Philip Akekudaga — Network Security Researcher & PhD Student

// README.md
bash — philip@cypher-lab
philip@cypher-lab:~$ cat README.md
philip@cypher-lab:~$ uptime
8+ years in production infrastructure. 7 papers. Still learning.
monitoring p4_switch_0 — 0 alerts
philip@cypher-lab:~$
Try typing help, whoami, ls projects, or cat skills

I'm a PhD student in Electrical Engineering at the University of Rhode Island, working in the CYPHER Lab under Dr. Hui Lin. My research sits at the intersection of programmable data planes and critical infrastructure security — I write P4 programs that run on Intel Tofino ASICs to detect threats in real-time, without waiting for the control plane to catch up.

Before the PhD, I spent years in the trenches: managing network infrastructure for a national utility in Ghana, building security automation for a FinTech startup, and interning in the CISO's office at the New York State Department of Health. That operational background shapes how I approach research — if it can't survive a production network, it's not done.

When I'm not writing match-action tables, I'm usually benchmarking ECMP path selection algorithms or arguing about whether the control plane should be stateful.

// experience.log
'14 '16 '18 '20 '22 '24 Now
Research Asst. CYPHER Lab, URI
Grad Assistant UAlbany
Cybersecurity Analyst NYSDOH
Sr. Research Aide SUNY
Lead Analyst Fido Microcredit
Business Analyst Coca-Cola / Voltic
DMS-SFA Analyst Wilmar Africa
IT & MIS Officer Ghana Water Co.
Research Assistant — Network Deployment & Automation
CYPHER Lab, University of Rhode Island
Jan 2026 – Present Kingston, RI
  • Designing and deploying network topologies with BGP, OSPF, ECMP routing, and VLAN segmentation on programmable P4 switches targeting BMv2 and Intel Tofino ASICs
  • Automating network provisioning, configuration validation, and metrics collection at scale with Python and Bash
  • Implementing packet forwarding logic in P4 (match-action tables, header parsing, stateful counters) to optimize forwarding architectures at the data plane level
Graduate Assistant
University at Albany — College of Emergency Preparedness, Homeland Security & Cybersecurity
Aug 2025 – Dec 2025 Albany, NY
  • Curated and analyzed PhD program data to support assessment, accreditation, and curriculum decisions
  • Provided quantitative briefs on enrollment and curriculum trends for faculty committees
Cybersecurity Analyst — Office of the CISO
New York State Department of Health
Aug 2024 – Present Albany, NY
  • Investigated and responded to security alerts from Microsoft Sentinel; performed log analysis, fine-tuned detection rules to reduce false positives, and drove incident escalation
  • Monitored security alerts across 5,000+ assets using Splunk (SPL) and Microsoft Sentinel (KQL); built Python automation for configuration compliance via REST APIs, reducing manual review by 60%
  • Conducted vulnerability assessments, mapped findings to NIST CSF 2.0, and supported risk remediation tracking using Archer for internal GRC reporting
  • Drafted and developed Incident Response Plans (IRP) and playbooks for multiple agencies, standardizing detection, containment, and recovery procedures
  • Supported evaluation of AI/LLM tools for agency adoption; developed governance intake process assessing data protection risks and HIPAA/HITECH compliance
  • Published weekly cybersecurity awareness content and participated in phishing simulations to improve organizational security posture
Senior Research Aide
Research Foundation for SUNY / UAlbany Innovation Center
Oct 2024 – May 2025 Albany, NY
  • Developed machine learning models to analyze complex datasets, gaining exposure to AI/ML techniques applicable to anomaly detection and predictive security analytics
  • Built ML pipelines to analyze opportunity spaces for 11 Industry Affiliate Programs: synthesized requirements linking industry needs with academic capabilities
  • Gathered requirements, data, and ideas needed by industry to collaborate with students and academia
Lead Business & Systems Analyst
Fido Microcredit Limited (FinTech)
Feb 2023 – Aug 2024 Accra, Ghana
  • Led IT and business analyst teams, improving KPI achievement by 13% and streamlining operations through automation tools like Python and Zapier
  • Analyzed complex datasets and developed 30+ strategic reports, driving data-driven decisions and enhancing cybersecurity posture
  • Designed 10+ system requirements, led implementation projects, conducted security audits, and deployed VPNs and EDR solutions to protect 200+ endpoints
  • Led NIST 800-53 framework deployment and ISO/IEC 27001 certification, managing compliance, risk assessments, and security audits
Business Analyst
Coca-Cola Beverages Africa — Voltic GH
Jan 2022 – Feb 2023 Accra, Ghana
  • Led the deployment and optimization of CrowdStrike EDR across 200+ endpoints, developing advanced queries for threat hunting and tuning detection rules
  • Created Power BI and Excel dashboards for sales and logistics, enabling data-driven decisions and saving 120+ man-hours per month
  • Audited 1,000+ outlets and vendors in the supply chain, resulting in a 17% increase in compliance and a 6% reduction in risk
  • Analyzed business processes using CRM, SAP, and BPMN, resulting in a 15% improvement in process efficiency
DMS-SFA Analyst & Support
Wilmar Africa Limited
May 2021 – Jan 2022 Tema, Ghana
  • Provided solutions to problems by analyzing business data across Distributor Management System and Sales Force Automation platforms
  • Implemented SAP solutions and automated replenishment systems for business process optimization
IT & MIS Officer
Ghana Water Company Ltd.
Sep 2014 – Jan 2022 Kumasi, Ghana
  • Managed the complete lifecycle of 800+ user accounts in Active Directory, including provisioning, de-provisioning, and permission auditing
  • Implemented and managed monthly patch management for 600+ endpoints and 50+ servers, achieving 98% compliance
  • Served as primary responder for IT security incidents, resolving 20+ security-related tickets per week including malware removal and phishing analysis
  • Led deployment and configuration of 150+ new workstations with system hardening baselines, reducing common vulnerabilities by over 90%
  • Oversaw daily backup operations for 10+ critical servers, maintaining 99.5% success rate with quarterly recovery tests
// volunteering & consulting
Web Developer (Volunteer)
Awecif Foundation
Jun 2012 – Present Ghana
  • Maintaining and developing the foundation's web presence for children's programs
  • Supporting digital initiatives focused on improving children's lives
Technology Consultant
Brics Africa Consulting LLC
Mar 2023 – Present Ghana
  • Providing technology consulting services to businesses in Africa
  • Advising on technology implementation and digital transformation
// projects/
MCP — Measurement Control Plane
View repo

