DEV Community

Cover image for 15-Year Cybersecurity Career Journey: from newbie to CISO and Startup Owner
Ivan Piskunov
Ivan Piskunov

Posted on • Edited on

15-Year Cybersecurity Career Journey: from newbie to CISO and Startup Owner

#startup #security #cybersecurity

TL;DR

A story of relentless (self)learning, certifications, mastering different cybersecurity domains (Malware, Pentesting, DevSecOps, AppSec), and the mindset shifts that led me from a rookie in Irkutsk to launching my own tech startup.

Table of Contents

What is this article about?

This isn't just my story; it's a roadmap. I'm sharing my journey, complete with proof and resources, to show you what's possible with dedication and to offer guidance for your own path.

Why did I write this publication?

This post does not encourage you to buy anything. I am not self-promoting, I do not need cheap fame, and I have nothing to prove to anyone. I remember myself 15 years ago and I know how important support is at the start, during difficult moments, and at life's turning points. I want to show a real example through my own case of how a guy from a small Siberian town, from a poor family, and through difficult times was able to rise up, going from a hired entry-level employee to someone creating value and making a personal contribution to the world.

Work pays off, dreams become reality! This story is like a spark in the darkness, a ray of light, a sip of motivation and inspiration in a cramped concrete jungle. Wherever you have been and wherever you started, you can achieve everything you allow yourself to imagine!

I HAVE DONE IT - YOU CAN TOO!

Teaser

Begin the great journey with me: Newbie -> Expert -> Manager -> Leader -> Startup Founder. Take the best from my experience. Learn from my mistakes and failures. Don't give up, keep going, and you will reach your goal!

line chapter separator

WhoAMe

Ivan Piskunov is a Russian and international cybersecurity expert, ethical hacker, IT blogger, book author, lecturer at several Russian universities, and distinguished guest at several American colleges. He has made a significant contribution to the Russian cyber community and the development of the information security industry in Russia in the 2010s.

Since 2016, he has been a regular contributor to Hacker e-magazine [3]. In the same year, he launched his personal blog on the Blogger platform [1], where he actively developed the topic of information security issues. His first publications on information security began to appear in 2014 on the Anti-Malware portal [5]. In 2018, he launched his own Telegram channel, “White2Hack,” dedicated to information security issues for a wide audience [3].

After working for several years at various software development companies, he began working closely with Kubernetes (K8s) and actively immersed himself in DevOps security issues, resulting in the publication of his book “Kubernetes security. Guide for beginners from zero to hero” [2] in mid-2021, written entirely in English. At the same time, he launched another author's blog aimed at the international community on Medium [4], and then on Dev.to [9] and Security Exchange [10].

Under Ivan's guidance, several students successfully defended their theses at the Irkutsk branch of Moscow State Linguistic University (2014) and Moscow Polytechnic University (2020).

line chapter separator

Certificates and Professional Communities

  • 2012: VipNet 3.2 Certified Administrator
  • 2013: Member of the former Russian Information Systems Security Professional Association (RISSPA)
  • 2013: Microsoft Certified Systems Administrator (MCSA)
  • 2013: GNU/Linux Administrator (equal to LPIC-1 level)
  • 2014: Cisco Certified Network Associate (CCNA)
  • 2015: Former Member of the Ubuntu Community (LinkedIn society)
  • 2015: Certified Ethical Hacker (CEH)
  • 2021: Google Cloud Certified Professional Cloud Security Engineer
  • 2021: AWS Certified Security (SCS-C01)
  • 2024: Member of the International Association of Entrepreneurs and Executives by KrokIT Club (for current entrepreneurs, CEOs, and top managers)
  • 2024: Member of ReSpot (go-to online platform for seamless relocation, travel, and services in new countries)

