It’s a strategic blueprint from someone who helped Netflix scale security without slowing the company’s engineering engine—a balance that’s notoriously hard to get right.

It got me thinking about my own path as a Security Engineer and the various domains I’ve worked in.

What stuck with me wasn’t just Jason’s structured layers of context, strategy, and execution, but how those principles have shown up in my work again and again.

Sometimes explicitly. Sometimes, without realizing it until later.

So in this issue, I want to do two things:

1. Walk you through a few pivotal moments in my security engineering career

2. Extract real, applicable lessons from each so that you can bring them into your own context

This is not just “what I did.”

It’s “why it mattered, and what it could mean for you.”

Subscribe now

Join a vibrant cybersecurity community of over 7,000 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

Watch the full video breakdown below:

When Speed Is the Priority

Jason discusses how security teams must make room for velocity, not hinder it.

That means knowing when to optimize for “good enough right now” versus “perfect later.”

That lesson hit me hard during an active cloud campaign while I was a cloud threat detection engineer.

We were watching an attacker group compromise cloud environments at scale, deploying crypto miners using consistent IAM roles and resource naming patterns.

We had clear indicators, but no time for elegant detection modeling or layered behavioral TTP-based detections.

So I made the call to build and deploy an IOC-heavy detection.

The logic was sharp but narrow. It was very atomic in nature.

Honestly, it wasn’t what I’d want to ship under normal conditions. But it bought us time.

Visibility first. Accuracy later.

What I learned (and you can apply):

• There is a time and place for precision, but don’t let the perfect detection delay critical visibility.

• Your first iteration (for an atomic detection) doesn’t have to scale. It has to inform.

• Build something quickly, but tag it for review. Revisit it once the fire’s out.

• Sometimes, shipping quickly is the safest thing to do.

And this applies far beyond cloud detection.

Whether it’s building IAM policies, hardening containers, or writing security automation, sometimes velocity is the first layer of resilience.

Build Once, Scale Forever

Jason describes “strategy” as choosing high-leverage work that scales your impact.

When I was tasked with building detections for Google Cloud (GCP) as a cloud threat detection engineer, I could have started cranking out detections service by service.

But I knew that wouldn’t scale, and frankly, I didn’t fully understand GCP yet. Instead, I stepped back and developed an understanding of the cloud provider and a cloud threat modeling framework.

I grouped GCP services into high-level domains - Compute, storage, IAM, databases, and then used those abstractions to understand attack surfaces.

From there, I could drill down into the specifics:

• What does identity misuse look like across IAM and storage?

• How does lateral movement manifest in GCP’s managed services?

• How are GCP services abused differently or similarly to other Cloud services?

What I learned (and you can apply):

• Before building tooling or detections, have a mental model of the domain. It doesn’t have to be perfect—it just has to make complexity navigable.

• Focus on identifying common patterns across services rather than isolated exceptions. This is where reliable detection logic starts.

• If you’re onboarding into a new cloud provider, threat modeling isn’t a “nice to have”—it’s your best shot at building a reusable, scalable detection strategy.

• Documentation is a weapon. When you build mental models, write them down. It’ll save the next person weeks of confusion—and save you from repeating work six months later.

If you’re early in your career, this is gold: don’t just solve the problem, try to solve the class of problems.

Why Saying “No” is Strategic

One of the sharpest lines from Jason’s piece comes from Netflix’s former CEO, Reed Hastings:

“Strategy is about what you don’t do.”

In my current role, I work on differentiated threat intelligence for specific business units.

One thing I’ve learned the hard way is that not all intel is valuable, even if it’s technically correct or urgent elsewhere.

The internet is full of noise: threat feeds, CVEs, indicators, and intel reports. But my responsibility is to ask, “Is this relevant to us?” If not, I let it go—even if it seems scary or hyped.

What I learned (and you can apply):

• Intelligence without context is just a distraction.

• Learn to filter based on business impact and sector alignment, not just raw severity.

• It’s okay to ignore the noise—especially if you’re building a detection or IR strategy. Not every problem is your problem.

• Write down your priorities or “filter criteria.” That makes your decisions repeatable and teachable.

This applies equally across the SecOps team: don’t get caught writing detections or chasing rabbit holes just because something trended on Twitter.

Institutional Memory is Security Engineering’s Secret Weapon

Chan stresses that true scalability requires building systems people can use long after you’re gone.

That lesson came alive for me recently.

There were two major internal systems my team was responsible for—critical to detection, response, and threat intelligence—but they were barely understood.

No central knowledge. No reusable playbooks.

So, I took it on: I studied the systems, documented their behaviors and our failure points in our interactions with them, hosted a team lunch-and-learn, and built an internal wiki that others could use.

What I learned (and you can apply):

• Documentation isn’t a chore—it’s a force multiplier.

• If your knowledge lives only in your head, your impact dies when you take PTO.

• Teach others how to operate what you’ve built. That’s when you know you’ve succeeded.

• Institutional knowledge is a competitive advantage—don’t let it go to waste.

If you’re early in your career, this is one of the fastest ways to stand out:

Be the person who makes the unclear clear.

Final Thoughts

Jason Chan’s framework gave me words for things I was already doing—but it also challenged me to be more intentional about them.

His call to build guardrails, not gates… to prioritize reuse over heroics… to measure and iterate... all of it resonates more deeply the longer I’ve been in this space.

So here’s my version of his model in practice:

• Context: Understand what your org actually needs, not what LinkedIn or Twitter’s yelling about.

• Strategy: Invest in models, processes, and documentation that outlive you.

• Execution: Move fast when needed—but reflect hard and revise often.

• Measurement: Let the data from real incidents teach you how to improve.

If you’re a security engineer, a detection engineer, a threat hunter, or even just starting, this is your reminder that speed and security don’t have to be enemies.

They can be collaborators if you give them structure.

Keep building paved roads.

And when you do, leave signs behind for the next engineer.

Share

What kind of engineer am I?

Not just what tools you use. Not just what your current title says.

But how do you show up?

How do you solve problems?

How do you instinctively approach complexity?

I’ve seen this question (and its answer) surface over and over again in Slack threads during IRs, in 1:1s with mentees, in hallway conversations, in the quiet frustration of mid-career engineers trying to “level up” but not quite sure how.

And after half a decade in the field—from building threat detection pipelines at prominent startups to leading IR and threat detection at one of the largest tech companies on Earth—I’ve come to believe that most of us in security tend to move within a few core archetypes.

Not boxes. Not labels.

Gravity wells.

You may have blended skills, but there’s usually a center of mass—a force that pulls you toward a particular way of thinking, contributing, and growing. And once you can name that?

That’s when your career starts to gain direction.

Subscribe now

Join a vibrant cybersecurity community of over 7000 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

Watch the full video breakdown below:

Archetypes: A Language for How We Work

Across every security team I’ve been on, I’ve seen five archetypes show up again and again.

These are less about job titles and more about your operating posture.

How you move through problems, what you prioritize, and what kind of work gives you energy.

The Guardian

You’re the shield. The one who jumps on high-severity alerts before anyone else blinks.

You see logs like other people see spreadsheets in patterns, stories, and subtle shifts. Your radar is constantly scanning for badness.

You live in detection pipelines, SOAR playbooks, and IR processes.

You bring signal out of noise. And when things are chaotic, you’re the one who restores order.

Superpower: Translating alerts into action. Noise into signal. Chaos into clarity.

Growth Edge: Learning to zoom out. Don’t just be good at building detection rules or IR workflows. Learn to ask why this detection matters to the business in the first place.

The Architect

Read more

Most of the time, you don’t just buy an asset and walk away; you continue to pay to maintain it. Take an investment property, for example. You pay for staff, maintenance, utilities, and software to sustain operations.

Cybersecurity is no different.

Every new detection rule, workflow automation, or control we deploy carries its own operational expenditure. It requires continuous validation, clear documentation, and regular upkeep via updates or deprecations.

But more importantly, it consumes the scarcest resource in cybersecurity: skilled humans. There simply aren’t enough experienced security professionals to go around, and every new control competes for their limited time, focus, and expertise.

On the same note, building new things is great; as a matter of fact, I encourage all cybersecurity engineers to be builders. However, building is a capital expenditure (CapEx). It’s exciting, one-time, and easy to celebrate.

Maintaining what we build? That’s OpEx. It’s invisible, mundane, constant, but essential.

The more you build, the more likely you are to owe, especially if you cut corners. And like financial debt, it doesn’t disappear. It compounds. You’re borrowing time from your future self, and eventually, the bill comes due.

But enough doom and gloom. This issue isn’t meant for that. It simply expresses this sentient problem as it relates to cyber defense.

Subscribe now

Detection Engineering: Hidden Subscription Fees

Writing a detection rule feels like a win. Even better when it catches an actual threat. You get the dopamine hit of adding coverage, expanding visibility, and contributing to your SOC’s “rule count.”

But every detection you create is a new “subscription”. More specifically, a line item on your cybersecurity operational budget.

The starting cost is the time spent building the detection and testing for precision. Then comes the forever tax of cycles spent triaging inevitable false positives. Then there are hidden fees in the form of headspace needed to document, tune, and maintain as adversaries shift or your environment evolves.

Over time, these costs may accumulate into what I call detection debt. This is the backlog of unmaintained rules and unreviewed alerts that quietly bleed efficiency from your Cybersecurity Operations function.

And like real debt, it then accrues interest if you don’t pay it down quickly or reel in your “spending” habits: more noise, more fatigue, more missed signals.

A future issue of the newsletter will address the topic of detection deprecation which may help keep your budget on track.

Incident Response: Expensive Attention

Incident Response operates under high pressure, where time is capital in a very valuable currency.

And just as a company’s burn rate determines its financial health, your alert volume and false positive rate determine your cognitive health, especially for the engineers or analysts triaging or responding.

When everything triggers, nothing stands out. It’s just like the boy who cried wolf. When security alerts lose credibility through repetition, coupled with little detection accountability, the real threats get ignored.

Each noisy alert from your detection engineering “subscription fees”, misconfigured automation workflows, or irrelevant security escalation/investigation costs minutes, which compound into hours across the team.

Ultimately, the time (capital) spent, or otherwise wasted, in a security incident could be the difference between containment and compromise. This is where those hidden fees start charging interest and bleeding you even more of your most finite IR resource - time.

GRC: The Cost of Compliance Theater

Governance, Risk, and Compliance (GRC) resides in the fine print of cyber defense, which is precisely where operational costs accumulate quietly. Every new framework, audit requirement, or control mapping is like adding another recurring bill.

At first, it looks harmless. One more spreadsheet, one more evidence collection task.

However, over time, these small costs accumulate into process debt, resulting in endless reviews, repetitive documentation, and reactive reporting loops.

Essentially, the result of GRC becoming a checklist rather than a compass. OpEx skyrockets without improving actual security outcomes. Policies become artifacts. Audits become rituals.

You end up paying to maintain a compliance theater instead of actual cyber resilience. Everyone loves a good show, but it should not come at the expense of actual security.

Maturity

Just as financial maturity isn’t necessarily measured by how much you make but by how much you actually keep, Security maturity should not simply be measured solely by how much you deploy.

It should also measure how much you sustain without drowning in your own complexity.

And your cost model should account for both maintenance and development.

I don’t want to reduce operational cost to a mere financial metaphor; I’ll dare to say that it’s a mindset.

It forces you to ask:

• Can this <insert control here> survive without me?

• Can this <insert control here> be maintained six months from now?

• Can this <insert control here> adapt to changes in the environment?

If the answer is no, it’s not ready for production — it’s just another liability waiting to mature.

Every control is a contract. Every rule is a recurring bill.

The longer you operate without acknowledging this, the more expensive your security becomes.

💭 Closing Thought

What’s your team’s real operational cost? Audit your detections, playbooks, and controls to see what you’re still paying for in time, toil, and attention.

Share

I’ve been in this space for five years now, working as a security engineer, mentoring hundreds of students, and teaching thousands through YouTube and Cyberwox Academy.

I’ve seen brilliant people stall out not because they weren’t smart enough, but because of a few career-killing habits.

If you want to actually land that cybersecurity role and grow, you need to avoid these traps.

Subscribe now

In Case You Missed It

I recently went through a cybersecurity 101 series. I’m sure you didn’t miss it, but if you did, here’s the whole workshop series in order:

Mistake #1: Learning Everything at Once

I’ve seen people trying to juggle Linux, PowerShell, Splunk, malware analysis, and offensive security… all at the same time. That’s not ambition. That’s burnout.

