Work Expertise Journey Arsenal Contact Start a project
CYBERSECURITY • WEB ARCHITECTURE • HARDENED HOSTING

I break things to build what lasts.

Cybersecurity student and web systems specialist. I design, build, and harden production-grade sites and infrastructure that actually stay secure.

Start a project See the work
THE APPROACH

I don't just build websites. I build surfaces that are meant to be attacked.

I am a cybersecurity student who lives at the intersection of offensive research and production web systems. I have spent the last years deliberately breaking things — my own labs, client deployments, and open-source projects — so that I can ship systems that are boringly reliable and genuinely hard to compromise.

My work spans secure-by-default web applications, hardened FASTPANEL hosting architectures, and practical defensive tooling. Every project I touch receives the same treatment: threat modeling first, elegant implementation second, continuous hardening forever.

DUAL EXPERTISE

Where offense meets production craft.

I deliberately break systems in controlled environments so the ones I ship into the real world survive real attacks.

Offensive Security

Red teaming, web & API pentesting, vulnerability research, responsible disclosure, CTF-level exploitation chains.

Defensive Architecture

Threat modeling, zero-trust design, secure SDLC, canary systems, detection engineering, and incident-ready logging.

Secure Web Systems

Modern PHP/Laravel & TypeScript platforms with cryptography, strict CSP, rate limiting, and audit trails from day one.

Hardened Hosting

FASTPANEL at expert level. Tenant isolation, automated hardening, immutable backups, Cloudflare WAF, and zero-trust networking.

SELECTED WORK

Things I have actually shipped and defended.

PROJECT 01

Secure Client Portal for Legal Firm

Zero-trust client document platform with end-to-end encryption and granular access controls.

PHP 8.3 Laravel 11 Alpine.js
PROJECT 02

FASTPANEL Hardened Multi-Tenant Platform

Production FASTPANEL architecture for 40+ client sites with isolation, automated hardening, and zero-downtime migrations.

FASTPANEL PHP-FPM pools Cloudflare WAF + Rate Limiting
PROJECT 03

Bug Bounty: Multi-Step Account Takeover Chain

Responsible disclosure of chained vulnerabilities leading to full account takeover in a fintech-adjacent platform.

Burp Suite custom Python tooling JWT analysis
PROJECT 04

Defensive Lab: Canary Token + Honeypot Infrastructure

Production-grade canary token and low-interaction honeypot network for early breach detection.

Canarytokens.org + self-hosted Cowrie + Dionaea honeypots Suricata
PROJECT 05

Zero-Trust Starter Kit for Modern PHP Apps

Opinionated, secure-by-default Laravel + Astro starter with authentication, rate limiting, CSP, and audit logging built in.

Laravel 11 Astro 4 TypeScript
PROJECT 06

CTF Writeup: 1st Place — University Internal CTF 2025

First place in university-wide CTF. 14 challenges across web, crypto, reverse, and forensics.

Burp Ghidra Z3
JOURNEY

The path from curious student to someone who ships things that survive.

2023

Started Cybersecurity Degree

BSc Computer Science with specialization in Information Security. First deep dive into cryptography, network protocols, and systems programming.

2023

Built First Red Team Lab

Home lab with intentionally vulnerable machines (Metasploitable, DVWA, Juice Shop). Learned enumeration, exploitation, and post-exploitation the hard way.

2024

First Responsible Disclosure

Found and reported a stored XSS affecting 80,000+ user accounts on a popular Greek web platform. Vendor patched within 9 days.

2024

FASTPANEL Production Hardening

Began specializing in high-security FASTPANEL deployments after seeing too many "production" sites get compromised through basic misconfigurations.

2024

University CTF — 1st Place

Led team to first place in internal CTF. Solved complex web + crypto chains and published detailed writeups used in the security curriculum.

2025

Zero-Trust PHP Starter Kit

Released open-source secure-by-default Laravel starter. Now used by multiple students and small agencies.

2025

Multiple Client Hardening Projects

Designed and deployed hardened hosting + application architectures for legal, healthcare-adjacent, and e-commerce clients.

ARSENAL

The tools I actually use when it matters.

Offensive

Burp Suite Pro Metasploit + custom modules Cobalt Strike (lab only) SQLMap + custom scripts BloodHound + SharpHound

Defensive & Detection

Wazuh + OSSEC Cowrie + Dionaea honeypots Canarytokens + custom web canaries Suricata IDS CrowdSec

Web & API

PHP 8.3 + Laravel 11 Astro + TypeScript FastAPI (Python) PostgreSQL + MySQL Redis + Valkey

Hosting & Infra

FASTPANEL (expert level) Cloudflare (WAF, Workers, R2) Nginx + Caddy Ansible + Terraform Restic + immutable backups

Core Tooling

Linux (Arch + Debian hardening) Git + conventional commits GitHub Actions security workflows Semgrep + Trivy Wireshark + tcpdump
NEXT STEP

Let's build something that doesn't fall apart under pressure.

Whether you need a production web platform built with security as a first-class citizen, a hardened hosting environment, an application security review, or a partner who actually understands both the offensive and defensive sides — I'm ready.

hello@spyrosk.gr