I'm Hismon Tam, a QA engineer with over 8 years of professional experience in software quality assurance, user acceptance testing, and software development. I specialize in crafting robust testing strategies and integrating QA processes seamlessly into DevOps workflows to ensure digital products are not only functional but secure.

With a strong technical foundation in tools and languages such as Cypress, JavaScript, Java, Python, Postman, Jenkins, Docker, MySQL, Azure, and AWS, I build effective testing frameworks that drive customer satisfaction and business success. My international experience across the US, Hong Kong, and the UK in FinTech, B2C SaaS, IoT, and POS sectors has shaped a well-rounded and adaptable QA mindset.

In parallel with my QA career, I’m actively expanding my skill set into the field of Cybersecurity/Secuity Testing Skills. I’m currently learning and practicing skills in:

• 🔐 Security Fundamentals: Risk management, secure architecture, incident response
• 🌐 Network Security: Firewalls, VPNs, packet analysis, secure protocols
• ☁️ Cloud Security: Microsoft Azure (AZ-500 labs completed), AWS security tools
• 🧪 Practical Hands-on Labs: TryHackMe, Virtual Hacking Labs
• 🧠 Certification Tracks:
  • CompTIA Security+ (in progress)
  • BLT1 (Basic Linux & Networking) (Planning)
  • PNPT (Practical Network Penetration Tester) (Planning)
  • OSCP (Offensive Security Certified Professional) – long-term goal (Planning)

This journey is helping me combine my strengths in QA and development with a growing knowledge of cybersecurity, allowing me to contribute to secure, high-performing software in modern IT World environments.

I’m currently learning cybersecurity with a strong focus on both fundamentals and hands-on technical skills. My learning path includes topics such as network security, threat analysis, incident response, and security architecture. I’m actively preparing for the CompTIA Security+ certification to solidify my understanding of core security concepts.

To gain practical experience, I regularly complete guided labs and challenges on TryHackMe, covering areas like networking, vulnerability management, and security operations. I’ve also completed a full set of Microsoft AZ-500 lab projects, gaining hands-on experience with Azure Security Center, role-based access control (RBAC), Azure Firewall, Key Vault, and Azure Sentinel.

As part of my continued growth, I’m planning to expand my skills through the following certifications and learning paths:

• 📘 CompTIA Security+ (in progress)
• 🧠 TCM BLT1 – Basic Linux & Networking
• 🔍 PNPT – Practical Network Penetration Tester
• 🧪 OSCP – Offensive Security Certified Professional (long-term goal)

This cybersecurity journey complements my QA and development background, allowing me to better understand security from both a preventive and technical testing perspective.

I’ve completed all core lab projects for AZ-500 certification including:

• ✅ Azure Security Center & Microsoft Defender
• ✅ Identity & Access Management (RBAC, PIM, Conditional Access)
• ✅ Network Security (NSG, Firewall, VPNs)
• ✅ Azure Key Vault, Disk Encryption, Policies
• ✅ Azure Monitor, Log Analytics, Azure Sentinel

This repo contains lab walkthroughs, notes, and best practices I used to prepare.

• English
• Cantonese
• Mandarin

Thanks for stopping by! Let's connect and grow in the cybersecurity journey together. 🛡️🚀