Learning Security

Most of my day job is reliability: things break, alerts fire, you fix them. Security is the other half: what happens when someone helps things break on purpose.

I am not chasing a certification stack. I want the slice that makes platform work safer by default and to do that, I need better understanding.

Initial Learning Objectives

These are the parts that pay off first for someone in my lane:

• Least privilege and blast radius: who can reach what, and how bad is it when credentials leak?
• Threat modeling lite: what are we protecting, from whom, and what is the cheapest path to hurt us?
• Boring misconfigurations: exposed secrets, wide firewall rules, default creds, services that should not face the internet
• Homelab as practice: VLAN isolation that means something, not checkbox segmentation

Personal depth: exploit writing, red-team tooling, and compliance frameworks — not for checkbox theater, but to understand how attacks and audits actually work when you are not the one running the engagement.

How I plan to learn

Small experiments and reading when a project needs it. Tie-ins to Edge Observability and homelab network work when I document what I try.