Awards and Achievements

  • 2009/2010: Member of the CTF team Cr@zY Geek$, which took second and first place in the task-based and attack-defense competition
  • 2013/2014: Lead of the "IT Planet" national student Olympiad preparation program among Russian universities based at BSU
  • 2016: PHDays VII, speaker/workshop author on the topic "Modern technologies and tools for analyzing malicious software"
  • 2017: ZeroNight, sole winner team of the CarPWN competition (hacking Tesla car electronics)
  • 2017: Kaspersky CrackMe Challenge – 3rd place (reverse engineering of a sample malicious code)
  • 2017: ZeroNight, winner of the “Safe Hacking” by Mail*Ru competition as part of a team (opening an analog safe lock without using brute force tools)
  • 2016 – 2017: Hacker e-magazine, author of the only series of articles at that time in the Russian-language segment of the Internet on the topic of “Reverse Engineering of Malicious Software for newbies”
  • 2017/2018 academic year: winner in the “Best Lecturer” category, Department of Information Security, Moscow Polytechnic University ("IT World Skills Russia 2017" National University Olympiad)
  • 2018: Hacker e-magazine, the first series of articles in the Russian-language segment of the Internet on Digital Forensics and Cybercrime Investigation
  • 2018 – 2019: Member of the expert council and editorial board of the Reglament publishing house [16], which publishes several specialized magazines for the banking sector, where he oversaw the publication of articles on financial technology security issues
  • 2017: Creation of an educational offline course for children, “Ethical Hacking for Kids,” based on the "Coddy School" on-site programming school in Moscow, a training program that was unparalleled in Russia at the time of its launch
  • 2018: Launch of our own e-learning platform to rebuild the author's course “Ethical Hacking for Kids,” which has trained about 1,000 people aged 12 to 17 during its existence
  • 2017 – 2019: Informal supervisor of pre-diploma internships and diploma projects, consultant to dozens of students from various Russian universities studying information security
  • 2021: Author of the English-language book "Kubernetes Security: Guide for Beginners from Zero to Hero", available on Amazon Kindle and Gumroad platform
  • 2018 – 2021: Author of several training courses, lecturer at commercial educational institutions like Academy IT, HackerU, Skillbox, NTC, OTUS
  • 2022: Immigration to Europe as an expat, leading cybersecurity operations for an international financial exchange project
  • 2023: Publication of a brochure "Иван Пискунов | (Само)обучение. Исследования, факты и лучшие практики" (Russian language)
  • 2024: Release of the English version of the author's brochure "Ivan Piskunov | (Self-)learning. Research, facts, and best practices"
  • 2025: Launch of analytical blogs on several platforms: SubStack, VK, X, on topics not directly related to cybersecurity

My Career Journey

Phase 1: The Foundation - The Hungry Newbie (start in Irkutsk)

In 2005, I earned my high school diploma. That same year, I was accepted into a university to pursue a brand-new degree program: "Information Security Organization and Technology". It was a pilot program in Russian higher education, and my institution, the SALEM Academy, was one of the first to offer it. After five years of intensive study, I graduated with a Bachelor of Science in Computer Science, finishing with a near-perfect GPA of 3.92 out of 4.0 (the equivalent of a 4.9 on the Russian 5-point scale).

And then my job search began. It was hell. For several months, I wandered around company offices, took part in competitions for civil service positions, but never received an offer. So I took a part-time job in a related field that was in high demand IT administration to earn some money and finally find my place. I realized that the knowledge I had gained at university was quickly becoming outdated, and technology was developing so rapidly that I had to constantly learn new things (literally every few months). I was able to get a position as a security systems administrator at an engineering and construction holding company.

After a year, I was promoted to chief specialist, and shortly before leaving, I took on the responsibilities of head of the company's information security department. I looked at the profiles of successful people and copied their habits, mannerisms, and style of development. That's how I completed the Cisco CCNA course and received my certificate in four months. My employer then was able to train me through the MSCA discount program. As a student (my second higher education is a master's degree in economics), I was able to attend free training at ISACA, and I applied to join the Russian professional community RISSPA.

I bought books, downloaded articles, read blogs by well-known infosec experts (such as Alexey Lukatsky), and engaged in self-study. Later, I came to the conclusion that there were no prospects for my specialization in my hometown and that I needed to move to the country's center, to the capital, a city of great opportunities, high salaries, new contacts, and vacancies at large companies. So I completed my journey to becoming an information security specialist and prepared to move to Moscow.

Insights:

  • Graduating from university is not a guarantee of professional success.
  • To be in demand, you need to constantly study, practice, and adopt the best practices of your colleagues
  • The first job is about learning and gaining experience, not prestige and high income
  • Until you become a creator of value (content, contribution to the community), take all the best from industry leaders—copy their habits, lifestyle, and activities
  • Small town – small opportunities. Moving (relocation) is a great boost for a successful start

Failures:

  • In total, for the entire period described, I was out of work for several months. In 90% of all interviews, I received rejections or failed to answer questions. No matter what kind of expert you are, if your city lacks infrastructure, you are in little demand

Call to action

  • Move to a big city, a technology center, without wasting your time in a smaller town
  • Bet on self-education. Read blogs, forums, books, watch videos on YouTube, create your own labs for training

