About Me
I'm Alexander McRobie, a Computer Scienece graduate with a focused interest in both Red Team and Blue Team operations. I’m driven by a deep curiosity about how systems can be broken; and more importantly, how they can be secured. Whether it’s identifying vulnerabilities through penetration testing or building resilient defense strategies, I thrive at the intersection of offensive and defensive security.
To me, cybersecurity is not just a career path; it's a mindset of continuous learning, critical thinking, and proactive problem-solving. I’m passionate about developing hands-on skills, staying current with threat landscapes, and building tools and workflows that make systems more secure.
University
- First Class BSc in Computer Science, University of York, 2024
- My degree gave me a strong foundation in computing, including areas like machine learning with Pytorch, data science using Pandas and NumPy, game development with Java, and low-level programming with Assembly. It was during my final year that I discovered my passion for cybersecurity through modules in Network Security and Cryptography. These courses introduced me to core security concepts such as secure communication protocols, real-world encryption, and the tools attackers and defenders use to test or protect systems. From that point forward, I committed myself to learning beyond the classroom; exploring the tools, techniques, and mindset required to build a career in cybersecurity.
- My final-year dissertation, "Real-Time DDoS Detection Using Neural Networks", focused on utilising machine learning to identify and respond to denial-of-service attacks as they occur. This project involved studying a range of DDoS attack vectors and tools, evaluating mitigation strategies, and implementing a neural network-based detection model trained on synthetic traffic data. It deepened my understanding of both offensive techniques and defensive mechanisms, particularly where cybersecurity and AI converge. A detailed overview is available in the Projects tab.
Certifications
- Google Cybersecurity Professional Certificate, 2024
- Currently pursuing Hack The Box Certified Penetration Testing Specialist (CPTS), expected 2025
Practical Experience & Tooling
Lab Environments & Virtualisation
- Built isolated lab environments to safely practice offensive and defensive techniques
- Tools: VirtualBox, VMware Workstation, Docker, Hyper-V
- Configured multiple VMs including Kali Linux, Parrot OS, Windows Server, and vulnerable boxes (e.g., DVWA, Metasploitable2, Active Directory lab)
- Created snapshot-based test environments for exploit development and blue team response scenarios
- Experimenting with containerised tools and services using Docker for lightweight lab setups (e.g., running ELK stack, Splunk, web servers)
Reconnaissance & Scanning
- Executed structured recon workflows against lab targets
- Tools: Nmap, Masscan, Amass, RustScan, Shodan, WhatWeb, TheHarvester
Active Directory Exploitation
- Practiced domain enumeration, privilege escalation, and lateral movement in simulated AD environments
- Tools: BloodHound, SharpHound, Mimikatz, Rubeus, CrackMapExec, Kerbrute, PowerView, Impacket, WinPEAS, Evil-WinRM
Web Application Exploitation
- Performed OWASP Top 10 testing on vulnerable web apps and CTF challenges
- Tools: Burp Suite, SQLmap, FFUF, Nikto, XSStrike, Dirb, Wappalyzer
Defensive Analysis & Blue Teaming
- Simulated SIEM-based alert triage and log analysis
- Tools: Splunk (cloud & local), Sysmon, Wireshark, Event Viewer, Zeek, ELK Stack (basic)
Scripting & Automation
- Developed recon and enumeration scripts in Python and Bash to automate repetitive tasks
- Tools: Python (socket, requests, scapy), Bash (netcat, grep, awk, cron jobs)