Projects built and maintained outside of academic study.
// LIVE PROJECT 01
Cartrefi Cwtch Ltd — Corporate Website
Designed and built a full multi-page website for a regulated care company operating two residential homes in Caerphilly, Wales. Built from scratch in HTML, CSS, and JavaScript — deliberately chosen over template platforms to maintain full security control.
The site includes annual returns compliance pages required by Care Inspectorate Wales (CIW), a voices and testimonials section, services overview, and contact pages. Security hardened against OWASP Top 10 vulnerabilities, with nginx security configuration, robots.txt, and sitemap.xml implemented.
Hosted on Cloudflare. Ongoing maintenance and annual CIW compliance updates managed by Ross.
HTML/CSS/JS
OWASP Top 10
Nginx Security
Cloudflare
CIW Compliance
robots.txt
sitemap.xml
// LIVE PROJECT 02
Personal Cyber Security Portfolio — This Site
Designed and built from scratch as a professional portfolio documenting my journey from care work through to cyber security engineering and toward penetration testing. Built in HTML, CSS, and JavaScript with a dark cyber aesthetic.
Security hardened from the ground up — OWASP Top 10 considerations applied throughout, Content Security Policy headers, nginx configuration, robots.txt, and sitemap.xml. Hosted on Cloudflare with HTTPS enforced.
HTML/CSS/JS
Security Headers
OWASP Top 10
Cloudflare
CSP
Nginx
Key projects completed across the Applied Cyber Security degree programme.
// ACADEMIC 01 · DISSERTATION 🏆
NIST Incident Response Plan — GradX Award Winner
Self-taught NIST Cybersecurity Framework v2.0 and NIST SP 800-61 Revision 3 to design a comprehensive incident response plan and playbook for a private health and social care organisation. Integrated all six core functions: Govern, Identify, Protect, Detect, Respond, Recover — aligned with UK legislation including DPA and GDPR. Awarded Best Dissertation at the GradX ceremony, judged across all final year Cyber Security and Digital Forensics students.
NIST CSF v2.0
NIST SP 800-61r3
Incident Response
UK Compliance
GradX Award
// ACADEMIC 02
Penetration Testing Across Multiple Frameworks
Established and executed a comprehensive penetration testing engagement in a virtualised lab environment against three vulnerable virtual machines, strictly adhering to PTES (Penetration Testing Execution Standard). Conducted OSINT reconnaissance using theHarvester and Shodan, vulnerability scanning, targeted exploitation, and post-exploitation. Achieved root on all three targets. Mapped all findings to MITRE ATT&CK, PCI-DSS, OWASP Top 10, and Cyber Kill Chain. Delivered a professional report. 100% objective completion.
PTES
MITRE ATT&CK
Metasploit
OSINT
Privilege Escalation
Root Achieved x3
// ACADEMIC 03
Privilege Escalation & Remote Code Execution
Exploited a Linux RDP server vulnerability via a file upload flaw, injecting and executing a malicious script to achieve Remote Code Execution and escalate to root privileges. Demonstrated post-exploitation capabilities including persistence maintenance and proof-of-concept documentation for professional reporting.
RCE
File Upload Exploit
Linux
Privilege Escalation
Root
// ACADEMIC 04
MQTT Man-in-the-Middle Attack
Manipulated the MQTT protocol to execute a Man-in-the-Middle attack on the MQTT server. Intercepted and manipulated message broker traffic using Wireshark, demonstrating understanding of IoT protocol security vulnerabilities and network-level attack capabilities relevant to critical infrastructure assessments.
MQTT
MitM
Wireshark
IoT Security
Critical Infrastructure
// ACADEMIC 05
SQL Injection & Web Application Testing
Performed comprehensive SQL injection attacks against vulnerable web applications demonstrating knowledge of OWASP Top 10 vulnerabilities and secure coding flaws. Validated impact and documented remediation guidance. Combined manual testing techniques with SQLMap automation.
SQLi
OWASP Top 10
SQLMap
Manual Testing
Remediation
// ACADEMIC 06
SOC Simulation & Incident Response
Worked collaboratively in a simulated Security Operations Centre using Splunk to simulate real-world incident scenarios. Reviewed logs and alerts, detected attack patterns, and applied MITRE ATT&CK framework for threat classification and response planning. Practised Tier 1 workflows and escalation procedures in a team environment.
Splunk
MITRE ATT&CK
SOC
Alert Triage
Incident Response
// ACADEMIC 07
Web Applications & Cloud Security Project
Built a web application as part of the Web Applications and Cloud Security module in Year 2. Demonstrated understanding of cloud hosting, web security principles, and secure development practices. Video walkthrough produced to document the project outcome.
Web Application
Cloud Security
Secure Development
Year 2
// ACADEMIC 08
Malware Reverse Engineering
Analysed three malware samples identifying behaviours including C2 communication and persistence mechanisms. Documented Indicators of Compromise and produced chain-of-custody reports simulating forensic triage for SOC investigation handoff.
Malware Analysis
IOC Documentation
Chain of Custody
C2 Detection
Digital Forensics