Phase 2: The Specialist - Becoming a Recognized Expert (The Moscow Leap)

In 2015, I first moved to Saint Petersburg (the second largest and most prestigious city in Russia), and then to Moscow a few months later. That's where I started all my key activities that helped me work my way up from the bottom, make a name for myself, and gain new opportunities. I continued to teach myself and, at the same time, launched my blog on the Blogspot platform. I went to interviews, learned about the requirements of the labor market in the capital, the style of communication, and the hiring process, which was significantly different from provincial cities. I applied to be a speaker at several major IT security events. I expanded my network of contacts and found a strong leader who gave me the chance to become a lecturer at a university, where I worked for a whole year, and also participated as a mentor in the All-Russian (national) student competition among universities.

I tried my hand at malware analysis, but when I didn't get an offer, I continued to pursue it as a “necessary” hobby. And in a few months, I was able to publish a whole series of articles in the largest e-magazine, Xakep. A year later, I became actively involved in penetration testing, set up VMs, ran various utilities, trained on simulators, and when I couldn't get through, I searched for clues on the internet. However, penetration testing did not inspire me; it was difficult, perhaps financially rewarding, but not that interesting to me. So I tried my hand at digital forensics, studied several books, and watched all the available videos on YouTube.

At that time, my English was still poor, and most of the material I received was in English, which later proved to be very useful. I published another series of articles, the first comprehensive one in the Russian-language segment of the internet. This attracted potential customers, and within a year and a half, I was able to complete several cases as a freelancer. But forensics was not in high demand, and the question arose of what to do next. I decided to enter a new niche at the time called DevSecOps, and in parallel with it, AppSec, which is now also known as Security Operations (SecOps).

InfoSec blogger

My first step in building my career was becoming a blogger, specifically a technical blogger. I launched my first platform to publish various analytical materials and useful articles. Essentially, I tried to share everything I would have wanted to read myself at some point.

Later, I realized I could expand my reach and target the international market. So, I launched blogs on platforms like Dev.to and Medium, where I published content in English. This experience was a major contribution to my personal and professional growth. The process of writing itself became a deep learning experience.

I am truly gratified that I can share my expertise and help people across different countries and continents through the power of the internet.

Xakep e-zine author

I remember, even back in school, I was an admirer of "Hacker" magazine. It was the only Russian-language media outlet at the time that published content related to computer security and IT infrastructure in general.

Later, at university, where I studied Linux, operating systems, and networking, my professors would actually send me to "Hacker" magazine to learn about security practices and how these systems could be compromised.

Then, while working at my first job as an information security specialist in Irkutsk, I would get my hands on the magazine through friends and colleagues. I read it thoroughly, immersing myself in the material. It was incredibly engaging. Back then, I never even dreamed of becoming an author myself.

In 2017, I reached out to the magazine's editorial board. They offered me a chance to join the team and become an author. I accepted, and I successfully launched several series of my own publications. I am incredibly proud to not only be an author but also a member of the editorial board.

Malware researcher

While still in my third year of university (2007/2008), I became fascinated with reverse engineering. At the time, there were very few learning resources available. Books were nearly impossible to find, instructional videos did not exist, and there were no visible specialists or experts in my city who could teach me.

Therefore, I found a portal called CrackLab Studio, which had compiled the best available materials at the time. I ordered a DVD by mail, which contained textbooks, tutorials, various documents, samples, crackme challenges, and software used for reverse engineering, debugging, and disassembling—all essential for studying programs without access to their source code.

This laid a solid foundation that I was later able to apply to reverse engineering malware in 2017.

Penetration tester

Another fascinating chapter in my career journey has been learning and practicing penetration testing. It's one of the most in-demand, well-known, and popular fields within cybersecurity.

Often, people perceive cybersecurity solely through the lens of hackers breaking into systems, stealing data, and bypassing security measures. However, the reality is that cybersecurity is much broader, and significant effort is spent not just on exploitation, but also on defense.

Fortunately, there were plenty of learning resources available. I started with Russian-language materials and then moved on to English-language sources—books, videos, and blogs by renowned pentesters. I set up virtual machines, and if I got stuck on a problem, I would watch walkthroughs, repeat the steps, and work through it again, all while taking detailed notes. I practiced relentlessly.

Eventually, I built up a solid foundation of knowledge that allowed me to take on freelance assignments as a pentester, contribute expertise, and participate in red teaming exercises.

