Hello!

I'm Colin Winhall

A passionate tech enthusiast with a 9-year diversified portfolio, adept at cross-functional collaboration, committed to making the digital experience easier & safer.


Cybersecurity

Passionate about defensive & offensive security and exploring roles as an ethical hacker.


NoCode development

I've been involved in NoCode since 2018. Nothing beats the feeling of creating software without writing a single line of code!


Artificial Intelligence

Heavily enthusiastic about AI and how it will be leveraged both by individuals and at scale through automation.


Side projects

A collection of the various projects I am currently working on or want to work on.

Fin.

About me

I am a tech enthusiast with a deep-rooted love for everything digital and its potential to bring about positive change. Throughout my career, I've enjoyed diving deep into problem-solving, getting my hands on new technologies and making these technologies my competitive advantage. It's what gets me out of bed every morning, excited to take on the day.A big part of my mission is to make the digital world safer and more secure. I firmly believe in the importance of cybersecurity as both a tech necessity and a moral commitment. My work history is filled with experiences in this realm, such as leading BugBounty programs and preparing for ISO 27001 audits. It's more than a job for me; it's about doing what's right.Throughout my 9 years working in tech, I've immersed myself in various roles within the industry, navigating through Design, Product, Marketing, Security, Customer Success & Support. I've experienced how all these departments function and how they synergise to create fantastic products. This broad experience equips me with the skills to quickly find alignment in cross-departmental tasks..Given my diverse experience, I can fit into a range of roles within the tech space. I bring a combination of technical prowess, creative thinking, strong interpersonal skills and a deep commitment to ethical technology usage. When I'm working on something that aligns with my passions, it doesn't feel like work. It's more like play and that's when I truly excel!So, if your organisation is looking for someone who's not bound by a specific role but is an adaptable professional eager to create a positive impact, I'd be thrilled to explore the possibilities with you. Let's explore how my passion, mission, and experience could align with what you're trying to achieve.

Professional Experience

Rows

Technical Product Specialist • Remote • 11/2022 - Current

• Provided technical support to 50+ clients, ensuring swift resolution of technical issues.
• Successfully onboarded 100’s of clients, conducting personalised session calls.
• Created, updated and maintained several an extensive range of documentation, tutorials, and video content, improving user engagement and SEO.
• Led BugBounty program, identifying and mitigating 20+ vulnerabilities.


Adalo

Senior Customer & Community Advocate • Remote • 08/2020 - 07/2022

• Provided technical support to 1000’s of customers with a 99% satisfaction rating.
• Spearheaded community engagement campaigns, managing and growing the community from a couple hundred to tens of thousands.
• Conducted regular internal pentests and cybersecurity initiatives, enhancing system security.
• Developed several internal tools, improving workflow efficiency by 100+%.
• Streamlined processes through creation of automations, reducing manual effort and human-error.


Plek

Information Security Manager • Amsterdam • 10/2019 - 11/2020

• Maintained ISMS, ensuring continued compliance with stringent industry standards.
• Implemented effective new processes and procedures to optimise security practices.
• Successfully prepared the team for ISO 27001 audits, solidifying the company's reputation for secure data handling.


NoCode Zone

Consultant • Remote • 01/2019 - 10/2022

• Provided consulting services in NoCode development, managing a handful of custom development projects and coaching a dozen more clients on building secure products.


Zapaday, Scaura & HelloMaaS

Product Manager/Product Owner • Amsterdam • 07/2015 - 09/2018

• Led product vision and prioritised features and capabilities, driving growth and user satisfaction.
• Effectively communicated product roadmap to stakeholders, ensuring alignment with company goals.
• Authored detailed product specs and defined scope for multiple product updates/releases, improving product functionality.


Skills & Interests

Side projects, Cybersecurity CTFs, Books, Travelling, Board games

Cybersecurity background

tl;dr

2015: Initiated journey in cybersecurity at Zapaday, where I started uncovering minor vulnerabilities in our SaaS platform.2019-2021: Joined sister company, Plek, initially as a Project Manager. Progressed to the role of Information Security Officer where I maintained the ISMS, led vulnerability programs, and successfully passed ISO 27001 audits annually.2020-2021: Identified and worked on addressing a dozen critical vulnerabilities in the NoCode platform at Adalo before the company shifted its focus.2021: Intensified self-learning in offensive security, consuming various resources such as books, online courses, CTFs, and bug bounties.2021-2022: Applied offensive cybersecurity knowledge to public vulnerability disclosure programs. Specialized in business logic, IDORs, and Mass Assignments, leading to the discovery of multiple critical vulnerabilities. Worked with a company, which had a client portfolio worth billions of euros, on understanding, testing and explaining their vulnerabilities, ultimately encouraging them to pursue a full professional pentest and code review.2022-Present: Continuously exploring potential vulnerabilities in daily-used apps, leading to over 30+ reports across multiple platforms. Gained satisfaction and valuable learning experience, in addition to several thousands of euros in rewards.


