Profile photo
Aaron Anthony A. Gano II
Bambang, Philippines
Aspiring Purple-Team Security Engineer
Schedule a meeting Send Email
About

I'm a third-year BS Computer Science (Robotics) student focused on becoming a purple-team security engineer — someone fluent in both offense and defense. My approach to every project is the same loop: run a realistic attack, watch it from the defender's side, then write the detection that closes the gap.

Outside the lab I lead development on a government-facing community reporting platform, train as a competitive recurve archer, and work steadily through a cybersecurity certification roadmap toward OSCP.

Every project here is built in an isolated home lab on hardware I own, documented as if it were a real engagement, and published so it can be reviewed end to end.

Tech Stack

Cybersecurity Languages

PythonBashPowerShellCC++JavaScriptSQLGo

Mobile

DartFlutter

Frontend

JavaScriptTypeScriptReactNext.jsTailwind CSSshadcn/ui

Backend

Node.jsNestJSExpressPythonREST APIPostgreSQLMongoDB

Security / Identity

JWTOAuth 2.0Zero TrustBurp SuiteNmapWiresharkGhidraISO 27001

DevOps / Cloud

AWSDockerKubernetesTerraformGitHub ActionsPrometheusGrafana

AI & Machine Learning

PyTorchscikit-learnTensorFlowOpenAI
Main Project
★ Featured

One Vizcaya Hard

Provincial app for Nueva Vizcaya

A platform serving the people of Nueva Vizcaya, bringing local services and information into a single app. My focus is the backend architecture and security — building reliable APIs, hardening authentication, and keeping user data protected.

My role: Backend & Security
DartFlutterTypeScriptJavaScriptREST APIJWTOAuth 2.0
Live Demo GitHub Repo
Experience
Present
Earning Cybersecurity Certifications
Working through certifications like the Google Cybersecurity Certificate and various Udemy courses to deepen my security skills.
Oct 2025
Started the One Vizcaya App Project
Began building One Vizcaya, owning the backend and security side of the platform.
Apr 2024
Started my journey in Cybersecurity
Began focusing on security — both defensive and offensive sides.
Aug 21, 2023
Started as a Computer Science Student
Nueva Vizcaya State University — Main Campus
Jul 22, 2022
My first coding experience 👋
Wrote my first line of code.
Security Project Roadmap

A purple-team build plan — red and blue projects across offense, defense, and general security. Each becomes its own documented repo as I complete it.

Focus area
All
Purple
Defense
Offense
General
Difficulty
All
Easy
Medium
Hard
Focused
Certifications

My certification roadmap, ordered by priority and cost — free wins first, then the credentials that prove I'm Purple, building toward OSCP.

In Progress
Google Cybersecurity
Free · broad entry-level foundation
Do First · Free
ISC2 Certified in Cybersecurity
Free · respected ISC2 issuer ★★★★
Do First · Free
Fortinet FCF
Free · vendor-backed fundamentals
Free Training
Splunk Core Certified User
SIEM — core SOC tool
Priority #1 · ~$425
CompTIA Security+
The #1 cert employers ask for ★★★★★
Do Next · ~$249
eJPT (INE)
Hands-on offensive proof ★★★★
Do Next · ~$425
CompTIA CySA+
Blue-team / SOC credential ★★★★★
Alt · ~$399
Blue Team Level 1 (BTL1)
Hands-on SOC investigation ★★★★
PH Roles · ~$950+
CEH (EC-Council)
Asked for by PH / gov employers
OSCP Prep · ~$210
HTB CPTS
Affordable, superb OSCP prep ★★★★
The Big Goal · ~$1,749
OSCP / OSCP+
Unlocks international remote work ★★★★★
Senior · Long-term
CISSP / SANS GIAC
Senior roles · seek sponsorship
Learning Journey

My self-directed path from CS student to Purple Team — a four-stage plan built on hands-on labs, not just checklists. The through-line is the Purple loop: run the attack, detect it, write the rule that catches it.

1
Build the Foundation
Networking, Linux, Python, and a home lab on hardware I own. Wireshark captures, living in the terminal, a hand-written port scanner, and popping my first box.
NetworkingLinuxPythonHome Lab
2
Red & Blue → Purple
Offense on TryHackMe & Hack The Box, defense on LetsDefend & Splunk, and web hacking via PortSwigger. Learning both sides together so every attack sharpens my defense.
TryHackMeHack The BoxSIEMWeb Hacking
3
Prove It — Certifications
Earning credentials that prove what the projects already show, picked up as their material lines up with what I'm practising. Security+ → CySA+ / eJPT → OSCP.
Security+eJPTCySA+OSCP
4
Get Hired — Portfolio & Job Hunt
Turning lab work into a visible portfolio: GitHub repos, writeups, CTFs, and applying to roles both local (PH) and remote — this site being part of that.
GitHubWriteupsCTFsPicoCTF
Social Links