A control-plane subsystem that decides — every epoch — which measurement tasks (sketches, sampling, watchlists, polling) should run on which P4 switches, under hard resource budgets, using a constrained contextual bandit with shadow prices. Targeting the NSDI Frontiers Track.

Python P4 TeX
ScenarioMCP ScoreRank
Flash Crowd0.5641st/7
Single DDoS0.5501st/7
Multi-Attack0.5151st/7
CICIDS DoS0.4181st/7
Overall5/9 winsBest overall
Agent-P4 — SDN-Based DNS Threat Defense
View repo

Lightweight research prototype for an intelligent network defense pipeline that detects and autonomously mitigates DNS-based attacks using P4 programmable switches and SDN orchestration. Closed-loop system: attack generation, real-time detection, dynamic controller orchestration, and dataplane policy enforcement.

Python P4 Shell HTML
Telemetry
Observer Agent
Architect Agent
Commander
P4 Enforcement
Adaptive Routing with Real-Time Telemetry
View repo

P4-based adaptive load-balancing that dynamically distributes traffic across equal-cost paths using real-time link utilization counters. Data-plane feedback loop — no per-packet controller involvement. +67% total throughput over static ECMP.

Python P4 Shell
H1 -- S1 ----------- S2 -- H2 | \ / | | S3 - S4 | | / \ | H3 -- S5 ----------- S6 -- H4
MetricStatic ECMPAdaptiveChange
Total throughput9.71 Mbps16.22 Mbps+67.0%
ECMP balance (CV)0.16130.0516-68.0%
Jain's fairness0.97470.9973+2.3%
// tools & platforms
FAIR Risk Analysis Platform
Live demo

Comprehensive Factor Analysis of Information Risk (FAIR) platform for quantitative cyber risk assessment. Models threat scenarios, calculates annualized loss expectancy, and provides actionable insights with Monte Carlo simulations and TEF analysis.

React FAIR Model Monte Carlo
FAIR Risk Analysis Platform screenshot
Grid Resilience Simulator (FDNA)
Live demo

Functional Dependency Network Analysis (FDNA) simulator for modeling and analyzing power grid resilience against cyber-physical attacks. Helps utilities identify vulnerabilities and optimize resource allocation for critical infrastructure protection.

Python Network Analysis Simulation
Grid Resilience Simulator screenshot
Phishing Impact Assessment Tool
Live demo

Interactive tool that quantifies the potential business impact of phishing attacks based on company profile, user access patterns, and industry benchmarks. Provides detailed risk breakdowns across financial, operational, reputational, and systems dimensions.

React Risk Assessment Data Visualization
Phishing Impact Assessment Tool screenshot
Cloud Honeypot Threat Mapping
June 2025

Deployed an Azure Windows honeypot, captured 75k+ brute-force attempts in 24h, and built a KQL-driven Microsoft Sentinel dashboard that mapped attacker IPs and key KPIs in real time.

