One significant mistake I made occurred in August 2022, when I experienced a personal cybersecurity incident that resulted in the loss of sensitive data and digital assets. At the time, I relied heavily on LastPass as my primary and only password manager. I chose it because it was a well-known platform, widely regarded as reputable, and had strong reviews on the app store. I believed I had implemented strong security practices, including multi-factor authentication using a YubiKey. However, I made a critical mistake in how I used the platform. I stored highly sensitive information within LastPass secure notes, including recovery phrases for my cryptocurrency wallets. While this seemed convenient, it ultimately created a single point of failure. When LastPass later disclosed a breach involving encrypted vault data, I underestimated the potential risk. Shortly afterwards, I discovered unauthorised transactions across two of my cryptocurrency wallets, which had been accessed and drained. Fortunately, the financial impact was limited, but the experience was significant. It served as a turning point for me, exposing the gap between theoretical security knowledge and real-world secure behaviour. ![[Pasted image 20260419225306.png]] In response, I immediately focused on containment and recovery. I transferred any remaining assets into new wallets with fresh keys, changed passwords across all my accounts to eliminate any potential compromise, and removed all sensitive data from cloud based storage, specifically Google services, as my Gmail had also been compromised. I also shifted towards a layered security approach, using offline backups, such as writing down critical passwords and storing them securely in a personal location. Beyond the immediate response, I wanted to take ownership of my security practices rather than simply moving to another third party solution like Bitwarden or 1Password. At the time, it felt like moving from one burnt house to another safehouse that could eventually face similar risks, and I did not want to go through that experience again. Instead, I decided to apply my limited programming and cybersecurity skills by building my own password manager as a personal project. To get started, I spent time watching a wide range of YouTube videos, reading tutorials from developer blogs, and exploring GitHub repositories to understand how password managers are designed and implemented in practice. I ended up developing a very simple password manager that stored credentials locally on my laptop rather than in the cloud, allowing for portability and full control over my data while reducing reliance on external systems and minimising exposure to large scale breaches. At the same time, I maintained offline backups by writing down critical information and storing it securely, ensuring I would still have access in case of device failure or loss. The tool supported core functionality such as adding, editing, searching, and deleting credentials, along with storing basic fields like usernames, passwords, and notes. I implemented encryption using a master password, ensuring that all stored data remained protected and unreadable without proper authentication. I also added practical features such as password generation, auto locking after inactivity, and clearing sensitive data from the clipboard after use. When deciding how to build the tool, I initially considered using Python due to my familiarity with it. However, I chose to use Rust after learning that it provides stronger guarantees around memory safety and performance, which are important when handling sensitive data. I also found that many developers building similar tools were using Rust, which made it easier to learn from existing implementations and best practices. Rust also encouraged me to think more carefully about how data is handled in memory, reducing the risk of unintended leaks. I built the application as a command line tool to keep the design simple, minimise dependencies, and reduce the overall attack surface, allowing me to focus on core security functionality. While the password manager was not intended to replace commercial solutions, particularly in terms of user interface, feature depth, and continuous updates against emerging threats, building it gave me hands on experience with secure design principles and a deeper understanding of encryption, key management, and defence in depth. More importantly, it helped rebuild my confidence after the incident and shifted my mindset from relying on tools to understanding how they are built and evaluated. Since then, it has also influenced how I approach learning and development. In particular, when it comes to activities such as Capture The Flag (CTF) competitions, I have become increasingly interested in creating and designing my own challenges. I realised that I have ideas I want to explore, especially in domains such as OSINT, and this marked a shift from being purely a participant to taking ownership and building solutions myself. It reinforced the importance of not only learning from others’ creativity and ingenuity, but also contributing my own. Finally, it reshaped how I think about cybersecurity, particularly in relation to personal privacy and security practices. It highlighted the risks of centralising sensitive information and prioritising convenience over security, while reinforcing the value of hands-on problem solving. What began as a significant mistake ultimately became a defining learning moment, strengthening both my technical capabilities and my overall approach to security moving forward. ![[Pasted image 20260419230309.png]]