We’re halfway through 2026, and I’m taking a breath to document what has already been the most intense, rewarding six months of my professional life. This year wasn’t about starting from scratch, I entered January with cloud architecture certifications from 2025 and years of development experience, but it was about a deliberate shift. I wanted to move from building secure systems to investigating them when they fail, and then to multiplying that knowledge by teaching others. The result has been a dense chain of certifications, hands-on training, and instruction that I’m still in the middle of. This is the story of that first half.

Setting the Stage on what 2025 Built

A quick note for context: by the end of 2025 I had earned Oracle Cloud Infrastructure Architect Associate, OCI Infrastructure Security Professional, and renewed my ISC2 Certified Cybersecurity Personnel and secOPS AppSec Practitioner credentials. That foundation in cloud security, architecture, and application security gave me a strong technical backbone. But as 2026 began, I knew I needed to go deeper into the operating system layer, into forensic investigation, and into the art of teaching cybersecurity, so I could contribute more directly to incident response and workforce development in Ghana and beyond.

Q1 2026: Sharpening Linux and Cloud Threat Knowledge

The year started with a laser focus on the backbone of almost every server, container, and forensic image: Linux.

ec-Council Linux Security Guide was my first target. This certification forced me to master Linux hardening techniques, kernel security, mandatory access controls, system auditing, and log analysis at a level I hadn’t previously systematised. Why? Because when a cloud instance is compromised, the investigator doesn’t get a nice dashboard, they get a Linux filesystem. Understanding how to secure Linux and how to dissect it after an incident is non-negotiable for any forensic professional.

Alongside that, I completed Cybersecurity: Cloud Security NOW, a focused programme that updated my knowledge on modern cloud attack vectors, defence strategies, and the interplay between Linux security and cloud infrastructure. Cloud threats evolve fast; this course kept me from falling into the trap of relying on 2024 playbooks. Together, these two credentials built the bridge between my OCI knowledge and the gritty OS-level reality.

February 2026: Hands-On Forensics with Hive Consult

If January were about theory, February was about practice. I enrolled in the Digital Forensics and Investigation Training delivered by Hive Consult, one of Ghana’s leading cybersecurity training and consultancy firms. This wasn’t a lecture series, it was an intensive, lab-driven programme that simulated real-world investigations.

Over several weeks, I learned forensic acquisition of volatile and non-volatile data, proper evidence handling and chain of custody procedures, timeline analysis, file system forensics, and the legal and ethical frameworks that govern digital investigations in multiple jurisdictions. We worked with commercial and open-source forensic tools, dissected memory dumps, and reconstructed user activity from disk images. The instructors brought field experience, and the environment was relentlessly practical.

By the end of March, I could approach an investigation scenario methodically, document every step, and articulate findings clearly, skills that directly transferred into the exam environment a few months later.

Concurrent Growth: Teaching Linux Security

While I was still digesting my forensics training, Hive Security Consult offered me an opportunity that I almost couldn’t believe: to become the instructor for Essential Linux Skills for Cybersecurity Professionals, a course they run for aspiring security practitioners. I started teaching in April, and I haven’t stopped since.

This dual role, learner and educator, created a feedback loop I hadn’t anticipated. Preparing lessons on Linux user management, log analysis, network configuration, and security hardening forced me to break concepts down to their fundamentals. Students asked questions that pushed me into corners of the operating system I’d never explored. Some nights I’d finish teaching a module on auditd or iptables, then go home and study those exact topics at a deeper level for my own certifications.

Teaching also gave me an authentic understanding of what it means to be a cybersecurity educator, a skill set I was about to test formally.

June 2026: The Double Certification Week

I entered June with two major exams on my calendar, five days apart: the Certified Computer Forensics Analyst (CCFA) on June 9, and the Certified Cybersecurity Educator Professional (CCEP) on June 14. Both represented critical, but different, dimensions of my growth.

CCFA, eSecurity Institute (June 9)

The CCFA validated everything I’d been building toward. The exam covered forensic investigation methodology, evidence acquisition and preservation, file system analysis, network forensics, cloud forensics, and the legal aspects of digital evidence. Thanks to my March training with Hive Consult, I didn’t approach the questions as abstract scenarios, I could mentally place myself in a lab, recall the steps I’d taken during similar exercises, and apply the same logic.

This certification matters to me because forensics is the detective work of cybersecurity. It’s the discipline that answers “what happened?” and “how do we prove it?” In a world where breaches are inevitable, the ability to investigate competently is just as important as the ability to defend. CCFA made my forensic skill set official.

