Oskar Hampel

I'm a security engineer in transition - from compliance-heavy application security into hands-on offensive work.

I started messing with computers early, breaking and fixing things long before I understood how they actually worked. Around 13, I got into programming (C++, Python), and quickly realized I was more interested in understanding systems than just using them. Somewhere along the way I also discovered CSS - and decided that web dev is a battle not worth fighting.

Despite choosing a non-technical path in high school to free up time for self-development, I kept pushing into tech on my own. I prepared for IT exams independently, landed an early internship working on backend systems (FastAPI) and DevOps pipelines, and later moved into Application Security & IT Compliance.

That role gave me a strong foundation in secure SDLC, SAST, and how systems are supposed to be built. But I'm more interested in how they break.

Right now I'm focused on offensive security - web vulnerabilities, exploitation, and building a deeper, practical understanding of how real-world systems fail. This blog is a byproduct of that process: writeups, mistakes, debugging paths, and lessons learned while actually doing the work.

Long term, I'm aiming to become a high-level offensive security specialist. Not by collecting certifications, but by building real skill. Red teaming isn't a buzzword for me - it's the direction.