I don't consider myself a professional pentester today, as I haven't worked actively in that field for over five years. Nonetheless, this phase was a major contribution to my professional development and career. The knowledge I gained is incredibly valuable and essential for any security professional.

Forensic analyst (DFIR)

After conducting penetration tests and reverse engineering malware, I realized that digital forensics could be a particularly interesting field to explore. Again, at that time, there were very few educational materials available, so I had to seek out resources—typically English-language books, followed by YouTube videos and expert blog posts—to learn the fundamentals of the craft.

I set up virtual labs, launched virtual machines, studied case files, and practiced relentlessly. Eventually, I gained enough experience to be able to investigate and resolve certain cyberattacks and security incidents.

I wouldn't say I became a super expert in the field, but I acquired solid, hands-on experience that proved valuable later on. I was able to complete several freelance assignments and successfully unravel the chain of attacks in those investigations. I later wrote about one of these cases for Hacker Magazine.

Speaker at events and workshop leader

Another integral part of my professional journey, and one that has significantly contributed to my success, is public speaking at various information security events, conferences, and forums.

My first speaking engagements took place back when I was a university student in 2007, and then again after I earned my second degree in 2014. I began speaking regularly as a professional presenter in 2017.

I successfully presented at several events, achieved a major milestone by speaking at a European international conference in 2020, and submitted a talk for Black Hat USA in 2021. I continue to speak periodically at various cybersecurity events.

University lecturer

During my university studies, I discovered a strong passion for creating and preparing my own lecture summaries and key point guides for the subjects I was studying, which I then shared with my classmates. In my second year, I had my first experience as a public speaker when I defended my semester project and received exclusively positive feedback.

Later, I felt a growing desire to share knowledge, help junior colleagues and beginners—those just starting their journey—and to contribute to the field of cybersecurity and the learning process as a whole. This led me to become a university lecturer. At that time, my motivation wasn't financial; I was driven by the pursuit of status, the opportunity to be part of the university community, to help fellow students, and to establish myself as a public speaker.

This early experience laid the crucial foundation for the continuation of my teaching career and how I later conducted commercial courses. It also played a key role in the publication of my brochure, which encompasses all the experience I accumulated over ten years through both self-study and my formal university student teaching.

Summary:

  • ITGC SOX404 Auditor: "Understanding business risk and compliance was a game-changer."
  • University Lecturer: "Teaching others solidified my own knowledge."

Insights:

  • In most companies (employers), you are just an executive mechanism. To be able to influence a product/service, you need to grow not only in expertise but also in your position
  • Self-study and development of competencies require sacrifice. You temporarily give up rest, travel, time with friends and family. But if it gives tangible, visible results, then it is worth it.
  • While you are young and full of energy, you can work more, sleep less, and get tired less. Use these advantages to create a solid background. One day, your results will work for you even when you are resting
  • Don't be afraid of rejections. Learn useful lessons from them. Shock and surprise, stand out from the crowd. Don't be afraid of other people's opinions about you; your life is your rules and your scenario. Everyone once did something for the first time and did not have the knowledge or necessary experience.
  • Don't be afraid to take long breaks in activities. Create through inspiration, not through coercion. Be 1% better per month, and you will be better than 95% of ordinary people
  • Take private orders, don't be afraid of freelancing. Even failed projects are experience and the foundation of your quick success
  • Choose one or two key areas of your professional field and delve into them as deeply as possible
  • Having business connections is often more effective than professional competencies. Build your network

Failures:

  • The excessive workload (self-study, 6/9 work 5 days a week, blogging, writing articles, launching a TG channel, etc.) led me to burnout. I gave up writing articles and blogging for several months.
  • The statistics are very harsh and true. Only 5% of the entire student audience were ready to invest in learning. The rest were half-hearted about it. No matter what you do, what quality lectures, workshops, or interactive classes you give, it is impossible to teach everyone. It is impossible for everyone to have high grades. And not everyone appreciates your work no matter how hard you try. If you take this to heart, it can lead to apathy and disappointment. The key is that if you helped at least one person change their life for the better, teach, pass on knowledge that made them a professional – the goal is achieved!

Call to action

  • Keep trying until you get there; people often stop one step away from success. Don't look at them, watch yourself
  • Create content (blog, notes, forum, GitHub, video interviews, speaking at events), leave your mark on history
  • Be a T-Shaped Person: Develop broad knowledge (the top of the T) but go deep in one or two areas first (the leg of the T).
  • Share Your Knowledge: Start writing, even if it's just for your blog. It builds reputation.

