/ my-journey
From Cracking School Wi-Fi
to Securing Enterprise Networks
The story of how a curious kid in Dubai ended up as an OSCP-certified presales consultant helping CISOs across the GCC defend what matters most.
Dubai · School Years
The School That Taught Me More Than It Knew
I grew up in Dubai, UAE, at New Indian Model School, Dubai. The school was perfectly ordinary in most respects. Its Wi-Fi password was not.
I was maybe fifteen when I first looked at the school's wireless network and wondered: how does it actually decide who gets in? Not in a malicious way. I wasn't trying to stream videos or skip homework. I was genuinely curious about the mechanism. That curiosity led me to read about WPA2, about packet capture, about how authentication works at the protocol level. Eventually, I found a way in.
I told a friend. He looked impressed for about three seconds, then asked if I could get him faster speeds. That wasn't really the point.
The point was that I had learned more in that one evening than in weeks of computer science class. I had gone from using technology to understanding it. Once you make that shift, you can't go back. Cybersecurity wasn't a career option I had seen on a poster. It was just the thing I kept being drawn to, every time.
Kerala, India · 2016 – 2019
B.Sc. Cyber Forensic at Mahatma Gandhi University
When it came time to choose a degree, the answer was obvious. Mahatma Gandhi University in Kerala offered one of the few dedicated B.Sc. Cyber Forensic programmes available in India at the time, and I enrolled in the 2016 batch.
The programme was rigorous in ways I hadn't anticipated. Digital forensics taught me how to work backwards from a breach: how to read a system's memory, reconstruct deleted files, trace an attacker's steps through log evidence. Network forensics, malware analysis, ethical hacking, cryptography: each module added a new lens through which I could look at the same problem.
I finished the three-year programme ranked 6th in my university batch. That number mattered less to me than what I had built during that time: a mental model for how attackers think, how defenders fail, and why most security problems are fundamentally people problems wearing a technology costume.
During my degree I completed several hands-on projects covering network forensics, malware analysis, and vulnerability assessment. The full project list (with descriptions) is on my profile.
View projects →Dubai, UAE · 2019
Back to Dubai. Time to Break Things Professionally.
After three years in Kerala, and before I had even started my first professional role, I sat the OSCP exam.
A gruelling 24-hour practical assessment where you exploit real machines, not answer multiple-choice questions. Passing it before my first job confirmed something I had started to suspect: I could do this work at a level that held up under serious scrutiny.
I joined iConnect IT Business Solutions (the company I still work with today) as a penetration tester. VAPT work for real clients: banks, government entities, healthcare organisations. The theory from university met actual production environments, and the gap between the two was educational in ways no textbook prepared me for.
UAE enterprise networks are messy in the specific ways that come from years of rapid growth, aggressive cloud adoption, and security investment that didn't always follow a coherent architecture. I was finding misconfigurations that had been sitting undiscovered for years. I was writing reports that changed real decisions.
Dubai, UAE · iConnect IT
From Breaking to Building: Implementation
After enough time in penetration testing, a pattern becomes impossible to ignore: the same categories of control fail, over and over, across different organisations. Privileged access left unmanaged. Endpoints with no meaningful detection capability. SIEM tools deployed but never tuned.
I moved into implementation work, helping clients actually deploy the solutions that would close the gaps I had been finding. PAM deployments for banks. EDR rollouts across distributed government environments. SIEM platforms that needed to be configured to detect something beyond the default ruleset.
Implementation is where you learn how security actually works at the organisational level. Not the theoretical ideal, but the real version, negotiated against budget constraints, legacy infrastructure, and teams that have other priorities. That experience shaped how I think about security advisory today. I know what's realistic to deploy and what looks good in a vendor datasheet but falls apart on day two of a real rollout.
Dubai, UAE · Present
Senior Presales Consultant: The Room Where Decisions Happen
My current role is as Senior Presales Consultant at iConnect IT, and it is the most interesting work I have done.
Presales puts you in front of CISOs, IT directors, and procurement committees. These are people who need to make expensive, consequential decisions about which security technologies to invest in, and whether those technologies will actually solve the problems they were bought for. My job is to help them get that right.
That means running proof-of-concepts for PAM, EDR/XDR, SIEM, email security, and cloud security tools. It means building business cases that translate technical capability into language that CFOs can evaluate. It means sometimes telling a client that the product they're excited about is the wrong fit for their environment, even when that's not what the vendor wants to hear.
The background in penetration testing and implementation is what makes this possible. When I recommend a detection tool, I've seen what it misses. When I scope a PAM deployment, I've done the implementation. The advice is grounded.
Certifications Along the Way
That's the story so far.
If you're a CISO or IT leader evaluating security solutions for a UAE or GCC enterprise, let's talk.