From Gaming to Security: My Journey into Cybersecurity

Most people in cybersecurity have a straightforward path: computer science degree, maybe a certification or two, entry-level SOC analyst, work your way up. My path? It started with gaming servers, competitive esports, and a hosting company that somehow grew to manage over 1,200 servers before I even thought about "security" as a career.

This is the story of how I went from running game servers for Counter-Strike clans to building detection engineering tools at one of the world's largest cybersecurity companies.

The Beginning: A Kid with Too Much Free Time

I was 14 when I first touched a Linux server. Not because I was some prodigy-I just wanted to run my own Counter-Strike: Source server so my friends and I could play custom maps without annoying admins kicking us.

The year was 2008. YouTube tutorials were terrible, forums were your best bet, and StackOverflow was just getting started. I spent weeks fumbling through SSH commands, breaking things, reinstalling, breaking them again.

But here's the thing: I was hooked.

There's something intoxicating about having complete control over a machine. Root access. The ability to configure, break, and rebuild. Every server crash was a puzzle. Every performance issue was a challenge.

I didn't know it then, but I was learning the foundations of what would become my career: Linux system administration, networking, troubleshooting, and resilience (because nothing teaches resilience like wiping a production database at 2 AM).

Galaxy Digital Networks: The Accidental Business

Fast forward a few years. I'd graduated from running one server for friends to running dozens for random people on the internet. Game server hosting was booming-every CS:GO, Minecraft, and Garry's Mod community needed servers.

I started Galaxy Digital Networks as a side project. The pitch was simple: affordable, high-performance game servers with actual support (not automated responses from offshore call centers).

What started as "me and a few servers" turned into:

1,200+ servers across multiple data centers (2015-2018)
Thousands of customers (mostly gaming communities)
Custom control panel I built from scratch
Automated provisioning system (because manually setting up servers gets old fast)
24/7 uptime monitoring (because gamers don't sleep)

Running this taught me:

Lesson 1: Infrastructure at Scale is Hard

When you're managing 1,200 servers, things will break. Hard drives fail. Network switches die. DDoS attacks happen. Power outages happen.

Monitoring (I built a custom dashboard with Nagios and Grafana)
Alerting (PagerDuty at 3 AM was a regular occurrence)
Automation (Ansible playbooks for everything from patching to disaster recovery)
Documentation (because future-you will forget why you configured that firewall rule)

Lesson 2: Security is Not Optional

Gaming servers are a prime target for attacks:

DDoS attacks from rival communities or angry players
Brute-force SSH attempts (thousands per day)
Zero-day exploits in game engines (Source Engine CVEs were fun)
Compromised customer accounts (weak passwords everywhere)
Implement firewall rules (iptables became my best friend)
Harden SSH (key-based auth, fail2ban, non-standard ports)
Monitor logs for suspicious activity (grep + awk = poor man's SIEM)
Respond to incidents (isolate compromised servers, analyze logs, patch vulnerabilities)

This was my introduction to security, but I didn't call it that. I called it "keeping the servers online."

Lesson 3: Customers Don't Care About Your Excuses

When a server goes down, customers don't want to hear about the nuances of a kernel panic. They want it fixed. Now.

Clear communication under pressure
Prioritization (fix first, analyze later)
Post-incident reviews (what went wrong, how to prevent it)

These skills would later become invaluable in MDR operations.

The Turning Point: Getting Serious About Security

Around 2018, I started noticing something: the attacks were getting more sophisticated. It wasn't just script kiddies running LOIC anymore. I was seeing:

Targeted attacks on high-value customers
Lateral movement attempts (compromised server → pivot to others)
Data exfiltration attempts (customer databases, payment info)

I realized I was in over my head. I could keep servers online, but I didn't understand attacker behavior. I didn't know how to think like a threat actor.

So I did what I always do: I learned.

I devoured everything I could find:

Books: "The Web Application Hacker's Handbook," "Practical Malware Analysis," "Red Team Field Manual"
Courses: Cybrary, Offensive Security (OSCP prep), SANS reading room
CTFs: HackTheBox, OverTheWire, PicoCTF
Certifications: Security+, CEH (yeah, I know, but it gave me structure)

I started thinking about my infrastructure differently. Instead of "how do I keep this online," I asked "how would I break into this?"

I ran penetration tests on my own infrastructure. I found vulnerabilities. I patched them. I found more.

It was like leveling up in a game, except the stakes were real.

The Pivot: From Hosting to Security Engineering

By 2020, I had a decision to make. Galaxy Digital Networks was profitable, but it was also exhausting. I was on-call 24/7. Every outage was my problem. Every angry customer was my problem.

