Public sector security · Adversarial thinking

Hi, I am Qudtratulla.
I work with cybersecurity in the public sector.

I focus on protecting critical systems and data by understanding how attackers think, identifying weaknesses before they are abused, and turning that knowledge into practical, durable defenses.

What I do

I work with secure architecture, defence, and compliance, and I support teams that need security decisions translated into clear, concrete actions.

How I think

I combine an offensive mindset with a responsible, defensive role. Curiosity is important, but it must always be balanced with ethics and legal boundaries.

Quick facts

Role: Cyber Security Specialist
Sector: Public / government
Focus: Defence, secure design, compliance
Mindset: “See what an attacker sees. Build what a defender needs.”

Background

From being hacked in a game to working with real-world security

My interest in cybersecurity started early. When I was about eleven years old, I was hacked for the first time while playing Counter-Strike: Source. Instead of just ruining the game, the people behind it explained what they had done and helped me remove it over Ventrilo, one of the old voice chat tools.

That moment changed how I looked at computers. It was not only about playing a game anymore. It was about understanding what actually happens underneath the surface when something “just works” or when something breaks.

The first code I learned was simple Lua scripts and configuration files in Counter-Strike: Source. I used them to automate actions and to test small tricks in the game. That experience taught me that a few lines of code can have a big effect on how a system behaves.

At school I became “the IT person” and the one people associated with hacking and computers. That reputation followed me, but it also motivated me to keep learning and to find a responsible way to use the skills I was building.

Together with a close friend, I asked the people who had helped me if they could teach us more. They introduced us to basic offensive and defensive techniques in controlled environments, for example how to run and test simple network scripts from a virtual private server.

From there everything moved quickly. We set up an IRC channel on mIRC, joined security-related forums, and spent many hours learning from different profiles, from ethical hackers to more aggressive actors. Over time we built our own ethical framework and decided what we would and would not do.

That mix of early experimentation, guidance from more experienced people, and respect for the impact of technology is what shaped my way of thinking. It still defines how I approach security work today: curious, realistic, and aware that behind every system there are people who depend on it.

Approach

How I approach cybersecurity work

Offensive insight

I try to understand how an attacker would approach a system, which paths they would use, and how different weaknesses can be combined. This helps me see more than just single misconfigurations or isolated findings.

Defensive responsibility

Knowledge of offensive techniques must be used responsibly. My work is about strengthening defence, not about causing damage. That includes respecting legal boundaries and internal policies at all times.

Practical results

Security has to work in real organisations with real constraints. I focus on changes that people can understand and maintain, instead of perfect solutions that never leave a slide deck.

Current work

What my work looks like today

Today I work as an cybesecurity specialist in the public sector. My daily work includes defence, secure architecture, and support for compliance and governance efforts.

I still use the offensive mindset I developed when I was younger, but now it is directed towards helping others stay secure and towards building systems that are harder to misuse.

Examples of themes I work with

Hardening and monitoring of important systems
Bringing offensive insight into defensive design reviews
Supporting risk assessments and compliance activities
Helping non-technical stakeholders understand security impact
Continuous learning through labs, tools and research

Contact

Get in touch

If you are interested in responsible cybersecurity practice, defence, secure architecture, or general knowledge sharing within the field, you are welcome to reach out.

I am open to exchanging experiences and perspectives on how to strengthen digital resilience in an ethical and legally compliant way. That does not include system details or sensitive information, but it can include lessons learned, patterns, and ways of thinking.

Email me