AltSchool Journey Post: “How Structured Learning Changed Everything”

The Turning Point: Realizing I Could Build… but Not Secure

After completing the SAIL Software Development Programme, I immediately began building the MVP for my escrow idea. It felt empowering for the first time, I could build both web and mobile applications from scratch.

But halfway into development, a heavy realization hit me:

I could build software…
but I couldn’t secure it.

I couldn’t identify vulnerabilities.
I didn’t understand the risks that come with APIs.
I had little knowledge of compliance, data protection, or security expectations in the real world.

For someone building a platform centered around trust, that gap was too big to ignore.

That was the moment I decided:

“I need to go down the security rabbit hole.”

Joining Altschool: Learning What I Didn’t Know I Needed

I had known about Altschool a year before, but I couldn’t enroll due to financial constraints.
When I finally joined in August 2025, it became one of the most important phases of my learning journey.

I was exposed to a wide range of concepts, but a few completely reshaped my thinking:

• Risk Management

• Risk Identification Techniques

• Risk Management Frameworks

• Key Legislation & Regulations

• Identity & Access Management (IAM)

• Access Control Models

• RBAC (Role-Based Access Control)

For the first time, I saw how these topics connected directly to real systems, including the one I was building.

This was also where I learned about Okta and immediately knew I wanted to use it to manage admin access on my dashboard.
IAM finally made sense, and RBAC felt natural because of my backend background.

But the truth is this:
Even as a software developer, I might not have learned IAM until much later.
I probably would have tried to manually handle admin authentication on my own and done it in a much less secure way.

Altschool saved me from making that mistake.

The API Security Realization That Changed Everything

Around the same time, I came across a post on X where someone had earned an API Security certification. It immediately caught my attention, so I checked it out.

I registered, went through all the videos, and noticed they introduced OWASP API Security (most likely the 2022 version).

But two statements from the instructor changed how I viewed backend development forever:

1. “Just because your API is behind your UI doesn’t mean it is secure.”

2. “Even your feature is a bug.”

Those two lines hit me deeply.

As a frontend developer, I used to assume that if an API was only called inside frontend code, it was somehow “protected.”
As a backend developer, I knew how data moved but I never considered how exposed it truly was.

Those statements shattered that mindset.

How It All Came Together

Everything I learned from Altschool and APISec began to shape the way I thought about development.

I stopped seeing APIs as “endpoints that return data”
and started seeing them as attack surfaces.

I stopped thinking like a builder
and started thinking like a defender.

Security became something I placed at the forefront each time I approached a new idea or feature.

Still Learning, Still Growing

I’ll be honest right now, I still can’t identify every web vulnerability.
I’m still learning.
I’m still practicing.
I’m still connecting pieces.

But I know I’m on the right path.

And I’m confident that as I continue building, breaking, testing, and improving, I’ll reach my goal:

To build secure applications not just functional ones.

This phase of my journey has changed everything.
And it’s only the beginning.