Phase 3: The Evolution - Shifting Left (DevSecOps engineer, AppSec handler, SecChamp, and later a Product Security Manager)

This stage of my career journey is probably one of the most intense and important. I grew qualitatively as an expert, entered a new market niche at that time (DevSecOps). I finally began to speak and understand spoken English, read original documentation and newly published books. I was able to continue my public activities and speak not only at Russian but also at international IT/CyberSec forums and events. I became an expat. I did several projects for an American company as a freelancer. This laid a solid foundation for my further growth (as a professional) and forward movement (in my career and in terms of immigration).

DevSecOps master

The first release of Kubernetes was on June 7, 2014. The term "DevOps" was coined a few years earlier - in 2009 in Belgium. I noticed the first DevOps vacancies in Moscow in 2015. The DevSecOps concept arose in response to the growing need for security integration within the DevOps process. The first DevSecOps Summit conference was held in 2016. And the cultural transition from DevOps to DevSecOps in Russia, in my opinion, happened in 2018. But significant demand for DevSecOps specialists began in 2020.

In 2018, Gartner identified the Application Security Testing Orchestration (ASTO) area in its annual Application Security Hype Cycle report, and in 2019 this segment was renamed Application Security Orchestration and Correlation (ASOC).

Key Technologies & Trends by Year
2018: The Hype Cycle for Application Security focused on technologies and services to reduce application risks and complexity.
2020: The cycle highlighted emerging cloud security technologies like Cloud Security Posture Management (CSPM) and the introduction of SASE (Secure Access Service Edge) concepts.
2021: The Hype Cycle introduced significant trends and advancements, including the emergence of ASPM (Application Security Posture Management) and AI-driven security testing, while Runtime Application Self-Protection (RASP) was removed, indicating maturity beyond the hype cycle.

I've open-sourced all my practical notes, configs, and guides from this era here.

Summary

  • Learn to Code (at least read it): Understanding Python, Bash, and infrastructure-as-code (Terraform) is non-negotiable.
  • Speak the Language of Developers: Your goal is collaboration, not confrontation.
  • Automate Everything: If a security task is manual, it won't scale.

Security Champion (AppSec SecChamp)

Having gained extensive technical experience and honed key skills in DevSecOps and AppSec, I was able to apply for a newly created role in the company called Security Champion. This position attracted me with new opportunities, set a new level of responsibility, but also undoubtedly brought freedom of action. As a SecChamp, I could influence technical decisions rather than just administer them as I did before. I moved away from the routine of analyzing SAST/DAST scanner reports and creating tasks to implement fixes in vulnerable code.

I began to bring a culture of cybersecurity to the company and became an advocate (a center of competence, an authoritative figure) on cybersecurity issues for all teams and their members. The implementation of processes from the BSIMM model yielded results: testing time was reduced by 25%, and the speed of applying fixes to the code by 30%.

And what else did I learn while working as an engineer? The zoo of open-source solutions does not mean “free” and does not mean “quality.” Such solutions often require more time to refine and support than commercial products with out-of-the-box functionality. ASOC, followed by ASMP, is a mandatory standard for software development companies that have moved beyond the “early stage”.

Product Security (ProdSec Manager)

Realizing that technical work as an engineer (an executor, a subordinate element of the system) no longer interested me and did not give me the opportunity to influence the product, the logical next step was to move from SecChamp to Product Security, a position where I was listed as ProdSec Manager. In essence, I was the main person responsible for the security of a specific product in the company. Essentially, it was one product—a financial exchange—and the company was a startup with a four-year history. ProdSec is much broader than classic code security (AppSec) and DevSecOps (application development and delivery infrastructure). This became a challenge for me. I immersed myself in compliance, a large number of different standards and documents, covering all product security issues at a glance.

In a few months, I was able to develop my own product security framework, which became an internal corporate standard. It was a key document describing the entire workflow, controls, reporting areas, domains, and lists of organizational and technical measures aimed at ensuring security. But no one is immune to surprises. One day, out of the blue, I was informed that the project development budgets had been exhausted, there were no more resources, all initiatives were being frozen, and contracts for software purchases and expert reviews from suppliers were being suspended. I wouldn't say I was unlucky. I managed to accomplish a lot, gained new experience, and expanded my knowledge.

And I realized that a new stage in my life was beginning, something I had been working toward for so long, but which I had always remembered and kept in my heart.

