I don't have a traditional background. No university degree (yet). No Silicon Valley internship. I started as an apprentice at Bosch — a Fachinformatiker für Anwendungsentwicklung — which is a uniquely German path into tech that most international recruiters have never heard of. It's a three-year program that combines full-time work with vocational school. You learn by building real things for a real company.
That apprenticeship taught me more about shipping software than any bootcamp could. But it also made me realize: to get where I want to go, I need to think in decades, not quarters.
This post is my career roadmap. It's public because I believe in building in public. And because I want to look back in five years and see how wrong (or right) I was.
Where I Am Now (2026)
I'm a software developer at Bosch in Blaichach / Immenstadt. My day job is application development, but my real focus — the thing I spend evenings and weekends on — is security. I've built four projects in the security space: AEGIS (an AI agent security framework), an Attack Surface Scanner, a security tool for SMBs, and VendorQ (a B2B SaaS for security questionnaires).
In October 2026, I'm starting a dual-degree program in Computer Science with a Cybersecurity focus. This means I'll be working and studying simultaneously for the next three years. It's going to be intense, but it fills the biggest gap in my profile: a formal CS education.
The Two Paths
I see two possible futures for myself, and I'm genuinely uncertain which one I'll pursue. That's the "???" in the title. Both are exciting. Both are viable. The next 2-3 years will determine which one wins.
Join Google, Microsoft, or a comparable company in Zurich as a Security Engineer. Work on problems at a scale that few companies can offer. Learn from the best. Build a network. Gain credibility that opens every door in the industry.
Timeline: 2029-2030, after completing the dual-degree program.
What I need: CS degree (in progress), strong portfolio (building it), relevant certifications (planned: OSCP, cloud security certs), and the ability to pass Big Tech interviews.
Take one of my current projects — most likely VendorQ or a evolution of the SMB Security Tool — and turn it into a real company. The security market for small and medium businesses is massively underserved. The tools that exist are either too expensive, too complex, or both. There's a gap, and I have the technical skills to fill it.
Timeline: Could start during the dual-degree program if a product gains traction. Or after 2-3 years at Big Tech if I go Path A first.
What I need: Product-market fit for one of my projects, initial revenue, and the conviction to bet on myself.
The Stepping Stones
Regardless of which path I take, the next moves are the same:
2026-2029: Dual-degree + building. Complete the CS program while continuing to ship security projects. The degree gives me the theoretical foundation and the credential. The projects give me the portfolio and the proof of execution. Both matter.
Side projects as job applications. Every project I build is a signal. AEGIS tells security teams I understand AI threats. The Attack Surface Scanner shows I can build offensive security tools. VendorQ proves I can build SaaS products. These aren't hobby projects — they're my interview portfolio, assembled over years instead of weeks.
Community presence. I'm starting to write (you're reading it), contribute to open source security projects, and engage with the security community. In security, reputation matters more than almost any other field. The network you build is the career you build.
Why Zurich
Zurich is the target location regardless of the path. Google and Microsoft both have major engineering offices there. The startup ecosystem is growing, backed by ETH Zurich and serious venture capital. The quality of life is exceptional. And practically speaking, it's close enough to the Oberallgäu that the transition doesn't feel like moving to another planet.
Zurich also has one of the highest concentrations of security talent in Europe. Being in that ecosystem, surrounded by people working on the hardest problems in the field, is where I want to be.
What Could Go Wrong
I think it's important to be honest about the risks. The dual-degree program could be harder than I expect. One of the paths might close if the market shifts. I might discover that Big Tech culture doesn't suit me, or that running a startup is more lonely than I imagined. My side projects might not gain traction despite years of work.
I'm okay with all of these possibilities because the fundamental strategy is resilient: build skills, ship projects, stay adaptable. Even if the specific destination changes, those three things compound regardless of where I end up.
The Question Mark
The "???" in the title is deliberate. I don't know where I'll be in five years. I know where I want to be — running security for a major product, or building a security company that makes the internet safer for small businesses. But the specific path will emerge from the work itself.
What I do know: I'll be further along than I am today. The system works, I show up every day, and the direction is clear — even if I don't know exactly where it ends.