About Me

I am passionate about cybersecurity and actively transitioning into the field, building hands-on learning experience in SOC operations, threat intelligence, incident response, and penetration testing.

I am familiar with SIEM tools (Splunk, ELK), network traffic analysis (Zeek, Snort, Wireshark), and endpoint security (Wazuh, Sysinternals). Currently, I am developing expertise in threat detection, vulnerability assessment, and secure coding, supported by industry-recognized certifications including CompTIA Security+, eJPT, and CISMP.

I have gained practical experience investigating phishing threats, analyzing security logs, and strengthening defenses through cybersecurity labs, bootcamps, and projects. I am eager to apply and expand my technical knowledge to help identify, mitigate, and prevent cyber threats.

Scroll down to view some of the projects I have been working on.

View Projects

Certifications

EJPT
EJPT
Comptia Security+
Comptia Security+
Microsoft SC-900
Microsoft SC-900
Soc Level 1
Soc Level 1
Network Technician
Network Technician
CISMP
CISMP
Google Cybersecurity
Google Cybersecurity
Python Master
Python Master
Google IT Support
Google IT Support
Google Cloud Cybersecurity
Google Cloud Cybersecurity
ICCA
ICCA

My next certification

I'm studying for is the PNPT

I’ve just passed the eJPT, and my next step on this journey is the Practical Network Penetration Tester (PNPT) from Heath Adams at TCM Security.

The eJPT was a hands-on, practical exam with a real network to compromise, giving me a solid foundation in penetration testing. Now, I’m building on that by diving deeper into areas like Active Directory exploitation, OSINT, and post-exploitation techniques.

The PNPT takes that practical experience to the next level, fully simulating a real-world penetration test. I’ll have five days to compromise the network and then two days to write a professional report—just like in an actual engagement.

I’m excited for the challenge and to take my skills even further!

Cybersecurity Projects

Cybersecurity Projects

How Secure is Your Password?

Strength:

Estimated time to crack your password:

Password Strength Checker

I built this project as a simple password strength evaluator using the Dropbox zxcvbn library.

It gives real-time feedback on how strong a password is, rating it from Very Weak to Very Strong, and also estimates how long it would take to crack using offline brute-force methods.

To make it more intuitive, the strength indicator changes color based on the rating—red for weak passwords, green for strong ones, and shades in between.

This helps visualize password security and encourages better password practices.

About This Simulator

This Phishing Awareness Simulator is an interactive tool designed to help users recognize and differentiate between legitimate messages and phishing attempts. Built using HTML, CSS, and JavaScript, the simulator presents users with real-world examples of phishing scams, challenging them to identify threats while providing instant feedback and explanations.

The system keeps track of the user’s score and offers a guided learning experience through multiple scenarios. With a clean and user-friendly interface, this tool enhances cybersecurity awareness by educating users on common phishing tactics, including urgency tactics, suspicious links, and deceptive email formats.

Phishing Awareness Simulator

Image Steganography Hidden Messages






Extracted Message:

Understanding Steganography: Hidden Messages

I built a steganography tool that lets users hide and extract secret messages within images. This tool could be useful for secure communication, watermarking, or just having some fun with hidden messages.

 

How it works in simple terms:

  • Each image is made of pixels, and each pixel has a color represented by values (like RGB for Red, Green, and Blue).
  • The least significant bit (LSB) of each color value can be changed without visibly altering the image. These bits hold the secret message in binary form (1s and 0s). By replacing these bits with bits of the secret message, we encode the message into the image.
  • To decode the message, we extract the LSBs from the pixels and convert them back into text.
  • It’s like hiding a note inside a picture, where the changes are so small that they’re invisible!

About this Encryption Tool

I built this multi-encryption tool using JavaScript, CryptoJS, and JSEncrypt to demonstrate three popular encryption techniques:

  • Caesar Cipher (basic letter shifting)
  • AES (Advanced Encryption Standard) (secure symmetric encryption
  • RSA (Rivest-Shamir-Adleman) (asymmetric encryption with public/private keys)

This tool allows users to input text, choose an encryption method, provide a key (if needed), and encrypt/decrypt messages instantly.

 

Difference Between Encryption Techniques

Caesar Cipher

Type: Symmetric

Key: Shift number (1-25)

Security: Weak (easy to crack)

Use Case: Simple text obfuscation

Decryption: Reverse shift

AES (Advanced Encryption Standard)

Type: Symmetric

Key: Passphrase (shared key)

Security: Strong (used in real-world security)

Use Case: Secure file & message encryption

Decryption: Same key as encryption

RSA (Rivest-Shamir-Adleman)

Type: Asymmetric

Key: Public & Private Key

Security: Very Strong (used in SSL/TLS)

Use Case: Digital signatures, Secure communication

Decryption: Private key required

When to Use Each Encryption Technique

  • Use Caesar Cipher for simple puzzles or educational purposes
  • Use AES for securing stored data or encrypting messages that need a shared key
  • Use RSA for secure communication where key exchange is a concern (like HTTPS or digital signatures)

Encryption Tool Decryption Tool

Encryption Tool


Caesar Cipher Shift Visualization





Output:

QR Code Generator with Security Twist

Step 1: Encrypt and Generate QR Code







Your QR Code:


Scan the QR code with your phone, click on the link and you will be redirected to the page to input the passphrase to decrypt it.

Secure Encryption & QR Code Explained

This tool provides a secure method to encrypt sensitive information and generate a QR code that contains the encrypted data. It ensures that only authorized users with the correct passphrase can decrypt and retrieve the original message.

 

Technologies Used

  • AES (Advanced Encryption Standard): Used for encrypting and decrypting messages securely. Then encoded in Base64 to ensure the encrypted message is QR-friendly
  • CryptoJS Library: Provides the encryption and decryption functionalities
  • QRCode.js Library: Generates the QR code containing the encrypted message
  • JavaScript & HTML: Handles user interactions, encryption, and QR code generation

Copyright © 2024 RICHARD MALCOLM