Cybersecurity is too deep a field for you to scatter your focus everywhere.

You need to choose a lane first.

• If you want to break into systems and networks and get paid to find vulnerabilities, choose offensive security.

• If you want to defend against malicious attackers, detect threats, and build security controls, choose defensive security.

Once you’ve built a foundation, you can always pivot. I’ve pivoted myself.

This field is flexible, but only if you build depth before chasing breadth.

Mistake #2: Believing a Single Certification Will Save You

I love seeing people celebrate when they pass Security+, OSCP, or CCD. But here’s the truth: a cert alone won’t get you the job.

A certification is a signal of effort, not proof of ability.

To stand out, you need to stack it with:

• Projects that show you can apply your knowledge.

• Advanced or specialized training in your chosen area.

• A strong resume and portfolio.

Think of certs as a door-opener. Just because a door is open doesn’t mean you’re in the house.

Mistake #3: Not Having a Structured Plan

Jumping between random YouTube tutorials, free PDFs, and half-finished labs is how people waste years.

You need structure.

That could be a degree, a bootcamp, or even a self-made plan. Personally, I built a six-month Cybersecurity Learning Framework to help beginners stay on track, and it works because it forces you to commit to a path and see it through.

Structure creates momentum. Without it, you’ll stay stuck in “learning mode” forever.

Mistake #4: Chasing Shiny Objects

This one hits close to home for me.

It’s so tempting to jump on the new hype wave of AI, blockchain, and cloud-native security right away, abandoning what you’re currently learning.

One minute you’re deep into a Windows memory analysis lab, the next you’re signing up for an “AI security” course you don’t even understand.

Here’s the fix: define your exact goal.

Do you want to become:

• A detection engineer?

• An incident responder?

• A cloud security engineer?

• An offensive security specialist?

Each of those paths requires specific skills.

Until you pick a target, you’ll keep drifting.

Mistake #5: Neglecting Networking & Mentorship

I can’t stress this enough: relationships move careers.

Cybersecurity is full of hidden opportunities, such as referrals, projects, collaborations, and even jobs that never hit LinkedIn job boards.

I’ve seen people land life-changing roles simply because they were active in their communities, attended conferences, or found the right mentor (me included).

Yes, your skills matter. However, your network will accelerate your growth in ways that a pure technical grind never will.

Join a vibrant cybersecurity community of over 6,900 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like reading, fitness, finance, anime, and other exciting subjects.

Join Us!

The Bottom Line

Cybersecurity is huge.

There are countless domains, endless new tools, and more hype than you can keep up with. If you want to survive and thrive, you need to:

• Focus deeply before broadening out.

• Build beyond certs with real projects.

• Stick to a structured plan.

• Ignore distractions until you’ve mastered the fundamentals.

• Invest in people as much as you invest in skills.

Your progress isn’t solely determined by your knowledge, but also by how you handle the journey.

The good news? These mistakes are fixable. Start now, and you can avoid wasting years of effort.

Share Cyberwox Unplugged

What started as a room of students, career-switchers, and curious professionals asking simple questions — “What exactly is cybersecurity?” — turned into a deep dive on why this field matters, how attackers operate, and how you can build a career in it.

If you’ve been following along since Part I, thank you. If you’re finding this series now, you’re right on time.

Subscribe now

In Case You Missed Anything

Here’s the whole workshop series in order:

The Bigger Lesson

If there’s one theme across the entire workshop, it’s this: cybersecurity is a mission.

Yes, it’s an industry with job titles and salaries. Yes, it’s a career with many entry points. But at its core, it’s about protecting people, data, and organizations from those who want to misuse them.

That mission is what keeps me learning, teaching, and building community through Cyberwox Academy and this newsletter.

What’s Next

If this series lit a spark for you, here are your next steps:

• 🎥 Watch the complete edited workshop — available exclusively for Cyberwox members on YouTube.
  👉🏽Join here to unlock it

• 🚪 Join the Cyberwox Academy Discord — 6,800+ members learning, building projects, sharing jobs, and supporting each other.
  👉🏽 Join the community here

• 📰 Stay tuned right here on Cyberwox Unplugged — I’ll continue sharing reflections, career lessons, and deeper dives into the craft of cybersecurity.

Final Word

I started this series because I didn’t want the energy from that workshop to fade away after the room emptied. Now it resides here, accessible to anyone who needs it, whether you’re just curious about cybersecurity or ready to dive in headfirst.

If it gave you clarity, share it with someone who might need the same spark.

Share

That provided us with a map of what we’re defending against.

Now let’s talk about the people who do the defending, and those who play offense to make defenses stronger. From there, we’ll dive into the most practical question for many of you reading this:

How do you build a career in this field?

Subscribe now

⏪ Check out parts 1 & 2 if you’ve missed them!

The Blue Team: Defenders on the Frontline

When most people think of “cybersecurity jobs,” they picture the Blue Team. These are the defenders, responsible for protecting organizations from day-to-day threats.

I told the workshop: “Think of the Blue Team as operating on five verbs: Monitoring, Analysis, Detection, Response, and Prevention.”

1. Monitoring – Collecting logs and telemetry. Every system, every login, every file download generates a trail. At scale, this translates to billions of records per day. Monitoring gives us visibility.

2. Analysis – Separating signal from noise. Not every failed login is an attack, but some are. Analysts sift through the haystack to find the needle.

3. Detection – Writing rules and logic to catch bad activity automatically. For example: “Alert me if anyone logs in from outside Texas when all our employees are based here.”

4. Response – Once an alert fires, the real work begins. Investigating what happened, containing it before it spreads, eradicating the threat, and remediating the environment.

5. Prevention – Instead of waiting for threats, build guardrails that prevent them from occurring in the first place. Think strong identity checks, firewalls, or policies that block risky behavior.

Within the Blue Team, careers range from SOC Analyst to Detection Engineer to Incident Responder to Cloud Security Engineer. Each has its own flavor, but all share the same mission: protect confidentiality, integrity, and availability.

The Red Team: Offense for Good

The Red Team takes a different approach. Instead of waiting for attackers, they simulate them.

I explained in the workshop: “Cybersecurity borrows heavily from the military. Blue Teams defend. Red Teams attack.”

Red Teamers, penetration testers, and adversary emulation specialists attempt to break into systems in the same manner as a malicious hacker would. The difference?

Their job is to report the weaknesses they find so that they can be addressed and fixed.

It’s offense in service of defense.

Red Team roles include:

• Penetration Testers – Contracted to test apps, networks, or infrastructure.

• Adversary Emulation Specialists – Simulate real-world attackers (e.g., APT groups) to see how defenders respond.

• Red Team Engineers/Operators – Build the tools, exploits, and campaigns used in simulations.

Where the Blue Team thrives on logs and detections, the Red Team thrives on creativity, exploitation, and thinking like an attacker.

Audience Q&A Moment

One audience member asked:

“So which side is better — Blue or Red?”

My answer: neither. Both exist because of each other. Red Teams keep Blue Teams sharp. Blue Teams build the guardrails, Red Teams test.

For careers, it comes down to personality:

• Do you love puzzles, detection logic, and digging through logs? Blue might fit.

• Do you love breaking things, exploiting systems, and thinking adversarially? Red might fit.

And the truth is, you can pivot between the two. Many professionals (myself included) have worn both hats over the years.

Career Pathways Into Cybersecurity

Now to the part most people lean forward for: “How do I get in?”

I broke it down into four practical pathways, and I’ll expand on them here.

1. Certifications (Practical > Theoretical)

I emphasized in the workshop that a cert isn't a guaranteed ticket to a job. But a good cert offers structure, demonstrates knowledge, and, if practical, shows you can actually do the work.

My top recommendations:

For Blue Team (Defensive Security):

• Blue Team Level 1 (BTL1) – Security Blue Team. Hands-on, 24-hour scenario-based cert.

• Certified Defensive Security Analyst (CDSA) – Hack The Box. Covers monitoring + response.

• Certified CyberDefender (CCD) – CyberDefenders. 48-hour, practical detection + response.

For Red Team (Offensive Security):

• PNPT (Practical Network Penetration Tester) – TCM Security. Affordable, hands-on.

• OSCP (Offensive Security Certified Professional) – Industry standard. An intense 24-hour exam where you must exploit systems and write a report.

2. College (Strategic, but Choose Wisely)

Not all degrees are equal. My honest take?

Skip cybersecurity degrees unless they are practical.

Most are heavy on theory, light on skills.

Better options:

• Computer Science – Builds coding + math depth, which makes you far stronger in modern security roles.

• SANS Institute – Expensive, but elite. Highly practical and industry-respected.

• WGU (Western Governors University) – Affordable, cert-heavy, NSA recognized. Great for career switchers.

• RIT (Rochester Institute of Technology) – One of the best U.S. programs in cybersecurity.

3. Projects (Proof You Can Do the Work)

I can’t stress this enough: projects differentiate you.

• Build a detection for a real attack in Splunk and blog about it.

• Analyze malware samples in a home lab and share your findings.

• Write about how you set up a SIEM, an IDS, or a honeypot at home.

Projects show initiative, practical ability, and communication skills. Employers love seeing them on resumes, GitHub, or LinkedIn.

4. Labs & Practice Grounds

Don’t just read — practice. The best platforms:

• TryHackMe – Beginner-friendly, guided labs for both Blue and Red. $14/month is worth it.

• HackTheBox – More advanced, great for offensive practice.

• Your Own Home Lab – The ultimate. Spin up virtual machines, simulate attacks, and practice detection. It’s how I sharpened my skills early on, and I still use mine.

Transferable Skills Count Too

If you’re already in an IT help desk, sysadmin, or networking role, you have a head start. Many of those skills are directly applicable to cybersecurity.

It’s easier to pivot from IT to security than from scratch.

The Community Advantage

Cybersecurity isn’t a solo sport. That’s why I built the Cyberwox Academy Discord: a community of over 6,800 members where students, professionals, and recruiters share jobs, resources, and guidance.

I told the workshop: “I can’t answer every question alone, but together, this community can.”

Joining spaces like this not only accelerates learning but also exposes you to opportunities. People have literally landed jobs just by networking inside.

Join a vibrant cybersecurity community of over 6,800 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

Closing Reflection

By the end of the workshop, I wanted the room to walk away with this: Cybersecurity is a mission, and it needs people. Whether you lean defensive, offensive, or somewhere in between, there’s space for you here.

But breaking in requires more than memorizing definitions. It requires:

• Building practical skill through certs, labs, and projects.

• Learning to communicate risk in business terms.

• Plugging into a community that pushes you forward.

If you do that, not only will you break in — you’ll thrive.

🎥 Watch the Full Workshop (Cyberwox Members Only)

If you’d like to watch the complete edited two-hour workshop, it’s available exclusively to my Cyberwox Squad and Syndicate members on YouTube.

👉🏽 Join here and watch the full session.

✅ That’s the conclusion of this 3-part series: Cybersecurity 101. If you’ve read this far, you’re already ahead of most people trying to understand this field. Share this with someone who needs to know this.

Share Cyberwox Unplugged

Now it’s time to get a little more structured.

When I teach cybersecurity, I always emphasize that we need foundations—concepts that simplify a massive, complex field into something we can actually build on.

That’s where the CIA Triad comes in. And no, I’m not talking about the spy agency.

Subscribe now

⏪ Check out part 1 (why it all matters) if you’ve missed it!

The CIA Triad: Cybersecurity’s North Star

At one point in the workshop, I asked: “How do we make sense of something as broad as cybersecurity?”

My answer: Start with the CIA Triad — Confidentiality, Integrity, and Availability.

These three principles are the foundation of everything we do.

• Confidentiality - Ensuring that only authorized individuals can access the data.

  • Imagine your mortgage account. Only you and an authorized individual from your bank should have access to this information. Confidentiality is what prevents your neighbor, your co-worker, or a hacker on the other side of the world from peeking in. In practice, we enforce this through encryption, access controls, and identity verification.

• Integrity - Ensuring the data isn’t tampered with.

  • If your mortgage account lists you as Dayspring Johnson, integrity ensures no one can sneak in and flip that to James Johnson. If that change happened, the system would now recognize James as the owner. Integrity keeps systems from being manipulated behind your back.

• Availability - Ensuring you can access your data when you need it.