Azure Microsoft Sentinel KQL
Cyber Threat Intelligence Platform
GitHub

Integrated threat intelligence platform that collects, analyzes, and disseminates security threat data across multiple business units. Reduced average incident response time by 40%.

React Threat Intel SIEM
// skills.toml
skills.toml — read only
# Network Security Research Stack
[networking]
protocols = ["BGP", "OSPF", "IS-IS", "ECMP", "TCP/IP", "DNS", "DHCP"]
switching = ["VLANs", "802.1Q", "STP/RSTP", "LACP", "ACLs"]
tools = ["Wireshark", "Scapy", "tcpdump", "Mininet", "SNMP", "NetFlow"]
[programmable_dataplane]
language = "P4_16"
targets = ["BMv2 simple_switch", "Intel Tofino (TNA)"]
concepts = ["match-action tables", "header parsing", "stateful counters", "CMS sketches"]
[sdn]
controllers = ["P4Runtime", "Ryu", "OpenFlow"]
switching = ["Open vSwitch", "BMv2"]
[scripting]
primary = ["Python", "Bash"]
familiar = ["PowerShell", "JavaScript", "SQL", "Perl"]
infra = ["Git", "GitHub Actions", "Docker", "Ansible", "REST APIs"]
[security]
siem = ["Splunk (SPL)", "Microsoft Sentinel (KQL)"]
edr = ["CrowdStrike", "Microsoft Defender"]
vuln_mgmt = ["Nessus", "Qualys", "Nmap"]
frameworks = ["NIST CSF", "NIST 800-53", "ISO 27001", "HIPAA", "FAIR", "MITRE ATT&CK"]
[ml]
focus = "traffic classification, anomaly detection"
tools = ["scikit-learn", "pandas", "numpy"]
[systems]
os = "Linux (Ubuntu, daily driver)"
server = "Windows Server"
cloud = "Microsoft Azure"
// publications.bib
[1]
Quantifying Systemic Risk in Critical Power Infrastructure Using FDNA: From Single-Node Failure to Grid-Wide Cascades
SIRAcon '25 — Boston, MAAccepted
[2]
Navigating Multi-Jurisdictional Privacy Compliance in AI: An Empirical Analysis of Regulatory Gaps
IEEE UEMCON 2025 — New York, NYAccepted
[3]
Enhancing Critical Infrastructure Security: Addressing Cybersecurity Risks and Regulatory Gaps in AI-Enabled IoT Systems
IEEE UEMCON 2025 — New York, NYAccepted
[4]
A Framework for Financial Markets Impact Assessment of Data Breaches Using Interpretable Machine Learning and Event Study Methods
ASIA '25 — Albany, NYPublished
[5]
Resilient IoT Security: Early Flood Attack Detection in IoT Networks Using GRU Deep Learning Model
World Journal of Advanced Research and Reviews, Vol. 27(2), pp. 871–886Published
[6]
When the Ground Shakes: Social Media Responses to the 2024 Northeast Earthquake
doi:10.2139/ssrn.5462365In Press
[7]
Where Should the Network Look Next? Multi-Objective Measurement Control for Programmable Network Monitoring
NSDI Frontiers TrackUnder Review
// education.cert
Ph.D., Electrical Engineering
University of Rhode Island
Jan 2026 – May 2030 (expected) Kingston, RI
Research: Programmable Networks & Forwarding Architectures for Critical Infrastructure (P4/Intel Tofino) — CYPHER Lab, Advisor: Dr. Hui Lin
M.S., Digital Forensics & Cybersecurity
University at Albany, SUNY
Dec 2025 GPA: 3.9 Albany, NY
B.Sc., Computer Engineering
Kwame Nkrumah University of Science & Technology
Jun 2014 Kumasi, Ghana
// certifications
+ CompTIA Security+ (SY0-701) CompTIA
+ FAIR Cyber Risk Analysis Open Group
+ MITRE ATT&CK Cyber Threat Intelligence MITRE
// awards
* SIRAcon '25 Research Competition Winner
* IEEE UEMCON '25 — 3 published papers
* Cyber 9/12 Strategy Challenge — Semi-finalist
// affiliations
National Society of Black Engineers (NSBE) Member
ISACA Member
ISC2 Member
// contact.sh
bash — contact
philip@cypher-lab:~$ echo $EMAIL
akekulip@gmail.com
philip@cypher-lab:~$ cat ~/.social
github    github.com/akekulip
linkedin  linkedin.com/in/pakekudaga
philip@cypher-lab:~$ echo $LOCATION
Kingston, Rhode Island
philip@cypher-lab:~$ echo $STATUS
Open to summer 2026 internships (12-week, F-1 CPT authorized)
philip@cypher-lab:~$ _
Philip Akekudaga