cybersecurity training

From Boot Camp to Bug Hunter

Discover how Kevin Bailey, Cyber Security Analyst for a major healthcare provider, changed gears from Automotive service advisor to security champion with CMD+CTRL cyber ranges.

If you’re trying to break into cybersecurity, you’ve probably heard the usual advice: get certified, learn Linux, study frameworks, maybe attend a few meetups. That’s all valuable advice. But here’s something you don’t hear often enough: show up, try something new, and don’t be afraid to fail.

Just ask Kevin Bailey, now a Cyber Security Analyst II at one of the largest healthcare providers in the U.S.. His journey didn’t begin with a job offer, it started with a hands-on cyber range event and a desire to test his potential.

His story is a masterclass in what can happen when curiosity meets opportunity, and how the right environment can accelerate your path from beginner to analyst faster than you might expect.

SOCR_From Boot Camp to Bug Hunter_Kevin Bailey

A Non-Traditional Start: From Auto Shops to AppSec

Before entering the world of cybersecurity, Kevin worked as a service advisor in the automotive industry. The role was technical and customer-facing, but it was far removed from threat models, vulnerability assessments, or red teaming.

Then came a pivot. Kevin enrolled in a web development boot camp at Vanderbilt University, where one of his instructors made a lasting impression:

“It doesn’t matter what your job title says, you need to understand security.”

That advice was more than lip service. It opened the door to Kevin’s first exposure to the broader cybersecurity ecosystem. He began attending local OWASP events, including a memorable session on the dark web and another hosted by the CMD+CTRL team. These events emphasized not just the why of security, but the how.

And that’s when everything started to change.

The First Cyber Range

Curious and still exploring, Kevin entered a cyber range competition during the boot camp. He wasn’t trying to win the competition, he just wanted to learn. But he was shocked when he placed fourth(!) besting several experienced application security professionals.

“That was the first time I realized I could really do this,” Kevin said. “I didn’t come from a traditional background, but I could still make an impact.”

That single event planted a seed. It validated his instincts, boosted his confidence, and demonstrated that you don’t have to wait until you’re “ready” to start solving real-world problems.

Cyber ranges offer simulated real-life scenarios in a safe, gamified environment where learning by doing is the name of the game. And for people like Kevin, they’re often the first real proving ground.

Climbing Higher: Community, Competition and Confidence 

As Kevin continued participating in cyber range events, it became clear that these competitions were about more than demonstrating personal skill, they were about building community.

“The Slack channels and Discord groups are huge. People are constantly asking and answering questions. I realized that even if I had no idea how to do something, someone would help me figure it out.”

This sense of inclusion is what separates good learning environments from great ones. In cyber ranges, participants help each other level up. From first-time competitors to seasoned engineers, everyone plays a role. Kevin emphasized the importance of asking questions, even if you believe they are too simple to say out loud.

“Some of the best advice I got came from just asking a basic question in a channel where CISOs and pentesters were hanging out. People don’t judge you. They want to help.”

This culture of curiosity and camaraderie makes cyber ranges an especially powerful incubator for people looking to break into the field. And this experience laid the groundwork for Kevin’s next breakthrough.

A Handle, a Software Bug and a Career Shift 

At his third and fourth national-level cyber range events, Kevin discovered a new source of motivation: a competitor named SCARAB. This particular player was fast, consistently topping the leaderboard, and had developed a reputation as the player to beat.

“I made it my personal goal to finally finish ahead of them.”

That competitive drive pushed Kevin to up his game. He tackled every challenge, stayed laser-focused, and eventually discovered a vulnerability in the cyber range platform itself, one that let him access flags from other ranges.

Rather than exploit it for points, Kevin did the right thing. He responsibly disclosed the bug to the event organizers, who were impressed by both his technical skill and ethical approach.

Shortly after, he received his first job offer – before even completing the boot camp.

Lessons for Newcomers: Get In, Get Involved and Get Comfortable with Being Uncomfortable

Kevin’s message for newcomers is clear: start before you feel ready.

Whether you're fresh out of school, changing careers, or just curious about cybersecurity, cyber ranges are an ideal starting point. They’re hands-on, engaging, and designed to meet you where you are. You don’t need to know all the tools or acronyms to participate, you just need to show up and try.

“Mistakes are how you learn. Every wrong turn is a chance to ask for help or figure something out.”

He also notes that fast progress from more experienced participants shouldn’t be intimidating. Everyone starts somewhere. In fact, Kevin now pays it forward by offering support to others during events, turning his experience into mentorship.

Advice for Team Leads and Trainers

For cybersecurity leaders, Kevin had another important takeaway: your approach to teaching matters.

“Don’t just show your team how to do something. Make sure they understand why it works, and how to think through the problem for the next time.”

This is especially true in technical fields like software security, where many concepts build on each other. Kevin stressed the need for empathy and adaptability in leadership, recognizing that different people learn in different ways.

Creating inclusive, practical, and supportive training environments doesn’t just improve outcomes. It also builds culture and encourages more people to grow into the field, just like Kevin did.

Why Cyber Ranges Work

Kevin’s journey demonstrates what we at CMD+CTRL believe to our core: cyber ranges can change lives.

They help demystify security concepts. They simulate real attacks in safe spaces. They inspire creativity and confidence. And most importantly, they build community.

That’s why we’re excited to invite you to our newest event series, Summer of Cyber Ranges. These free hands-on events are designed to bring together security professionals, learners, educators, and hackers (the good kind) to learn, challenge themselves, and have a blast. 

Whether you’re an aspiring analyst, an engineer curious about red teaming, or a manager looking to train your team in a fresh, engaging way, these events are made for you.

You’ll get:

  • Guided, gamified cyber range challenges that simulate real-world scenarios
  • Supportive Slack community space where you can ask questions, share insights and connect with others
  • Live event proctors who walk through challenges and answer questions in real-time
  • Post-event reporting and resources to help you continue learning or build a business case for team training
  • Optional team-based formats to encourage collaboration and friendly competition
  • Surprises and giveaways, because hacking should be fun!

Your Invitation: Learn by Doing, Grow Together, Have Fun

To help more people start their own journeys, the CMD+CTRL team is inviting learners of all skill levels to the Summer of Cyber Ranges, our free, hands-on training series.

The next event is happening on Thursday, July 24 at 7pm ET. And yes, it’s completely free to attend. Ready to get started?

You never know, this could be the event that inspires your next hire, helps you pivot careers, or re-ignites your passion for solving security challenges. Just like Kevin.

 



About CMD+CTRL Cyber Ranges

CMD+CTRL cyber ranges offer real applications, servers, traffic, technologies, and vulnerabilities to create an authentic, immersive experience. With over 500 challenges spanning application, platform, and business logic flaws, players think like attackers as they roam freely throughout the environment to probe system structure, exploit weaknesses, and make interlinking decisions.

Similar posts