TL;DR: I’m a cybersecurity late bloomer and my priorities could still use work, but the game of cybersecurity is definitely for me.

I just finished my first CTF, an easy solo event on TryHackMe meant to emulate working as an L1 SOC Analyst, and I’d say it went pretty well considering my background. I’ve had a lot of false starts and hot/cold periods of making progress, but I’d say I’m getting things in hand.

Before I tell you my life’s story, consider subscribing if you’re interested in reading about a passionate newcomer to security learning the field and documenting the journey.

How I got into security after flunking adolescence

I have been an avid computer nerd for my entire life but only started satisfying my deep curiosity about computers three years ago. Up until that time, and often during the period between then and now, I suffered from serious depression due to clinical mental health problems as well as my general mishandling of life in my teens and twenties.

Three years ago, I started learning to program through game development. I also started getting into Linux. Progress was very sporadic as I struggled to get my health in order—but struggling is always the first step. The main thing about the work itself that was impeding me was that I was worried about finding work and therefore avoided the low-level work I really enjoyed to try and learn how to use the Godot game engine effectively (which I did).

A few months ago I discovered the upcoming book Heavy Wizardry 101 from No Starch Press and got hooked immediately. I pre-ordered it and pored over most of the early access PDF. It felt like a sign since it covered material I was so interested in and in pretty much all of the assembly languages I was particularly curious about, like a Rosetta stone of the machine code that fascinated me. It dawned on me that the book was about security work, a field I had never even considered before, and after a little more research I was sucked in. I can safely say now that I am bound for the security field and the work suits me well.

Around that same time, I started getting into reverse engineering games by tinkering with Golden Sun for the Nintendo Game Boy Advance. I learned the basics of Ghidra and practiced static analysis and dynamic analysis. It was very slow going, and I decided to put a pin in that project until I could get my hands on another upcoming No Starch Press book, The Ghidra Book, Second Edition, and get a handle on working with Ghidra. The important takeaway here was that I enjoyed every moment of hunting values in a live program’s memory as well as reading line after line of assembly instructions to try and piece together how a game functions. Enjoyed is an understatement: I loved it.

In late 2025, all of the little efforts I’ve been making over the years have finally clicked into a sort of epiphany. Throughout all of December and January, I have felt more clearheaded than any other time in my life, I have made consistently better decisions, and I have been establishing a very solid routine of cybersecurity and computer science study with an ease I never imagined possible. For the past three weeks, I have consistently spent an hour a day studying on TryHackMe’s L1 SOC Analyst learning path along with reading up on radare2, studying Arm and MIPS assembly, and getting started on solving crackmes.

My First CTF

On January 24, the day I’m writing this post, I joined TryHackMe’s First Shift CTF, an easy solo event meant for people taking (or finished with?) the learning path I am about halfway through now. I wasn’t expecting much from myself, but I went in with the goal of solving two out of the six challenges and learning something. I would say I exceeded my expectations today.

Given four hours to solve six tasks, half related to assessing logs for unusual activity and correlating it with MITRE’s ATT&CK framework, the other half dedicated to more advanced log inspections with Splunk, I managed to solve two tasks completely, almost all of a third, and maybe a quarter of the first Splunk task. I’ll save the detailed walkthroughs for the students who excelled at the CTF and just share what I learned from participating in my first CTF.

I knew Splunk was going to be heavily relied on for this task and I didn’t make the time to practice with it more. That was a big failure on my part. I have mostly been studying reverse engineering which wasn’t relevant to this CTF at all. I should have challenged myself to try some Splunk challenges on TryHackMe before starting the CTF.

Another big failure was relying on their AttackBox VM in my browser. They allocate very few resources to allow everyone to access them and to save money. I felt held back by the poor performance of the VM and the low resolution of trying to split my browser between it and the CTF tasks. This was completely my fault. Tonight, I will learn how to set up a VPN connection to their task networks so I can use my own local VM’s; I should have taken the time to set up a VPN at the start of the CTF instead of butting my head against the wall the whole time.

Speaking of butting my head against the wall: I recently read A Mind for Numbers by Barbara Oakley where I picked up a lot of excellent learning techniques. A major point of the book is that when you’re solving problems, especially difficult math (or cybersecurity?) problems, you have two modes of thinking about the problem: focused and diffuse. I won’t get into it here, but the point is that when I came on to a hard problem, I should have spent less time trying to force myself to finish it and instead let it simmer in the back of my mind while I found easier problems to work on. I will keep that in mind next time.

Aside from all that, my main issue was just ignorance. I’ve only been learning cybersecurity consistently for about three weeks and I clearly wasn’t emphasizing the right things for this particular CTF. Overall, I’d say it’s going really well, though, and the CTF went really well. I exceeded my expectations by sitting and toughing it out for the entire four hour period, managing time well by allowing myself regular breaks, avoiding frustration at my self, and finishing more of the room (about 53% total) than I thought I would.

I think I should just keep up the routine I’ve built for myself and continue plugging away at TryHackMe. I need to spend a little less time on the rooms and a little more time on the simulators. I have really been learning to take it slow and make incremental progress day after day rather than getting frustrated when I can’t make instant progress (I blame ADHD) but I could still stand to slow down just a little bit more and practice the things I’m learning.

In February, I’m going to compete in a solo CTF dedicated to reverse engineering hosted by crackmes.one. After a few months of completing rooms, reading security books, practicing in simulators, and hopefully completing more solo CTF’s, I think I will be ready to join CTF teams and compete much more regularly. If you’re interested in reading about it and watching my cybersecurity (and writing) skills grow, please consider becoming a free subscriber and leaving some feedback.

I am a fast learner with a lot of passion for computing, computer science, cybersecurity, and games. Even though I was held back by serious internal struggles until I turned 30 last year, I am very confident that I can make rapid progress with the glut of free time I’ve been blessed with this year. By writing about the things I learn and build, I can learn and build even more effectively, and by subscribing and providing feedback, you make the whole loop run more smoothly.

Thank you for reading this fairly messy first post. I’m leaving it just like this so I can not only compare my cybersecurity progress down the line but my writing progress.