I work in cybersecurity for the public sector. My background is offensive. I got into this by breaking things. Now my job is making them harder to break.
Threat modeling, network segmentation, Zero Trust architecture, SIEM/EDR/XDR, access control, detection engineering. The unglamorous work that actually stops attacks.
I think like an attacker. Always have. The difference now is I use that to build things that hold, not to poke holes for fun.
// 02: Background_Log
I was eleven, playing Counter-Strike: Source, when someone hit me with an exploit. The weird part: it was two guys in the U.S. military. Instead of just laughing and leaving, they jumped on Ventrilo and walked me through exactly what they'd done and how to clean it up.
That was it. Computers stopped being things I used and started being things I wanted to understand from the inside out.
School made me the go-to "hacker kid" which meant I had to actually know what I was doing. A friend and I stayed in touch with those military guys. They ended up mentoring us properly, giving us VPS environments to test in and actual techniques to learn.
The rest came from IRC, forums, a lot of trial and error, and a personal rule: don't touch what you don't have permission to touch.
That foundation still shapes how I work. The curiosity never left. Neither did the ethics. I just got more systematic about both, and ended up in a job where breaking things on purpose is actually useful.
// 03: Methodology
I map how an attacker would actually move through a system. Not textbook paths, but realistic ones. Most audits miss the chains. I look for the chains.
Knowing how to break something doesn't mean you should. In the public sector especially, that line matters. I stay on the right side of it. Always.
Security that only works in ideal conditions doesn't work. I build for understaffed teams, tight budgets, and the real world. Not the one in the threat model.
// 04: Status: Active
Day to day: defensive operations, secure architecture, GRC. Not glamorous, but it's where most of the actual work lives.
The kid who broke things to understand them is still in there. Now he just has a mandate and a lot more at stake.
// 05: End_Session
If you work in security, GRC, or secure architecture, or you're just curious about how any of this actually works in a public sector context, feel free to reach out.
I don't sell anything. I'm just happy to talk shop.