My brief cybersecurity adventure

CybersecurityCryptographyEthical Hacking
Published Thursday, April 18, 2024

How It Began

In early 2023, my girlfriend moved to Parma to continue her studies. At the time, I was working as a junior backend developer at Tecsis S.r.l., mostly handling backend infrastructure and APIs. Thanks to a flexible remote work agreement, I decided to join her, and with that, came a change in pace and scenery.

But a new city and a comfortable routine eventually gave way to stress and restlessness. Tight deadlines were draining, and I craved something fresh to learn. Cybersecurity had always intrigued me, the puzzle-solving, the ethical edge, the technical depth. So I started dabbling during evenings and weekends.

Before long, I realized I wanted to take it seriously. In June 2023, I left my job to study cybersecurity full-time. In hindsight, it was an ambitious leap. But it taught me more than I expected.

First Steps into Cybersecurity

Like many others, I began with cryptography. I read books, watched lectures, and experimented with basic encryption and decryption. I gradually branched out into ethical hacking and security tooling, learning how to use:

  • Nmap for network scanning

  • Wireshark for packet analysis

  • Metasploit for exploitation

  • Burp Suite and OWASP ZAP for web application testing

I also explored Linux and Windows security, writing scripts in Bash and PowerShell, experimenting with Active Directory environments, and studying common vulnerabilities like misconfigured Kerberos.

It was all deeply technical, and at first, deeply fun.

Reality Check: When Knowledge Meets Application

After a few months of study, I felt ready to test my skills. I signed up for platforms like Hack The Box and TryHackMe. That’s when things got real.

Despite all I had learned, I hit walls. Basic challenges felt overwhelming. I followed tutorials, but rarely completed anything without referencing write-ups. My confidence took a hit.

So I took a step back. I revisited foundational topics, this time with a focus on doing, not just understanding. I set up local labs, broke things on purpose, and read fewer books and more source code.

But even after weeks of that, progress was slow. I struggled with tasks that others called "easy." I knew enough to understand why things worked, but not enough to make them work on my own.

The Turning Point: Realizing It Wasn’t the Right Fit

Eventually, I had to confront something uncomfortable: I loved the idea of cybersecurity, but not the day-to-day reality.

The constant mental load, the pressure to think like an attacker, the meticulous detail, it didn’t energize me. It drained me. I realized that to thrive in cybersecurity, I’d need a level of obsession I simply didn’t have.

This wasn’t a defeat, it was clarity.

Back to Software Development (And Moving Forward Smarter)

With that realization, I pivoted back to software development, this time with a broader mindset and some valuable battle scars. I started revisiting frontend technologies, experimenting with design systems, and building personal projects like:

  • Another Password Manager
    A simple, secure, cross-platform password manager built with TypeScript and Electron. (Yes, the name’s tongue-in-cheek—because the world needs one more, right?)

  • This Portfolio Website
    A space to share my work, my experiments, and lessons like this one.

What I Took Away (So You Don’t Have to Learn It the Hard Way)

  1. Try before you leap.
    If I could rewind, I’d start with part-time study while keeping my job. Going full-time into a new field is admirable, but risky without testing your fit first.

  2. Theory ≠ Practice.
    Reading about exploits is not the same as finding or executing one. Until you apply what you learn, daily, you don’t really know it.

  3. Know your energy source.
    Cybersecurity demands focus, curiosity, and resilience. If it doesn’t light you up, you’ll burn out. And that’s okay.

  4. Quitting isn’t failure.
    Knowing when to walk away is a skill. I learned more in those few months than in years of passive curiosity. And I wouldn’t trade that experience.

Final Thoughts

I didn’t become a security expert. But I became a better developer. I understand how systems break, how data leaks, and how attackers think. I gained empathy for security professionals, and a clearer sense of what kind of work brings me satisfaction.

And maybe that’s the point of detours: not to arrive somewhere, but to understand where not to go, and why.

I’m still building, still learning, and unafraid to explore what’s next.