People ask me all the time how I went from auditing pension funds at PwC to breaking into enterprise networks for a living. The honest answer is: slowly, and not in a straight line.
The accounting years
I started at PwC right out of Villanova in 2005. Auditing taught me how to think systematically about controls — what's supposed to be in place, how to verify it, and what happens when it fails. I didn't know it at the time, but that's basically the job description for a red teamer.
The ad tech pivot
After several years in accounting and finance, I moved into digital marketing and eventually into engineering. At Metric Theory, I led a team building API integrations and ETL pipelines. I learned Python, JavaScript, SQL, and how to think about systems architecture. More importantly, I learned how to build things — which turned out to be the most transferable skill of all.
Finding security
The pivot to security started with Hack The Box and a lot of late nights. I went from Script Kiddie rank to completing 25+ challenges, learning SQL injection, XSS, CSRF, JWT forgery, and reverse engineering along the way. I started writing Python scripts for bug bounties, got my first security role at CyVault, and never looked back.
The advantage of the non-linear path
The unconventional background turned out to be a strength. I can write my own tools because I'm a software engineer. I understand governance and compliance because I'm a CPA. I can communicate findings to executives because I've spent years translating technical data into business decisions.
More details coming soon — this is a placeholder post.