  • If ransomware locks down your bank account, retirement funds, or even your laptop, then your data may still exist, but it’s unavailable to you. And in practice, that’s the same as losing it.

I told the room, “If you remember nothing else from today, remember these three. Break any one of them, and security collapses.”

Threats, Vulnerabilities, and Risk

Once you know the CIA Triad, the next question is: what actually threatens these three pillars?

We use three words constantly in this industry: threats, vulnerabilities, and risk.

• Threats – These are individuals or forces that attempt to cause harm. Attackers trying to break in, steal data, or disrupt availability. A ransomware crew is a threat. An insider misusing access is a threat.

• Vulnerabilities – These are the weaknesses in your system that threats exploit. An unpatched server. A weak password. A misconfigured cloud bucket. No matter how “secure” we think we are, vulnerabilities always exist. That’s why vulnerability management is a whole career path of its own.

• Risk – This is how businesses understand all of it. You can tell an executive, “There’s an RCE in the web service,” but that won’t land. Instead, we say: “There’s a high risk of customer data exposure that could cost millions.” Risk is the translation layer between technical threats and business impact.

I explained in the workshop: “If we can’t communicate in terms of risk, we fail the business. Cybersecurity is often seen as a cost center. Unless we show the value of reducing risk, leadership won’t keep investing in us.”

This is why terms like low risk, medium risk, and high risk exist.

They’re not just words — they’re how we justify budgets, policies, and jobs.

When Cybersecurity Becomes a Cost Center

I highlighted an important point: most companies see cybersecurity as a cost rather than a revenue generator. It doesn’t generate income directly, but it helps avoid losses.

However, the exception is when you work for a cybersecurity company.

For vendors like CrowdStrike and SentinelOne, as well as cloud providers like AWS and Microsoft, security is the product.

In those cases, cybersecurity is a revenue generator, not a cost center.

Understanding this distinction helps you see why translation to “risk language” is critical.

If your leadership only sees cost with no apparent benefit, security budgets disappear quickly.

Common Cyber Attacks

With foundations set, I shifted the workshop into what most people really wanted to know: what does this look like in the real world?

We explored two common, dangerous attack types.

1. Ransomware: Digital Kidnapping

I asked the room to imagine this: you log into your computer, and suddenly everything is locked. A message pops up demanding Bitcoin. If you don’t pay, not only will you never see your files again, but the attacker promises to leak them to the world.

That’s ransomware.

Attackers infiltrate, encrypt, and extort. They make billions every year. Ransomware campaigns have paralyzed entire governments, hospitals, and school districts.

In the workshop, I broke down how they get in (called initial access vectors):

• Phishing emails

• Typo-squatted websites (e.g., bnkofamerica.com instead of bankofamerica.com)

• Malicious downloads disguised as free software or media

• Even calling help desks and impersonating executives

And then I told the room: “Stopping ransomware isn’t about one magic tool. Antivirus, EDR, firewalls — they help. But attackers evolve. That’s why we preach defense in depth: layered defenses across endpoints, networks, cloud, and people. One layer fails? Another should catch it.”

2. Insider Threats: Danger on the Inside

The second attack type doesn’t involve outsiders breaking in. Its employees are misusing the access they already have.

I painted the picture:

“You’re an accountant at a bank. You have access to social security numbers, retirement accounts, and client records. You notice one account has $20 million sitting in it. Meanwhile, you’re making $70,000. The temptation is real.”

That’s an insider threat.

And it’s why companies need not only external defenses, but also monitoring and policies for insiders. In fact, the team I work on at Amazon focuses heavily on insider threats because insiders already understand systems, already have access, and can often cause just as much damage as an external attacker.

Audience Q&A Moments

This was one of my favorite parts of the workshop — people weren’t shy about asking questions.

Q: What’s the point of an antivirus if attackers always bypass it?

I explained that legacy antivirus was “signature-based,” relying on known file fingerprints. Attackers quickly learned to modify files so that signatures no longer matched. Modern tools are behavioral, so they look at what a file does.

But even then, attackers adapt. That’s why prevention (not downloading shady files in the first place) is stronger than relying purely on detection tools.

Q: Should I accept cookies on websites?

Cookies mainly track you.

I usually deny them, or at least clear them often. Better yet, use privacy-focused browsers like Brave. But the bigger lesson is this: you always have the freedom not to use a site if it feels invasive. Exercising that choice is part of your personal security posture.

Q: What if I already downloaded something shady?

If you only downloaded it, delete it.

If you opened it, assume persistence and consider a complete reset or reimage. Painful, yes — but safer. Attackers often build mechanisms that survive reboots or file deletions.

Practical Tools I Recommended

I also gave the room some practical starting points anyone could use:

• Malwarebytes – A free (with paid tier) tool that blocks malicious websites and downloads.

• Microsoft Defender – Comes built into Windows and is often enough to catch common threats.

• Skepticism – Still the best defense. If something feels off, question it before you click.

Wrapping Up Part II

By the end of this section of the workshop, the room had a clearer picture: cybersecurity isn’t just about hackers in hoodies. It’s about protecting confidentiality, integrity, and availability; translating threats into risks businesses can understand; and recognizing that both ransomware crews and insiders pose real dangers.

In Part III, we’ll go deeper into the people side of defense: how Blue Teams monitor, detect, and respond, how Red Teams attack to make systems stronger, and the real career pathways you can take to join the fight.

🎥 Watch the Full Workshop (Cyberwox Members Only)

If you’d like to watch the complete edited two-hour workshop, it’s available exclusively to my Cyberwox Squad and Syndicate members on YouTube.

👉🏽 Join here and watch the full session.

Join a vibrant cybersecurity community of over 6,800 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

✅ Next up: Cybersecurity 101, Part III: Defenders, Offense, and Careers

How Blue and Red Teams operate, and the practical ways you can build a career in cybersecurity.

Share Cyberwox Unplugged

Not quick hot takes. Not polished LinkedIn posts.

This is where I reflect, document, and share the more profound lessons that shape my career and this community.

Earlier this year, I had the opportunity to give a two-hour live workshop on the fundamentals of cybersecurity, not just as a technical field, but as an industry, a career, and most importantly, a mission.

The room wasn’t full of seasoned pros.

It was a mix of students, curious professionals, and individuals seeking to understand how hacking and security affect their daily lives. That’s why I removed the jargon and started from the ground up.

What follows in this three-part series is the whole arc of that workshop, adapted into long-form essays.

I haven’t skimmed or over-summarized.

I want you to feel the flow of the session, hear the audience questions, and absorb the stories that made people nod, laugh, or suddenly sit forward.

And for those of you in the Cyberwox Squad or Cyberwox Syndicate tiers on YouTube, the full edited workshop video is available in your members-only feed.

Setting The Tone

No slides. No flashy animations.

Just me, a room full of people, and an honest conversation about cybersecurity.

That was intentional. I didn’t want to bore anyone with technical diagrams or a death-by-PowerPoint presentation.

Instead, I wanted to break down cybersecurity in plain English, connect it directly to people’s lives, and make the space feel interactive.

So before I even introduced myself, I asked three simple questions.

The Three Questions That Changed the Tone

“By a show of hands, how many of you have heard of cybersecurity or hacking?”

Almost every hand in the room went up.

“How many of you have ever been hacked…maybe your WhatsApp, your Facebook, or even your bank account?”

Some hands stayed up, some went down. People laughed nervously, realizing how close to home this was.

“Alright… now, how many of you have ever hacked someone else?”

This one got the loudest reaction. Smiles, chuckles, side-eyes.

I started with those questions because it sets the tone: cybersecurity is not some abstract thing that only hackers in hoodies deal with. It’s already part of your life.

If your phone, car, accounts, or retirement money are online, then cybersecurity affects you every single day.

Subscribe now

Who I Am and Why This Matters

If you're new here, I'm Day, and I'm 23 years old.

I’ve been working in cybersecurity for about half a decade. Here’s a snapshot of that journey:

• Started with an internship during my freshman year of college — one of the best ways to break into the field.

• Worked across cloud security, threat detection, and incident response.

• Most recently, I’ve been doing threat hunting, threat intelligence, and adversary emulation.

• Today, I work on Amazon’s cybersecurity team, protecting global customers every single day.

That list might sound like I’ve jumped around a lot, but that’s actually the strength of this industry.

Once you build one skillset, you can pivot into others.

Threat Detection skills make you a better responder.

Incident Response experience makes you a sharper Threat Hunter.

It’s all connected by one thing: protecting people and systems from attackers.

Beyond a Career: Cybersecurity as a Mission

When discussing careers, it’s tempting to focus on money, titles, and prestige. And yes, cybersecurity pays well, but here’s my perspective:

Cybersecurity is not just a career. It’s a mission.

That mission looks like this:

• Protecting your family and the people you care about.

• Protecting companies that serve millions.

• Protecting entire societies from adversaries who want to exploit weaknesses.

When you see your work as a mission, it becomes easier to stay motivated. It fuels the grind of learning, experimenting, and growing.

Without that mission, cybersecurity can seem like an endless treadmill of alerts and acronyms. But with it, every detection, every fix, every analysis feels like being part of something bigger.

Why Cybersecurity Matters in 2025

We have been through a global tech revolution for over twenty years. Now, every company, in some way, is a software or tech company.

• Your bank doesn’t just hold money; it runs databases, servers, apps, and APIs.

• Your grocery store doesn’t just sell food; it manages online orders, payment systems, and delivery platforms.

• Even the library, where I gave the workshop, runs portals, databases, and Wi-Fi services.

Everywhere you look, the crown jewel is the same: data.

Data Is the New Gold

Here’s how I broke it down in the workshop:

Your name. Your phone number. Your address. Your income. Your browsing habits. Your medical records.

All of these are extremely valuable not only to companies that sell ads but also to adversaries.

• Companies use your data to target you with ads or develop more effective AI models.

• Attackers use your data to steal your identity, open accounts in your name, or blackmail you.

• Even something as simple as a leaked email and password combination can cascade into massive financial damage if reused across multiple accounts.

Data is leverage.

The Financial Dimension

The second crown jewel is money.

Bank accounts, mortgages, retirement savings — all of these live online now.

If an attacker compromises those systems, they don’t just inconvenience you; they can equally wreck your financial life.

• They can open fraudulent loans.

• They can max out credit cards.

• They can drain retirement accounts.

• They can even get mortgages in your name.

At a bigger scale, if attackers compromise a financial institution itself, entire communities are at risk.

This is why cybersecurity is no longer optional.

If attackers control your data and your finances, they essentially control your life.

Why the Mission Is Urgent

In the workshop, I told the room, “This is why we need more people in this industry. The attackers are motivated. The money is real. The harm is personal.”

Ransomware alone is a billion-dollar criminal industry, rivaling drug cartels. And on the other side? Companies, governments, and individuals who often lack the defenses needed to keep up.

That gap is where cybersecurity professionals come in.

It’s why the mission matters.

Closing Thoughts for Part I

That’s where I ended the opening portion of the workshop. Before diving into frameworks or attack types, I wanted everyone to sit with this truth:

Cybersecurity isn’t just for engineers. It already touches your everyday life. And the stakes are higher than ever.

In Part II, we’ll dig into the foundations of cybersecurity: the CIA Triad (Confidentiality, Integrity, Availability), threats, vulnerabilities, and how we translate all of that into the language businesses understand: risk.

🎥 Watch the Full Workshop (Cyberwox Members Only)

If you’d like to watch the complete edited two-hour workshop, it’s available exclusively to my Cyberwox Squad and Syndicate members on YouTube.

👉🏽 Join here and watch the full session.

Join a vibrant cybersecurity community of over 6,800 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

✅ Next up: Cybersecurity 101, Part II: Foundations & Attacks

The CIA Triad, threats, vulnerabilities, and the real-world attacks that are shaking organizations and individuals today.

Share Cyberwox Unplugged

I was 18, a college freshman, and an immigrant trying to figure out not just how to pass classes, but how to carve out a future in an industry I barely understood. Back then, terms like Blue Team and Red Team sounded like code names from a movie, not real jobs people built careers around.

What kept me moving forward wasn’t confidence. It was a sense of mission.

I wanted to protect people even if I couldn’t yet explain how.

Subscribe now

Why This Series Exists

Fast forward five years: I’ve worked across cloud security, detection engineering, incident response, and threat hunting at companies like Datadog and Amazon.

