Samuel Howard

[9/2025 - 4/2026]

[Network Security Monitoring Tool]

- First Place at UNH Undergraduate Research Conference

Network Behavior is a cybersecurity monitoring tool I built with three teammates as my senior capstone at UNH. The CS department's IT team was drowning in alerts. Everyday, millions of lines of Palo Alto firewall logs and Shadowserver threat reports all landed in the same inbox with no way to separate the noise from the stuff that actually mattered. We built a system that does that automatically. It ingests the logs, classifies events by severity, detects anomalies against historical baselines, and surfaces everything in a single Flask dashboard instead of across three different tools. It won First Place at the UNH Undergraduate Research Conference, which was a cool way to close out four years.

The hardest part was honestly just the scale. We're talking 20 million lines of log data generated every single day. You can't just load that into memory and hope for the best. Early on in the development, most of our problems were our programs crashing due to the sheer size of the files we were trying to load in. We spent a lot of time building the pipeline to stream and chunk the data efficiently, with multiprocessing to keep it fast enough to actually be useful in a real operational window. On the threat intelligence side, Shadowserver reports don't have a fixed structure, so parsing them reliably under full automation took more iteration than expected. A lot of the solutions came down to making the system configurable: filtering rules, sensitivity levels, alert recipients. This was all controlled through JSON config files so the IT team could tune behavior without ever touching the code.

From a skills standpoint this project had everything: Python, Flask, SQLite, full-stack web dev, anomaly detection, automated alerting, and leading two parallel teams through Agile sprints on GitLab from start to finish. But honestly the thing I'm most proud of is that it actually works in production for a real client and hit the goal we promised. A 10:1 reduction in alert volume. Going from concept to something a real IT team relies on daily is the kind of experience you can't really replicate in a classroom.

[4/2026]

[PedalWatch]

- AWS personal project

PedalWatch started as a an idea I got from a cloud computing class and it quickly turned into one of my favorite personal projects. The idea was simple, I wanted to get notified when used guitar pedals dropped below a certain price on Reverb.com without having to check the site constantly. So I built it. The app monitors listings daily, and responds with an email in your inbox with any pedal below your desired price. You get the name of the pedal and a link every day at 7:30 a.m. I wanted to keep it really simple. You just enter the desired pedal + pricethreshold, and the app does the rest. Super easy.

Under the hood it's fully serverless on AWS. Lambda handles the logic, DynamoDB stores the listings, EventBridge triggers the checks on a schedule and SES sends the emails. I also built a Flask frontend on EC2 with GoogleOAuth for the hell of it. The whole thing follows the AWS Well-Architected Framework.

The part I enjoyed the most was that it's a real tool I actually use. It's one thing to build a tool for a grade, it's another to build something and use it to automatically snipe a Strymon pedal at a crazy low price. And the results surprised me - it found great deals that I couldn't after 30 minutes of scrolling.