Hi, I’m Leo — and I’m excited to finally launch this space to share stories, lessons, and experiences from my journey (so far) into cybersecurity.
If you’re expecting an expert with all the answers, this probably isn’t the blog for you.
But if you’re looking for someone who’s in the trenches — still learning, still growing, and still pulling the puzzle pieces together — then you’re in the right place.
How I Got Here
My path into cybersecurity wasn’t traditional, and honestly, it wasn’t even planned at first.
Before I formally transitioned into cyber full-time in 2020, I spent several years driving compliance initiatives — everything from Anti-Money Laundering and Counter-Terrorist Financing to Anti-Bribery and Corruption programs. It was meaningful work, but I kept finding myself drawn toward the technical side of problems.
Two projects really opened my eyes to cybersecurity.
The first was an investigation into financial fraud and money laundering where I realized that understanding technical infrastructure — like how websites were deployed, what plugins were used, or how DNS records overlapped — would have made a huge difference in connecting the dots across different properties. That pushed me into exploring tools like Wappalyzer, BuiltWith, and DNS research to uncover hidden linkages.
The second was a sort of “mini penetration test” on an internal tool my investigations team used. We were trying to understand if privilege escalation was possible by manipulating URL parameters or intercepting API calls. It was the first time I saw how systems talk under the hood — and how vulnerabilities could hide in plain sight.
Those moments sparked something I couldn’t ignore.
The Transition (and the Challenge)
Shifting careers into cybersecurity wasn’t easy.
I was already starting a family, living in a high-cost area, and taking a step backward professionally wasn’t an option. I needed to find a way to build cybersecurity skills while still keeping my day job.
Inside work, I volunteered for any projects that could give me more technical exposure — especially investigations that leaned heavily on open-source intelligence (OSINT) tools, regulatory frameworks, and understanding system vulnerabilities.
Outside of work, I jumped at the chance to support a newly formed cyber operations team with the California Military Department. They were building capabilities in incident response, penetration testing, SOC operations, and threat intelligence — and I learned everything I could from them, one late-night training session at a time.
What Keeps Me Motivated
At the heart of it, I love puzzles.
Cybersecurity is a giant, living puzzle — where frameworks like NIST CSF, PCI-DSS, and ISO 27xxx give you the box cover and edge pieces, but you still have to work with your team to find out which pieces fit, which are missing, and which need to be built from scratch.
Unlike my old world in financial investigations, cybersecurity had an amazing culture of open resources, community learning, and signals sharing. Instead of hoarding knowledge as “secret sauce,” people were giving it away to build a stronger industry. That’s what hooked me. And that’s why I want to contribute too.
Early Inspirations
When I was just starting out, lower-cost resources like YouTube and Udemy were lifesavers.
I learned so much from Heath Adams (The Cyber Mentor) — back when he was launching his early Practical Ethical Hacking videos. His story resonated with me: from accounting to the military to cybersecurity, all while making education accessible for the next wave of practitioners.
Mike Meyers’ Security+ courses on Udemy were another lifeline, helping me nail interviews and build a foundation of security knowledge when I needed it most.
Without those communities, I wouldn’t be here today. And this blog is my small way of paying that forward.
What You’ll Find Here
This space will mostly focus on what I know best:
- Security program implementation and oversight
- Regulatory engagement in the FinTech and payments space
- Reflections on building (and sometimes rebuilding) security programs
But I’ll also share broader cybersecurity thoughts, career insights, and lessons learned from both successes and stumbles.
Let’s Learn Together
This isn’t a one-way conversation.
If you find something helpful here, please share it. If you have better practices, different perspectives, or spot something I missed — I genuinely want to hear from you.
Subscribe for updates, interact with the posts, and let’s keep building better, more accessible security together.
Thanks for being here — now, let’s figure this out together.