I’ve learned a lot. I’ve failed a lot. And through it all, one truth keeps showing up:

cybersecurity is intimidating until someone slows down long enough to make it human.

Recently, I gave a two-hour live workshop on the fundamentals of cybersecurity. The room wasn’t filled with experts. It was students, career-switchers, and curious professionals who wanted to know:

• What exactly is cybersecurity?

• How does it affect me on a day-to-day basis?

• How do people actually build careers in it?

The questions were simple, but the conversations were powerful.

People leaned forward. They laughed. Some looked nervous when they realized how close to home these risks hit. That’s when I knew this workshop needed to live beyond that room.

Join a vibrant cybersecurity community of over 6,800 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

What You’ll Get Here

Over the following three newsletters, I’m sharing the whole arc of that workshop.

Not a skimmed recap. Not bullet-point slides. But the stories, the frameworks, and even the audience Q&A that made the session come alive.

Here’s how it will unfold:

Part I: Why Cybersecurity Matters in 2025
The mission behind security, how it shapes your everyday life, and why data and money make you a target.

Part II: Foundations & Attacks
The CIA Triad, threats, vulnerabilities, and the real-world attacks that are shaking organizations and individuals today.

Part III: Defenders, Offense, and Careers
How Blue and Red Teams operate, and the practical ways you can build a career in cybersecurity.

For Cyberwox Members

The full edited two-hour workshop video is available exclusively to my Cyberwox Squad and Syndicate members on YouTube.

👉🏽 Join here and watch the whole session.

Why I Care

Cyberwox Unplugged has always been the place where I write what I wish I had known when I was starting out. A space to slow down, to reflect, and to share both the technical lessons and the personal ones.

If you’re new, welcome. If you’ve been following for a while, thank you. Either way, my hope is simple: that this series gives you clarity, direction, and maybe even the spark of a mission that’s kept me going.

Let’s Begin

Start with Part I: Why Cybersecurity Matters in 2025 → Read it here.

Share Cyberwox Unplugged

Most people burn time and money on certifications that don’t change their trajectory. Use this 4‑question framework every time you consider a cert:

1. Career Value: Does this tangibly move me toward the role I want?

2. Hands‑On Depth: Will I build and prove real skills, not just memorize trivia?

3. Planned Application: Exactly how (and how soon) will I use these skills on the job or in projects?

4. Faster Alternatives: Is there a more practical path (cert, lab, project) that gets me further, faster?

If the answer to any of these is weak, pass. Simple.

About Me

If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.

Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.

I've worked my way up from various SOC analyst roles, investigating everything from endpoint threats to building detection systems for cloud-based abuse, so I know exactly what it takes to break into this field and make career advancements.

I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.

If you want to stay up-to-date on the cybersecurity industry and everything technical and career-related, be sure to like and subscribe to the newsletter for more content like this.

Join a vibrant cybersecurity community of over 6,800 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

The Problem: Cert Chasing Without Strategy

I’ve taken numerous certifications for learning, career advancement, and as part of my time at WGU.

Some were worth it. Some weren’t.

The difference came down to one thing: did it create real leverage in my career?

2025 (or any year of your life) is not the time to spend on anything that doesn’t materially level you up.

No more paying for multiple‑choice trivia that never shows up in your day job.

No more “I’ll just add this to my résumé” without a plan to apply it.

Let’s fix the way you evaluate certs—once and for all.

The 4‑Question Certification Framework

1) Does it create career value?

Don’t start by asking “Is this cert popular?” Start by asking: “Does this push me directly toward the role, scope, or compensation band I’m targeting?”

How to test that quickly:

• Pull 15–20 recent job postings for the role you want.

• Highlight every required or “nice to have” cert. Notice the patterns.

• Map the cert’s curriculum to the skills those jobs demand.

• If there’s a weak or non‑existent connection, skip it.

If it doesn’t move you toward your target role, it’s a distraction.

2) Does it teach you hands‑on skills?

Multiple‑choice is not how modern teams validate your ability to ship, respond, detect, or break systems.

The market is flooded with practical training now. Use it.

Prefer these styles of exams and programs:

• Hands‑on labs in real or simulated environments

• Capstone projects that you can show and talk through

• Scenario-based exams (IR, SOC triage, malware, adversary emulation)

• Challenge platforms (HTB, TryHackMe, CyberDefenders) tied to certs

Examples:

• Defensive / SOC:

  • Security Blue Team — BTL1

  • CyberDefenders — CCD

  • Hack The Box — CDSA

• Offensive:

  • TCM — PNPT

  • INE/eLearnSecurity — eJPT, eCPPT, malware analysis tracks

  • Offensive Security — OSCP/OSEP (when you truly need that depth and rigor)

• Cloud & AppSec:

  • Cloud Breach — Offensive AWS/Azure

  • Altered Security — Azure AD, Azure application security

  • Microsoft & AWS — now adding real lab credits so you actually deploy and test (you get Azure credit to build and break things + AWS Free Tier)

• DevSecOps:

  • DevSecOps Institute and a growing set of hands‑on DevOps/SRE/Supply-chain security certs

If it’s not practical, you’re paying to forget it.

3) How will you apply it immediately?

If you don’t use it, you will lose it. Rapidly.

Before you pay:

• Define the use case. “I’m an IR analyst who wants attacker empathy, so I’ll take PNPT and immediately emulate those TTPs to harden our detections.”

• Define the artifact. “I will build a purple-team playbook, tune three detections, and push a Sigma rule PR by the end of the month.”

• Define the repetition loop. “Every Friday, I’ll spend 90 minutes re‑running one offensive technique in the lab, documenting telemetry and defensive visibility gaps.”

No plan to apply = guaranteed skill decay.

4) Are there faster, more practical alternatives?

Many legacy certs still get promoted because they’ve been around forever. That doesn’t mean they’re the best for you.

Example: For the price of PenTest+, you can get PNPT, which gives you a complete end‑to‑end practical exam with reporting that mirrors real consulting work.

Same “destination” (penetration testing competency), but PNPT gets you there faster and deeper.

Ask yourself: Is there a practical training program, project, lab series, or community-driven cert that gets me to demonstrable skill faster?

If yes, choose that.

A Simple Scorecard (Use This Before You Swipe Your Card)

Score each question from 0 to 3. Anything <8 total is a pass for me.

Sample Scorecard Evaluation: PenTest+ vs PNPT

🎯 Target Role: Junior Penetration Tester / Offensive Security Consultant

Total Score

• PenTest+: 3/12 → ❌ Skip (Low value, not practical)

• PNPT: 12/12 → ✅ Strong pick (Career-aligned, hands-on, and applicable)

Quick, Opinionated Shortlists

If you’re heading into SOC / IR / Detection Engineering

• BTL1, CCD, CDSA, PJSA, SAL1

• Practical Malware Analysis tracks (INE/eLearnSecurity)

• Build Purple team labs (SCYTHE, Atomic Red Team, DetectionLab, etc.) + writeups

If you want Offensive Security / Adversary Emulation

• PNPT (strong ROI)

• CPTS, CJSA, PT1

• eJPT → eCPPT progression

• OSCP/OSEP when you need to clear that bar for specific roles or teams

If you’re focused on Cloud Security (Blue & Red)

• Cloud Breach (AWS/Azure offensive)

• Altered Security (Azure AD, Azure appsec)

• Microsoft certs are now increasingly tied to real Azure credits and labs—use them in a practical way.

If you’re going DevSecOps / Platform Security / Supply Chain

• Practical DevSecOps

• Supplement with hands-on lab work: IaC scanning, SCA/SBOM pipelines, signing/verification, policy-as-code

Common Traps (Skip These)

• Certs you can’t map to a role you actually want.

• MCQ exams sold as “industry standard” with no lab component.

• “I’ll just learn it now for later” with no maintenance plan.

• Choosing the name-brand test when a practical, cheaper option exists.

• Paying for prestige over proof. Hiring managers care far more about what you can do and show.

If You’re Still in School (WGU, bootcamps, etc.)

Use those required certs to build a practical foundation, then pivot hard into hands‑on paths:

• Treat every “theory-heavy” cert as a primer, not the finish line.

• Immediately wrap practical labs, projects, or purple-team exercises around the content.

• Publish what you learn: detection writeups, IR playbooks, Sigma rules, Terraform modules, attack simulation notes… make it visible.

Action Plan (Do This Today)

1. Define your target role (title, team, and comp band).

2. Collect 15–20 job descriptions and extract the common required skills/tools.

3. List 3–5 certs you’re considering and run them through the scorecard.

4. Pick one that clears your bar.

5. Write a 4-week application plan: what you’ll build, tune, emulate, or publish using those skills.

6. Ship the artifact. Talk about it publicly (GitHub, blog, Substack, LinkedIn, X).

7. Rinse, refine, repeat.

My Final Take

Certifications can be either rocket fuel or busywork disguised as progress.

The difference is intentionality.

If it doesn’t add real value to your path, isn’t practical, won’t be applied, and has a better alternative, you already know the move: don’t take it.

Be surgical. Be practical.

Go further, faster, and smartly.

Cyberwox Resources

Resources for your career

🔹Join the Cyberwox Academy Discord!!

🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform

🔹Cyberwox Cybersecurity Notion Templates for planning your career

🔹Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹Learn AWS Threat Detection with my LinkedIn Learning Course

Closing

Once again, you made it this far :)

Feel free to reply, share your thoughts, or pass this on to someone who needs it.

Thanks for reading. If you'd like, you can subscribe and restack - it helps spread the word and encourages me to continue writing content. If not, I’ll see you around…somewhere on the internet!

I’ve been on both sides of this.

I failed the A+ twice, came back and passed, and even went on to complete the full CompTIA “trifecta” (A+, Network+, Security+).

Along the way, I discovered both the value and the limits of CompTIA A+ in a cybersecurity career.

Here’s my honest opinion based on my experience, not just what I read online.

My Perspective

When I first set out, I didn’t have any IT background.

No jobs, no internships, no professional experience. Just a freshman in college who was “tech savvy” but honestly had significant gaps in knowledge.

That’s where the CompTIA A+ became foundational for me.

It taught me the basics of hardware, software troubleshooting, virtualization, networking, and even a bit of security.

It gave me the vocabulary and confidence to start talking about IT in interviews and internships.

So yes, the CompTIA A+ was valuable as a learning tool.

It laid the groundwork for everything else: Network+, Security+, internships, and eventually, the career I have now.

Counterarguments (And Why They’re True Too)

Here’s the reality:

• You don’t need the CompTIA A+ to work in cybersecurity. Employers aren’t hiring security analysts because of an A+ certification. It won’t get your resume fast-tracked for a SOC, incident response, or any cybersecurity role.

• Even for IT help desk jobs, the CompTIA A+ is less recognized now than it was a decade ago. Many employers don’t care about it at all.

• If you’re already technical — maybe you’ve been tinkering with computers for years, are a hobbyist home labber, or you studied CS/IT in school — the A+ will feel redundant. You could skip it and jump straight into Security+ or a cloud cert.

So while it gave me the foundation I needed, I also tell people: don’t treat it as a mandatory step.

About Me

If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.

Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.

I've worked my way up from SOC analyst roles, investigating everything from endpoint threats to cloud-based abuse, so I know exactly what it takes to break into this field.

I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.

I was able to break into cybersecurity as early as my freshman year of college. I’ve secured several jobs and interviews before earning my college degree, and I’ve helped thousands of people achieve the same success on my various content channels and in my Discord Community.

Join a vibrant cybersecurity community of over 6,500 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

My Advice

Here’s what I’d recommend, based on living this journey myself:

1. Evaluate Your Starting Point.

   • If you’re brand new, non-technical, or lack confidence with computers, the A+ (or at least studying its materials) is a great launchpad.

   • If you already know how systems, networks, and troubleshooting work, skip it and go deeper.

2. Study the Materials Even If You Skip the Exam.

   • The objectives cover core IT fundamentals every cybersecurity pro should understand.

   • Read through them, watch Professor Messer, check Jason Dion’s practice tests — even if you don’t sit for the test, you’ll get the knowledge.

3. Don’t Let Certifications Define You.

   • I failed the A+ twice. What made the difference wasn’t a piece of paper — it was how I learned from failure, changed my study approach, and built discipline.

   • In interviews, my A+ alone didn’t land me internships. Selling myself, showing curiosity, and demonstrating what I learned mattered more than the cert itself.

