28 questions across 7 categories
LABLIST.IO is a living technical portfolio platform built for entry-level cybersecurity and technology professionals. It brings together your projects, certifications, lab work, CTF writeups, and activity from GitHub and Medium, all in one shareable portfolio.
Anyone building a career in cybersecurity, IT, or software engineering. It is especially useful for those early in their career who need a better way to showcase hands-on skills beyond a traditional resume. If you're completing labs, earning certs, or building projects, LABLIST.IO makes that work visible.
Yes. All new Monthly signups get a 14-day free trial with full access to every feature. Your card is required but you won't be charged until day 15. After the trial, it's $4.99/month. Annual plans ($44.99/year, ~25% savings) are billed immediately.
GitHub shows code. LinkedIn shows job titles. LABLIST.IO shows the work: structured writeups of what you built, what you learned, and why it matters. It's a portfolio platform, not a social network or code repository. Guided wizards help you turn raw activity into compelling, recruiter-ready narratives.
Three sub-tabs, all free and public with no account required. The Certification Guide covers 169 cybersecurity and tech certifications across 13 domains, filterable by job role, level, and cost. Career Roadmaps lay out 42 role-by-role paths with competency checklists, time-to-job-ready estimates, and curated learning resources. Logs is the LabList field-notes blog: product updates, project ideas worth stealing, and unfiltered takes on the cyber job market.
No. The Resources hub is freely accessible to anyone with no signup, no payment, and no email required. Roadmap progress (which competencies you have checked off) saves locally in your browser only, never synced to our servers, never tied to an account. Come back any time and your progress is still there. We do not run analytics, tracking pixels, or any data collection on those pages.
Each entry type has a guided creation wizard. For projects, you walk through Problem, Stack, Role, Outcomes, Media, and Links. For certs, you add the badge image, issuer, date, and skills. For labs, you log the platform, difficulty, duration, and your writeup. Every wizard prompts you for what matters, so there are no blank text boxes.
Yes. Your portfolio is publicly accessible at lablist.io/yourusername. You can share the link on resumes, LinkedIn, job applications, or anywhere else.
The activity heatmap is a visual calendar that shows your daily technical activity across every entry on your portfolio. Each entry type gets its own color: projects, certs, CTFs, learning, labs, writeups, events, and DevOps work each appear as a distinct dot, so employers can see at a glance where your time goes.
Absolutely. LABLIST.IO is built for cybersecurity professionals. You can include CTF writeups, lab walkthroughs, penetration testing reports (with client info redacted), and vulnerability research for patched issues. Active exploits targeting unpatched vulnerabilities and credential dumps are prohibited. See our Security Content Policy for details.
There are 6 profile designs, each with dark and light modes:
New designs are added to the catalog over time. All subscribers get access to every released profile design automatically.
Yes. You can change your profile design and toggle between dark and light mode at any time from your dashboard. Your content stays the same. Only the visual presentation changes.
Yes. The dashboard includes a design picker with preview cards for all 6 profile designs. You can also see live previews on the landing page.
Members can connect GitHub and Medium from the dashboard. Once connected, LABLIST.IO imports your activity: public commits surfaced as devops entries and published Medium posts surfaced as writeups. Synced data is mapped to portfolio entries that you can edit, enhance, or remove.
Yes. You can disconnect any integration at any time from your dashboard. Disconnecting stops future syncs but does not automatically delete previously imported entries. You can delete imported entries individually.
Only what you authorize. For GitHub: public repositories, commits, and contribution activity via OAuth (read:user scope). For Medium: your public RSS feed (username-based, no API key); posts become writeups on your portfolio. We never access private repositories, drafts, or non-public content.
LABLIST.IO has one plan: Listed Member. Choose your billing cadence:
Every feature is included: all 6 profile designs, guided entry wizards, all integrations (GitHub and Medium), YouTube/Vimeo/Loom video embeds, portfolio analytics, and 5 GB storage.
Yes. Cancel from your dashboard Settings > Billing page at any time. You keep full access until the end of your billing period. Your content is never deleted.
Guided wizards walk you through capturing your approach, tools, findings, and lessons learned for every entry. The structured format makes it easy to turn labs, CTFs, and projects into compelling portfolio pieces. You control what gets published.
We offer a full refund within 7 days of your initial purchase. After 7 days, or for renewal charges, refunds are provided at our discretion. Contact support@lablist.io for refund requests.
Yes. All connections are encrypted via TLS with HSTS enforced. Data at rest is encrypted via Supabase (Postgres on AWS, AES-256). Passwords are hashed with bcrypt. We never see your plaintext password. We offer multi-factor authentication (TOTP, passkeys, email OTP). We enforce Content-Security-Policy headers, rate limiting, and input sanitization on all endpoints. See our Privacy Policy for full details.
No. We do not sell, rent, or trade your personal data. We do not use third-party analytics, tracking pixels, advertising trackers, or session replay tools. Your data is shared only with the service providers necessary to operate the platform. See our Privacy Policy for the full subprocessor list.
No tracking cookies. We use first-party localStorage for your theme preference and for anonymous portfolio analytics (session ID, per-portfolio visit counter, and the viewer role you optionally share via a first-visit poll that defaults to off), plus sessionStorage for signup progress and short-lived click deduplication. All are functional browser storage, not cookies. Supabase Auth may set a strictly necessary httpOnly session cookie for authentication. See our Privacy Policy for the full storage inventory. No cookie consent banner is needed because we use zero non-essential cookies.
Portfolio owners see aggregate, anonymous data about their own portfolio: distinct visitors (via a random session ID in localStorage), page views, scroll depth, dwell time, referrer hostname, UTM tags if present, device type, country (derived from IP, never stored), time-of-day buckets, visit-count buckets (first time vs returning), outbound link clicks, and an optional viewer role that visitors can share via a one-tap poll that defaults to off. We apply a k-anonymity floor of 5 to every breakdown row, so no individual visitor is ever identifiable. Raw events are retained for 90 days and aggregate rollups for 2 years. Owners can also opt in to a monthly email digest (default off). No third-party trackers, no advertising pixels, no cross-site tracking. See our Privacy Policy for the full storage and retention inventory.
Request deletion from your dashboard Settings page or by emailing support@lablist.io. Your portfolio goes offline immediately. All data is purged from primary systems within 30 days and from encrypted backups within 90 days. Billing records may be retained for up to 7 years as required by tax regulations.
Yes. All users can request a full JSON export of their profile, entries, and metadata by contacting support@lablist.io. We respond to export requests within 30 days.
Accounts with no sign-in for 12 consecutive months receive a reactivation email. If you don't respond within 30 days, the account and username may be reclaimed and data deleted. Simply signing in resets the clock.
Username changes are handled on a case-by-case basis. Contact support@lablist.io with your request. Usernames must meet our naming requirements (3–30 characters, lowercase alphanumeric, hyphens, and underscores). Reserved system names cannot be claimed.