Infosecc is essentially my open notebook. It’s where I document the things I’m learning, the questions I’m digging into, and—honestly— the things I struggle with while navigating the world of information security. So much of the security content out there sounds incredibly confident and sterile, but very little of it touches on how security actually functions in a real-world environment. I’m talking about the messy parts, the budget constraints, the legacy systems that can’t be patched, and the constant trade-offs we have to make. This is my attempt to document that side of the work.
I’ve spent nearly a decade in large IT environments where the stakes are high. In those spaces, you quickly learn that security isn’t just about running a tool in isolation or following a checklist. It’s about balance. Systems have to stay stable, compliant, and available while staying secure. You realize early on that there is no such thing as a “perfect fix,” only informed decisions made under pressure.
My day-to-day experience has touched almost every corner of the field, from infrastructure and cloud security to deep-dive audits and those high-stakes risk discussions that never seem to have a clean answer. A lot of my perspective comes from hands-on experience and breaking things in my home lab, but even more comes from seeing what happens when a “perfect” theory survives its first contact with a production system (spoiler: it usually doesn’t).
Certifications have been a big part of my journey too. I’ve picked up the CCSK, ISC² CC, Google Cybersecurity, CompTIA Security+, and CEH along the way. I don’t see these as trophies or an end goal; I see them as a way to stay disciplined, revisit the fundamentals, and fill in the gaps that self-teaching sometimes leaves behind. Many of the posts you’ll find here are born from the notes and lab work I did while prepping for these exams.
One thing you should know: I intentionally keep specific organizational names and incidents off this blog. That’s a deliberate boundary. Everything I write is based on broader patterns and general experience rather than confidential data. If you’re in this field, you know exactly why that matters.
Infosecc is for the people who want to look past the buzzwords, IT pros moving into security, practitioners who want to tighten their fundamentals, or students who just want things explained in plain language. I try to write the way I think: direct, practical, and grounded in reality.
A final note: everything here is for learning. Please apply technical concepts ethically and only where you have explicit authorization. At the end of the day, security isn’t about showing off—it’s about understanding systems well enough to protect them.
If something here sparks a question or helps you look at a problem differently, I’d love to hear from you. Feel free to reach out through the Contact page.