Full story

My journey into cybersecurity began in 2015 when my then-employer requested employees to unearth potential vulnerabilities in our SaaS platform. Despite having no prior exposure to hacking methods, I dived into the challenge and within just two days, found myself captivated by the intricate world of cybersecurity. Although my findings were minor, the experience sparked a fascination that grew over time.Fast forward to four years later, I joined our sister company, initially as a project manager. My growing interest in cybersecurity eventually led me to the role of the Information Security Officer. Over the next two years, I maintained the ISMS, led the vulnerability program and successfully prepared for and passed the ISO 27001 audits annually.Simultaneously, my curiosity in NoCode development began to peak. As a freelance consultant, I helped transform ideas into reality using NoCode tools. My role shifted within the company when I discovered a dozen critical vulnerabilities in the platform I was using. For the next six months, I worked with the team to address these issues. However, my journey was cut short when the company changed its focus and didn't allocate enough resources to address all security concerns.This abrupt end, while unfortunate, didn't hinder my enthusiasm for cybersecurity. Instead, it propelled me into a period of intensive self-learning. I consumed as much content as I could on offensive security, diving into books, online courses, CTFs, and bug bounties. I soon found myself armed with extensive knowledge that needed an outlet, leading me to public vulnerability disclosure programs.My knowledge of these platforms and my unique perspective from varied work experience helped me identify potential threat models and possible attack vectors swiftly. I was particularly successful in business logic, which led me to focus on IDORs and Mass Assignments. Even though I started with low hanging fruit, I eventually found several critical vulnerabilities, including ones within a company handling billions of euros.Unfortunately, my reward was just a €50 gift voucher, but I didn't let this dampen my spirit. I worked closely with their lead developer and managing director, explaining vulnerabilities, re-testing fixes, and ultimately, encouraging them to pursue a professional pentest and code review.Today, my interest in cybersecurity is as vibrant as ever. With a finely-tuned intuition for detecting vulnerabilities, I often explore the apps I use daily. I've submitted over 30 reports across multiple platforms but for the satisfaction and learning I gain from each discovery.

Platforms, courses, books, podcasts & influencers

Platforms

• TryHackMe
• PortSwigger
• HTB
• OWASP DVWA
• zseano's bugbountyhunter.com

Courses

• TCM
• NahamSec
• PortSwigger

Books

• The Web Application Hacker's Handbook
• Linux basics for hackers
• Hacking APIs
• Bug Bounty Bootcamp
• Serious Cryptography
• Click Here to Kill Everybody

Podcasts

• Darknet Diairies
• Critical Thinking - Bug Bounty

Influencers

• LiveOverflow
• Seytonic
• BBRE
• John Hammond
• Farah Hawa
• InsiderPhD
• Rana Khalil
• Jason Haddix
• Nagli
• NahamSec
• rez0_
• zseano
• JackRhysider
• Corben Leo
• Hakluke
Many many more...

NoCode background

tl;dr

Childhood-2017: Developed an interest in problem-solving and design, with experiences spanning from designing an automatic pill dispenser at 12 to creating detailed dozens of side projects with friends. (Some more successful than others).2018: Discovered NoCode tools, particularly Bubble, leading to the development of numerous web applications.2018-2019: Embarked on various solo side projects using NoCode tools, culminating in the successful launch of several web apps. Several projects reached #1 on Product Hunt.2019-2020: Transitioned to consulting, leveraging expertise in NoCode development to help clients bring their ideas to life. Became one of the first listed experts on Adalo.2020-2021: Joined Adalo as a Customer Advocate, assisting customers in realizing their dream projects and contributing to the overall user experience.2021-2022: Identified and worked to resolve critical security issues within Adalo's platform. Role was eventually eliminated due to a change in the company's direction, leading to the end of this NoCode journey.2022-Present: Translated this experience and newly discovered interest into a deeper exploration of cybersecurity.


