Five years ago, I was just a curious college freshman with a few spare computer parts, a lot of Google searches, and a dream of breaking into cybersecurity.
That spark led me to build my very first homelab in a small apartment bedroom. No mentors, no structured guidance, just curiosity and trial-and-error.
That project changed everything. It was the first time I saw what was really happening under the hood: how hosts behaved, how networks communicated, how virtual machines could mimic production environments.
My entire career in incident response, detection engineering, threat hunting, and cloud security traces back to that moment.
Now, half a decade later, I’m starting over.
But this time, I’m building with real-world experience behind me, more intention, and a vision.
Dec 2020 → 18-year-old me - working as a Cybersecurity Intern & full-time college sophomore at the time.
Why Start Over?
The first lab was raw curiosity.
Plugging things together, watching packets fly, and trying to make sense of it all.
That’s exactly what I needed at the time. But I’ve grown. I’m no longer the kid trying to figure out what a SIEM even is. I’m a security engineer at Amazon who’s lived in the trenches of incident response, adversary detection, and cloud security.
And with that growth comes new questions:
How can I push my homelab into its next evolution?
How can I design my homelab to build and test the new skills I want to develop at this stage of my career?
How can my new homelab help me learn new skills?
This time, the goal is not just tinkering. I’m designing a home Security Operations Center (SOC) where I can experiment, prototype, and learn new skills in public.
Jan 2021 → For a while, I thought I was going to become a network (security) engineer, so here I am in 2021, diving into network security for Cisco routers and switches. Spoiler: I did not become a network security engineer.
About Me
If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.
Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.
I've worked my way up from SOC analyst roles, investigating everything from endpoint threats to cloud-based abuse, so I know exactly what it takes to break into this field.
I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.
I was able to break into cybersecurity as early as my freshman year of college. I’ve secured several jobs and interviews before earning my college degree, and I’ve helped thousands of people achieve the same success on my various content channels and in my Discord Community.
Join a vibrant cybersecurity community of over 6,500 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.
The New Blueprint
Here’s where I’m starting:
The Hardware: I’m converting an old PC into a Type-1 hypervisor (bare-metal virtualization). No middleman OS, just pure performance and control.
The Core Platform: Running Proxmox for virtualization. I’m also planning to explore diving deeper into mini-data center operations by leveraging Proxmox’s clustering functionality.
The SOC Engine: Wazuh at the center, doubling as both my SIEM and XDR platform. This also helps me leverage a unified platform that I can plug external integrations into for experiments.
Visibility Everywhere: Rolling out agents to every endpoint I can—Windows, macOS, IoT devices, even “smart” tech around the house. If it talks to the internet, I want visibility.
Additional Tools: Still deciding, but possibilities include Limacharlie for EDR testing, Pfsense for firewall, and maybe some local Container tools that I may use for experimenting with Falco. Wazuh itself has active response, so I’ll be balancing native vs. add-on capabilities.
AI in the SOC: Beyond buzzwords, I’ll experiment with using LLMs for anomaly detection, automation, and more intelligent triage workflows. I’ll also be playing around with MCP integrations to see what that yields.
March 2021 → the evolution of my “lab”. It honestly was just the addition of an excessive 49” ultrawide screen and stacked monitor setup.
Lessons in Frustration (and Growth)
One thing hasn’t changed since my first homelab: trial and error is the name of the game.
Getting Proxmox running on bare metal was a headache.
I went through HDMI swaps, capture card experiments, BIOS tweaks, and kernel parameter hacks before things finally booted correctly.
At one point, it felt like I’d broken the host.
Spoiler: I hadn’t. It just required persistence.
Moments like that reminded me why homelabs matter so much. They expose the rust in your technical chops.
They force you to fail, to troubleshoot, and to learn. And I’ve found that to be the best preparation for real-world security work.
May 2021 → I spent a lot of time learning about Splunk within my homelab, and it paid a lot of dividends over the ongoing course of my career (till this day).
Why It Matters. Why Now?
This lab isn’t about showing off gear (tbh the gear is old) or building the “perfect” setup. It’s about my desire to create a sandbox for growth:
For me, it’s a way to stay sharp outside of work, to play with tools in ways I can’t in enterprise environments.
For the community, it’s proof that learning never stops. I’ll be sharing my process openly, mistakes and all, so that others can build their own versions.
For the industry, it’s a reminder that innovation often starts at home, with curiosity and persistence.
Five years ago, my first homelab helped me land interviews, build skills, and eventually start my career.
Who knows what this next one will spark?
January 2022 → New Apartment with separate setups for work and study/labbing. This is actually me taking the Security Blue Team BTL1 certification!
What’s Next
This was just Step 1: Laying the foundation.
Next, I’ll be deploying Wazuh on Proxmox, configuring my SIEM/XDR stack, and rolling out agents across every machine in my house.
From there, I’ll test detection engineering workflows, automation, and maybe even play with AI-assisted incident response.
If something in my home misbehaves, I want to catch it.
If it breaks, I want to know why.
And if it teaches me something new, I want to share that with you.
The journey continues.
Stay tuned.
💡 A Note of Gratitude
This issue of Cyberwox Unplugged is my very first paid post.
That means you’re not just reading my reflections—you’re directly supporting the growth of this publication and my mission to build practical, real-world cybersecurity content.
Thank you for being here and investing in the journey with me.
This is just the beginning.
Thanks for reading Cyberwox Unplugged! This post is public, so feel free to share it.
Nice to hear about your journey and setup! Will be following the updates 👍🏿