Cybersecurity

Implement a Cipher From Mathematical Specification and Analyse a Real Vulnerability

Elective foundation. Implement a symmetric cipher from its mathematical specification (no library calls for core operations) and analyse a published cryptographic vulnerability. Reviewed by a security practitioner or CS lecturer who will present a different cipher specification and ask you to identify its key schedule or flaw in real time.

Conduct a Network Security Analysis in a Sanctioned Environment

Elective. Capture your own network traffic (Wireshark, your IP in the capture file), document 3 vulnerabilities in your controlled environment, and write remediation recommendations. ALL testing must be on systems you own or have explicit written authorisation to test. Reviewed by a security practitioner who will provide an unseen packet capture for you to diagnose.

Build a Threat Model for a Real System You Control

Elective. Build a STRIDE or PASTA threat model for a real system you built or have access to — not a hypothetical. Document mitigations or explicit residual risk acceptance for each threat. Reviewed by a security engineer who asks 'what changes if you add an API gateway here?'

Complete a CTF Challenge and Publish a Methodology Write-Up

Elective — the most AI-proof outcome on this path. Complete a minimum medium-difficulty CTF on HackTheBox, PicoCTF, or a CTFtime-listed event with 100+ participating teams. Publish a writeup explaining every exploit: the vulnerability class, how you identified it, the exploitation technique, and what it reveals about the underlying system's security model. The flag proves completion; the writeup proves understanding. ALL testing within the sanctioned CTF platform only — never test systems you do not own or lack explicit written authorisation to test.

Dan Boneh and Victor Shoup's complete, free cryptography textbook from Stanford. Covers stream ciphers, block ciphers, MACs, and public-key cryptography with the same mathematical rigour as Boneh's Coursera course — download the PDF directly, no login, no paywall.

HackTheBox's structured learning platform with free tiers covering network analysis, web exploitation, privilege escalation, and CTF methodology. The path to completing the penetration testing step starts here.

The standard reference for web application security testing methodology. Covers how to identify and document the specific vulnerability classes you will encounter in the network security analysis and CTF steps.

The definitive practical reference for web application security. Covers injection attacks, authentication bypasses, access control flaws, and exploitation techniques with real examples. Directly relevant to the CTF writeup step.