Théo Geffe profile picture
Available · Luxembourg 🇱🇺
IT Developer & Open-Source Contributor

THÉO
GEFFE

IT Dev @ CIRCL · Luxembourg House of Cybersecurity

Passionate developer building open-source cybersecurity tools used worldwide.
Co-author of rulezet-core — co-funded by the European Union (FETTA/NGSOTI).
Drummer 🥁 · Sports enthusiast ⚽ · Based in Luxembourg.

See my projects GitHub → Contact me →
GitHub Repos
Followers
27+
Cumulated Stars
🇪🇺
EU-Funded Project
01 — About

Who am I?

I'm Théo Geffe, an IT developer based in the Grand Duchy of Luxembourg. I work at CIRCL — the Computer Incident Response Center Luxembourg — the national CERT responsible for cybersecurity incident response.

My work sits at the intersection of web development and cybersecurity. My flagship project, rulezet-core, is co-copyrighted with CIRCL and EU-funded under the FETTA project. Its live version — rulezet.org — indexes over 122,000 detection rules.

Highly adaptable and deeply motivated, I was publicly recognized for my hard work on rulezet releases at the hack.lu workshop. Outside of code, I'm a passionate drummer and sports enthusiast.

🇪🇺 EU-Funded · NGSOTI · FETTA · DIGITAL-ECCC-2022-CYBER-03
Théo Geffe à la batterie
Full Name
Théo Geffe
Role
IT Developer
Organisation
CIRCL (lhc)
Location
Luxembourg 🇱🇺
GitHub
ecrou-exact
YouTube
@jeff2.016
Passion 1
🥁 Drums
Passion 2
⚽ Sports
02 — Experience

Career

2024 — Present
IT Developer
CIRCL · Computer Incident Response Center Luxembourg
Development and maintenance of open-source cybersecurity platforms at the Luxembourg national CERT. Legal co-author of rulezet-core. Active contributor to the MISP ecosystem via cti-transmute. Public release presentation at the international hack.lu workshop.
JavaScriptPython MISPYARASigma Open-SourceLuxembourg
2024 — Present
Open-Source Contributor · NGSOTI Project
NGSOTI · European Union Funded
Contribution to the NGSOTI project — funded by the Digital Europe programme (DIGITAL-ECCC-2022-CYBER-03, Project 101127921). Development of rulezet.org with similarity engine, MISP taxonomy integration, and full RESTful API.
FETTANGSOTI EU DigitalCTI Detection Engineering
Active
Contributor · MISP Project
MISP — Malware Information Sharing Platform
Contributing to the MISP project via cti-transmute — a CTI format conversion service (STIX, MISP, OpenCTI…). ⭐ 20 stars, used by security teams worldwide.
CTISTIX InteroperabilityJavaScript
03 — Projects

Open-source projects

ngsoti · CIRCL · EU-Funded
rulezet-core ✦
Open-source platform for sharing, evaluating and managing cyber detection rules (YARA, Sigma, Suricata…). Available at rulezet.org with 122,000+ rules. Similarity engine, MISP integration, RESTful API. Recognized at hack.lu workshop 2025.
JavaScript ⭐ 43 🇪🇺 EU-Funded co-author
MISP Project
cti-transmute
CTI format conversion service (STIX, MISP, OpenCTI…). Promotes interoperability between security tools. Available live at cti-transmute.org.
JavaScript ⭐ 20 MISP
DavidCruciani
ptit-crolle
Flask application template to quickly bootstrap a Python web project. Active contributor. ⭐ 5 stars.
JavaScript ⭐ 5 Flask
Live Service
rulezet.org 🌐
The public live version of rulezet-core. 122,000+ security rules. Integrated with vulnerability-lookup.org for real-time rule/CVE correlation.
🌍 Live Public
See all repos on GitHub →
04 — Skills

Technical skills

// Languages & Frameworks
JavaScript / Vue.js
Python / Flask
HTML / CSS
SQL / Databases
Bash / Shell

// Soft Skills & Languages
🇫🇷 French (Native)
🇬🇧 English (Fluent)
🥁 Drums
⚽ Sport & Teamwork
🚀 Adaptability
// Cybersecurity & CTI
YARA / Sigma / Suricata
MISP / CTI platforms
Linux / REST API
Git / GitHub
YAML / JSON
05 — Contact

Let's get in touch

Have a project, an idea, an opportunity?
Want to contribute to open-source, talk cybersecurity, CTI… or drums?
Find me on my networks.

// Quick info
Full Name Théo Geffe
Role IT Developer
Employer CIRCL (lhc)
Location Luxembourg 🇱🇺
EU Project rulezet.org
Contributions
Availability● Available