Home/About
Who I Am

Built From Ground Zero.

Security Cyber is a small student-founded platform by Charlie Collins — ISC2 Certified in Cybersecurity (CC), completed 2026, and ongoing BSc (Hons) Cyber Security student at The Open University, 2024-2029.

The Story

Learning Out Loud.

Security Cyber was founded by Charlie Collins as a small student platform, not a corporate security firm. Charlie holds ISC2 Certified in Cybersecurity (CC), completed 2026, and is studying BSc (Hons) Cyber Security with The Open University, ongoing 2024-2029.

Blue team and defensive security is the primary focus. Current work centres on SOC alert triage, log analysis, phishing investigation, malware sandboxing, incident response, threat detection, and SIEM practice using tools including Microsoft Sentinel, Wireshark, Nmap, and Burp Suite.

The practical foundation is CV-backed: 149+ TryHackMe rooms, 26 badges, top 3% platform ranking, Hack The Box practice, OWASP Top 10 work, network enumeration, defensive investigation workflows, and technical write-ups.

Current goal: move into a Junior SOC Analyst, Junior Security Analyst, or IT support role with a security pathway while continuing the OU R60 degree and building SecurityCyber.uk, BugTrace, and NeoSwitch.

// Timeline
JAN 2025
IDOR — Booking Platform
Responsible disclosure. Insecure Direct Object Reference allowing unauthenticated access to other users' reservations. CVSS 3.1: 7.5. Patch confirmed within 7 days. Full write-up published on blog.
NOV 2024
Auth Bypass — REST API
Missing function-level access control on API endpoint — unauthenticated user enumeration confirmed. CVSS 3.1: 7.5. Vendor patched in 14 days. Full write-up on blog.
2024
Security Cyber Founded · Build-in-Public Started
Security Cyber launched as a learning, lab documentation, and security tooling platform while progressing through The Open University cyber security pathway.
2025 - PRESENT
TryHackMe · 149+ Rooms · 26 Badges · Top 3%
Supplied CV evidence lists 149+ TryHackMe rooms, 26 badges, top 3% platform ranking, Sapphire League 1st Place, SQL Slayer, Authentication Striker, and System Sniffer.
FEB 2026
Jr Penetration Tester Certificate
Supplied CV lists TryHackMe Junior Penetration Tester Certificate, supporting practical foundations in enumeration, web application testing, exploitation basics, and reporting.
MID 2024
TryHackMe, Hack The Box & Core Labs
Built a practical lab routine across TryHackMe and Hack The Box, covering SOC triage, log analysis, phishing investigation, malware sandboxing, OWASP Top 10, and network enumeration.
2024 - 2029
The Open University — BSc (Hons) Cyber Security
Ongoing BSc (Hons) Cyber Security with The Open University. Expected graduation aim: 2029.
Charlie Collins
Charlie Collins
Founder SOC Analyst Path Cyber Security Student

ISC2 Certified in Cybersecurity (CC), completed 2026. Ongoing BSc (Hons) Cyber Security student at The Open University, 2024-2029, and aspiring SOC Analyst. Supplied CV evidence lists 149+ TryHackMe rooms, 26 badges, top 3% TryHackMe ranking, Hack The Box practice, Cisco Introduction to Cybersecurity, TryHackMe Jr Penetration Tester, Web Fundamentals, Pre Security, and projects including NeoSwitch and BugTrace.

Certifications & Training
ISC2 CC Top 3% TryHackMe 26 THM Badges Jr Penetration Tester Certificate Web Fundamentals Certificate Cisco Introduction to Cybersecurity Pre Security Hack The Box Labs
149+THM Rooms
3%TryHackMe
2029OU Grad Aim
// TryHackMe Live Badge
View full TryHackMe profile: opseccharlie Live source for current rooms, badges, streak, and rank.
Learning Evidence

Public Achievement Trail

These are the external profiles currently linked from Security Cyber. Room-level and badge-level TryHackMe detail is intentionally pulled from the live public profile rather than copied as stale static claims.

TryHackMe Profile opseccharlie · Top 3%

Supplied CV evidence: 149+ TryHackMe rooms, 26 badges, top 3% ranking, Sapphire League 1st Place, SQL Slayer, Authentication Striker, and System Sniffer.

Open public profile ->
Top Skills Authentication · Cloud · sqlmap

LinkedIn profile export lists Authentication Systems, Cloud Computing IaaS, and sqlmap as top skills.

Verified from Profile.pdf
LinkedIn Profile Charlie Collins

Public profile plus supplied CV evidence support the OU cyber security study, ISC2 CC, BugTrace, NeoSwitch, Hack The Box practice, and TryHackMe progress.

Open LinkedIn -> Repository Portfolio GitHub Projects

Live repository feed showing tooling, research projects, forks, and website development.

View repositories ->
Research & Findings Log

Vulnerability Research Log

Real and lab-based findings — responsibly disclosed, documented, and used to build genuine offensive security skill. Context is always stated.

SC — PERSONAL RESEARCH LOG
VERIFIED
FindingSeverityDescriptionDate
IDOR — Web App HIGH Insecure Direct Object Reference in a booking platform. Predictable integer resource ID, no server-side ownership check. Unauthenticated access to all user reservation records including PII. CVSS 3.1: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Responsible disclosure — vendor patched in 7 days. Jan 2025
Auth Bypass — API HIGH Missing function-level access control on admin REST endpoint — no authorisation header validated. Returned paginated user list to unauthenticated callers including email, username, and account status. CVSS 3.1: 7.5. OWASP API5:2023. Vendor patched within 14 days. Nov 2024
XSS — Stored MEDIUM Stored XSS in community forum profile bio field — unsanitised input rendered in admin panel context. Full session hijack PoC documented with payload and evidence. Discovered in isolated HackTheBox lab environment. Sep 2024
Misconfig — S3 MEDIUM Publicly readable AWS S3 bucket discovered via passive OSINT recon. Exposed internal configuration files and environment variables containing service credentials. Responsible disclosure made directly to the organisation. Aug 2024
SQLi — Login HIGH Boolean-blind SQL injection confirmed in legacy PHP login form. Verified manually and via sqlmap. Full database extraction PoC documented with step-by-step reproduction. Confirmed in TryHackMe isolated lab environment — not a live target. Jun 2024
Read Full Write-Ups →
How This Work Is Handled

Core Values

📋

Written Authorisation Always

No real-world testing begins without explicit written scope and Rules of Engagement. No exceptions. This protects everyone and keeps the work legally and ethically clean.

🎯

No Inflated Claims

Every finding states its context: responsible disclosure, authorised project, or lab environment. The difference is always declared because it matters. Experience is not exaggerated to win attention.

📖

Documented Everything

Reproduction steps, CVSS 3.1 scoring, evidence screenshots, tool commands, and remediation notes are documented so the work can be understood and checked.

🔄

Continuous Learning

Active practice across TryHackMe, Hack The Box, PortSwigger Web Academy, and defensive SOC labs. Holds ISC2 Certified in Cybersecurity (CC) and is studying BSc (Hons) Cyber Security at The Open University, ongoing 2024-2029.

🤝

Transparent Communication

If something is beyond current ability or scope, it is said upfront. Limitations are part of the record, not something to hide.

🔒

Responsible Disclosure

Vulnerabilities found outside a defined scope are handled through responsible disclosure channels: vendor first, public only after remediation where appropriate.

Open Contact

Want To Talk Security?

For feedback, responsible disclosure, collaboration, or a scoped project discussion, send a clear message and context.

Get in Touch Explore Capabilities →