Back to Blog

Why I Built CyberLab

Gabe BidotAugust 16, 20253 min read
securityprojectsawslearningcybersecurity

Cloud security isn't something you master by reading documentation or passing an exam. It's something you learn by building, breaking, and fixing. That's why I started CyberLab, a personal project where I could test real-world vulnerabilities, apply industry standards, and grow my expertise beyond certifications.

The Motivation

When I passed the AWS Certified Solutions Architect – Associate exam, I felt confident in my ability to design architectures in Amazon Web Services (AWS). But I also realized something: certifications give you a strong foundation, not a complete picture. They rarely expose you to the messy reality of misconfigurations, overlooked settings, or how vulnerabilities unfold in practice.

I wanted a way to bridge that gap. CyberLab became that way. It's an environment where I can simulate attacks, test defenses, and experience first-hand the scenarios that security professionals talk about every day.

Building the First Version

I started small and simple. Using Next.js for the frontend and API routes, Supabase for Postgres, and Vercel for deployment, I created a lightweight web application. The goal wasn't to build a production-ready platform. It was to create a safe space where I could:

  • Explore vulnerabilities like SQL injection and prompt injection
  • Learn how those vulnerabilities are exploited
  • Practice patching and validating fixes in real time

This approach gave me something far more valuable than theoretical knowledge. It gave me a controlled environment where I could play both roles: the attacker and the defender.

Why Start This Way?

By keeping the architecture simple, I could focus on fundamentals. What happens if I write insecure database queries? How do I recognize when input validation fails? What does it actually look like when a vulnerability is exploited?

It's one thing to read about SQL injection. It's another to run it against your own code, watch it succeed, and then redesign the code so it fails the next time. That cycle of break, understand, fix is where the real learning happens.

The Takeaway

CyberLab started as a small experiment, but it quickly grew into a mindset: security is learned by doing. Hands-on exploration turns abstract risks into real lessons, and those lessons stick.

In the next phase, I'll share how I expanded CyberLab into AWS with Terraform to simulate more advanced cloud-native security challenges, from secure S3 vaults to IAM role misconfigurations.

This is only the beginning.

Ready to explore? Check out CyberLab and see the hands-on security learning platform in action. Remember: it's for educational and research purposes only!