Summary:

  • My mindset shifted from "finding bugs" to "preventing bugs." From securing IT infrastructure to securing the code itself. Understanding the developer's world (Agile, To-Do planner, Kanban, Sprints, Daily standup, etc.).
  • As a Security Champion (AppSec): My role was to enable developers, not to police them.
  • As a Product Security Manager: I now owned the security posture of entire products, balancing risk with business goals.

Insights:

  • Job offers in the international market are often better than in your home country (except for the USA and some European countries)
  • Do not get involved with government agencies, the military-industrial complex, or the army. This will impose certain restrictions if you decide to immigrate to other places or get a job in international companies
  • Create content in English, position yourself as an independent specialist, an independent expert (not an employee of a company, not engaged by anyone)
  • All the best, most relevant materials are written in English. Do not wait for a translation into your native language; read the original
  • Professional certification is not a panacea. Get a certificate only if you have free money and time for it. Experience is more important than papers. Practice is better than theory.
  • Do not linger where you are not appreciated. Create value yourself. Your wildest thoughts and dreams are your best projects!

Failures:

  • My blog was not very popular for a long time, and the first articles and analytical materials contained stylistic flaws and were not colorfully designed. However, with each publication I grew as a professional, and my quality improved.
  • During the COVID-19 shutdown, I tried to launch my online course on cybersecurity (penetration testing, digital forensics), but the minimum number of listeners from my White2Hack Telegram channel was not reached, my expenses exceeded the potential income, and I had to abandon the activity.
  • Some training centers and computer schools, according to the contract, appropriated all the results of my intellectual work (training program, lab work, cases, certification materials, VM images, manuals, handouts). Each year in a new school, I had to create a training course from scratch.
  • For a year, I was looking for a job with the possibility of relocation (work visa, employment contract) in a European or American company. A third of the rejections were due to my imperfect English at the time, another third due to geopolitical issues, and the remainder due to the fact that I was unable to negotiate favorable terms for me.

Call to action

  • Learn ENGLISH! Learn ENGLISH! Learn ENGLISH!!! This is your ticket to the big world
  • Immigrate if you have the opportunity, don't waste time
  • Create content, generate value, give more and you will receive more

Phase 4: The Leadership - The CISO Role

As we know, the world is small, and the earth is round. The cybersecurity industry is even smaller, and after years of working in it, you get to know the key players in the market and well-known professionals. And then, one day, my reputation began to precede me. A small development studio approached me for help with auditing the security of their IT infrastructure and ensuring the security of their product (fintech). So I started this internal career track as a specialist and ended it as a CISO.

Our product turned into an ecosystem, entered the international market, and got a new headquarters in the UAE. Now I mainly performed representative functions and was more responsible for strategic security management. The size of the company allowed a significant part of the information security functions to be outsourced. And, you know, after changing to the position of CISO, people's attitudes also changed. If you are an authoritative specialist, you receive attention and respect from a narrow audience, but if you are the director of a certain department, you enter a different circle of communication—C-level people, investors, event organizers, PR experts, and people from the sales and marketing spheres. And this is already a global responsibility—managing a team, contractors, participating in budget development, and so on.

However, as paradoxical as it may sound, with my new position, my income did not increase significantly, while my expenses only grew. This was a clear signal that it was time to change companies or look for another way to grow my opportunities. No matter what position you hold as an employee, you are limited by the terms of your contract and your loyalty to management.

And after COVID-19, the dispersion, mass layoffs, economic and political sanctions against Russia, and the war in Ukraine were the final straws that made it clear that something had to change.

Summary:

  • My Mindset changed: Transition from technical leadership to business leadership. Risk management, strategy, communication with the board.
  • Moving from "how" to secure to "why" and "what" to secure based on business objectives.
  • Building and leading a team, managing a budget.
  • Learn Business Acumen: Understand your company's P&L, goals, and market.
  • Communicate in Terms of Risk: Translate technical vulnerabilities into business impact.
  • Your Network is Your Net Worth: Your ability to solve problems often depends on who you know.

Insights:

  • Promotion in position gives growth not only in income but also in the creation of a personal contribution (value) to the final product/service (result)
  • In management, the most important thing is strategic thinking and relationships between team members. The boss is an exploiter. The leader is the most effective member of the team, who has taken on most of the responsibility. A leader without a team is ineffective; a team without a leader is of little use.
  • Personal communication and live meetings are much more important than correspondence and indirect communication
  • New tasks and difficulties are not problems; they are challenges, a chance to show yourself, to find a solution that does not yet exist

Failures:

  • I wouldn't call it a failure. However, I have personally experienced that even when holding a high position, if the project is not interesting and the tasks are only routine, then over time you lose motivation and aspiration. For many in this situation, the "golden handcuffs" principle works and they tread water for years in the same company, doing uninteresting things and burning their lives without a purpose.

