gurjitsi/cyber-security-portfolio

# 🔐 Cyber Security Portfolio — Gurjit Singh ## 👋 About This Repository CompTIA Security+ certified SOC Analyst and Mobile Application Security Engineer with 10+ years of cross-platform development experience across iOS, Android, and web. I bring something most security professionals don't have — a developer's hands-on understanding of the full software attack surface. I've built production applications handling sensitive financial data (Stripe/PCI), logistics data, and 10,000+ user accounts. I know how these systems get built, which means I know exactly where they break. This repository documents my security learning journey, practical lab work, and real-world application audits. Everything here is hands-on — not theoretical. **Currently targeting:** SOC Analyst, AppSec Engineer, and Junior Penetration Tester roles in the UK, Ireland, Netherlands, and Germany. ## 📂 Repository Structure mobile-security-portfolio/ │ ├── README.md ← You are here │ ├── owasp-mobile-top10/ │ ├── README.md ← Overview of all 10 risks │ ├── M1-improper-credential-usage.md │ ├── M2-inadequate-supply-chain.md │ ├── M3-insecure-authentication.md │ ├── M4-insufficient-input-validation.md │ ├── M5-insecure-communication.md │ ├── M6-inadequate-privacy-controls.md │ ├── M7-insufficient-binary-protections.md │ ├── M8-security-misconfiguration.md │ ├── M9-insecure-data-storage.md │ └── M10-insufficient-cryptography.md │ ├── mobsf-audit/ │ ├── README.md ← Audit methodology │ └── imagegalleryapp-findings.md ← Image Gallery iOS app audit findings │ ├── tryhackme/ │ └── progress.md ← TryHackMe learning log │ └── certifications/ └── security-plus-journey.md ← How I passed Security+ in 9 days ## 🏆 Certifications | Certification | Status | Date | |--------------|--------|------| | CompTIA Security+ (SY0-701) | ✅ Passed | May 2026 | | CompTIA CySA+ | 🔄 In progress | 2026 | ## 🔬 Security Work ### 1. OWASP Mobile Top 10 — iOS Practical Lab Real Swift/UIKit code examples for every OWASP Mobile risk — vulnerability and fix side by side. → [View OWASP Mobile Top 10 notes](./owasp-mobile-top10/README.md) ### 2. MobSF iOS App Audit — Image Gallery App Static and dynamic analysis of a production iOS app I built. → [View audit findings](./mobsf-audit/sixrpm-findings.md) ### 3. TryHackMe — Jr Penetration Tester Pathway Hands-on penetration testing practice — progress log and key learnings. → [View progress](./tryhackme/progress.md) ### 4. Security+ Journey How I passed CompTIA Security+ in 9 days. → [Read the full story](./certifications/security-plus-journey.md) ## 📝 Blog Posts - [Understanding Certificates in Cybersecurity([https://gurjit.co](https://gurjit.co/blogs/2026/understanding-certificates-in-cybersecurity.php)) ## 🛠 Tools & Technologies | Category | Tools | |----------|-------| | Security tools | Burp Suite, Frida, ELK, Wireshark, tcpdump, Zenmap, VirusTotal, MobSF, OpenVAS | | Programming Languages| Swift, Objective-C, Java, HTML, CSS, Javascript, SQL, PHP, Python | | Architecture & Design Patterns| MVVM, MVC, Singleton, Delegate, Dependency Injection | | Operating Systems | Linux (Red Hat Enterprise Linux, Ubuntu, Kali Linux), macOS, Windows | | DevOps/ CI-CD | Git, Fastlane, Jenkins, Gitlab, Firebase, Xcode, Android Studio, CI/CD | |Others | REST APIs, Unit Testing, UI Testing, Debugging | | AI/ML | LLaMA 3.2, Ollama | *This portfolio is actively updated as I complete labs, audits, and certifications.*