Cloud Security Professional
Joe Thompson
I'm a security professional working on building a career that I find genuinely meaningful. Earlier this year I passed the Hack The Box CPTS exam with 14 out of 14 flags, and I hold the CISSP along with a range of certifications that reflect the depth of knowledge I've built across the field. I'm always looking for new opportunities to learn while keeping up with the projects that push my understanding.
My path here wasn't the typical one. I wasn't the CS major who went straight into IT out of school. I spent the better part of fifteen years working in film and television, editing features and producing broadcast series at a level I'm genuinely proud of. What eventually pulled me away wasn't a lack of love for the craft. It was the reality of a freelance career: the constant hustle to line up the next job, the lifestyle that fits your twenties perfectly and starts to feel unsustainable once your priorities shift. I wanted work that was building toward something, and I wanted some stability while building it.
What that career gave me, I still use every day. Working in large, chaotic environments where the power dynamics are extreme and communication is everything teaches you things no classroom will. I learned how to stay calm when everything around you is loud, how to work alongside anyone regardless of where they sit in a hierarchy, and how to manage upward when the situation calls for it. I also spent several years running my own business, which adds a different kind of context: what it means to be responsible for outcomes rather than just outputs. As a story producer and editor, the actual job was finding a coherent story buried in hundreds of hours of raw footage, sifting through the noise to find the threads that connect. In security work, that same skill applies directly: taking a technical finding and explaining it in terms a decision-maker can act on, whether that person is a board member, a business owner, or a technical lead. That is what architecture and advisory work actually requires.
I share the work here because putting things into clear language is part of understanding them, and if it is useful to someone working through the same territory, that is a worthwhile side effect. Security keeps moving, and the parts I am most focused on right now are the ones still taking shape: AI systems as an attack surface, cloud architecture, the identity layer as environments grow more complex. Most organizations are still building the frameworks to reason about these risks. That is the work I am building toward: cloud security architecture and advisory roles, in a part of the field that does not stand still.