Learning Security
In Public.
Security Cyber is Charlie Collins' student-founded platform for documenting cyber security learning, labs, responsible research, and small build-in-public projects.
Charlie Collins — Student Founder.
ISC2 Certified in Cybersecurity (CC), completed 2026, and ongoing BSc (Hons) Cyber Security student at The Open University, 2024-2029. Based around Helensburgh/Balloch, Scotland. Supplied CV evidence lists 149+ TryHackMe rooms, 26 badges, top 3% TryHackMe ranking, Hack The Box practice, and projects including SecurityCyber.uk, BugTrace, and NeoSwitch.
Hands-On Progress,
Linked Publicly.
Public learning profiles and portfolio links used to verify current lab work, badges, repositories, and professional updates.
Supplied CV evidence lists 149+ TryHackMe rooms, 26 badges, top 3% platform ranking, Sapphire League 1st Place, SQL Slayer, Authentication Striker, and System Sniffer.
Open THM Profile -> Hack The Box Player · 2025-2026Hack The Box lab practice supporting enumeration, exploitation methodology, and defensive investigation notes.
Open HTB -> GitHub Public ProjectsStudent projects, security tooling ideas, portfolio work, research notes, forks, and build-in-public history.
View Repos -> LinkedIn Professional UpdatesSupplied CV and public profile links support the OU R60 cyber security study, ISC2 CC, lab progress, and student project work.
Open LinkedIn ->A Student Portfolio
With Real Evidence.
The point is to show practical progress clearly: what has been studied, what has been built, what has been tested in labs, and where responsible disclosure has happened.
Scope Before Action
Any real-world testing needs written permission, defined boundaries, and calm communication. That principle is kept visible across the site.
Reports Over Hype
Write-ups focus on evidence, reproduction, impact, and remediation. Lab work is labelled as lab work; responsible disclosure is labelled separately.
Offence Informs Defence
Web security and adversary thinking are used to build better blue-team judgement around alerts, logs, incident response, and threat detection.
What This Work
Currently Covers.
These are the current areas of study and practice. For legitimate targets, they provide starting points for a scoped conversation with written authorisation.
Web Application Security
OWASP-focused practice around authentication, access control, injection, XSS, IDOR, session handling, and business logic flaws.
Learn more →API Security Reviews
Review patterns for REST and GraphQL APIs, including auth handling, BOLA/IDOR, rate limits, sensitive data exposure, and endpoint inventory.
Learn more →OSINT & Reconnaissance
Public-footprint mapping across domains, subdomains, exposed services, metadata, cloud traces, and credential-leak signals.
Learn more →Adversary Fundamentals
MITRE ATT&CK-informed lab practice around recon, initial access concepts, privilege escalation, detection gaps, and attack-path notes.
Learn more →Blue Team & Defensive Hardening
SOC learning around alert triage, SIEM queries, log review, phishing investigation, incident notes, and defensive hardening.
Learn more →Are You Exposed?
A small first-party check that shows the basic network details this site can see when you visit. It masks the IP in the browser and does not use a third-party lookup service.
This is not a vulnerability scan. It is a privacy-awareness demo showing ordinary request metadata.
Feeds, Notes,
And Practice.
Small public tools and pages that support learning: CVE tracking, security news, write-ups, and interactive practice.
Live CVE Feed
Real-time vulnerability updates sourced directly from NIST NVD and CISA KEV. Filterable by severity, updated every 5 minutes.
Open CVE Feed →Aggregated Cyber News
The latest headlines aggregated from trusted industry sources — CISA, The Hacker News, Krebs on Security, Bleeping Computer, and more.
Read Cyber News →Interactive Learning
Test your skills with our terminal hack simulator, CVE quiz, and cipher decode challenges — built around real security concepts and CTF techniques.
Play Hacking Games →Have A Relevant
Security Question?
For scoped project discussions, responsible disclosure, collaboration, or feedback on the work here, the contact page is the cleanest route.