R Ryane JoeRCORP · LIVERPOOL
Home/Cybersecurity & Research
Cybersecurity & research

I build like an
analyst thinks.

Cybersecurity isn't a service I bolt on — it's the lens I was trained in and the way I approach every build. Here's how that thinking works, and the independent research behind it.

01

Threat-model first

Before writing features, I ask what could go wrong: who's the attacker, what's the sensitive data, where's the blast radius. The data model follows the threats.

02

Least privilege & audit

Role-based access so people see only what they need, plus audit trails so every sensitive action is accountable. The defaults are the secure ones.

03

Encrypt & contain

TLS 1.3 in transit, encryption at rest, data kept in-jurisdiction. If something does leak, it should be unreadable and contained.

Independent research · 2023

CAPTCHA & anti-bot bypass research.

In April 2023 I self-published a technical write-up examining how modern anti-bot systems hold up under pressure — looking at hCaptcha, reCAPTCHA and Cloudflare's anti-bot solutions, supported by custom Python tooling.

The aim wasn't to break things for the sake of it. Understanding how bot-mitigation actually behaves — where it's strong, where it's brittle, and how automated traffic is detected or slips through — is exactly the knowledge you need to defend a real application against abuse, scraping and credential attacks.

It's independent research, shared openly. Treat it as honest, self-directed security work — not a peer-reviewed academic paper — and as evidence that the analyst's curiosity is real and ongoing.

Why it matters to my builds

Every public form, login and checkout I ship is a potential target for automated abuse. Having pulled anti-bot systems apart myself, I design with that reality in mind — rate limits, validation, and sensible friction in the right places.

Security in practice

Where this shows up in real products.

Case in point — Vicarity

The clearest example is Vicarity, my care-sector SaaS, where security thinking shaped the whole architecture:

  • Care records handled as UK-GDPR Special Category Data with role-based access and audit trails.
  • TLS 1.3 in transit and encryption at rest.
  • Designed around the CQC Single Assessment Framework's 34 quality statements.
  • UK-hosted, no third-country transfers; ISO 27001 & NHS DSPT on the roadmap.
Read the Vicarity case study
Secure your build

Want a developer who thinks like an attacker?

Whether it's a security review, a hardened build, or a product that handles sensitive data — that's my home turf.

Work with me More about me