I realized: I didn't want to run a hosting company forever. I wanted to build tools, solve problems, and work on security at scale.

So I started applying to security roles.

The Job Hunt (aka Imposter Syndrome 101)

Here's the thing about job hunting in cybersecurity when you don't have a traditional background: nobody cares about your degree if you have real experience.

My resume didn't say "Bachelor's in Computer Science." It said:

Managed infrastructure for 1,200+ servers
Built custom automation tools for provisioning and monitoring
Responded to security incidents (DDoS, compromises, data breaches)
Self-taught in Linux, networking, scripting (Python, Bash, PHP)

And you know what? That was more impressive to hiring managers than a degree.

I interviewed at a few places. Some didn't get it. Some did.

Trend Micro got it.

Landing at Trend Micro: Building Tools for MDR

When I joined Trend Micro as a Security Engineer, I was terrified. I'd never worked at a "real" security company. I'd never touched an enterprise SIEM. I'd never written a detection rule in my life.

But I had something valuable: I knew how to build systems that scaled. I knew how to automate repetitive tasks. I knew how to think operationally.

And that's exactly what they needed.

My role? Build internal tools for MDR operations. Automate alert triage. Improve analyst efficiency. Make the SOC faster and smarter.

It was like everything I'd done before-automation, monitoring, incident response-but with way better tools and a team of brilliant people.

What I Do Now

These days, I:

Build internal automation tools and applications for MDR operations
Develop workflow systems that help analysts respond faster
Create dashboards and reporting tools for security teams
Work with PHP, MySQL, and AWS to build scalable internal platforms
Mentor junior engineers (turns out, my weird background is useful for teaching)

I'm still learning every single day. Security is one of those fields where you never stop learning. New vulnerabilities, new attack techniques, new tools.

And honestly? I love it.

Lessons for Aspiring Security Professionals

If you're reading this and thinking "I don't have a CS degree" or "I'm not qualified," let me tell you:

You Don't Need a Traditional Path

I didn't go to university for cybersecurity. I learned by doing. I ran servers, broke things, fixed them, and repeated.

If you're passionate and willing to learn, you'll find a way in.

Build Things

The best way to learn is to build stuff:

Set up a home lab (Raspberry Pi, old laptop, cloud VPS)
Run vulnerable VMs and hack them (Metasploitable, DVWA)
Write tools (scripts to automate tasks, parsers for logs, simple web apps)
Contribute to open source

Employers care about what you can do, not just what you know.

Tell Your Story

Your non-traditional background is an asset, not a liability. It gives you perspective that traditional candidates don't have.

Own your story. Explain how running game servers taught you about uptime, incident response, and user empathy. How troubleshooting attacks taught you to think like an attacker.

Network (the Human Kind)

Twitter (X), LinkedIn, Discord communities, local security meetups-get involved. Security is a small world. The people you meet will:

Answer your questions
Share job opportunities
Collaborate on projects

Some of my best career breaks came from random Twitter conversations.

Embrace Imposter Syndrome

Everyone feels it. I still feel it. The key is to not let it stop you.

If you're the smartest person in the room, you're in the wrong room. Surround yourself with people who challenge you.

The Esports Detour (Because Why Not)

Oh, and I almost forgot: between the hosting company and Trend Micro, I played competitive esports for a couple of years.

Counter-Strike: Global Offensive. Nothing crazy-no majors or anything-but I competed in some regional tournaments, traveled a bit, and learned a lot about:

Teamwork and communication (clutch plays require trust)
Staying calm under pressure (1v3 situations at 15-14 are stressful)
Analyzing opponents (watching demos, finding patterns, exploiting weaknesses)

Turns out, analyzing enemy strats in CS:GO is not that different from analyzing attacker TTPs in a SOC.

Wrapping Up

My journey into cybersecurity was messy, non-linear, and full of detours. But every detour taught me something valuable.

If there's one takeaway, it's this: You don't need permission to start. Spin up a server. Break something. Fix it. Build a tool. Share what you learn.

The cybersecurity industry needs people with diverse backgrounds, unconventional stories, and the grit to figure things out.

So if you're on the fence about whether you "belong" in security-trust me, you probably do.

Just start. The rest will follow.

---

Janusz Czeropski is a Security Engineer at Trend Micro and the founder of Galaxy Digital Networks (2015-2018). He went from hosting game servers to building internal MDR tools and automation. When he's not securing things, he's probably self-hosting something or reminiscing about the good old days of CS 1.6. You can find him on GitHub or LinkedIn.