4. Use A+ as a Stepping Stone.

   • If you do take it, use it as a bridge to Network+ and Security+. Networking, especially, will pay dividends in security analysis and investigations.

Personal Experiences That Shaped My View

Failure is a Turning Point

My first attempts were a mess.

Studied for both Core 1 & Core 2 at the same time. Used Cisco IT Essentials instead of the actual CompTIA A+ materials. Failed twice, right before my birthday.

I wanted to quit — but my dad encouraged me to try again. That encouragement was the catalyst for everything that came next.

The Power of Fundamentals

At my internship, I once had to analyze an IP address connection during an investigation. It clicked for me that without the networking fundamentals I picked up through A+ and later Network+, I would’ve struggled.

Not Just the Cert, But the Confidence

Even when employers didn’t care about my CompTIA A+, I cared. Because I knew I could hold my own in technical conversations, and that confidence carried me into bigger opportunities.

Closing Reflection

So, do you need the CompTIA A+ to get into cybersecurity?

No.
But for the right person — especially if you’re brand new, uncertain, or starting from zero — it can be a powerful foundation.

The CompTIA A+ won’t define your career. What will define it is your willingness to learn, to adapt, to fail forward, and to keep going.

Because in this field, the certs don’t make you.
The journey does.

Stay tuned.

Cyberwox Resources on the CompTIA A+

💡 A Note of Gratitude

Before I sign off, a huge thank you to all of you who support CYBERWOX Unplugged as paid subscribers. You make it possible for me to keep creating honest, reflective content like this, rooted in my own journey.

I don’t take that support for granted.

If you’re still on the fence, consider joining. It helps sustain the work and gives you access to deeper subscriber-only posts, resources, and behind-the-scenes reflections.

This is just the beginning.

Thanks for reading Cyberwox Unplugged! This post is public, so feel free to share it.

Share

This isn’t about ego, titles, or theatrics. It’s about execution. About being the kind of operator who steps into chaos and leaves behind clarity through efficiency, and impact.

This is the mindset I’ve been reflecting on lately, particularly as I’ve transitioned through various roles and companies in my half-decade cybersecurity career.

We often discuss frameworks, titles, skills, and playbooks in cybersecurity. But sometimes, what separates good from great isn’t a fancy detection algorithm, a well-polished resume, or even years of experience.

It’s how you move.

I call it the mercenary mindset, but not in the “gun-for-hire” sense.

I’m also not talking about loyalty to the highest bidder or some kind of dark ops aesthetic.

I’m talking about the real mercenary archetype. The type of person who doesn’t wait for permission. They don’t stall for clarity. They don’t need a job description to act.

They step in.

Assess the landscape.

Adapt to the terrain.

Execute the mission with precision.

And most importantly, they leave things better than they found them.

About Me

If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.

Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.

I've worked my way up from various SOC analyst roles, investigating everything from endpoint threats to building detection systems for cloud-based abuse, so I know exactly what it takes to break into this field and make career advancements.

I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.

If you want to stay up-to-date on the cybersecurity industry and everything technical and career-related, be sure to like and subscribe to the newsletter for more content like this.

Join a vibrant cybersecurity community of over 6,500 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

The Mercenary Archetype

Historically, mercenaries have played pivotal roles in shaping outcomes.

This was not because they were the most powerful, but rather because they were efficient, decisive, and unencumbered by internal red tape.

Take Executive Outcomes, for example, one of the most well-known private military companies of the 1990s. With a few hundred well-trained personnel and outdated equipment, they helped stabilize conflict zones and secure strategic resources that entire national armies had failed to manage.

Their success wasn’t rooted in scale. It was rooted in clarity of mission and precision of execution.

Now think about that through the lens of your cybersecurity career.

• How often do we see teams spin their wheels waiting for a Jira (or similar system) ticket to be resolved?

• How many times do people hold off on building a solution because they haven’t been told to?

• How many incident remediation tasks get delayed because no one wants to take ownership of the gray areas?

Mercenaries thrive in the gray. That’s where the impact is.

Personal Case Studies

Case Study 1: How I Built and Deployed an IR Analysis Procedure in a Single Day

Not long ago, while I was still working as a Security Engineer on my day job’s incident response team, a new detection triggered.

It was built recently and triggered on suspicious behavior, which was something worth investigating.

But as I looked into it, I quickly realized there was a problem. There was no documented response process for this alert—nothing for analysts to follow.

No clear runbook.

Just ambiguity.

Guess what? We love ambiguity over here.

But that ambiguity had a cost.

Analysts were escalating alerts like this to engineers because they weren’t confident in the next steps. The result was longer investigation times, duplicated effort, and a slow, inconsistent feedback loop.

Now I could’ve waited.

Sent a Slack message about it.

Logged a ticket.

Mentioned it in a weekly sync.

But that’s not how mercenaries move.

While actively working on the escalated alert, I created the missing process in real time. I defined the triage flow, codified the expected behaviors, and scoped it not just to that one alert, but to an entire class of similar alerts. That instantly multiplied the value of the effort.

Since the investigation involved decoding tokens, I also wrote a lightweight Python script to automate that decoding. It was designed to work within our data confidentiality boundaries while saving analysts significant time.

By the end of the same day, I had:

• Investigated and closed the alert

• Created a repeatable response framework for similar detections

• Built a Python tool that the team could use going forward

• Reduced time-to-resolution for all future alerts in that class

That wasn’t a heroic moment. That was a mercenary moment.

A single day of focused, strategic work that scaled our team’s capability in a measurable way.

Case Study 2: Dropped into New Terrain and Building from Scratch

In my previous role as a Cloud Threat Detection Engineer, I primarily worked on cloud infrastructure detections across AWS, Azure, and GCP.

That was my zone. I had a strong foundation there.

However, I was then temporarily reassigned to a team focused on cloud workload detection. Think Linux systems, container activity, and Kubernetes clusters.

This was less familiar territory.

I could have hesitated.

Could’ve waited to get trained up.

But mercenaries don’t (can’t) ask the terrain to change. They adapt to it.

Within one quarter, I developed a structured onboarding framework for new engineers, enabling them to write agent-based and rule-based detections for cloud workloads.

I mapped out common attacker behaviors, data sources, and detection strategies. I didn’t just ramp myself up. I reduced the ramp-up time for everyone who came after me.

Then I was handed a noisy detection for Network Utilities Executed in a Container. It triggered constantly. False positives everywhere. Most engineers would suppress it through exclusion-based detection filters.

Instead, I decomposed it into multiple high-fidelity detections.

• One focused on curl or wget used for data exfiltration

• Another focused on command-line requests containing suspicious URIs

This approach eventually surfaced real-world threats, including a live PyPI supply chain attack, which abused the curl utility to send data to an attacker-controlled infrastructure.

That detection wouldn’t have been possible without decomposing the original alert into something sharper and more intentional.

I documented the full methodology. I turned that one fix into a repeatable process that others could apply across other detections.

I wasn’t the loudest person in the room. I wasn’t the most senior engineer (in fact, I was the most junior engineer).

But I delivered the signal where there was noise.

That’s mercenary execution.

Mercenary Execution

Sometimes, Mercenaries Move Fast Because They Love the Fight

Here’s the part we don’t talk about enough.

Some people move like mercenaries, not because they’re forced to.

Not because they want recognition or the money.

Not because they’re trying to impress someone.

Some people move like mercenaries because they love the work.

They love the hunt. The build. The pressure. The challenge of untangling complex security problems and delivering sharp, effective solutions.

That’s me. And if you’re reading this, it’s probably you, too.

The reason I could build a runbook, script, and close an investigation all in one day wasn’t just because it needed to be done. It was because I enjoyed the challenge.

I liked the problem.

I was locked in.

When I stepped into an unfamiliar domain, such as Linux and container detection engineering, it wasn’t just about adapting. It was about embracing the opportunity to grow and build something useful.

I liked being in the arena. I enjoyed making the messy stuff make sense.

When you love the work, you don’t wait for direction. You move.

• You build things no one asked for because you know they’re needed.

• You care deeply about getting it right, not for applause, but because you find joy in the process.

Loving the work is the cheat code. It’s the engine behind sharp execution, fast iteration, and long-term growth.

It’s what turns “extra work” into meaningful craft.

The Mercenary Playbook

This mindset isn’t about breaking rules or ignoring process.

It’s about having a bias toward action and a habit of excellence.

It looks like:

• Prioritizing outcomes over checkboxes

• Owning the gray areas no one else wants to touch

• Building tools, docs, and workflows that outlive your tenure

• Learning just enough to ship, and then learning some more to keep iterating

• Executing with precision, not waiting for someone to tell you to

Ask Yourself

• What’s a broken process or detection flow that you could fix this week?

• What uncomfortable space have you been avoiding because it’s unfamiliar?

• What would happen if you stopped waiting for permission and started executing with conviction?

Final Thoughts

The mercenary mindset is not about ego or chaos.

It’s about precise, repeatable, decisive execution.

It’s about leaving things better than you found them.

And it’s about loving the mission enough to keep showing up, even when no one’s watching.

You don’t need to be the most senior. You don’t need a fancy title.

You need to be the one who gets things done.

Cyberwox Resources

Resources for your career

🔹Join the Cyberwox Academy Discord!!

🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform

🔹Cyberwox Cybersecurity Notion Templates for planning your career

🔹Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹Learn AWS Threat Detection with my LinkedIn Learning Course

Closing

Once again, you made it this far :)

Feel free to reply, share your thoughts, or pass this on to someone who needs it.

Thanks for reading. If you'd like, you can subscribe and restack - it helps spread the word and encourages me to continue writing content. If not, I’ll see you around…somewhere on the internet!

I've applied to hundreds, if not thousands, of jobs so far, and I certainly didn't get most of them; in fact, I was rejected from most of them, which is entirely normal.

Most of the jobs I’ve had have been obtained through referrals and my network, rather than through applications, but that’s a topic for another day.

The thing is this: with each rejection, I learned something new, like an area of interviewing that I could improve upon or a skill set that I was missing, and with each application, I became a better and better candidate, landing various jobs, including my current one as a Security Engineer at Amazon.

About Me

If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.

Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.

I've worked my way up from various SOC analyst roles, investigating everything from endpoint threats to building detection systems for cloud-based abuse, so I know exactly what it takes to break into this field and make career advancements.

I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.

If you want to stay up-to-date on the cybersecurity industry and everything technical and career-related, be sure to like and subscribe to the newsletter for more content like this.

Join a vibrant cybersecurity community of over 6,000 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

My Personal Experience and Advice

I'd like to start by sharing with you my experience of applying to a bunch of jobs, combined with my years of experience working in the cybersecurity industry and exposure to lots of colleagues, recruiters, and hiring managers, so that I can give you my take on how you should apply for cybersecurity jobs, depending on how much relevant experience you have.

For each stage, I'll focus solely on the most critical aspects, such as having a strong resume, an irresistible portfolio, the right technical and problem-solving skills, and an optimized LinkedIn profile, as these will serve as a good baseline to start from.

That’s when your career starts to gain direction.

Please note that I use 'Stage' and 'Level' interchangeably for the remainder of this newsletter.

Level One: No Relevant Experience and No University Degree

Let's start with Stage One, where you have no relevant experience, no university degree, and no cybersecurity certification.

I'm not going to lie; this is a very challenging starting position, but if you're truly determined to become a cybersecurity professional, there are several steps you can take to achieve your goal.

Your number one priority should be to gain hands-on, relevant experience.

Depending on your age, I recommend pursuing different activities.

Say, if you're in high school, and you don't want to go to or cannot go to college for whatever reason, you could apply for apprenticeships or training programs available at your school.

These programs are typically designed for students nearing the end of high school, such as those in 11th or 12th grade, or for those who have recently graduated from high school. Most large corporations offer similar programs.

The names of these programs might differ by country, state, or the program itself; they might be called apprenticeships or training programs, but the idea is the same:

• To allow you to develop your skills

• Get real-life experience

• Get paid enough at the same time

Even if you don't go for a specific cybersecurity apprenticeship program, as long as you work with technology, systems, or networks as part of the role, you should be fine.

You could use these programs as a stepping stone to accelerate your journey to become a full-time cybersecurity professional at a very young age.

Now, if you're not in high school and you've been stuck in another job that you don't like and are super interested in data analytics, I'd recommend focusing on

• Learning the technical skills required

• Getting well-known and knowledge-dense certifications

• Building a strong portfolio to showcase your skills

• Writing a great resume

• Optimizing your LinkedIn profile (more on this later in the newsletter).

