applied cryptography, secure systems, or detection engineering, let’s talk.

Ready to collaborate on cryptography research or cybersecurity projects? Let's connect.

LinkedIn: Joshua Berkoh
GitHub: @joshberk