Muhammed Kanyi Certified Computer Forensics Analyst

CCEP, Red Team Leaders (June 14)

Five days later, I sat for the CCEP, a certification designed to assess both technical breadth and pedagogical ability across eight major cybersecurity domains. Those domains are:

  1. Fundamentals & Network Security

  2. Information Security Architecture

  3. Identity and Access Management (IAM)

  4. Offensive Security & Threat Modeling

  5. Cloud Security

  6. Security Operations (SOC & Incident Response)

  7. Application Security

  8. Cryptography

The CCEP isn’t about being a singular expert in all eight, it’s about demonstrating that you can teach each of them, connecting concepts, and making complex ideas accessible. For me, the preparation didn’t happen in a cram session, it happened across the entire first half of 2026, thanks to deliberate layering.

Muhammed Kanyi

  • My OCI certifications from 2025 gave me architecture, cloud security, and IAM depth.

  • The Linux Security and Cloud Security NOW courses reinforced network fundamentals, IAM, and cryptography.

  • The forensic training and CCFA prep covered security operations, incident response, and threat modeling.

  • My fullstack development background and AppSec certification provided application security knowledge.

  • And crucially, my ongoing teaching of Linux skills proved I could break down any of these topics into digestible, structured lessons.

When I tackled the CCEP exam, I was able to answer questions not just from a single perspective, but with the understanding that an educator needs to show how IAM works on a Linux server, in a cloud environment, and inside a web application, and why it matters in each context. That’s the kind of synthesis this certification demands.

The 2026 Timeline at a Glance

What Made This Possible

Pulling off four certifications, an intensive training programme, and a teaching role in six months wasn’t magic. A few principles made the difference:

  1. Stacking complementary learning: I chose certifications that reinforced each other. Linux security fed into forensics; forensics fed into incident response; teaching tied everything together. The whole was greater than the sum of its parts.

  2. Practical before theoretical validation: Doing the hands-on forensics training in March before sitting CCFA in June meant the concepts had time to sink in through real application, not just reading.

  3. Teaching as a learning accelerator: Preparing course material for Linux skills forced me to anticipate student misunderstandings and explain clearly. That mental exercise deepened my own knowledge and directly prepared me for the CCEP’s pedagogical demands.

  4. Community and mentorship: Hive Consult provided more than training; they gave me a platform to teach and a network of professionals who challenged me daily. That environment kept me accountable and inspired.

  5. Physical discipline: I maintained my powerlifting routine throughout. Early morning gym sessions cleared my head for study marathons and lesson planning. Physical stress became a tool for mental resilience.

Why This Path Matters

Mid-2026 finds me in a unique position. I’m not just someone with certificates on a wall, I’m a practising cloud security professional who can investigate a breach, teach others how to prevent one, and develop secure software from the ground up. The combination of forensic capability, Linux mastery, cloud security design, and educator credentials opens doors to incident response leadership, curriculum development, and mentorship roles that a single-track specialist might not access.

More importantly, it allows me to contribute meaningfully to the cybersecurity ecosystem in Ghana and West Africa. The skills gap here isn’t going to close by importing solutions; it will close when local professionals like those at Hive Consult train and empower the next generation. My goal is to be part of that engine, investigating incidents, yes, but also creating new investigators, new defenders, and new educators.

What’s Next

The second half of 2026 will be about consolidation and expansion:

  • Deepening forensic practice through real incident response engagements and advanced analysis techniques.

  • Expanding my teaching portfolio, potentially developing modules on cloud forensics, secure coding, or threat modeling.

  • Mentoring junior professionals more formally, using my CCEP skills to design structured learning paths.

  • Contributing to open-source security tools or documentation, bridging the gap between development and security education.

  • Staying sharp on Linux and cloud security, because the threat landscape never stops moving.

  • Building exciting tech products as the CTO of Tech Patterns Center in Ghana, where I’ll apply my full-stack development background, cloud architecture expertise, and security-first mindset to create solutions that solve real problems.

This half-year has proven that rapid, layered skill acquisition is possible when you align certifications with practical training and immediate application. It has also proven that teaching and learning can, and should, coexist. Now I’m taking that same philosophy into product development, because the best security isn’t bolted on, it’s built in from the start, and there’s no better way to prove that than by shipping secure products yourself.

A Final Thought

If you’re reading this in July 2026 and wondering whether you can still pivot, add a credential, or start teaching while you learn: you can. Pick a domain that excites you, find hands-on training that grounds the theory, and look for every chance to explain what you know to someone else. The certifications will come, but the competence and the confidence to share it will come faster than you expect.

I’m looking forward to the next six months with the same hunger that powered the first. But for now, I’m pausing, grateful for the journey, and ready to keep building.