About the Author

I started this blog as a way to document what I am actually learning, not just what I think I know.

I am a Cybersecurity MSc graduate from the University of Exeter, with a focus on security operations, detection, and incident analysis. Most of my time is spent working through SOC labs, analysing logs, and trying to understand how attacks actually show up in real environments, not just in theory.

Before moving fully into cybersecurity, I worked as a network engineer. That experience shaped how I approach problems. I do not just look at alerts in isolation. I try to understand the system behind them, how things connect, and where something subtle might be going wrong.

This blog is my training journal.

I built my own lab to get hands-on experience because I realised early on that reading about attacks is not enough. I needed to simulate them, break things, investigate them, and make decisions like an analyst would. That meant setting up SIEM tools, generating alerts, mapping activity to MITRE ATT&CK, and figuring out what is real and what is noise.

I have spent time triaging alerts, writing detection rules, reducing false positives, and analysing network traffic to spot anomalies. Sometimes things work as expected. A lot of the time they do not, and that is where most of the learning happens.

I am not writing from a place of mastery. I am writing from the middle of the process.

This space is where I think through problems, document investigations, and improve how I approach detection and response. If you are also learning SOC, building labs, or trying to make sense of alerts, this is for you as much as it is for me.