Elevate your skills, build real-world tools, and contribute to open-source security.
As cyber threats evolve rapidly, working on hands-on security projects is one of the best ways to stay ahead. Whether you’re a student, security practitioner, DevOps engineer, or open-source maintainer, these 10 project ideas will give you meaningful experience and help you build usable tools.
Inspired by last year’s list and refreshed for 2026, here are the picks you should try.
⸻
1. Threat-Intelligence Feed Aggregator
Build a system that pulls actionable threat-intelligence from multiple open feeds (e.g., IOCs, C2 domains, malware hashes), normalises it and exports it to a SIEM or SOAR platform.
Why try it: Threat feeds are foundational in many security operations, but managing many sources at once remains a practical challenge.
Key technologies: Python, ElasticSearch, Kibana, APIs from VirusTotal/OTX.
Project scope:
- Collector modules for multiple feed formats
- Data normalisation & enrichment
- REST API for querying intelligence
- Dashboard for visualization
⸻
2. Phishing Simulation & Awareness Platform
Create a mini-platform that sends simulated phishing campaigns, tracks click/interaction behaviour, and reports findings to administrators.
Why try it: Phishing remains one of the top attack vectors; building proactive defensive tooling strengthens awareness and process.
Key technologies: Web-frontend (React/Angular), backend (Node.js/Python), database for tracking metrics, email campaign integration.
Project scope:
- Create fake phishing templates
- Simulated campaign scheduling
- User behaviour tracking & dashboards
- Training feedback loop for users
⸻
3. AI-Driven Anomaly Detection for Network Traffic
Develop a model that analyses network metadata (flows, packet timing) and flags anomalies which might indicate C2 traffic, exfiltration or stealthy scans.
Why try it: With so many endpoints and networks, automated detection of subtle anomalies becomes critical in 2026.
Key technologies: Python, Scikit-learn/TensorFlow, Zeek/PCAP data, Grafana/Prometheus.
Project scope:
- Feature extraction from flow/packet metadata
- Build ML model for anomaly classification
- Dashboard/alert engine for flagged flows
- Evidence playback for incident investigations
⸻
4. Post-Quantum Crypto Integration Tool
As quantum computing accelerates, organisations are increasingly exploring quantum-safe cryptography. Build a library or tool that helps integrate post-quantum algorithms (like Kyber, Dilithium) into existing systems.
Why try it: It’s not just future-looking — businesses today must start the migration path to quantum-resilient security.
Key technologies: C/C++, Rust, OpenSSL/QoT libraries, integration with TLS stacks.
Project scope:
- Wrapper library to choose between classical and post-quantum ciphers
- Demonstrate TLS handshake with post-quantum mode
- Benchmark performance and latency overhead
- Compatibility testing with legacy clients
⸻
5. Self-Hosted Web Application Firewall with Semantic Intelligence (SafeLine)
Find and evaluate SafeLine, a self-hosted WAF designed to protect web applications and APIs.
Why try it: Web application attacks remain among the top breach vectors. Rather than relying solely on cloud-based WAFs, a self-hosted WAF like SafeLine gives you full control, data sovereignty, and the ability to fine-tune rules and intelligence.
Key technologies: Nginx/Traefik, Go/Python, rule-engine scripting, API for automations.
Project scope:
- Deploy SafeLine in your lab (or a VM)
- Add and tune rules: SQL injection, XSS, bot detection
- Integrate custom IP lists, geo-blocking and rule automation
- Run adversarial tests: simulated bot crawlers, API abuse, brute force
- Measure false-positive/false-negative rate, and optimise semantic engine
⸻
6. Honeypot Farm for SOC Analytics
Set up a network of honeypots (web, SSH, IoT) that deliberately attract attacker behaviour. Log interactions, and build dashboards to analyse patterns and visualize attack trends.
Why try it: Real attack data is worth gold — even small systems generate useful insights if you capture them properly.
Key technologies: Cowrie, Dionaea, ELK stack, Python/Go for automation.
Project scope:
- Deploy multiple honeypots across cloud and local networks
- Centralised logging and correlation of attacker IPs/methods
- Dashboard showing attacker types, time of day, tools used
- Share open-dataset for community reuse
⸻
7. Secure DevOps Pipeline: Shift-Left Security
Automate security checks in a CI/CD pipeline: code scanning, container image vulnerability checks, secret detection, policy enforcement – all before deploying.
Why try it: With DevOps velocity increasing, embedding security earlier (shift-left) becomes imperative.
Key technologies: Jenkins/GitHub Actions, SAST/DAST tools, Trivy, custom policy engine.
Project scope:
- Hook pipeline to run scans and fail builds on high severity
- Dashboard for build failure reasons and vulnerability trends
- Automated remediation suggestions or ticket creation
⸻
8. IoT Device Monitoring & Threat Detection
Build a monitoring framework for IoT devices in a lab: track device metadata, firmware versions, unusual communication, and create alerts when a device behaves unexpectedly.
Why try it: IoT attacks continue rising, and building your own monitoring stack gives insight into this under-explored vector.
Key technologies: MQTT, InfluxDB, Grafana, packet capture tools.
Project scope:
- Collect telemetry from multiple IoT devices
- Baseline normal behaviour, detect deviations
- Alerting and automated response (e.g., isolate device)
- Dashboard for device health and risk score
⸻
9. Cloud-Native Threat Emulation Framework
Deploy a framework in Kubernetes or containers that simulates attacker behaviour in a cloud-native environment: lateral movement, container escapes, malicious payloads, etc.
Why try it: As organisations shift to cloud and containerization, the attack surface moves too — emulation helps validate controls in that landscape.
Key technologies: K8s, Docker, Bash/Python scripting, Kali tools, Elastic stack.
Project scope:
- Create containerised attacker modules
- Automate scenario runs: privilege escalation, cluster breakout
- Log and visualise red-team behaviour
- Integrate with existing detection stack for live alerts
⸻
10. Privacy-First Data Fabric & Threat Analytics
Develop a platform that collects telemetry (logs, flows, endpoint data) while maintaining privacy (pseudonymisation, aggregation), then feeds it into analytics and machine-learning engines to surface threats.
Why try it: Privacy regulations are tightening globally. Organisations want visibility and analytics — but without exposing personal data.
Key technologies: Kafka, Kubernetes, Rust/Go, privacy libraries, ML.
Project scope:
- Ingest diverse telemetry sources
- Apply pseudonymisation and encryption at ingestion
- Build ML models for threat scoring
- Provide visualisation dashboard and API for alerts
⸻
Picking just one of these projects and seeing it through will give you a measurable achievement and sharpened security skills.
For 2026, the security landscape will demand not only technical competence but also adaptability — open-source environments, self-hosted control, privacy compliance, AI integration and cloud-native resilience.
Choose a project, commit to regular progress, and you’ll not only build something valuable — you’ll build security muscle that sets you apart.
“As the threat landscape accelerates, so must our hands-on project work.”
Top comments (0)