About us.

I began in web dev when I was 9, slapping together Geocities sites with arcane PHP incantations whose meaning I didn’t learn until much later. And thus started my lifelong love (Ruby, Haskell) / hate (PHP) relationship with web dev and programming!

I find that creating well-defined goals (i.e. passing a cert) in concrete timeframes (i.e. in 6 months) tends to optimise your learning efficiency. I passed

• CompTIA Pentest+ to test the waters
• graduated into eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
• most recently specialised with eLearnSecurity Certified Exploit Developer (eCXD) (tips & review) for binary exploitation.

In all my experiences with skill development from beginner to competent, nothing compares to the frustration of learning cybersecurity. Seriously.

I couldn’t believe my eyes when I saw that the prevailing form of education on platforms promising certs is… slides. Badly-formatted, 90’s-era slideshows whose relevant code you can’t even copy/paste. And when you got stuck or needed to research just one exploit, you had to sit through 20 minutes of snooze-fest YouTube videos whose narration is clunkily typed into Notepad+.

The well-meaning hackers of the community, out of the kindness of their hearts, upload free vulnerable VMs, but you must painstakingly set them up on your computer. So that’s 30 minutes to research & buy a big enough hard drive, 40 minutes to research & choose decent virtualisation software compatible with your OS, 45 minutes trying to set up the VM and your attacker machine so that they’re both functional and connected. Two weeks later, your virtualisation software or OS get updated and they don’t work anymore. Oops.

Did I learn things from struggling all those hours? Of course. But people shouldn’t celebrate the struggle like it’s a badge of honor, when related fields have this solved long ago. Considering the golden age of programming education where high-quality & interactive programming courses were and still are abundant (Code School, Codecademy, etc.), I decided that all this inefficiency & time-wasting has to go. I want to save future cybersec beginners hundreds of hours that they could spend with family and things worth doing. Let’s have a golden age for cybersecurity education, for a change.

1. Learning without practice is inefficient, especially for cybersecurity. The learning material has to be inseparable from the practical, full stop. No slides, no standalone videos. Just a fully interactive platform designed specifically for cybersec learning.
2. Actually discuss the latest tech. As a programmer, I’ve always wondered why the learning material lagged behind the times. When I started, hardly anyone mentioned NoSQL injection. If we only focus on old corporate tech, pentesters who work for those big clients may not notice a difference, but where are programmers meant to learn security when using NoSQL, GraphQL, etc.?
3. Incorporate the latest research in learning and retention. If you don’t, you’d be teaching the students with less efficiency than you could have and actually wasting their time.
4. Practice on real vulnerabilities. CTFs and VM boxes are fun, but I find that while cybersecurity learners tend to be really comfortable on HackTheBox, etc., they completely freeze when transitioning into bug bounties or roles like security researchers. I think it’s because there’s a real deficiency in real-world practice.