Michael
Galde
Security Researcher · Tool Builder · Educator
Assistant Professor at the University of Arizona. 10+ years in cybersecurity — Army intelligence, ICS security, network forensics, and ML-driven threat detection. This is where the tools and research live.
Professional site → michaelgalde.comBuilt Things
Open-source tools for network analysis, visibility, and defense. If it touches packets, it probably ended up here.
Network visualization tool that renders host relationships and traffic flows as interactive graphs. Built for rapid situational awareness during investigations — feed it a network and see what's actually talking to what.
Parses PCAP files and generates interactive network topology maps from captured traffic. Uses Scapy for packet dissection and NetworkX for graph construction; Bokeh renders the output as a navigable browser visualization.
Low-interaction honeypot with real-time intrusion notifications. Listens on configurable ports, logs connection metadata and payloads, and pushes alerts on contact. Useful for detecting lateral movement and probing activity on networks you care about.
Network diagnostics tool for quick connectivity and path analysis. Surfaces packet loss, latency distribution, and routing behavior in a format that's actually readable under pressure.
GTK4 graphical front-end for OpenAI Whisper that runs entirely on your machine — drag and drop audio or video files and get a transcript back. Supports MP3, WAV, M4A, FLAC, MP4, MKV, and anything else FFmpeg can read. Output in plain text, SRT/VTT subtitles, TSV, or JSON. No cloud, no subscription, no API key. Audio never leaves the host after the model weights are downloaded once.
Current Projects
Research at the intersection of machine learning, network intelligence, and critical infrastructure security — with real stacks, not hypotheticals.
GRID-LM
LLM application for industrial network monitoring. Fine-tuned on OT protocol traffic to interpret BACnet, LonTalk, and Modbus patterns in natural language — bridging the gap between packet-level forensics and analyst-facing reporting in ICS environments.
stack / methodology
DaRIA
Adaptive network intelligence agent for dynamic threat detection and response. Operates autonomously across heterogeneous network environments, adjusting detection thresholds based on observed traffic baselines rather than static signatures.
stack / methodology
SPINE
NLP infrastructure purpose-built for cybersecurity operations. Builds processing pipelines trained on security-domain corpora — threat intel reports, CVE descriptions, SIEM alerts — to support downstream classification, summarization, and triage tasks.
stack / methodology
IAES-SOC
Python and ML-based OT network monitoring system purpose-built for industrial environment SOCs. Integrates Wazuh SIEM with the ELK stack for centralized alerting and visualization. Focuses on detection fidelity in environments where false positives have operational consequences.
stack / methodology
Technical Writeups
CTF walkthroughs, research notes, and anything else worth putting in writing.
Get in Touch
Reach out for research collaboration, tool questions, CTF discussion, or consulting inquiries. For professional and academic work, the full contact info is at michaelgalde.com.