Whoami?

#

I’m generally interested in Cybersecurity and IT in general, with a recent “itch” about learning about Space Cybersecurity. Lately I’ve been working on Cybersecurity Architecture, where I glue together the necessary infrastructure for a cohesive and comprehensive SOC ecosystem: Data pipelines, Detection & Observability Engineering, and generally deploying security solutions for mid-large hybrid environments. I generally don’t define myself as being a Red or Blue team mindset person; I thrive on either side, as long as I get to build stuff or come up with creative solutions to problems or ways to improve things.

Before Cybersecurity, I was a Mechanical Engineer, where I delivered services primarily to the Oil & Gas, F&B, and Pharma industries in Compressed Air Technologies, closely involved in business development and on-site operations. My transition to Cybersecurity was entirely self-taught and self-driven, actively engaging with the community and seizing every opportunity to learn and bring fresh, relevant knowledge to the table.

CORE VALUES IN INFORMATION TECHNOLOGY

#

Main Ethos

#

One of my core motivations in IT is to enhance human capabilities, like an extension of ourselves. This value is clearly reflected in the side-projects I’ve developed, including this site.

In Cybersecurity

#

My goal is to use Cybersecurity as a playground or vehicle for my talents, gifts and knowledge, and provide the best service I can. Whether I’m an employee or I’m on my own projects.

Hobbies & Interests

#

My hobbies and interests include playing guitar in my home studio and with my metal band, studying and learning new IT topics, studying Stoic and Eastern philosophy, and reading self-management and management books and materials.

Having and maintaining a personal website/blog has been entirely a byproduct of learning. I never aspired to be a “writer” or “blogger,” but I find relief in doing it. For me, it’s like a “brain exhaust”.

I have written and published material on the following media:

• Delta Protect Blog
• NexGenT Blog
• Of course, here on my website
• My public Knowledge Center (currently being dismantled and migrated here) - It is now offline

You can find more about my recent activity and interests on my “now page” here on my website .

Special Thanks

#

I want to express my heartfelt thanks to everyone I’ve interacted with, shared ideas with, and learned from throughout my journey in IT. The support and insights I’ve received from the community have been invaluable, and I aim to give back by sharing valuable information that can brighten someone else’s day.

To everyone who has helped me, given me tips and advice, coached, and mentored me along the way: Thank you once again for being a part of this journey. 🙏

My story: 2018-2020 & Transitioning to IT/Cybersecurity

#

I don’t talk much about my own story. But when I do, I try to do it in a way that inspires because my transition to IT has been a journey that taught me a lot about psychology and mindset. So I’m writing my story here hoping to convey some useful nuggets, whether you’re new to IT, or are a seasoned professional in this field.

The path that brought me here

#

Ever since I started, I’ve been fully immersed in the world of cybersecurity. My journey to entering the Cybersecurity & IT industry went exactly with the following order:

• Being a mechanical Engineer, I didn’t know anything about IT. Just the “other side of the moon” in OT: Actuators, pneumatics, control systems, etc. Regarding IT, I just a C++ class in College which didn’t give me any context about programming so it was at that time just a filler signature.
• One day I started programming in Python, thinking it’d just add a couple chops to my Engineering skillset & Knowledge. Eventually I wanted to know why this thing worked that way, so I got exposed to the Operating Systems and Network Engineering worlds. This is where the whole thing started.
• So I studied Networking and Operating Systems,
• A few months into this, I had the opportunity to work on a project at a local family office, which involved a tech refresh of their Networks and local servers (Thank you AB for all your support on this phase 🙏).
• What I was studying and doing at my homelab at that time, which basically was my college’s 8Gb/4Core laptop, helped me hugely in this job.
• The Linux rabbit hole started when I learned Linux SysAdmin skills, with CentOS, which also helped me with this job enormously.
• I got hooked on Information technology: I was so immersed in IT, that I was having immediate feedback from job/study, and the project went very smoothly, and I would easily say that:
  • In IT, everything you learn is practical, relevant, and useful in real situations.
  • That’s exactly what got me hooked in IT; it gave me a level of confidence and a sense of control over my path that only added fuel to this fire to learn and explore more.
• So I went all in on Information Technology and doubled down on this potential new path in life. I think this immediate feedback loop of learn → Apply → Learn more → Be more resourceful is what got me addicted. I just wanted to learn more and went all in.
• At one moment I got exposed to Cybersecurity, and it got my attention immediately. Started with Tryhackme, doing CTFs like a maniac, setting up my own infrastructure, learning Offensive Security, OPSEC stuff, etc.
• I don’t think I would’ve had so rounded skills & knowledge about security if it wasn’t because of Nathan House’s 4-volume Cybersecurity course . At this point in time, I keep sending this course to everyone I coach or have an opportunity to give advice. Of course I took a million courses, devoured books and did all kinds of things in my homelab across several months as my “full time job”, but this course was a synergistic way for me to solidify a lot of knowledge for me around privacy/OPSEC, and general Cybersecurity things.

