Learning Astro, Offensive Security, and CI/CD
A short reflection on learning Astro, cybersecurity basics, and CI/CD workflows, and how each skill opened new perspectives in modern web development.
Alhamdulillah for the blessing and opportunity in the form of skills, namely Astro Framework, Offensive Security, and CI/CD Workflow. Below are the details.
Astro Framework#
Around 2 months were dedicated to learning Astro, starting from a simple question to an AI about what kind of web framework is very fast and secure, and the answer pointed to Astro. At first it was still doubtful, since among so many JS frameworks, choosing Astro felt unusual. After reading further, FreeCodeCamp, which once helped with learning responsive web design for free, also recommended Astro. That gave additional confidence.
During the learning process, it became clear that many large websites already use Astro, including Porsche. The community is also active and supportive. Joining the subreddit showed many people sharing the same surprise about how fast their sites become when built with Astro. More discussion about Astro Framework will probably come next time.
Offensive Security#
Interest in cybersecurity has existed since college, even with a statistics background. Cybersecurity feels different, with a kind of adrenaline that makes learning exciting. Early 2025 became the moment to finally dedicate proper time to it. TryHackMe became one of the most visited platforms, recommended by both international and local communities such as Merdeka Siber. Its beginner friendly structure helped clarify many fundamentals. Even the OSI 7 layers, which used to be unclear, finally made sense and revealed how the web functions.
Further reading showed that cybersecurity is closely tied to write ups. One well known certification, OSCP, even allocates 12 hours for hacking and 12 hours for reporting, highlighting how important clear documentation is in the field.
CI/CD Workflow#
CI/CD naturally followed after exploring Astro Framework. Hosting used to be confusing, especially coming from the usual WordPress plus shared hosting setup. Today, many providers offer free hosting even for SSR, such as Netlify and Cloudflare Pages. Netlify’s 300 build minutes limit felt restrictive, especially when each build takes about a minute and content continues to grow.
GitHub Actions eventually became the preferred choice because it integrates directly with GitHub and offers more flexibility when the repository is public. Since making the repo public was not an issue, GitHub Actions became the main workflow, followed by purchasing a .com domain. A .dev domain was considered, but the scope of the work is broader than just development, so .com fit better.
Thank you for reading :)