Senior Security Consultant, Ph.D. Candidate

What inspired you to pursue a career in cybersecurity?

My inspiration for cybersecurity came from hands-on experience identifying and exploiting security vulnerabilities in enterprise environments. Early in my career, I was tasked with assessing and securing critical IT infrastructures, where I quickly realized how misconfigurations, weak controls, and unpatched systems created serious security gaps.

The defining moment came when I conducted my first real-world penetration test, successfully gaining unauthorized access to a system that was presumed secure. That experience reinforced my commitment to offensive security, strategic defense, and proactive risk mitigation.

This drive led me to specialize in:

  1. Strategic cybersecurity development, seamlessly integrating offensive and defensive security measures through penetration testing, leveraging the Penetration Testing Execution Standard (PTES) to uncover and mitigate security gaps.
  2. Vulnerability management, ensuring continuous risk assessment and remediation
  3. Security advisory, helping organizations align security strategies with business objectives, mitigate risks, and strengthen their cybersecurity posture

Cybersecurity is a field that never stands still, and staying ahead requires continuous learning and adaptation. Whether leveraging autonomous agents for penetration testing, conducting advanced vulnerability assessments, or advising organizations on risk-based security strategies, my passion lies in securing systems before attackers can exploit them.

What certifications or qualifications do you have that help you in your role?

My expertise is backed by years of hands-on experience and industry-recognized certifications, validating both my technical proficiency and strategic approach to securing enterprise environments. These certifications include:

  1. Certified Information Systems Security Professional (CISSP)
  2. Certified Information Security Manager (CISM)
  3. Certified Cloud Security Professional (CCSP)
  4. CMMC Registered Practitioner (CMMC-RP)
  5. Microsoft Certified Professional (MCP)
  6. Microsoft Technology Associate (MTA)
  7. Microsoft Identity and Compliance (SC-900)
  8. Cisco Certified Network Associate (CCNA)
  9. gateProtect Security Professional
  10. gateProtect Security Consultant
  11. Certified in Cybersecurity (CC)
  12. CompTIA A+
  13. ISO 27001 Lead Auditor

I am a firm believer in continuous learning. Currently, I am in the dissertation phase of my Ph.D. in IT Leadership, focusing on IT managers’ strategies for securing organizational networks from cyberattacks. This academic pursuit complements my hands-on experience in security testing, vulnerability management, and security advisory services, allowing me to bridge the gap between research and practical implementation of cybersecurity strategies.

How long have you been in the cybersecurity field, and what changes have you seen over time?

With over 10 years in cybersecurity and 20+ years in IT, I’ve witnessed a significant evolution in the field:

  1. Vulnerability management has progressed from simple CVE patching to risk-based approaches that prioritize threats based on exploitability and business impact.
  2. Penetration testing has advanced from traditional network assessments to red teaming exercises involving adversary emulation and AI-driven attack simulations.
  3. Organizations now embrace Continuous Threat Exposure Management (CTEM) instead of periodic pen tests.
  4. Cloud security, API security, and identity-based attacks have become critical concerns as digital attack surfaces expand.
  5. A major shift I’ve observed is the move from reactive to proactive security strategies — investing in threat intelligence, attack surface management, and zero-trust architectures to mitigate risks before exploitation.

Cybersecurity has grown more complex, but the focus remains clear: anticipate, adapt, and protect.

What is one piece of advice you would give to someone starting in cybersecurity?

My advice is simple yet crucial: be intentional about your cybersecurity journey.

  1. Understand the foundations — While IT and cybersecurity are closely related, they serve different functions. Start as a generalist, gaining hands-on experience in both IT and cybersecurity.
  2. Don’t chase money or trends — Build a solid foundation before specializing in a niche. Choose a field that aligns with your interests and strengths.
  3. Find a mentor — Learning from experienced professionals can accelerate your growth and provide guidance.
  4. Stay updated — Cyber threats constantly evolve. Follow industry blogs, join security communities, and pursue ongoing education.

Cybersecurity is not a destination — it’s a continuous journey. Adaptability, critical thinking, and a passion for learning will define your long-term success.