Hello, world!
My name is Jonas, but many people know me as Kiyoo.
I’ve been thinking about how to draft this page for a while now.
“How should I present myself on my blog?”
“How much should I disclose?”
“How useful would knowing my background be to the person reading this blog”?
More importantly, how do I convey all this information effectively without sounding like I understand everything (which, frankly, I don’t)?
Ultimately, I decided that it makes sense to have this page in place, if nothing else, but to ensure I don’t need to insert or cite my experience (or lack thereof) on certain topics each time I post.
This post (and the blog, by extension) also serves as a living document of the skills I possess as well as the ones I am currently developing.
Let’s get started!
Why should I listen to you?
Honestly, I would prefer if you did your own research and used my posts and guidance as a supplement or source of inspiration, but here are a few things that I feel qualify me as a trusted source:
I’ve been working with consumer electronics for over two decades (hands-on!). This involves disassembling them, rebuilding them, troubleshooting software and hardware, and providing user training and guidance.
I’ve worked within three of the most consequential tech companies in the world and have become a subject matter expert within each of them.
I’ve been certified by multiple reputable organizations, including CompTIA, ISC2, Intel, and AWS.
Even with all this, I’m only human, so I won’t always be correct. I encourage others to provide feedback whenever applicable, so I can learn and grow as a cybersecurity professional.
Why didn’t you study computer science?
I have always been fascinated by computers and how they’ve fundamentally changed how we live our lives and interact with others. Like most kids, my first computer-related obsession was video games. When my dad came home with an old AMD Athlon X2 II desktop computer pre-loaded with Call of Duty 2 and Halo: Combat Evolved, I remember spending hours a day watching tutorials on the then-new YouTube and watching others create montages of their gameplay.
It was around this time that I also got my first-ever Apple device: the coveted iPod Touch (4th generation). I remember using Cydia to jailbreak the iPod, mainly to download YouTube videos so I could learn more about building computers, install features not available on iOS, or simply test the limits of what that small but mighty Apple A4 chip could do.
Of course, this was before every kid would be expected to have a phone, since most of our parents would know where we were anyway. This was also before the days of social media running everything, even though we did have Facebook.
Looking back on the past, we took the Internet for granted during this time, trusting that our local ISP, school IT administrators, and home router knew exactly what they were doing. More importantly, we weren’t as concerned about our privacy since we only added people we knew and trusted.
This was also around the same time I discovered how to bypass the family security controls on my NETGEAR router, as my mom had inadvertently blocked Steam TCP/UDP ports, which I needed to play Counter-Strike: Global Offensive.
Parents, this is an important lesson about physical access to home networking equipment: never make it easy for your kids to reset the router and circumvent your Internet safety settings.
For everyone else, please change your default admin passwords.
In high school, I took a course on computer networking designed to prepare me for the Cisco Certified Network Associate (CCNA) exam. Back then, however, I didn’t take it seriously as the idea of being stuck in a server room as a career wasn’t exactly glamorous. I spent a lot more time focusing on video production, obsessed with the rise of gaming YouTubers and live streaming on Twitch.
Instead, I spent the remaining years in high school learning Adobe Premiere Pro, Open Broadcasting Software (OBS), and how to establish brand presence on the Internet. I also briefly dabbled in e-sports, gaining valuable experience in managing a team, coordinating events, and optimizing desktop computers for optimal gaming performance. I was also consulted and built several gaming computers for friends during this time.
I should mention here that I also wasn’t the best student due to several compounding factors: transferring into a highly competitive school district, undiagnosed ADHD, and ongoing issues at home with family.
…and I was really bad at post-algebraic math (namely, Calculus).
As a result, I took the networking knowledge with me and let IT sit on the back burner as I worked on my first college degree in film, which I completed in 2024. I went on to work for several companies in retail sales, including Apple, Verizon, and Tesla. I also had a brief stint as both a customer service rep and a cybersecurity coordinator at a logistics company, where I also assisted with IT projects, including network deployment, break-fix consulting, and user training.
What made you change your mind?
Several reasons:
COVID-19, the pandemic, changed many people’s perspectives on their careers, and mine was no exception. Without the ability to access film sets or equipment, there was little to do but return to studying and attending lectures over Zoom.
