Why I Left Full Stack Dev to Pursue Cybersecurity
After 3 years of building web apps in Pakistan, I moved to Canada and made the pivot everyone called risky. Here's why I did it.
I spent the first chapter of my career building things. In Pakistan I shipped SaaS products with the MERN stack, scaled a real-time event platform to tens of thousands of concurrent users, and tuned databases until they held their integrity under load. I loved it. Building is addictive — you have an idea in the morning and something real in front of users by the evening.
So when people heard I was pivoting into cybersecurity, the reaction was usually the same: why would you walk away from something you're good at?
The moment it clicked
The honest answer is that I never stopped being curious about how things break. Every time I built an authentication flow, part of my brain was asking how someone would get around it. Every API I shipped, I wondered what happened if you sent it something it didn't expect. I was already thinking like an attacker — I just hadn't given that instinct a name yet.
The turning point came while debugging a production incident. It wasn't a feature bug; it was someone probing our endpoints in ways the happy path never accounted for. Untangling what they were doing was more interesting to me than anything on the roadmap. That was the signal.
Moving to Canada
Around the same time, I moved to Canada. A new country is a natural place to reset and ask what you actually want to spend the next decade on. I decided to be deliberate about it: I enrolled in a Master of Cybersecurity, treated it like a craft to learn properly, and started building security projects the same way I'd built products — by doing, not just reading.
Where I started
I went where the fundamentals were: networking, Linux, and how the web really works underneath the framework abstractions. Then I went hands-on — a home lab, capture-the-flag exercises, SOC simulations, and an ML-based intrusion detection project. The goal wasn't certificates on a wall; it was being able to sit in front of a real incident and know what to do.
Full stack was never wasted
Here's the part that surprised me: my development background didn't get left behind — it became my edge. I read exploit code the way I read any codebase. I understand APIs from the inside, so API security isn't abstract. I've designed databases, so injection attacks make intuitive sense. Most security people have to learn how software is built; I already knew, and I just had to learn how it fails.
Where I am now
Today I work as a cybersecurity analyst while keeping my engineering sharp — and I'm looking for the role that lets me do both: build secure software and defend it. The pivot everyone called risky turned out to be the most natural move I've made. I didn't leave full stack behind. I just pointed it at a harder problem.