foylabout
Loading the explanation
About foyl

Built because existing tools were either behind a paywall or kind of terrible.

foyl is a one person security platform for people trying to learn this field without spending $3,000 on bootcamps and vendor demos.

Mission
Make getting into cyber less horrible.

The cybersecurity field has a weird problem. There is an enormous amount of real world tooling, but almost none of it is accessible to people learning. You can't sit down in a real SIEM without either working at a company that has one, or buying an expensive lab license. You can't see what an actual threat briefing looks like without paying for a threat intelligence subscription.

foyl exists to close that gap. Everything on this platform is free. The Brief is a real daily threat briefing used by security teams. foyl Learn puts you inside 10 functional mock security consoles with labs, drills, live shifts, linked incidents, progress, and instructor tools. They are working dashboards, not screenshots with ambition.

The goal isn't to replace real experience. It's to make the first 6 months less overwhelming, and to give people something useful to use every day while they're building toward that experience.

Everything gets built when something annoys me enough that I decide to fix it myself. This platform is not meant to replace certs, formal education, or real experience. It is the useful middle ground between reading about the work and being allowed near production.

Free
All of it
No freemium, no trial. foyl Learn uses accounts so progress and classrooms have somewhere to live. Bureaucracy won one point.
Daily
Threat Briefings
Published every morning. Runs on a few AI pipelines and an RSS feed aggregation model.
10
Mock SOC Tools
SIEM, EDR, NGFW, Email, Identity, VM, SOAR, TIP, CASB, and Ticketing. All fake. All functional.
What we stand for
Three things foyl doesn't compromise on.
These aren't startup values written by a PR team. They're just how the thing actually gets built.
01
Accessible by default

Everything is free. Public tools stay public, and foyl Learn uses an account for saved progress and classroom access. The paywall model for security education remains a scam. This is the counterargument.

02
Actually useful, not just educational

The Brief is used by working SOC analysts, not just students. The OSINT directory saves me bookmarks. The job board skips the LinkedIn garbage. Everything is built to be useful on a Tuesday morning, not just in a classroom.

03
Honest about what it is

foyl Learn is a mock environment, not a real SOC. The Brief is AI generated, not written by an analyst. The job board pulls from five free APIs. None of that is hidden. The tradeoffs are on the label.

How it got here
Built in pieces, whenever something was missing.
No roadmap. No product team. Just problems that were annoying enough to fix.
2024
The Brief: Daily threat intelligence briefing

Started as Kevin's idea for a script that scraped vendor advisories and fed them to Claude. Turned into a real daily briefing after a few people asked where they could get it. Now publishes every morning across the major vendor sources.

Live · brief.foyl.io
2025
foyl Learn: A complete browser SOC

Started with SIEM and EDR, then grew into ten linked consoles, seven labs, twelve drills, live analyst shifts, a 3D network range, six incidents, saved progress, learning paths, and an instructor deck. Scope control had a difficult year.

1.0 release candidate · learn.foyl.io
2025
foyl OSINT, Certs, Jobs, Attack

Four tools built around the same frustration: the resources exist, they are just scattered. The OSINT directory has 62 tools. Certs has 382 exam previews. Jobs has 50 AI selected listings each week. Attack turns the MITRE matrix into something you can actually explore.

Live across foyl
2026
foyl Events: Community security calendar

A monthly AI selected calendar of cybersecurity conferences, CTFs, training, webinars, and community events. It has a working map and filters, which should not feel novel but does.

Live · events.foyl.io
The person behind it
One person. No team. Questionable sleep schedule.
Aidan
Idk Man I Just Build Stuff
Background

I'm a cybersecurity professional that had to go through the cybersecurity education gauntlet while navigating the IT job market. It sucks, it's hard, jobs are hard to find, good education is hard to come by.

What I actually do

I work as a cybersecurity engineer and an analyst (sometimes). I also happen to teach at a collegiate level on occasion. Most of the data/tooling that foyl is built off of comes from my educational material, just aggregated into a single platform.

Why I built foyl

I got tired of the gap between "watching YouTube videos about cybersecurity" and "working in a real SOC." There wasn't a good middle ground, especially for students who don't know what's out there. You either had theoretical knowledge or you had practical experience, and getting from one to the other required either a job or spending thousands on lab environments.

I started building things to fill the gaps I was running into while teaching and learning. The Brief started as a script to avoid reading 12 different advisory pages every morning. The mock tools started because I hated imaging the same server with a different flash every time I needed to teach or demo a tool. The jobs board started because LinkedIn is a mess.

Everything on foyl is something I wished existed when I was exploring this field.

How to reach me

If you've found a bug, want to suggest a tool for the OSINT directory, want to submit an event to foyl Events, or just want to say something, email is the best way to reach me. I try to respond to everything.

The platform
Seven surfaces. Fewer subdomains than before.
Everything is free to use. foyl Learn asks for an account because saved progress cannot survive on good intentions.
The Brief
brief.foyl.io
Daily AI threat briefing. CVEs, KEV, Patch Tuesday, threat actors, detection queries.
Live · updates daily
foyl Learn
learn.foyl.io
Ten consoles, labs, drills, live shifts, a 3D range, six incidents, learning paths, and instructor tools.
1.0 release candidate
foyl Events
events.foyl.io
Cybersecurity conferences, CTFs, training, webinars, and meetups on a filterable map.
Live · updates monthly
foyl OSINT
osint.foyl.io
62 curated OSINT tools across 10 categories.
Live
foyl Certs
learn.foyl.io/certs
Five question previews for 382 certs. Twenty five career paths. Entry through expert.
Live
foyl Jobs
jobs.foyl.io
Fifty AI selected cyber and IT jobs, refreshed every Monday. Entry and mid level only.
Live · refreshes Mondays
foyl Attack
learn.foyl.io/attack
Interactive MITRE ATT&CK® matrix. 20+ APT groups. 4 campaign walkthroughs.
Live