2023 Writers Guild of America strike, showcased the disparity in pay and dignity between writers and producers. As my focus was on screenwriting, I didn’t like my odds pursuing this line of work and had already begun exploring other avenues. This is even before mentioning the role of AI being forcefully integrated into writers’ workflows, if not outright replacing them.
Working for Apple in 2021 was eye-opening; I realized that I was capable of conveying technical concepts to the average person. I was technically proficient enough to guide others and possessed the temperament to provide tech support regardless of the user’s experience level. It was also extremely satisfying to help others achieve their goals and realize their potential.
Okay… but why did you choose cybersecurity?
Being a 1999 baby, born at the turn of the millennium, I’ve been able to witness and participate in multiple major shifts in technology.
The dawn of the smartphone and the proliferation of mobile computing devices
The shift from on-premises infrastructure to a largely cloud-native environment
The rapid onset of globalization via the Internet
The transition of IT into a far more security-conscious career
The advent of cyber warfare and its separation from strictly military targets
The exponential rise of botnets, ransomware, and zero-click attacks
The emergence of truly powerful artificial intelligence
Simply put: the more our technology advances, the higher the risk of abuse by malicious actors. The complexity enabling the positives also bolsters the threat posed by the negatives.
I’ve been able to enjoy and preach the fruits of the tech revolution without really thinking too much about the poison that can come from its misuse.
This really didn’t click for me until my family was affected by a data breach.
What happened?
In November 2024, the tax preparation firm my family used was involved in a “security incident involving a third-party software platform [they] use to help file tax returns”.
It was revealed that our “name, address, date of birth, SSN” and other tax related information was affected.
I received a letter confirming this on June 25, 2025, a full seven months after the threat actor had already tried to file a tax return in my name (along with my other family members), and after taking all necessary precautions, such as setting up fraud alerts, notifying the IRS and state tax board, I felt helpless but to wait and see what damage might be done.
What did you do?
The remediation was a nightmare; I had to maintain constant vigilance over credit reports and explain the severity of the situation to my family before we received official confirmation from the tax filing firm. I was the first to notice indicators of compromise, such as being unable to e-file my taxes due to a pre-existing fraudulent filing, and altered contact information on the fraudulent tax filings.
I had to submit proof of identity and a full statement of fact to my state’s tax board, and freeze my credit reports with every credit bureau to ensure no new lines of credit could be established in my name.
Until now, I have always viewed data breaches as an unavoidable consequence of a world driven by information, utilizing increasingly interconnected systems and highly complex code that will eventually be exploited. More importantly, in my ignorance, I always perceived it as a distant threat and a transient headline on the web.
At the time of writing, here are a few from just this past year alone:
“Allianz Life data breach affects majority of 1.4 million U.S. customers, insurance company says”
“DHS and HHS among federal agencies hacked in Microsoft SharePoint breach”
“Nissan data breach exposes Social Security numbers of nearly 53,000”
And while it could be true that data breaches will continue to be an ongoing risk and reality, it doesn’t mean inaction is better than the alternative. This was when I realized that information security might be the next step for me.
So what’s next?
I’m currently working on several projects, certifications, and skills to transform myself into a full-fledged security professional. With the help of friends in the industry and by attending as many conferences and summits as possible, I plan to become more capable as an analyst and prepare myself for a role in the SOC.
Here’s just a preview of my progress:
Labs
TryHackMe - SOC Level 1 (31% complete)
HackTheBox - SOC Analyst Path (12% complete)
Certs
HTB Certified Defensive Security Analyst - Studying / Dec 2025
AWS Security Specialty - Studying / Dec 2025
CompTIA Cybersecurity Analyst (CySA+) - Planned / 2026
Cisco Certified Network Associate (CCNA) - Planned / 2026
School
WGU Accelerated IT Bachelor’s and Master’s Degree (74% complete)
WGU Master’s in Cybersecurity and Information Assurance - Planned / 2027
One last note before we go…
If you managed to read this far, thank you for taking an interest in my passion and my life.
I hope that this blog continues to serve as a valuable resource for emerging cybersecurity professionals, as well as for the average person seeking a glimpse into this complex yet fascinating world we have created.
I will strive to keep this page up to date and provide relevant resources as they become available.
Stay vigilant and be safe.
With love,
Kiyoo