I’ve already created video guides on how to optimize your LinkedIn profile and write a resume, as well as various cybersecurity portfolio projects, where I go through everything in detail.

However, as a quick summary, I'd start by learning the basics through the CompTIA Trifecta curriculum, then pursue a program like the Google Cybersecurity Certificate or Microsoft Cybersecurity Certificate, and finally decide on the path you want to take.

You can choose either the Offensive or Defensive side of Cybersecurity. Then, I recommend completing labs, projects, and certifications to reinforce this.

You can also learn a programming language of your choice. I'd personally recommend Python.

In terms of certifications, I can primarily speak to defensive ones, so you can opt for well-known ones, such as the BTL1 from Security Blue Team, the CCD from CyberDefenders, or the CDSA from HackTheBox.

I’ve made several videos about these certifications on my channel.

For offensive security, based on a conversation with my friend Tadi, who’s an Offensive Security Engineer, you can go for certifications like the eJPT from eLearn Security, the PNPT from TCM Security, or the OSCP from Offensive Security.

You can watch more about how he got into offensive security, just like me, without a college degree.

I have already put together a cybersecurity learning framework that you can review at the end of this newsletter.

I've personally gone through everything at this stage because I got into cybersecurity as a college freshman without a degree, so I can relate to this, and I believe others can too. If you're currently teaching yourself cybersecurity while in college or another situation, feel free to share your feedback in the comments below.

I'm sure we'd all appreciate hearing your thoughts and insights.

Level Two: No Relevant Experience, But Have a University Degree

Moving on to stage two, where you still lack relevant experience but have a college degree. Here, depending on whether you just graduated, are about to graduate, or graduated over three years ago, I would approach applying for jobs differently.

If you're about to graduate or are a recent graduate, focus on applying to graduate job programs designed for those in their final year of higher education or recent graduates.

While you probably won't find a cybersecurity-specific graduate program, getting into a program that helps you develop technical skills would be ideal.

I know several people who transitioned into cybersecurity this way; it often makes the process easier.

Graduate job programs are beneficial because they typically involve placements lasting six to twelve months and include rotations that provide valuable experience. This allows you to work in various teams and departments, helping you determine what you want to do by learning what you don't want to do.

If you graduated a while ago, pursued something else, traveled, or life led you in a different direction, and now you want to pursue a career in cybersecurity, I recommend focusing on the cybersecurity roadmap, your resume, portfolio, and certifications outlined in Stage One.

Also, highlight your degree, especially if you studied relevant fields such as computer science, cybersecurity, IT, or Information Systems, or took courses related to cybersecurity.

Level Three: Some Relevant Experience

Let's move on to stage three, where you have some relevant job experience.

For example, in your current role, you handle Identity and Access Management and work with endpoints or vulnerability scanners daily, or you might be involved in governance, compliance, or similar areas.

You may not be performing advanced cybersecurity tasks, but you're actively working within the security field.

For instance, if you're a systems administrator managing user access controls, your duties may differ from those of a cybersecurity analyst; however, you still utilize tools to manage user privileges and create reports for IT meetings and presentations.

This is valuable experience to highlight at the top of your resume.

However, since you're applying for a cybersecurity role, emphasize the security aspects of your work that support system integrity rather than just your general IT skills.

Network management skills are essential and necessary in cybersecurity; however, since they are not the primary focus for recruiters and hiring managers, don't place them at the top of your resume.

Instead, showcase how well you understand the security implications of user permissions and how effectively you can communicate security threats using data to a non-technical audience, rather than your overall communication skills or IT reporting abilities.

Level Four: Plenty of Relevant Experience

Finally, level four, where you have substantial relevant experience and are looking to transition into cybersecurity by applying the skills you've gained throughout your career.

Let's use a specific scenario, based on personal experience, to demonstrate how you can apply your existing skills to cybersecurity. I

I have coached someone who worked as a systems administrator, managing various systems, networks, and security protocols daily.

Their focus was on identifying potential vulnerabilities in the network, managing access controls, ensuring security protocols were in place, and reviewing network packet captures using Wireshark for analysis.

Although the role was not explicitly cybersecurity-named, the skills they developed over the years were highly applicable to cybersecurity tasks, such as reviewing system logs for anomalies or intrusions, implementing security measures, and developing strategies to mitigate threats.

If you're in a similar position where your skills are transferable to cybersecurity, I would highlight this relevant work experience at the top of your resume.

Concluding Advice and Encouragement

Now, this is probably the most crucial advice, whether you have no experience or a lot, it's not to give up.

It may sound cliché, but the difference between successful and less successful people isn't really their ability to succeed; it's their ability to bounce back from defeat, failures, and rejections, to work hard, and to improve and grow.

I’ve been rejected over a hundred times, maybe even over a thousand, and the first rejection really hurt, so did the second, the tenth, and the hundredth.

Of course, these rejections affected me; it was a sad, frustrating, and discouraging experience.

I thought, "This is not fair; I'm clearly doing my best as an entry-level candidate. I've got the certificates, the projects, everything," but that was definitely the wrong mindset.

The moment I stopped dwelling on the rejections and started analyzing why I was rejected and how I could improve so it wouldn't happen again, everything changed.

I focused, pushed through, and worked tirelessly. It's this work ethic, the countless hours of learning, the days spent alone in my room, forgoing pleasures, building and sharpening my skills, that landed me my job and helped me grow quickly.

Don't dwell on the past; live in the present, and focus on the future. Another thing I’ve learned is to stop comparing myself to others; I'm just trying to do my absolute best and be a good person.

Everything I've achieved since leaving Nigeria at age 14 has come through my hard work and the grace of my Lord and Savior, Jesus Christ, and I am truly proud of it.

I hope you can take inspiration from my experience and continue moving forward.

Remember, it's not success that defines you. It's your ability to bounce back from failures that truly shapes who you are.

Recent Content

A few publications I’ve released recently.

Building A Cyber Threat Intelligence Career with Nigel Boston | EP 26

Chatting with Nigel Boston, who is a Senior Cyber Threat Intelligence Professional. Nigel has built and led threat intelligence programs that reduce incident response times, operationalize threat intelligence, and automate workflows to help teams focus on what matters: staying ahead of the threat curve.

In this episode, we discuss how Nigel discovered cyber threat intelligence and carved a path into the field, what core security skills make a difference in Cyber Threat Intelligence, and how threat intelligence intersects with detection engineering, cloud security, and even AI.

We also dive into the future of threat intelligence, the rise of actionable intelligence, and his new course, Cyber Threat Intelligence Fundamentals, with Ellington Cyber Academy (ECA), which is a game-changer for anyone looking to break into the space.

We’ve also had Kenneth, the founder of ECA, in EP 10, so definitely be sure to check that out.

Whether you're new to cybersecurity or looking to elevate your threat intelligence, this conversation is packed with clarity, strategy, and real-world wisdom.

Quick side note: This episode was filmed in November 2024, so you can expect to see me with shorter hair.

Cyber Stories Podcast

Cyber Threat Intelligence with Nigel Boston | EP. 26

Chatting with Nigel Boston, who is a Senior Cyber Threat Intelligence Professional. Nigel has built and led threat intelligence programs that reduce incident response times, operationalize threat intelligence, and automate workflows to help teams focus on what really matters: staying ahead of the threat curve…

Listen now

10 months ago · Day Johnson

Detection-In-Depth

A guest post on THOR Collective Dispatch!

Also featured on the tl;dr sec newsletter issue #282 under the blue team section, and as a Detection Engineering Gem in issue #112 of the Detection Engineering Weekly Newsletter!

I explore the mindset of detection-in-depth, which is first a play on the existing “defense-in-depth” concept, outlining a strategy where defenders aim to catch adversaries across every stage of their attack, not just during initial access.

It walks through:
- Why detection-in-depth means catching adversaries at every stage, not just the first or somewhere in the middle.
- The importance of tuning OOTB rules for the context and uniqueness of your environment
- How precision and not just coverage make alerts more effective

This one’s for security engineers, IR folks, and anyone who’s ever looked at an alert and thought, “This could be better.”

THOR Collective Dispatch

Detection-In-Depth

Detection-in-depth is an evolution of the classic cybersecurity principle known as defense-in-depth. Defense-in-depth means that no single security control can fully protect an environment—instead, multiple layered defenses must work together to slow down, detect, and ultimately stop adversaries…

Read more

a year ago · 26 likes · Day Johnson

Career Quest: Cybersecurity Careers with Day Johnson

I had the pleasure of sitting with students from my Alma mater (WGU) and sharing with them about Cybersecurity career pathways.

Getting Your First CYBERSECURITY Job - College, Certifications & Work Experience

The YouTube version of this post!

Closing

Once again, you made it this far :)

Feel free to reply, share your thoughts, or pass this on to someone who needs it.

Thanks for reading. If you'd like, you can subscribe and restack - it helps spread the word and encourages me to continue writing content. If not, I’ll see you around…somewhere on the internet!

On one hand, the global shortage of cybersecurity professionals remains a pressing issue.

According to Cybersecurity Ventures, there are 3.5 million unfilled cybersecurity positions worldwide, a number that has persisted since 2021.

In the U.S. alone, nearly 470,000 cybersecurity job openings were reported between May 2023 and April 2024.

On the other hand, specific traditional roles are experiencing a decline.

Job postings for Security Engineers and Security Analysts have decreased by approximately 25% from 2022 to 2024.

This decline is attributed to factors such as automation, outsourcing, and the evolving nature of cybersecurity threats.

About Me

If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.

Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.

I've worked my way up from SOC analyst roles, investigating everything from endpoint threats to cloud-based abuse, so I know exactly what it takes to break into this field.

I started just like many of you—learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.

If you want to stay up-to-date on the cybersecurity industry and everything technical and career-related, be sure to like and subscribe to the newsletter for more content like this.

Join a vibrant cybersecurity community of over 6,000 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

The Impact of AI on Cybersecurity Roles

Now, let's dive into this issue by first understanding the impact of AI on cybersecurity operations.

Automation and Augmentation

Artificial Intelligence (AI) is revolutionizing cybersecurity operations.

AI systems are now capable of analyzing vast amounts of data, detecting anomalies, and responding to threats in real-time.

For instance, AI can process up to billions of data points daily, significantly enhancing threat detection and similar capabilities.

However, this innovation is a double-edged sword.

While it increases efficiency, it also reduces the demand for entry-level roles focused on routine cybersecurity tasks.

Conversely, there is a growing need for professionals who can architect, manage, and oversee AI-driven systems, interpret complex data, have a deep understanding of cyber threats, and make informed strategic decisions.

The Rise of Outsourcing in Cybersecurity

Globalization of Cybersecurity Services

Outsourcing has also become a significant trend in cybersecurity.

Organizations are increasingly turning to Managed Security Service Providers (MSSPs) and Security Operations Center as a Service (SOCaaS) to handle their security needs.

This shift is driven by factors such as cost-effectiveness, access to specialized expertise, and the need for 24/7 monitoring.

While outsourcing offers benefits to organizations, it also affects job opportunities for cybersecurity professionals.

There's a growing emphasis on roles that require professionals who can bridge the gap between outsourced services and organizational objectives.

Economic Factors Influencing the Cybersecurity Job Market

Budget Constraints and Strategic Investments

Economic pressures are also influencing how organizations allocate resources to cybersecurity.

While overall spending on cybersecurity continues to grow, there is a shift toward strategic investments in people, technologies, and services that offer the highest return on investment.

This includes AI-driven solutions, cloud security, and advanced threat detection systems.

Regulatory Compliance and Risk Management

Additionally, international regulatory requirements are becoming more stringent and, quite frankly, more expensive, compelling organizations to invest in compliance and risk management.

This trend is creating demand for professionals skilled in Governance, Risk, and Compliance (GRC), as well as those who can navigate complex regulatory landscapes.

In fact, there has been a substantial increase in specialized cybersecurity roles focused on data protection and user privacy, particularly in positions such as Privacy Engineering, Data Protection Officers (DPOs), and Privacy Compliance Specialists.

Across various roles, I’ve also experienced legal professionals being embedded in cybersecurity organizations, both product-focused and operationally focused.

These roles have become increasingly critical as organizations navigate complex privacy regulations and consumer data protection requirements.

What Now?

So what does all this mean for you?

You already know that AI is changing the game, but it can’t replace real-world experience.

