About Skills Experience Education Contact Projects
CYBERSECURITY PROFESSIONAL

Hi, I'm Josh Laur

Cyber Security student at Fanshawe College with a deep passion for offensive security. Focused on full-stack security development, reverse engineering, and penetration testing. CEH certified. Currently a Risk Analyst at Canada Life.

🚀 View My Work
🏆
Competition
1st
Great Canadian CTF
💼
Current Role
Risk Analyst
Canada Life
🔒
Certification
CEH
EC-Council
🎓
Education
Cyber Security
Fanshawe College
NmapBurp SuiteWiresharkMetasploitGhidrax64dbgHashcatNessusHydraSQLmapAircrack-ngShodanProxmoxOPNsenseDockerPrometheusPython
01 Who I Am

Attacker mindset,
analyst discipline.

Offensive security is what I'm most passionate about.

I'm currently enrolled in the Cyber Security Advanced Diploma program at Fanshawe College, and I work as a Risk Analyst at Canada Life where I apply security concepts to real enterprise risk in Application Delivery. Outside of work and school, offensive security is what I'm most passionate about. I spend my time building projects, earning certifications, and competing in CTFs. All of that combined is how I genuinely understand how attackers think and operate. Fluent in English and French.

02 What I Know

Technical Expertise

Domain knowledge across the offensive and defensive security spectrum.

Penetration testing, vulnerability assessment, and red team methodologies.

  • CEH certified (v13). Trained and tested across 20 domains: scanning, exploitation, malware, social engineering, cryptography, cloud. Same tools attackers use, applied to securing real environments.
  • 1st place at The Great Canadian CTF 2026 with team SWOCTS
  • Penetration testing covering reconnaissance, exploitation, privilege escalation, and post-exploitation
  • Studied how red team infrastructure is designed: how traffic routes through VPNs to redirectors, into a DMZ, to the operations server and back
  • Focused on encrypted channels, network segmentation, session management, and building secure systems from the ground up
  • Conducted independent reverse engineering research on commercial software, including binary disassembly with Ghidra, live debugging with x64dbg, and protocol analysis through network traffic captures
  • Vulnerability assessment and security auditing
  • OSINT and reconnaissance methodology: Google dorking, Whois, DNS enumeration, Shodan
  • Sniffing and MITM techniques: ARP poisoning, packet capture analysis
  • IDS and firewall evasion techniques
  • Session hijacking and countermeasures
  • Malware analysis fundamentals: trojans, fileless malware, behavioral analysis
  • Steganography
  • Active on HTB and TryHackMe working through real exploitation scenarios

Enterprise risk management, incident response, and security operations.

  • Risk Analyst at Canada Life, applying cybersecurity to real enterprise business risk in Application Delivery
  • Security management and security fundamentals
  • Security operations and monitoring principles
  • NIST Cybersecurity Framework, OWASP Top 10, MITRE ATT&CK
  • Built and ran phishing simulations using GoPhish to study social engineering tactics and user behavior
  • Sophos endpoint security, ticketing systems, and client support from my MSP co-op at Attache Group
  • Ethics and criminology coursework providing legal and regulatory context for security work

Building security tools and platforms from the ground up.

  • Built CoreID from scratch: WebAuthn/FIDO2, MFA, CSRF protection, session hardening. Learned web security by building real auth, not reading about it.
  • Isolated IDS logging forwarded to a separate network segment for defense-in-depth
  • Developed PortPhantom with a friend, a Python network scanner with automated NVD CVE lookup
  • Cryptography fundamentals: symmetric and asymmetric encryption, hashing algorithms, PKI, certificate management, and key exchange protocols
  • Scripting for security automation using Python, Bash, and PowerShell

Network architecture, virtualization, and systems administration.

  • Designed and run my own VLAN-segmented home lab on Proxmox with OPNsense firewall
  • DMZ and redirector architecture for network isolation
  • Docker containers, Nginx reverse proxies, Caddy, MariaDB, Redis
  • Monitoring stack: Prometheus, Grafana, Loki, Promtail. Built to give stakeholders clear visibility into real risk through dashboards they can actually read.
  • VPN configuration and management: OpenVPN, WireGuard, site-to-site and remote access setups
  • Network fundamentals: TCP/IP, DNS, DHCP, routing and switching, OSPF, VLANs, ACLs
  • Wireless and mobile security
  • Perimeter defence and secure network architecture
  • Windows and Linux server administration, Active Directory, Group Policy
  • Data centre infrastructure and database management
  • Hands-on firewall, routing, and AD management from my co-op at Attache Group

Languages, frameworks, and security tooling across the stack.

  • Languages: Python, C, Bash, PowerShell, PHP, JavaScript/Svelte, SQL, HTML/CSS
  • RE tools: Ghidra, x64dbg, Fiddler
  • Pentesting: Burp Suite, Nmap, Nessus, Wireshark, Metasploit, Hydra, Nikto, SQLmap
  • Recon and OSINT: Shodan, theHarvester, Recon-ng, Gobuster, ffuf, Hping3
  • Password cracking: Hashcat, John the Ripper
  • Wireless: Aircrack-ng
  • Network: Netcat, tcpdump, OpenSSL, Responder, enum4linux
  • Social engineering: GoPhish, SET (Social Engineering Toolkit)
  • Infrastructure: Docker, Proxmox, OPNsense, Nginx, Caddy, Prometheus, Grafana
  • Other: Git, Scapy, SIEM, Active Directory
03 Background

Experience

Risk Analyst

📅 May 2026 - Present 📍 Canada Life, London, ON
  • Working in Application Delivery, applying cybersecurity concepts to real enterprise business risk at one of Canada's largest financial services organizations.
  • Bridging the gap between technical security knowledge and organizational risk management in a corporate environment.

IT / Cyber Technician

📅 January 2026 - April 2026 📍 Attache Group Inc., London, ON
  • First co-op work term at a managed service provider, supporting multiple business clients with varying security requirements.
  • Level 1 IT and cybersecurity support: endpoint protection, firewall configuration, Active Directory management, and client-facing troubleshooting.
  • Worked with enterprise tools including Sophos endpoint security, ticketing systems, and remote management platforms in a hybrid environment.
04 Credentials

Education & Certifications

🎓

Cyber Security Advanced Diploma (Co-op)

Expected Graduation: Aug 2027
Fanshawe College, London ON
🔒

Certified Ethical Hacker (CEH v13)

Obtained: March 2026
EC-Council
🎓

Ontario Secondary School Diploma

French Immersion
Strathroy District Collegiate Institute
Competition Wins

Awards

🏆

The Great Canadian CTF 2026: 1st Place

National Bracket Tournament
Hack The Box x Canadian Cybersecurity Network, Team SWOCTS
🏆

SWOCTS CTF: Inaugural Winner

First-Ever SWOCTS Competition
Recognized at Cyber Hive YXU 2025
05 Get In Touch

Let's Connect

Open to discussing cybersecurity opportunities, collaborations, and innovative security solutions.

contact.sh
$ ./contact --list
💼 linkedin josh-laur 🏴‍☠️ hackthebox profile 🎯 tryhackme joshualaur14