Skip to main content

About

Hello, and welcome to my corner of the web at blog.naol.dev. I’m Naol Mengistu a cybersecurity professional passionate about secure, resilient, and compliant systems. This site is where I share my hands-on projects and deep dives into digital forensics, cloud security, and automated GRC.

For a broader look at my skills and featured work, visit my portfolio at naol.dev.
For a formal overview, feel free to see or download my CV.

In today’s digital landscape, security must be built in not bolted on. Systems need to be secure, functional, and adaptable by design.

My Journey: From Tech Support to Security Strategy
#

My path started with a deep curiosity about how systems work, leading to a Bachelor’s degree in Computer Science. Early roles in tech support and quality analysis grounded me in the human side of technology, where I learned that many problems stem from communication gaps and unclear processes not just broken code.

That insight drove me to zoom out and think bigger. I pursued a Master’s in Information Security at Stockholm University to learn how to build secure systems from the ground up. Along the way, my journey has taken me from Ethiopia to Poland and now to Sweden reinforcing my belief that while security is global, its context is always local.

My Focus Areas
#

I concentrate on three core pillars of modern cybersecurity:

  1. Automated Governance & Compliance
    I’m an advocate of the “Compliance-as-Code” movement. My Master’s thesis involved developing a Python-based AWS security scanner that maps cloud misconfigurations to the DORA regulation. I believe the future of GRC lies in automation, proactive detection, and continuous verification guided by frameworks like ISO 27001, NIST, and evolving regulations such as DORA and NIS2.

  2. Practical Security Operations (SecOps)
    I maintain a home SOC lab where I use Splunk for log analysis, threat hunting, and incident response. I also run an Active Directory lab for system administration and access control practice. These labs are where I refine my skills and test real-world scenarios.

  3. The Human Element of Security
    Tools are only part of the equation. My experience in QA taught me that secure systems must also be usable. I care about designing processes and controls that align with how people work, promoting security awareness and shared responsibility.

My Philosophy
#

  • Build to Learn: Whether it’s a compliance scanner, a SOC lab, or this blog building is how I deepen understanding.
  • Stay Curious: From cloud security to AI-enhanced detection, I’m always exploring new angles.
  • Communicate Clearly: A secure solution must be understood by both developers and decision-makers. I aim to bridge that gap.

Let’s Connect
#

This blog is where I share tutorials, tools, and insights from my cybersecurity journey. I’m always open to new ideas, collaborations, or just a good conversation.

Reach out or follow my work via:

Thanks. I hope what you find here helps you learn, build, or get inspired.