The recipe

#

So, if you asked me “how to enter the Cybersecurity industry”, I would give you this recipe:

• Learn a scripting language (i.e. Python),
• Learn Vim.
  • I’m just kidding. I learned it and it was weird at first but it’s been there with me since I started and it has allowed me to do pretty cool stuff, fast.
• Learn Operating systems: Linux and Windows
  • Of course this includes Shell scripting + Powershell
  • Virtualization: Set up your own VMs to have a practice ground. If you don’t, it’s like learning how to swim without ever touching the water.
    • Not enough resources in your old Laptop? Fine, use Alpine Linux (Arch based), get into a deep rabbit hole setting it up. That’s not only okay, but great for exposing yourself to new concepts.
• Use Notion to take notes on everything you learn, every command you learn, everything that you think you may forget later. You’ll thank yourself in the future. Some people swear by Obsidian but I never sticked with it for big projects like Personal Knowledge Management system. Anyways, use what you want. Even Microsoft’s OneNote can be useful.
• Learn Networks.
• Drink water & eat healthy
• Set up your Github account and learn how use Hugo to set up your own blog using Github Pages. It’s free, fast, and everything you’ll learn along the way will be useful sooner or later. Especially Git.
  • Nobody will read it. That’s good. It’s for you only (For now).
• DO Networking (Pun intended: Connect with other people. Know what’s outside your bubble. At this point, it may be very small)
• Engage in CTFs (Hack the box, TryHackMe, etc.). If you don’t know what you’re doing, or where to start, it means YOU NEED to do this. Start here: THM’s Offensive Security Path , watch or read Writeups .
  • I may be the first person to maybe say this, but OSINT or Reconnaissance is enormously useful in IT in general, even if you don’t want to be a Pentester. A SysAdmin that knows how to Recon/OSINT? Ninja level 🥷 troubleshooter that “Knows his stuff and has situational awareness”. It has helped me enormously in my day to day activities, even if I’m not doing pentesting (Take my word on this. I don’t do Penetration testing as my main job, and maybe Recon has been the skill that has been there helping me no matter what I do).
• Take care of your mindset
• Learn Full Stack Web Development, not for mastery but for exposure. Take 1 course that teaches Backend + Frontend, even if you don’t aim to be a Developer.
• Develop good habits
• Learn 1 Public Cloud (i.e. AWS, GCP).
  • Prioritize IaaS (Infrastructure as a Service) over PaaS (Platform as a Service like Heroku and others)
• Known when your brain needs to stop and take some rest
• Follow your curiosity on weekends or whenever you feel like spending a few hours learning new things
  • “What’s this Docker thing?” Watch a couple videos on it to get exposure to it, use it, dive deep if you want or need it.
  • “What’s this Firejail thing I watched on a random Youtube video?” Again, learn it.
  • “What’s an API?” Perfect moment to learn an extremely important technology implementation in modern infrastructure.

This “formula” has made me as resourceful and inventive as I can be. I’ve had huge challenges professionally, and I’ve surfed them successfully thanks to this “inventiveness” I developed over the years.

A mindset shift

#

There’s no failure; there’s just feedback data. So get a lot of it, fast.

Notes on Money && Hardware

#

No, you don’t need fancy equipment. I started with a basic 2011 Acer Aspire student laptop, and it always was enough for me. I only saved for and bought fancy equipment years later when I actually knew exactly what I was doing and had a purpose for my new components. If you have the money, cool, just avoid analysis paralysis around what to buy, and focus on “what to learn”. Sometimes limitations make us more resourceful, and I think this is a time when limitations give us the best learning.

No money? Don’t worry, you can learn pretty much anything for free. For structured learning, you can use Udemy for $7 USD courses. Just buy them between Monday and Thursdays. The courses’ prices go up around weekends. A subscription of around $14 USD/Month on Tryhackme or Hackthebox will give you great returns, and it’s a great investment. You won’t regret stretching your money for this.

Imposter syndrome: My thoughts

#

Imposter syndrome is an urge our Ego has. A desire to “look good”. But that’s not the same as being good. So aim at becoming good.

There’s always more to learn, and there’ll be always things we don’t know yet. And the more we learn, the more this “void” expands. This is normal. If you don’t feel this void expanding and you feel like you know a lot, it’s because you’re in your comfort zone (Ego).

I’ve never had imposter syndrome. Why? Focus on collaboration, and creativity, not competition. Always try to add/improve/create, not to look like you know it all. If you know you lack skills in X, then you know exactly what to do next.