Cybersecurity professional with hands-on experience across both red team and blue team practices, from penetration testing and exploitation to SOC monitoring, threat detection, and incident analysis.
My experience spans both sides of security—offensive techniques like reconnaissance, exploitation, privilege escalation, and clear vulnerability reporting, as well as defensive practices such as threat detection, log and packet forensics, and phishing analysis.
Driven by curiosity and a problem-solving mindset, I focus on understanding how systems break—and how to secure them. I keep sharpening my skills through labs, CTFs, and by building my own environments to experiment, learn, and push deeper.
Scroll down to view some of the projects I have been working on.
PT1
EJPT
Comptia Security+
Microsoft SC-900
Network Technician
CISMP
Soc Level 1
Google Cybersecurity
Google IT Support
Google IT Support
ICCA
Python Master
I recently earned the PT1 (Penetration Tester Level 1) from TryHackMe, which gave me a strong practical base in core offensive security skills. Now I’m moving into the next phase of my journey with the Practical SOC Analyst Associate (PSAA) from TCM Security. It’s a fully hands-on experience where I’ll investigate real incidents, analyze artifacts, and produce a professional SOC report under real-world conditions.
After completing the PSAA, I’ll be turning my focus to the Practical Network Penetration Tester (PNPT), stepping deeper into full engagement workflows, Active Directory attacks, OSINT, and post-exploitation.
Each step builds on the last—and I’m excited to keep pushing my skills forward.
– SIEM monitoring & triage (Splunk, ELK, Wazuh, Sentinel)
– Phishing & malware triage
– Log, network & endpoint analysis
– MITRE ATT&CK mapping & documentation
– Sysinternals, Autopsy & EDR investigations
– Microsoft Sentinel (fundamentals) · Microsoft Defender XDR (fundamentals) · Google Chronicle SIEM (fundamentals) · Google Security Command Center (fundamentals)
– Full-scope pentesting: Web, Network & Active Directory
– Vulnerability identification, exploitation & validation
– Privilege escalation, post-exploitation & pivoting
– Manual & automated enumeration and reconnaissance
– Structured reporting with actionable remediation
– Knowledge of API and cloud attack surfaces
– Web application penetration testing (OWASP Top 10: SQLi, XSS, authentication & input validation flaws)
Python & Bash scripting for automation
Strong networking fundamentals: TCP/IP, firewalls, routing & segmentation
Windows & Linux system administration
Active Directory enumeration, attack paths & hardening
Vulnerability scanning & assessment (identification, validation, reporting)
Vulnerability scanning & basic assessment workflows (identification, validation, reporting)
Security Frameworks (awareness): ISO 27001 · NIST CSF · MITRE ATT&CK · Cyber Kill Chain · OWASP Top 10 · GDPR
Cloud security fundamentals: AWS · Azure · Google Cloud
Infrastructure logging & monitoring · Incident-response readiness
Clear technical communication & structured report writing
Incident triage & response readiness (SIEM alerts, forensic investigation)
Burp Suite · Nmap · Metasploit · Gobuster · SQLMap · Hashcat · Hydra · BloodHound · Impacket Tools · Evil-WinRM
Splunk · Splunk SPL · ELK · Wazuh · Microsoft Sentinel · Microsoft Defender XDR (familiarity)
Snort · Suricata · Zeek · CrowdSec
Wireshark · Sysinternals · Autopsy · Volatility (memory forensics) · FTK Imager
AWS (EC2, IAM, S3) · Google Cloud (Compute Engine)
VMware · VirtualBox · Docker
Cisco Pkt Tracer/IOS · pfSense · Windows Server & Active Directory (ADUC, GPMC) · DNS/DHCP · Linux admin (SSH, Bash, systemctl)
Python · Bash · PowerShell (basic) · SQL · JavaScript · PHP · Splunk SPL · Regex · JSON
I’ve always had a curious mind. As a kid, I was obsessed with figuring out how things worked, breaking them apart and putting them back together. I’d mod my video games with bigger explosions, swap characters, and uncover hidden menus the developers never intended players to see. Along the way, I also discovered that some games and software didn’t have great security. Back when PC magazines included demo versions, I realised that a few companies relied on simple, easily bypassed checks to unlock the full game. I didn’t fully understand it at the time, but noticing those weaknesses so early was my first glimpse into how systems could be protected or exploited. This was the earliest sign of me thinking like an ethical hacker.
For years, cybersecurity was something I dipped in and out of reading, experimenting, and learning whenever I could. But I never believed I could turn it into a career. I spent many years working as a web developer and digital designer, always feeling like something was missing.
Then everything changed.
I suffered a stroke.
Thankfully, I made a full recovery, but the experience forced me to stop and reassess my life. It made me ask myself what I really wanted to do and the answer was clear: cybersecurity. The interest had always been in the background, quietly calling to me.
In 2023, I committed fully to the transition. I joined a cybersecurity bootcamp, built a solid foundation, and quickly realised that my curiosity, problem-solving mindset, and technical background made cybersecurity feel like home.
I dove deep into networking, Linux, cloud, SOC operations, Python, and ethical hacking.
From there, everything accelerated.
I built my own SOC and penetration testing labs, completed over 100 CTF challenges, and developed strong capabilities across both offensive and defensive security.
I started thinking like an attacker while understanding how defenders respond.
Today, I bring a hybrid mindset that blends attacker thinking with defender awareness, giving me a clear understanding of how systems are exploited and how they should be protected.
Cybersecurity didn’t just become a new career.
It became the thing I should have been doing all along.
Strength:
Estimated time to crack your password:
Don’t worry — your password never leaves this page and is not saved or shared with anyone.
I built this project as a simple password strength evaluator using the Dropbox zxcvbn library.
It gives real-time feedback on how strong a password is, rating it from Very Weak to Very Strong, and also estimates how long it would take to crack using offline brute-force methods.
To make it more intuitive, the strength indicator changes color based on the rating—red for weak passwords, green for strong ones, and shades in between.
This helps visualize password security and encourages better password practices.
This Phishing Awareness Simulator is an interactive tool designed to help users recognize and differentiate between legitimate messages and phishing attempts. Built using HTML, CSS, and JavaScript, the simulator presents users with real-world examples of phishing scams, challenging them to identify threats while providing instant feedback and explanations.
The system keeps track of the user’s score and offers a guided learning experience through multiple scenarios. With a clean and user-friendly interface, this tool enhances cybersecurity awareness by educating users on common phishing tactics, including urgency tactics, suspicious links, and deceptive email formats.
If you’d like to connect, collaborate or discuss opportunities, feel free to reach out below.
PGP Information Key ID:
4ADBFC18A0BC4BBF
Fingerprint:
1848 8A8B 72EB 65ED 4B0B
2409 4ADB FC18 A0BC 4BBF
Import via keyserver:
gpg –recv-keys 4ADBFC18A0BC4BBF
Download Public Key:
richard_public.asc