Call to action

  • Grow in position (not only in depth) vertically. Take on leadership positions
  • Create a financial cushion, set aside at least 10% for your business, because the market is unstable and you can lose your job

Phase 5: The Ultimate Test - The Startup Leap

Finding myself in a new country, in a new community of people who think differently than in my homeland, without the opportunity to apply for a job position (in Russia, relocants are prohibited from working in many commercial and state-owned companies, and in the EU, many employers require office attendance, and in the US, starting in 2022, there were massive layoffs at Big Tech), with the feeling of a new milestone in my life, I was forced to look for something new, something I had never done before.

I always had the idea of a startup, my own business, in my head, but being busy all the time with other things, pursuing other goals and priorities, I put it off year after year. The time has come for this seed to grow and blossom! My long-standing connection with interesting and progressive people led me to the KrokIT IT accelerator, where I presented my project, showed blueprints, received support, and was able to assemble the first team to create an MVP.

Summary

  • Mindset changed from managing risk to embracing it. Builder vs. Operator. Product vision, market fit, and relentless execution. No technical routine (like line-level engineer stuff)
  • The decision to leave the comfort of a high-level job and build something from scratch.
  • Defining the vision and mission of your own IT startup.
  • Applying all your accumulated knowledge (technical, product, business) into one focused venture.
  • It's a Marathon, Not a Sprint: Resilience is the most important skill.
  • Validate Your Idea Early: Talk to potential customers before you write a line of code.
  • Your Past is Your Superpower: Your unique journey is your differentiator

Insights

  • A startup (your own business) is not for everyone. You need to have a certain internal state, self-awareness, and inspiration for this activity
  • A successful startup = a popular product, value for the user, something that changes life for the better, creates new opportunities, comfort, quality
  • Be ready to invest all your savings in the startup at first and work very hard
  • A product/service is an opportunity to change something, to make it better; first of all, it is a solution to a problem/customer request; money is a reflection of the value that you create
  • A new country = new thinking, different priorities, education. You cannot do something new using old thinking or actions (that worked in your home country)

Failures

  • I spent most of my own money on the launch and waited a long time for the payback.

Call to action

  • Be prepared for failures, have a backup plan, have a reserve fund. Failures are part of the path to success
  • Communicate more, meet more new people, talk about yourself as much as possible
  • Study new areas (marketing, presentations, communications, recruitment, financial management)
  • Managerial skills (communications, financial literacy, recruitment) and business qualities (privacy, integrity, respect, compliance with agreements) are more important than technical knowledge

The Unremarkable Beginning

This isn't the most critical part of the article, and to be honest, I was on the fence about including it. But in the end, I decided to put it in to show you my real starting point—where I was before university, back in my childhood and school days.

I wasn't some child prodigy. I didn't have any extraordinary talents or unique opportunities handed to me. I didn't get my first personal computer until I was 15, already in high school. In computer science classes, I wasn't particularly passionate about programming. Sure, I could write code and solve basic problems, but my real interest was more in IT tech and gaming. Unlike some of those famous tech whizzes, I didn't have an Atari or a ZX Spectrum as a kid. I wasn't coding from the age of six. I didn't have a strong circle of people around me to look up to or to teach me about technology from the cradle. I was just an average kid, a regular guy growing up, watching the world around me, and trying to find my way out.

The truth is, I started with nothing special going for me. Everything I’ve accomplished, I achieved as an adult, after I graduated from university, when I was already becoming my own person.

I'm incredibly grateful to my father, who gave me the right mindset. He showed me that becoming a skilled specialist was a path to a better life. He taught me that knowledge workers who can generate real value are always in high demand. Back in those days, with IT booming, a lot of people saw their future in computer technology. Almost no one was talking about cybersecurity specifically; folks outside the industry mostly talked about programming, server administration, software development, maybe building websites, or doing tech support and maintaining local networks.

My father installed that crucial mindset in me, which was a major wake-up call. By the time I got to university, my approach to learning was completely different from how it was in school. I became seriously dedicated. I saw my education as a chance to become a true professional—a sought-after expert. It was my path to earning a good living and, ultimately, achieving the dreams I held in my heart.

