My Cybersecurity Journey: From Getting Hacked to Hacking Back

Everyone starts somewhere and for me, it all began with a really bad website.

I was 14 when I built my first web page. It was broken, messy, and full of mistakes but it was mine. And that was enough. Something clicked. I kept building. My second site wasn’t great either, but it was better. Then came the third a simple login page and a working web app. That one made me proud. I felt like I was actually creating something.

Then... I stopped.

Back then, programming didn’t seem like a future. It felt like a phase fun, but uncertain. So I drifted away. But deep down, that itch to build, break, and understand how things worked never really left.

Eventually, I came back. This time, it was different.

I dove into full-stack development front-end was familiar, but I embraced the backend too, learning Python, Django, and the logic that makes web apps tick. I was building better, smarter systems. But I didn’t know my biggest turning point was still ahead.

The Turning Point

Everything shifted the day my Gmail account got hacked.

I was locked out. No recovery. No second chance. Just helplessness and anger. I didn’t just lose an account I lost control. And that feeling? That’s what changed everything.

I made a promise to myself: never again.

That moment launched me into cybersecurity.

At first, I just wanted to protect myself. I learned how attackers exploited weak passwords, unsecured devices, and bad habits. I started by researching Gmail security, but quickly discovered a much larger world. Cybersecurity wasn’t just about protecting emails it was about protecting everything. Devices. Networks.  I explored the Blue Team side of cybersecurity defense, detection, prevention. I started securing my digital world: phones, laptops, routers, cloud accounts. I became obsessed with protection.

But then… I found the Red Team.master it.

Red Teaming opened a new world. It wasn’t just technical—it was creative, strategic, and thrilling.

I was fascinated by  breaking into systems legally to expose their flaws. I wanted to understand how attackers thought, how they exploited weaknesses, and how they avoided detection. Every exploit was like solving a puzzle and every solution taught me how to build stronger defenses.

Red Teaming showed me how offense informs defense and vice versa. To protect something well, you have to know exactly how someone would try to break it.

That balance fascinated me. So I leaned in hard.

At this point, I moved from Nigeria to the UK. New environment. New pace. New opportunities. I knew I had to level up.

So I made the decision to go all in. Cybersecurity wasn’t just something I was curious about it became my mission.

Why I Created This Blog

I didn’t write this blog just to tell a story.

SecByArafai is more than just a blog, it’s my digital notebook, my archive, my playground, and my way of giving back.

Here, I’ll share CTF writeups, tool breakdowns, personal insights, failures, wins, and lessons I’ve picked up along the way. I believe in learning out loud and this is my space to do that.

I’m still growing. Still building. Still hacking ethically.

If you’re just starting out, here’s my advice:

Stay curious. Break things safely. Fix them intentionally. Be patient. Be consistent.
You don’t need to know everything to get started. You just need to start.