The Foundation

Cybersecurity came through infrastructure. Before learning the offensive side of systems, I learned how they were built, managing servers, configuring networks, troubleshooting production environments. That background changed how I read attack surfaces: I look for what’s trusted, what’s assumed, and what nobody thought to question.

Where I’m Headed

The goal is to be genuinely good at the full stack, from on-premises infrastructure to cloud architecture, from exploitation to detection. Not surface-level familiar with everything, but deeply capable across the offensive and defensive boundary. That takes time and I’m not in a rush to pretend otherwise.

Right now that means cloud security research, privilege escalation tooling, and active researcher on HackerOne, Intigriti, and Bugcrowd. Confirmed findings on production targets. Learning something new on every program.

Why Research

Not just for the money. Because a well-chained attack against a real production system is one of the most honest technical puzzles that exists. Either it works or it doesn’t. The target doesn’t grade on effort.

That honesty is what keeps it interesting. Security is one of the few fields where staying shallow gets punished quickly and going deep always pays off. That’s the only environment worth working in.

This Site

A working log. Write-ups, tooling, notes… things worth documenting because they taught me something non-obvious. Nothing published until it’s worth reading.