Full story

From an early age, I've always been brimming with ideas. I distinctly remember designing an automatic pill dispenser box at the age of only 12, which is just one instance of my innate drive to dissect complex problems and find innovative solutions. Sometimes, I'd lose myself for days, weeks even, in the pursuit of solving a single problem - a passion that has often led me on unexpected, yet enriching journeys.As my career in technology evolved, so did the scope of my ideas. With experience in design and product development, I could transform these ideas into detailed mockups and specifications. However, the missing piece of the puzzle was the ability to bring these ideas to life independently, without the need for a developer, which remained unattainable until 2018.The emergence of NoCode tools changed everything for me. Tools like Bubble gave me the ability to build complex web apps, bringing me closer to my goal. Empowered by these resources, I embarked on numerous projects simultaneously, a decision that, while initially overwhelming, taught me invaluable lessons about the complexities of software development.After this rapid-fire experience, I chose a more methodical approach, working on a few ideas at a time and successfully launching several projects. Some of these even reached #1 on Product Hunt, providing me with invaluable lessons on product lifecycle and user engagement.Feeling confident in my abilities, I decided to lend my expertise to others and started consulting. My tool of choice was Adalo, where I became one of the first listed experts. It was exhilarating to take ideas and turn them into realities singlehandedly, feeling as though I'd unleashed superpowers. However, freelancing presented its own challenges, namely managing client expectations and working solo.An opportunity with Adalo changed this, as I accepted a role as a Customer Advocate. This role was a perfect blend of my prior tech roles and my NoCode development skills. I derived immense satisfaction from aiding customers in realizing their dream projects.However, my growing interest in cybersecurity soon intersected with my role at Adalo. I discovered some critical security issues within our platform and dedicated several months to resolving these. Sadly, the direction of the company changed, and my role was eliminated. The end of my NoCode journey was heartbreaking and took a toll on my passion for NoCode development.But every end is a new beginning. This experience paved the way for my growing passion in cybersecurity - a story you can continue reading in the next section of my site!

NoCode platforms I'm familiar with

Builders

• Adalo
• Bubble
• Noodl
• Carrd
• Webflow
• Glide
• Softr

Design (Mockups and prototyping)

• Miro
• Figma
• Photoshop

Project and Product Management

• Notion
• Trello

Side projects


Vulnerable Domains

An exceptionally basic web app that allows you to check if a domain is vulnerable to various transformation attacks.

Active

CV.zip

CV.zip was designed to be a quick and interesting way to deliver a resume to a potential hiring manager. Visiting cv.zip will download a zip file directly to your device.Anyone can host their cv.zip file for 24 hours for a fixed fee.

Active


Bounty Navigator

A curated list of 1000's of public vulnerability disclosure programs sourced online with reward levels offered and contact details to submission.

Launching soon


Square Two

NoCode development platform designed as an opensource project with a focus on fair pricing, no lock-in, privacy & security.

Currently on hold


Audit Flow

An all in one cybersecurity assistive agent. Follow a step by step wizard that walks you through attack vectors, watch tutorials, get a list of available tools, read write ups and public disclosures, find related CTFs, finally, pass through your findings and get suggestions on how to escalate findings or chain them together and create automated reports.

Designed & scoped but need help, project is too big 🙃


Unnamed project

How I see the future of support and education content being created for online platforms. Powered by multiple AIs, detailed, specific tutorials and support content can be generated in minutes.

Researching feasibility


True North Jobs

A job search engine based on the concept of ikigai. The job seeker answers some questions about what they love doing, how they would want to change the world, what they're good at and their CV answers what they can be paid for.Jobs are then given a matching score based on their ikigai profile.

Researching feasibility


Synth Connection

I've created my own personal Discord server which is populated by a team of AI agents. Each specialised in a specific role. They are all able to talk to one another, as well as assign one another tasks to be completed in an almost-automated fashion through very very specific prompts.

Active in my private Discord server


You're the product

An educational product designed to teach people how their data is used and monetised against them. They learn through actively making the website money through the various ways that users and traffic get monetised.

Needs very tricky custom development


Muted Words

Curated wordlists to mute on Twitter instantly. Topics and trends evolve over time. New words, people or things become part of a topic or a trend, and old ones fall out of use or popularity. This is especially true for topics and trends related to social media, which can change very rapidly.

