My journey in cybersecurity did not start with building platforms. It started with trying to break them. Penetration testing teaches you to think like an attacker - to look for the weak point, the misconfiguration, the unverified assumption. When you then move to building defensive systems, that offensive experience becomes your superpower.
I was trained in the US at the College of Southern Maryland, where the focus was hands-on. Not abstract theory - real labs, CTFs, attack and defense scenarios. I achieved a national ranking in the National Cyber League. But it was returning to Italy, working with real SMEs that had real security problems and limited budgets, that I realized pentesting alone was not enough.
The transition
Finding vulnerabilities is important. But who fixes them? Who builds the infrastructure that prevents them? I started asking myself: what if I used my pentester mindset to build systems that are hard to attack by design? Not because they follow a compliance checklist, but because they were designed by someone who knows how they get attacked.
Every platform I build carries traces of my offensive experience. In Presidio, detection rules are written by someone who knows how an attacker tries to evade them. In Mirage, honeypots are designed by someone who knows what an attacker looks for during reconnaissance. In Valta, relevance scoring accounts for how vulnerabilities are actually exploited, not just the theoretical CVSS score.
I don't recommend everyone follow the exact same path. But I strongly recommend anyone building defensive systems to spend time on the offensive side. You don't have to become a full-time pentester - but understanding attack techniques makes you an incomparably better defender.
If you want to dive deeper into this topic or need specialized consulting, let us talk.
Let's talk →