Back to Blog Dev to Cybersecurity
CybersecurityMarch 2026

From Web Developer to Cybersecurity: My Journey

Two years ago, I was building landing pages and WordPress sites, thinking I had the tech world figured out. I knew HTML, CSS, JavaScript, even some PHP. I could build a full-stack app from scratch. Life was good.

Then I tried to hack my own project. And everything changed.

The Wake-Up Call

I'd just finished building a user management system for a university project. Login, registration, admin dashboard — the works. I was proud of it. Then a friend casually mentioned SQL injection. "Try putting ' OR 1=1 -- in the login field," he said.

It worked. Full admin access. No password needed.

I sat there staring at my screen for a solid minute. This app I'd spent weeks building — broken in five seconds. That moment wasn't embarrassing. It was illuminating. I realized I'd been building houses without locks.

Down the Rabbit Hole

That night, I created a TryHackMe account. I told myself I'd just try one room. Six hours later, I was still going. Web exploitation, privilege escalation, network fundamentals — each room was like solving a puzzle where the reward was understanding how the digital world actually works.

Within months, I'd enrolled in Google's Cybersecurity Certificate. Then IBM's Full Stack program (but this time, with a security lens). Then the PenTest program. Each certification wasn't just a line on my resume — it was a fundamental shift in how I thought about code.

What Web Dev Taught Me About Security

Here's what most career-switchers don't realize: being a developer is a superpower in cybersecurity. I understand how apps are built, which means I understand exactly how they break. I can read source code, spot logic flaws, and think like the developer who wrote the vulnerable code — because I was that developer.

Every SQL query I've written helps me craft better injections. Every form I've validated helps me understand where validation might fail. Every API I've built helps me spot authentication bypasses. The development background isn't a detour — it's the foundation.

Where I Am Now

Today, I don't just build applications. I build them with security woven into every layer. Input validation isn't an afterthought — it's the first thing I implement. Authentication isn't just "login works" — it's rate limiting, session management, and proper hashing.

I built SpectraOps as a direct result of this journey — a cybersecurity platform that combines everything I've learned from both worlds. Development and security aren't separate disciplines for me anymore. They're the same discipline.

Advice for Developers Considering the Switch

Don't think of it as leaving development. Think of it as upgrading. Start with TryHackMe or HackTheBox. Try to break your own projects. Read the OWASP Top 10 — and then actually try to exploit each vulnerability in a lab.

The world needs developers who think about security. And it really needs security people who understand development. Be both.