I can't write about client engagements — those stay confidential. So this blog lives in the open: CTFs I'm working through, labs I'm building, and the career & mentorship lessons I keep coming back to.
Reflections on five years in the field — why growth doesn't always look like progress, learning to speak up, and why staying grounded is its own kind of strength.
How I pivoted from Accounting at UCT to becoming a penetration tester — and why I believe more women need to see themselves in this field.
A walkthrough that prioritises why each step works over which payload to copy. Notes on enumeration discipline, blind SQLi rhythm, and the moment I almost missed the breadcrumb.
Filter bypass, reverse shell, SUID escalation. I write these the way I wish more write-ups did: with the dead ends left in.
A minimal, deliberately misconfigured AWS account I tear down nightly. Cost notes, the three paths I rehearse most, and what I'd add next.
Public lab targets, reproducible test cases, and the validation mistakes that keep appearing in writeups across the industry. Not from client work — from open practice.
Writing. The answer is writing. How clear notes, clear questions, and clear reports compound faster than any cert.
The three things I wish someone had said to me at the start: pick a lane, document everything, and stop waiting to feel ready.
What I've learned from the rooms that pretended I wasn't there, the rooms that overcorrected, and the rare rooms that simply let me work.
My first keynote — what I prepared for, what actually happened on stage, and why I'm saying yes to the next one with less apology.