You can’t prompt your way out of a real-world incident. You can’t ChatGPT your way through a breach when a customer’s data is at risk for a publicly traded company.

What you need is reps. What you need is judgment.

And that’s precisely why DFIR Labs, the sponsor of this issue, stood out to me.

DFIR LABS BY THE TEAM BEHIND THE DFIR REPORT

Gain hands-on access to the type of cyber chaos that no simulation can recreate: with ambiguous enterprise logs, noisy alerts, subtle lateral movement, and the tactics real attackers use when they breach your network. Based on actual intrusion cases grounded in incidents that occurred in the wild, you’ll learn to think like an analyst, not just follow a checklist, and begin to recognize attacker behavior and tradecraft in real telemetry.

Master DFIR with Hands-on Labs

Positioning yourself for success

Alright — now let’s talk about how to position yourself to win in this new cybersecurity world.

1 - Embrace Continuous Learning

If there’s one trait that separates those who thrive in cybersecurity from those who eventually stagnate, it’s an unshakable commitment to continuous learning.

Cybersecurity isn’t just dynamic, it’s also volatile.

The threat landscape doesn’t evolve year to year. It changes by the week, sometimes by the day.

New CVEs drop. New threat actors emerge. Cloud platforms update security models. AI opens doors to both powerful defense tools and new classes of adversarial abuse.

If you’re not consistently sharpening your skills, you’re falling behind.

But here’s the nuance people miss:

Continuous learning isn’t just about earning certs or reading blog posts. That’s important, yes — but it’s not enough.

You need friction. You need context. You need reps.

Because cybersecurity isn’t just a knowledge game, it’s a judgment game.

You don’t just need to know what lateral movement is. You need to recognize it when it’s buried under ten thousand other logs.

You need to know when a misconfiguration is just sloppy infrastructural negligence, and when it’s signaling malicious intent.

That’s how you build instincts. That’s how you learn to investigate under pressure, follow leads, ask better questions, and ultimately become the kind of security professional companies can’t automate away.

2 - Develop Cross-Functional Expertise

A while back, Cybersecurity used to live in a silo.

You had the network engineering people, the developers, the infrastructure teams, and somewhere in a dark corner, the security team that everyone avoided unless something went really wrong.

But in 2025, that model is dead.

Today, cybersecurity is both a business enabler and a cost center.

So if you're not thinking cross-functionally, you’re not thinking strategically.

Gone are the days when your job was monitoring logs, patching systems, or tweaking firewall rules.

That’s table stakes.

Organizations now expect security professionals to operate at the intersection of technology, business, risk, and communication.

Here’s what that means:

• You need to understand how security decisions impact product development

• You need to know how an exploited misconfiguration can affect customer trust and potential revenue.

• You should be able to explain to an executive why an unpatched vulnerability is not just a CVSS score, but could lead to real financial liability.

• And when you’re working in the cloud? Understanding DevOps, CI/CD pipelines, IaC, and cloud-native architecture isn’t a “nice to have.” It’s baseline fluency.

The best cybersecurity engineers I know and I’ve worked with aren’t just technically sharp — they’re also able to walk into a room of stakeholders from engineering, product, legal, and compliance and explain what’s at risk in plain English.

They know when to escalate, when to advise, and when to collaborate.

And let me say this clearly: Being technically brilliant but context-blind will hold you back.

You’ll get overlooked for leadership roles, for strategic projects, even for the kind of work that really moves the needle.

Cross-functional expertise doesn’t mean you have to be an expert in everything.

It means you need to build enough breadth to communicate effectively and enough depth to execute responsibly.

It’s about thinking beyond just systems and endpoints.

It’s about understanding the business and helping protect the entire value chain — from source code to customer experience.

Learn that, and you become indispensable.

3 - Cultivate Soft Skills

Let’s be real — when most people hear “soft skills,” they roll their eyes.

Especially in cybersecurity, where it’s easy to assume the only thing that matters is how technically sharp you are.

Can you reverse engineer malware? Write detections? Secure infrastructure?

That stuff matters and is important. No question. Full stop.

But here’s what a lot of early-career folks don’t realize until it’s too late:

The further you grow in cybersecurity, the more your success depends on your ability to work with people.

Not tools. Not terminals. Not tickets. People.

Soft skills — and I’m talking about honest communication, leadership, and emotional intelligence — are what separate good security engineers from the ones who actually lead initiatives, gain trust, and make strategic impact.

Here’s what cultivating soft skills actually looks like in our field:

1. Being able to walk into a tense post-incident review and clearly explain what happened without throwing anyone under the bus.

2. Communicating risk to leadership in the language they understand by translating technical findings into business impact.

3. Navigating cross-functional friction when the security team is seen as the “department of no” and flipping that perception by being a partner, not a blocker.

4. Mentoring junior engineers & analysts. Holding your team accountable. Knowing how to escalate a threat without creating panic.

These are the moments that make or break trust.

And trust is the currency of cybersecurity.

If your team doesn’t trust you, if your leadership doesn’t listen to you, if your partners tune you out, your technical brilliance won’t matter.

You’ll be ignored. Or worse, replaced.

Now here’s the part most people underestimate:

Soft skills aren’t just about external collaboration.

They’re also about internal regulation.

• Can you stay calm during a high-severity incident?

• Can you manage your time across competing priorities?

• Can you ask for help before burnout takes over?

• Can you receive feedback without getting defensive?

These are human skills.

And cybersecurity, for all the talk about code and exploits and zero-days, is a deeply human field.

We’re dealing with threat actors — humans.

We’re protecting people’s data — humans.

We’re collaborating across teams — again, humans.

So if you want to go far in this field, not just technically, but as someone others want to work with, then don’t just cultivate your knowledge.

Cultivate your character.

That’s what creates longevity. That’s what builds leadership. That’s what keeps you relevant in a space that’s changing faster than ever.

Cyberwox Resources

Resources for your career

🔹Join the Cyberwox Academy Discord!!

🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform

🔹Cyberwox Cybersecurity Notion Templates for planning your career

🔹Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹Learn AWS Threat Detection with my LinkedIn Learning Course

Recent Content

A few publications I’ve released recently.

My Honest Advice On Starting A Cybersecurity Career in 2025 (in less than 5 mins)

Advice from my 5 years of learning, teaching, and working in the cybersecurity industry (in less than 5 mins).

Building a DNS Server with Python - 2 (Parsing The Header)

Second installment of this series, in this case we’re parsing the header.

Detection-as-Code & CI/CD for Detection Engineering with Dennis Chow | Detection Opportunities EP 9

Detection as Code is one of the most importnat evolutions in modern security detection, and in this video, we break it down.

I first encountered this concept as a Cloud Threat Detection Engineer at Datadog. Today, I’m joined by Dennis Chow, a Detection Engineering specialist and author of Automating Security Detection Engineering (which I had the honor of technically reviewing).

Together, we explore what Detection as Code really means and walk through two hands-on CI/CD pipeline demos:

🔹 Lab 1: Building SIEM detections with synthetic AI testing using Sumo Logic

🔹 Lab 2: Policy-as-Code integration testing with Cloud Custodian on GCP.

You’ll learn how Detection as Code leverages Git, automated testing, reproducibility, collaboration, and CI/CD to make detection engineering more scalable, accountable, and reliable.

My Honest Thoughts on the Cybersecurity Job Market in 2025

The YouTube version of this post!

Closing

Once again, you made it this far :)

Feel free to reply, share your thoughts, or pass this on to someone who needs it.

Thanks for reading. If you'd like, you can subscribe and restack - it helps spread the word and encourages me to continue writing content. If not, I’ll see you around…somewhere on the internet!

In 2025, one of the fastest-growing and most in-demand roles in cybersecurity is Cloud Security Engineering.

But how do you actually become one, especially if you're starting from scratch?

In this newsletter, I'll provide you with a step-by-step roadmap to become a Cloud Security Engineer, without requiring a college degree or prior technical experience.

About Me

If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.

Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.

I've worked my way up from SOC analyst roles, investigating everything from endpoint threats to cloud-based abuse, so I know exactly what it takes to break into this field.

I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.

I personally was able to break into cybersecurity as early as my freshman year of college. I’ve secured several jobs and interviews prior to earning my college degree, and I’ve helped thousands of people achieve the same success on my various content channels and in my Discord Community.

Join a vibrant cybersecurity community of over 6,000 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

What Cloud Security Engineers Actually Do

Let's start with the most essential question: What is cloud security engineering?

Many people imagine it's just monitoring dashboards, reviewing alerts, and adjusting IAM permissions. But the reality is far more complex and deeply technical.

A cloud security engineer builds and protects the systems, identities, data, and infrastructure that power cloud environments, such as AWS, Azure, and GCP.

The role involves designing secure cloud architectures, detecting cloud service abuse, automating responses to cloud misconfigurations, and investigating breaches through cloud log analysis, among other tasks.

This position uniquely blends software engineering, DevOps, and cybersecurity skills.

Unlike a SOC Analyst who mainly analyzes threats, as a Cloud Security Engineer, you'll build security guardrails, write scripts, deploy infrastructure, and prevent security incidents by fixing cloud misconfigurations—one of the leading causes of cloud attacks.

If you're expecting a simple checklist job, think again. Cloud security engineering requires critical thinking, curiosity, and a genuine engineering mindset.

Understanding the Cloud Comes First

Before diving into tools or certifications, it is essential to understand how cloud systems work.

You can't secure what you don't understand—and cloud infrastructure is truly a world of its own.

This means learning and understanding how identity works in cloud platforms—how users, services, and roles authenticate and what they can access.

You need to understand how resources, such as virtual machines, storage buckets, and containers, are deployed and managed.

You must also grasp how cloud networks are segmented, how logs are generated, and what telemetry is available for detecting suspicious behavior across different cloud planes—specifically the control plane (or management plane) and the data plane.

This goes beyond memorizing terminology. It's about developing a deep understanding of how cloud environments are built and how data flows through them. When something breaks—or worse, when someone breaks in—you need to recognize the signs and distinguish between normal, risky, and malicious behavior.

Starting with AWS, Azure, or Google Cloud doesn't matter at first. What's important is choosing one platform and committing to learn it from the ground up.

A previous video on how to become a Cloud Security Engineer:

Mastering Networking Fundamentals

After you've started to understand how cloud services are structured, the next piece of the puzzle is networking.

This is one of the skills I strongly advocate cybersecurity professionals learn early on—and while many people tend to skip ahead or zone out here, trust me, you won't want to ignore this.

Networking is the lifeblood of everything in security, especially in the cloud. Without it, you'll be flying blind.

You need to understand how devices communicate with each other over the internet.

This includes concepts like IP addressing, subnets, and Network Address Translation (NAT).

You'll want to become familiar with how public and private networks function in a cloud context, as well as how traffic is routed between services and across regions.

You'll also need to understand protocols because when an attacker probes your cloud environment, they often use protocols like HTTP, SSH, or DNS in abnormal ways.

If you can't recognize what "normal" looks like, you'll never be able to spot the subtle signs of an intrusion or ongoing attack.

But beyond detection and investigation, networking also helps you build better cloud architecture.

It helps you segment services to reduce your blast radius and design environments that are harder to exploit and move through laterally.

So don't rush this step. It will pay off over and over again in your career.

How To Learn Computer Networking:

Computer Networking Mini-Course

Understand the System Before You Secure It

Once you've started to grasp cloud infrastructure and networking, you might be tempted to jump right into learning tools like SIEMs or EDRs.

While these tools are essential, they are not where you should start.

Why? Because every security tool relies on the underlying telemetry and behavior of the system it monitors.

Without understanding how a system works, knowing which buttons to click won't be of much help.

You won't recognize architectural problems, spot anomalies, or even build meaningful detections.

When I started working on cloud detections professionally, I encountered a cloud provider with which I had no prior experience.

Within a few months, I transformed from a novice in this cloud platform to writing multiple detections, supporting customers during a large-scale cloud incident, and presenting my research on company blogs and at major cybersecurity conferences.

The takeaway is simple: master the system first. Always. Once you do, every tool you learn afterward will click into place.

My Research on Google Cloud Threat Detection.

My fwd:cloudsec talk on Google Cloud Threat Detection:

Learn Cloud Security Tooling Intentionally, Not Impulsively

Now that you’ve built a strong foundation in how cloud systems and networks operate, you’re ready to start exploring the tools that cloud security engineers use on the job.

