Arkadiusz
Kozuch.

I started in IT infrastructure — Windows Server, Linux, virtualisation, backup and disaster recovery. That foundation matters more than it sounds: understanding how systems actually work at the metal level is what separates security engineers who reason from first principles from those who just follow playbooks. Over eight years, I moved from keeping systems running to understanding how they fail — and how attackers exploit that.

The bulk of my career has been in Security Operations. I built a global 24/7 SOC from the ground up — not just staffed it, but designed the operating model, developed the detection logic, wrote the playbooks, and wired up the automation. SIEM, SOAR, EDR, IAM: I've operated most of the major platforms (Sentinel, Splunk, SentinelOne, CrowdStrike, Rapid7, Okta) and know where they help and where they get in the way. When major incidents happened, I was the Incident Commander — the person accountable for getting it contained and communicating clearly under pressure.

Now I run a cybersecurity operations function at the leadership level. That means setting direction, reporting to senior stakeholders, and developing the people on the team — including building an internship programme to bring new security talent through the door. The MBA I'm finishing adds a layer of business context to everything: security only works if it fits how the organisation actually operates. I hold CISSP and CASP+ as the professional anchors, with a stack of Microsoft and ITIL certifications underneath.