ABOUT
The Story Behind
The Analyst
From kitchen operations to security operations — five stages of a non-traditional path into cybersecurity, told in first person.
2022–2025
The Kitchen
I learned how to operate under pressure long before I ever opened a terminal. Running a kitchen line during Friday dinner rush — orders stacking, tickets flying, three timers in your head at once — that's where operational discipline gets hard-wired.
I managed kitchen staff at Leopold's and worked the line at Boston Pizza, Earls, and St. Louis. The job wasn't glamorous, but it taught me something no certification can: how to stay calm when everything is on fire, document what happened, and figure out the root cause later.
I didn't know it then, but I was already developing the incident response mindset. In a SOC, an alert fires — you triage, escalate, and write the post-mortem. In a kitchen, an order goes wrong — you fix it fast, you communicate clearly, you document why. Same mental model. Different domain.
2023–Present
The Guard
Getting my Alberta Security Guard license was the first time I wore a professional identity I could build on. Impact Security, ADESA Auction, Covenant Health — I was monitoring systems, managing access, and writing incident reports. The work was physical, but the thinking was analytical.
I started noticing the parallels immediately. CCTV monitoring is log monitoring. Access control is IAM. Incident escalation is SOC escalation. The language was different but the mechanics were identical.
The 5 W's framework I used to write incident reports — Who, What, When, Where, Why — is the same structure used in digital IR documentation. I was doing security operations before I knew what that phrase meant in a technical context. That realization made me want to go deeper.
2022–Present
The Developer
I taught myself to code during the pandemic and never stopped. What started as curiosity became a freelance practice — building full-stack applications for clients, managing Ubuntu servers, and learning the hard way that security has to be designed in, not bolted on.
I built ImmigrateX, a Next.js SaaS platform with authentication, RBAC, and payment integrations. I ran the server — UFW rules, SSL/TLS certs, PM2 process management, cron jobs. I configured monitoring and set up alerts when things broke at 3am.
Every OWASP vulnerability I studied became concrete when I was the one patching it. SQL injection stopped being a concept when I understood parameterized queries not as a best practice, but as the only correct way to talk to a database. That's the developer-to-defender bridge: knowing how attacks work because you've written the code they target.
2024–Present
The Analyst
This is where everything converged. ISC2 CC. Google Cybersecurity. CompTIA Security+. A home lab running on real hardware — Windows Server 2022 domain controller, Ubuntu web server, Kali Linux attack box, Wazuh SIEM. Not a virtual sandbox. A production-grade simulation lab I built myself.
I'm running Wazuh agents on every endpoint. I write detection rules. I generate attack traffic and watch it hit the SIEM. I run Nmap, Hydra, and Gobuster against my own network and see exactly what the defender sees on the other side.
Security+ is earned. TryHackMe SOC Level 1 is 65% complete. Every lab builds the muscle memory for the role I'm targeting. I don't want to study security — I want to practice it. The home lab is where that happens.
Target: 2025–2026
The SOC Analyst
This is the role I'm building toward. SOC Analyst — Tier 1 at a company in Edmonton, or remote. Every cert I'm earning, every lab I'm running, every detection rule I'm writing is aimed at this exact outcome.
I'm not just studying the theory. I understand what a SOC shift looks like. I know how to triage an alert, how to write an escalation ticket, how to build a timeline from log data, and how to document an incident from detection to closure.
The path after that is mapped out — T2, Security Engineer, Security Architect. But right now, the mission is to land the first role, build real experience, and prove that the home lab, the certs, and the mindset that started in a kitchen and a guard booth actually matter at the SOC level.
I'm ready. This portfolio is the proof.
WHAT'S NEXT
Ready to see the work?
The story is the context. The lab, the certs, and the projects are the evidence.