The Bottom Line:

With this section, I want to drive home one point: Even if you didn't have any special talents, a supportive environment, or a head start—even if you got a late start compared to someone who was hacking systems at 12—you still have a shot. Your success depends on you. You can make it. Look at my story. If I made it, so can you. It doesn't matter where you come from; what matters is who you are and what you're determined to achieve.

A journey of a thousand miles begins with a single step (с) Chinese Proverb.
And all you ever have is now.

..and one more small addition

And by the way, I want to be clear about something: Despite all the scripts I've written, the KS8-Shield project I developed, and the countless shell scripts I've created to automate Linux routines, I don't consider myself a developer. I'm not a naturally gifted programmer. My process was simple: I surrounded myself with textbooks, manuals, how-to guides, cheat sheets, and checklists. I wrote tons of code, then debugged it for hours—sometimes hunting for a single error all night—until I finally got it working. I don't have any special talents; I just made up for it with hard work.

The Point of No Return

What I'm about to share isn't about cybersecurity, professional skills, or my career trajectory. But I believe it's absolutely critical for gaining clarity, for setting the right priorities, defining your personal values, and finding your true north in life.

Not too long ago, I went through at least two major episodes that forced me to completely rethink my outlook on life and recalibrate my entire path. I was hospitalized and even spent some time in the ICU. Lying in that hospital bed, I had a lot of time to think about what I’d done in previous years and where my life was currently headed.

Here’s what I want to say: It doesn't matter if you're a top-tier professional, an expert, a public speaker, a big-shot executive, or a business owner. First and foremost, you are a person. Your family and your kids need a real father. Your wife needs a loving husband. Your friends need a true friend—just a decent, present human being. It's so important not to confuse your life with your resume. The goal is to live a full life, where your career and its achievements are just a part of it—a piece of your overall success, but not the entire point.

Value the time you have. As Steve Jobs said, “If today were the last day of my life, would I want to do what I am about to do today?” Ask yourself that question every morning. Listen to your gut. And go do what you're here to do!

Insights

  • When you're young, you can burn the midnight oil, skip sleep, eat junk, forget to rest, and still bounce back, managing to get a million things done. But as time goes on, especially after you hit 30, your body needs support. It needs maintenance. If you ignore that, it will catch up to you in a bad way.
  • So, pay attention to your health. Make it a non-negotiable to set aside part of your income to support a healthy lifestyle. Take care of yourself, because if you don't have your health, you have nothing. No professional success, no career milestone will bring you real happiness. Without it, life can feel like a grind.
  • Do things that light you up. Do things that bring you joy, that benefit you, your family, your loved ones, and the world at large. Engage in things that truly matter. Don't just kill time. Don't put your projects off until tomorrow—tomorrow isn't guaranteed. Do everything you can. Use every chance you get, every single day. That's the power of living in the "here and now."
  • Kiss more. Hug more. Don't be shy to tell people what they mean to you. Spend your money less on things (cars, real estate, clothes) and more on experiences (travel, adventures, etc.).

A Call to Action

  • You’ve gotta have a safety net for life's emergencies. Sure, you can rely on government healthcare, but that's a risky bet. Always have your own finances in order so that in a worst-case scenario, you can get emergency help immediately. This isn't about ditching public insurance, but about knowing that at the end of the day, nobody is going to take care of your insurance but you.
  • Find your purpose. Find your "why." Imagine you're gone, and you're looking back on your life. How would you have made it the most exciting and fulfilling journey? What mark would you want to leave? What song did you want to sing for the world?

Now... go make it happen. Sing that song! Write it! Build it

Conclusion: The Journey Never Ends

Life is an adventure, a great journey. We all start from scratch. Every goal achieved is just another stage of this journey, a milestone, but not the final destination. Always move forward, fulfill your mission, realize your potential, give it your all, and win the game!

I would like to say in conclusion: Continuous learning, sharing knowledge, and embracing new challenges.

Your path won't be the same as mine, but I hope seeing my journey proves that with deliberate effort and passion, you can shape your career into anything you want. Now go build something amazing.

My journey continues too. And perhaps soon I will tell about it in my new publications!

  • What is Next?:
    • Follow me on Dev.to, Medium, SecExch, X & GitHub for more insights and updates on my startup journey.
    • What was the most pivotal moment in your career? Share your stories in the comments below!
    • Explore the repositories I've linked for practical, hands-on knowledge.

Let's stay in touch!

Top comments (0)