Greetings!
First of all, thank you for being here with us. Today, I want to step away from official
releases and share a bit about myself, my journey in cybersecurity: how it began and where it has led me
today.
Whoami? Briefly and without extra words: My name is Bohdan and my specialization is cybersecurity.
Out of 10 years of my total official experience, nearly 7 years have been dedicated specifically to cybersecurity. But my unofficial journey began much earlier — back in 2011.
The Beginning: My First Freelance
In 2011, I was freelancing — writing small applications in Object Pascal using Delphi and earning extra money by repairing and configuting computer hardware + software. This gave me a fundamental understanding of how this complex mechanism works. Over the years, interest in Delphi IDE (programming) faded due to market shifts, but my passion for hardware led me to a service center in 2015 and I became a "repairman" of computers.
In 2016, I landed a position as a Computer Systems Engineer at ME "Information and Computing Center" in my hometown. Until 2019, I didn't just repair hardware. I grew in the fields of networking and hardware configuration. That's when I received my first tasks investigating security incidents and restoring computers after virus and malware infections. The issues of vulnerabilities and cybersecurity aspects began to fascinate me more and more. I was obsessed with deconstructing incidents, finding the root cause of security issues and therefore fixing them. I became increasingly curious: how did the attacker gain access? how and why did a person click a link in a phishing message? and many other questions that mesmerized me.
Becoming a Cybersecurity Specialist
In 2019, I moved to another ME as a Lead Security Engineer. It was a period of massive workloads: optimizing processes, implementing security policiesand conducting the first full-scale security audits. That same year, I enrolled in a PhD program at National University of Shipbuilding at Mykolaiv, Ukraine.
In 2021, I was promoted to Head of Department. I updated methodologies and implemented monitoring and backup systems for a critical infrastructure enterprise. However, I felt I wanted more. The "cybersecurity in my veins" and a desire for constant growth led me to a decision — to perform a full "reset" of my career and move into a more narrow-focused specialty.
At 29, I switched to my dream role as an "ethical hacker," starting over as a Junior Pentester at Pakurity.
Yes, Junior. It was a conscious step. After years of work in the municipal sector, I had gathered a significant background in cybersecurity and much more. We all understand that government institutions "count every penny," so implementing what is exactly needed for asset protection is often difficult — every UAH has to be justified. Thus, I quickly learned to find and adapt existing solutions (including open-source) to the company's needs without spending a lot of company's money.
Returning to my new position and finally meeting my first real clients, I faced completely different challenges. Companies that came to us were ready to pay for security services. They needed someone to check their assets for vulnerabilities. Also, I significantly "leveled up" in Application Security (Terraform, GCP, GCloud, Azure, Intune, scripting) for a Junior.
Genesis & DarkCloud Era
In 2022, I joined Genesis as a Security Engineer. It was exactly what I was looking for: plenty of pentests, security hardening tasksand preparing companies for GDPR. I quickly grew to a Middle position while completing my second Master's degree in Cybersecurity.
In mid-2023, under the startup brand DarkCloud (Genesis portfolio company), I took the
position of Head of Security Engineering. New challenges: scaling services, building a
teamand launching new service lines.
Over this time, we achieved great results, but my relentless
desire to move towards Purple Teaming and the need to finally finish my
PhD dissertation led to a very difficult choice — transitioning to a contract-based cooperation, where
for some time I helped the team with the transition period. Meanwhile, I concurrently achieved my
Master's degree in
Management and Business Administration (3rd higher education) in early 2025.
New Stage: Freelance and vCISO Services Development
By spring 2025, it became clear for me that the hourly contract-based cooperation suited me perfectly. It was so convenient that within a few months (closer to summer 2025), I couldn't even imagine myself working for any company on full-time basis (but still part-time could suit me). I'm driven by doing what I do today, while having complete freedom of choice and action.
vCISO (virtual CISO) is a service that allows companies to engage my expertise
under one service. For example, a company might start by engaging me as a security consultant. As a
result of our dialogue, we might move to importance of writing security policies to be compliant to
ISO 27001:2022 or current legislation of Ukraine, launch
SIEM
implementationand perform further penetration testing.
This is the simplest example.
Most often, companies engage me for developing documentation and
roadmaps, as well as for assistance in implementing security processes. This allows my clients to be
ready for external and internal audits, increase the level of protection of their assetsand
implement the best cybersecurity practices.
Top-5 of my tasks over the last year:
-
01
GRC Documentation Development. Writing policies and documentation that meet ISO 27001:2022 and SOC 2 Type 2 requirements.
-
02
SIEM/SOAR Implementation. Supporting, automatingand configuring monitoring systems (Wazuh, for example) and helping build SOC teams. This includes custom SIEM rules (currently about 160 self-written), documentation, defining and describing incident response and investigation processesand automation (scripts, n8n).
-
03
Security Consulting & Hardening. Consulting on AD, web and mobile applications, serversand cloud services hardening. Assisting with incident investigation, log analysisand evidence collection (DFIR). Also, OSINT research of the company's Security Posture.
-
04
Penetration Testing. Comprehensive security testing of Web/API, Mobile, Network (External/Internal + WiFi) and AI/ML systems.
-
05
Awareness Trainings. Increasing staff awareness in cybersecurity (cyberhygiene) via online or offline lectures and subsequent testing.
Also, at the time of writing this article, I managed to recover most of the encrypted data for 13 (thirteen) clients after Ransomware attacks, while they were already preparing for an actual business shutdown.
Certifications (May 2026)
Offensive
- HTB: CPTS
- TCM: PNPT
- Altered Sec: CRTP
- iNE: eWPTX v2
- iNE: eCPPT v2
Defensive
- iNE: eCTHP v2
- iNE: eCDFP v2
- Qualys: VMDR / WAS
- Qualys: Patch Mgmt
Mobile/Cloud
- iNE: eMAPT v1.0
- Qualys: Cloud Sec
From Freelance to AXON Security
With the experience of working with over 50 companies throughout my career, I decided to move towards creating my own company to provide cybersecurity services and scale my freelance work to a public level. That is why on May 2, 2026, I became a founder of AXON Security.
And not just services, but also a Cyber Academy. The cybersecurity industry deserves
higher-quality trainingand companies deserve prepared specialists who can be confidently hired. That's
why I'm launching AXON Security not just as a service company, but as an ecosystem where knowledge is
passed on based on a practical foundation. Because at AXON Security — it's not just a regular
cybersecurity service, it's a culture.
There is still a lot of work aheadand I
definitely know that everything will work out!
Stay safe!
Best wishes,