MY JOURNEY:
one ENDLESS LIFECYCLE
On November 11th 2022, after 8.5 years working in software development as a QA Tester & Analyst, I was made redundant on a company wide Slack message. At first I saw this as a setback - a disruptor to all plans made. And it was. Every plan I made - cancelled. After the initial panic subsided, I realised that I had fallen out of love with testing a couple of years ago, and this was the perfect time for a career change.
Why Cybersecurity?
Honestly, I've always been drawn to crime-related fields. There's something fascinating about understanding how people exploit systems and how to prevent those exploitations. My risk analyst nature means I'm constantly assessing scenarios and potential vulnerabilities - it's just how my mind works.
But here's something interesting about my background: I've always been a natural social engineer. As a child, I was the one who could convince the teacher to let us have extra playtime by reading their mood and knowing exactly what to say. I'd sweet-talk my way out of trouble or into getting what I wanted - using that quick wit and understanding of human psychology that children instinctively develop.
What makes me particularly effective at this is my calming, non-judgemental nature. People naturally feel comfortable around me and tend to open up about the most intimate parts of themselves - whether I asked or not. They share things they probably shouldn't, trust me with information they'd guard from others. I've always been impulsive, using social engineering and quick wit to navigate situations and fly under the radar when needed.
These traits that served me well growing up are exactly what make cybersecurity so appealing. Understanding human vulnerabilities, recognizing social engineering tactics, and knowing how to build trust - these are core skills in security. Cybersecurity combines my natural risk-averse personality with my love for investigation and problem-solving, while giving me a constructive outlet for understanding human behavior and system exploitation.
Why GRC?
When people ask why I chose GRC (Governance, Risk, and Compliance), the answer feels natural to me - not just professionally, but personally. GRC aligns perfectly with who I am at my core. My QA background has already given me the systematic mindset needed for compliance work - I'm used to identifying gaps, documenting processes, and ensuring standards are met. But beyond the professional skills, this methodical approach to risk management just feels right for how I naturally think.
What really draws me to GRC is how it combines the technical and strategic sides of cybersecurity. As a compliance auditor, I can leverage my analytical skills while working directly with stakeholders across an organization. It's about understanding both the technical controls and the business context - something that resonates with my risk-averse nature and attention to detail.
The skills transfer beautifully from my QA experience:
Systematic risk assessment
Process documentation and testing
Identifying gaps between policy and practice
Clear communication of technical findings to stakeholders
my near Future
While GRC remains my main focus, I'm particularly interested in breaking into the maritime sector. There's currently a strong push for more female representation in maritime cybersecurity, and I see this as both an opportunity to contribute to diversity in the field and to specialise in a critical industry that's rapidly digitising.
Digital forensics also continues to call to me, as you can probably tell from the content of this blog. The investigative aspect, the puzzle-solving, the combination of technical skills and analytical thinking - it feels like a natural extension of my interests in both cybersecurity and crime analysis.
The beauty of cybersecurity is the endless possibilities. Every organisation needs security expertise, and the field offers paths from technical specialisation to strategic oversight to incident response.
Current Status
Lead Auditor Exam - Complete
ISC2 Certified in Cybersecurity - November 2025
Studying for other GRC-related certifications
Building practical experience through personal projects (like this blog)
Networking within the UK and European cybersecurity communities
Why This Blog?
So how did my background, interests, and redundancy lead me to creating this blog? It comes down to my natural nature: I like to simplify 'difficult' things in an entertaining way. Breaking complex concepts down so the listener can understand, giving them time to grasp the context, and interpreting that context in a form they can relate to. It's how I learn best, and I've found that even non-technical stakeholders and users see the benefits of this approach.
Film is fun, it's interactive, and just like sports, it brings people together. I knew I didn't want to create 'another film blog' - there are plenty of those already. But I also knew I wanted to use this shared interest we all have as a bridge to bring people into tech and security.
Cybersecurity can feel intimidating and abstract to many people, but when you can explain social engineering through a thriller plot, or demonstrate network vulnerabilities using a heist film, suddenly these concepts become tangible and engaging. Film provides the perfect common ground - we've all watched movies, we understand narrative tension and character motivation. Using that familiar framework makes cybersecurity concepts less daunting and more approachable.
This blog became my way of combining everything: my love for crime and investigation, my knack for breaking down complex topics, my passion for cybersecurity, and my belief that learning should be engaging rather than intimidating.