Landing page created - never launched 🤷


Pixel Beam

A physical product that I've been theorising and working on for 7 years. Still actively working on it (slowly).Combines the power of a flash with the functionality of a projector to produce "Digital Light". Allowing you to project digital images on subjects that can be powered by algorithms.

Are you an optomechatronics engineer by any chance? Help!

Artificial intelligence

tl;dr

2020: Began experimenting with GPT3, while primarily focused on NoCode development.2021-2022: Interest in AI rekindled with the launch of DALLE 2 and Midjourney, closely followed by the release of ChatGPT. Started actively following AI developments and technological advancements.Early 2023: Began using AI as an assistive technology in professional work, enhancing productivity and problem-solving processes.Mid-2023: Initiated the development of an innovative project involving a chat group of AI personas representing different company roles (e.g., marketer, developer, product manager). Implemented these AI personas on a chat-like platform (Discord) to interact and develop comprehensive project outlines and strategies.Present: Developed a deeper understanding of various AI systems and tools, learning how to interlink different platforms for desired outcomes.2024 (Projected): Continue to hone AI-related skills and knowledge, understanding the vital role of these capabilities in the future workforce. Recognising the increasing relevance of adaptability, understanding of AI technologies and their integration into workflows.


Full story

Much like many others in the tech industry, I have been captivated by the promise of AI. Whether it's a bubble waiting to burst or the dawn of a new technological era, there's no denying that AI has already significantly improved many aspects of our lives. My guiding principle in engaging with AI is to use it to understand an answer, rather than to just get an answer. Not just as a means to an end but as a way to uncover the process leading to that end.Back in 2020, I first explored the possibilities offered by GPT3. Even then, the results were impressive, but my focus was entrenched in the new and exciting NoCode movement, which meant AI took a backseat. My interest in AI was truly reignited with the launch of DALLE 2, swiftly followed by Midjourney's hyper-realistic image generation capabilities and the jaw-dropping launch of ChatGPT. In the subsequent months, the tech landscape was transformed with a flurry of new use cases and technologies that for the first time, it felt as though I could not keep up with the speed at which technology was accelerating.Like many others, I not only used AI as an alternative to traditional search engines but also found ways to use it to enhance my work. Rather than relying on AI to perform tasks for me, I engaged with it as a tool to refine my processes, not asking for it to "do it for me" but more in a "how can I do this better" way. I don't believe AI is at a point to replace a human in most professional aspects, the technology is not reliable enough at this moment (June 2023) but as an assistive technology, it cannot be beaten.An ongoing project that I'm proud of involves creating a chat group of AI personas, each representing a different role within a company, like a marketer, developer, or product manager. I've devised a system where these AI personas can interact with each other in a chat-like environment (Discord). This setup proves incredibly useful in fleshing out the basics of a project, interpolating the potential requirements from each persona and determining the optimal approach for each aspect of the project. The project is currently on hold while I work on improvements and in the interim, I've observed similar initiatives take root, each offering a unique spin on the shared goal of using AI to recursively evaluate, question, and respond until a satisfactory resolution is reached.Currently, one of the significant advantages I hold is my comprehensive understanding of the existing AI systems and tools. I know how to interlink various platforms to achieve a desired result. Paired with my methodical approach to prompting, I believe this knowledge equips me to deliver high-quality, reliable outputs that exceed the results possible with a superficial understanding of these tools. Being familiar with the strengths and weaknesses of these AI systems enables me to tailor my approach, adjust my expectations, and adapt my strategies, ensuring I consistently obtain the most accurate and useful outcomes.Ultimately, the knowledge and skills I've cultivated over the past nine months are rapidly becoming essential for future workforces. As AI continues to evolve, it's clear that adaptability, an understanding of AI technologies, and the ability to integrate these tools into workflows will be vital for staying ahead. We're standing on the brink of a revolution in the way we work, with AI at the helm. Those who can leverage AI to its full potential will not only remain relevant but will be instrumental in shaping the course of this exciting new era.

AI tools and frameworks I'm familiar with

LLM

• ChatGPT
• OpenAI API
• Bing

Image generation

• Midjourney
• DALLE 2
• Firefly
• Photoshop (beta)

Frameworks / other tools

• Pinecone
• Langchain