However, I want you to approach this with intention, rather than impulse or guesswork.

Security tools are designed to enhance your understanding, not replace it.

Whether it’s a log analysis platform, a threat detection engine, or a cloud-native monitoring service, these tools help you find, investigate, and respond to threats.

But they’re only as powerful as your understanding of what you’re looking at.

Instead of trying to learn every tool out there, focus on learning how to think like a cloud defender. Understand what telemetry is available.

Learn how to follow the trail of an attacker moving through a cloud account. Practice reading logs, correlating events, and writing detection logic that isn’t just copy-pasted from a playbook.

Tools are essential, but they're only effective when paired with a cloud security engineering mindset, deep contextual understanding, strong problem-solving skills, and sharp analytical reasoning.

TRYHACKME DEFENDING AZURE LEARNING PATH

Rather than just covering surface-level cloud concepts, gain foundational knowledge through hands-on experience in real Azure cloud environments, including key Azure security tools such as Microsoft Sentinel, KQL, and Defender, with TryHackMe's Defending Azure Learning Path.

Learn How To Defend Azure!

Real-World Practice Is What Separates Theory From Skill

Reading articles and watching videos like this can provide knowledge, but knowledge alone doesn't build confidence.

That's why hands-on experience is essential if you want to become a cloud security engineer.

You need to simulate real-world scenarios.

This may involve setting up a mock cloud environment, deliberately misconfiguring it, and then identifying and resolving those issues.

Or it could mean working through labs where you analyze logs, triage alerts, and respond to simulated attacks.

Again, TryHackMe’s learning platform is perfect for precisely this kind of progression.

The defending Azure learning path will walk you through deploying, breaking, and defending systems in a safe environment.

The key is not just to study cloud security. Do cloud security and get your hands dirty.

Learning to Automate with Code

In the cloud, things move fast. And if you try to secure everything manually, you will fall behind.

That’s why automation isn’t just a nice-to-have skill—it’s a requirement.

If you want to scale your impact, reduce noise, and respond to threats efficiently, you need to learn how to write code.

Python is a fantastic starting point. It’s easy to learn, widely used in security, and perfect for tasks like:

• Parsing logs

• Querying APIs

• Automating responses

• Writing detection logic

Once you’ve built a foundation in Python, you can expand into scripting languages like Bash or PowerShell, depending on your environment.

However, the most important thing is to begin writing code that solves real-world problems.

That could be anything from a cloud function to a remediation workflow that disables misconfigured users, or a bash script on a virtual machine to install specific tooling on deployment.

Remember—you’re not trying to be a software developer. You’re building tools that make you a more effective security engineer.

This also ties closely to Infrastructure as Code.

Learning Infrastructure-as-Code

One of the most significant shifts in modern cloud environments is the transition to Infrastructure-as-Code.

Instead of clicking buttons in a web console, engineers are deploying resources using declarative templates and scripts. This has significant implications for security.

If you understand how Infrastructure as Code works, you can detect misconfigurations before they go live.

You can review changes in source control. You can build security guardrails into development workflows.

And you can make sure that security isn’t just something that happens after deployment—it’s baked in from the start.

You don’t need to master every IaC tool out there, but you should be comfortable reading, reviewing, and writing templates for the cloud environments you work with.

Build Projects That Showcase Your Skills

All of this learning—cloud, networking, systems, scripting—needs to be tangible.

That’s why projects are so important.

If you can build a small cloud environment, configure it securely, simulate an attack, and then detect and respond to that attack, you are almost job-ready.

If you can automate policy enforcement or build dashboards highlighting risky behavior, you are also almost job-ready.

Your projects don’t need to be flashy. They need to be real.

They need to demonstrate that you understand how to think, investigate, and solve cloud security problems.

And they need to be documented—on your GitHub, in your portfolio, or on your resume.

When you start applying for jobs, those projects are what set you apart from everyone else with a certificate and a list of buzzwords.

Staying Current and Never Stopping

Cloud security is not a static field; it is constantly evolving. It changes every single day.

New services launch. Old ones get deprecated. Attackers find new weaknesses. Teams build new defenses.

It’s just simply evolving.

Therefore, your role as a cloud security engineer is to evolve with the industry.

That means reading blogs or newsletters, reviewing vendor changelogs, joining security communities, and practicing regularly.

Not out of fear, but out of a commitment to being excellent at your craft.

This is a career, not just a class. And the more you treat it like a long-term journey, the more you’ll get out of it.

Cyberwox Resources

Resources for your career

🔹Join the Cyberwox Academy Discord!!

🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform

🔹Cyberwox Cybersecurity Notion Templates for planning your career

🔹Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹Learn AWS Threat Detection with my LinkedIn Learning Course

Recent Content

A few publications I’ve released recently.

Cybersec Café #59 - 03/18/25

This was a great conversation I had with Ryan Cox from The Cyber Cafe. Ryan and I sat down this past month and dove into my journey in cybersecurity, my path from beginner to established professional, how I’ve built my online business, and more. Since we’ve both specialized in Detection and Incident Response, it was great to see how our experiences compared and share my perspective on the industry.

The Cybersec Café

Cyber Chat: Day Johnson

I’m super excited to share my latest Cyber Chat with Day Johnson - a Cybersecurity Engineer and Content Creator…

Read more

a year ago · 2 likes · Ryan G. Cox

Community College to Microsoft Cybersecurity Internship with Carl David | Cyber Stories Podcast EP 25

A conversation with Carl David, a rising cybersecurity professional who started as an Incident Response Intern with Microsoft’s world-renowned DART team. Carl, originally from Rwanda, shares how he broke into the field after studying at Collin College, where I also began my journey.

He’s now making waves as an Intelligence Analyst Intern at Semperis and will be joining USAA as a Cybersecurity Intern in Summer 2025. We explore Carl's journey of landing his first internship at Microsoft, which subsequently opened doors to two more offers, various certifications, clear college pathways, and career insights.

We also discuss the significance of deliberate networking and developing cybersecurity projects. Additionally, we address the hardships that come with immigration and the obstacles faced by international students, along with strategies for overcoming them.

Carl’s journey serves as a blueprint for aspiring cyber professionals, particularly those starting from humble beginnings.

Cyber Stories Podcast

Community College to Microsoft Cybersecurity Internship with Carl David

A conversation with Carl David, a rising cybersecurity professional who started as an Incident Response Intern with Microsoft’s world-renowned DART team…

Listen now

a year ago · 1 like · Day Johnson

Fastest Way To Become a Cloud Security Engineer in 2025

The YouTube version of this post!

Closing

Once again, you made it this far :)

Feel free to reply, share your thoughts, or pass this on to someone who needs it.

Thanks for reading. If you'd like, you can subscribe and restack - it helps spread the word and encourages me to continue writing content. If not, I’ll see you around…somewhere on the internet!

Let’s get into it.

1. Enjoy Work & Embrace Discipline

As Gen Z, we’re often labeled as lazy or lacking discipline. But I’ve come to love the grind — not just in theory, but in action. I’ve learned to build a career I enjoy, and that makes all the difference. Work doesn’t feel like a burden when it aligns with purpose.

Discipline? It’s the multiplier. It fuels your work, your habits, your life.

2. Take Care of Your Physical Health

Your health is the foundation of everything, especially in a high-stress industry like cybersecurity.

Over the years, I’ve dialed in my sleep, diet, and training. Whether I’m cutting, bulking, lifting, or running, it helps me stay sharp.

Fitness isn’t about looking a certain way — it’s about feeling your best so you can be your best.

3. Relationships Matter More Than You Think

There was a season I didn’t prioritize friendships. I was isolated, anxious, and depressed.

But building meaningful connections with friends and family changed everything.

You don’t always need deep talks — sometimes a FaceTime call or gym session with your best friend can recharge your whole spirit.

4. Slow Progress Is Still Progress

I used to think speed was everything. But I’ve learned that consistent, steady progress — even if it’s slow — gets you further than burnout cycles.

The tortoise wins for a reason.

Stay in your lane, keep showing up, and trust the compound effect.

5. Procrastination Leads to Frustration

I’ve mastered the art of procrastination — and hated how it made me feel. The longer you delay a task, the more it hangs over you.

That mental weight turns into frustration, and it’s rarely worth it.

Get it done. Get it off your mind.

6. Be Present With Yourself

There’s power in silence. In not reaching for your phone. In driving without music. In sitting without distraction. Our brains are overstimulated. Presence gives you peace, clarity, and creativity. Practice being still. It changes how you work and how you think.

I’ve started doing small things: no music during drives, no podcast in the shower, no background noise while waiting in line. It helps me notice the world, my thoughts, and my environment.

Stillness isn’t empty — it’s clarity.

7. The Future Is Closer Than You Think

You blink and it’s five years later. I can vividly remember being 18, 19, 20 — it wasn’t that long ago.

You realize you could’ve started that project, changed that habit, made that move. Life moves fast. Time moves fast — faster than we think. Goals that feel far away will arrive quicker than you expect.

If you’ve been delaying something, start now. The future is around the corner.

8. The Future Is Also Further Than You Think

At the same time, one year is a lot of time. You can change your career, health, and relationships in a year. Heck, you can change your life in 6 months.

Two years is enough to break cycles, learn new skills, or move across the world. Don’t underestimate how much can be built slowly, with intention.

Keep your head down and build. Let time work for you — and be consistent.

9. If You Don’t Stand for Something, You’ll Fall for Everything

My dad said this to me growing up, and now it fully clicks. Without strong values, you become easily swayed by opinions, trends, and noise.

Stand firm in your beliefs, your ethics, your purpose — or risk living by someone else’s.

Stay grounded. You can be open-minded and firm at the same time.

10. You Rise to the Level of Your Standards

Set high standards for yourself. I do — in work, relationships, and goals. Not everyone will meet your standards, and that’s okay. Just don’t lower them to make others comfortable.

Hold yourself accountable, and let others meet you where you are.

11. Choose What You Let Stress You Out

Stress is inevitable; however, not all stress is equal. But you can choose what kind of stress you accept.

For me, I’m okay with my work stressing me out because I understand it and I can manage it. But unnecessary personal stress? That’s a no.

Learn to say no to draining situations and yes to peace.

12. Learn to Say “No” More

As someone who creates content and leads a community, I always want to help everyone. But I’ve learned I can’t — and that’s okay.

I’ve had to learn to say no, even to good things, to focus on the right things. So, say no to things that don’t align with your capacity or priorities.

Time and energy are finite. Protect them.

13. Say “Yes” More (To The Right Things)

On the flip side, say yes to opportunities that stretch you.

Early in my journey, I said yes to everything — and it taught me what to say no to later.

Saying yes to jobs, projects, and partnerships helped me grow, collaborate, and build something meaningful.

Join a vibrant cybersecurity community of around 6,000 people who are constantly engaging in conversations and supporting one another—covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

14. Do Something Outrageous Every Year

Push the limits. Not recklessly — but intentionally. Try something bold: a solo trip, a skydiving session, a new challenge.

Remind yourself you’re capable of more than you think.

15. Build Systems, Not Just Routines

Routines can become rigid. Life changes. But systems? Systems adapt.

When I shifted from evening workouts to morning kettlebell sessions, my system stayed the same — just the timing changed.

Build adaptable structures around your life. Build frameworks that survive chaos.

16. Read More

Most content today is diluted. Books go deeper. They give you the full picture, not just the summary.

Reading has helped me slow down, think clearer, and understand complex ideas.

If you want to grow, read like it’s your job.

17. Become a Better Communicator

Communication is one of the most underrated skills in both life and cybersecurity. Whether it's how you talk to your team, present in meetings, explain ideas, or connect with strangers — clear communication makes a massive difference.

Five years ago, I wasn’t as effective at communicating as I am now. Creating content, working in tech, and navigating corporate environments helped me learn how to listen better, ask better questions, and present myself more confidently.

If you want to grow your influence, impact, or network — become a better communicator.

18. Procrastination Robs You of the Life You Could’ve Lived

This one hit me hard. Procrastination isn’t just a delay — it's a thief. It steals potential. It quietly holds back the life you could be living right now.

I’ve had moments where I was like, “Man, if I had done this earlier, who knows where I’d be today?” I don’t want to live with that regret.

So I’m learning: Take action when the idea is fresh.

Do the thing now, not someday. “Someday” often turns into “never.”

19. You Can’t Always Be Present for Everyone

When you’re someone who genuinely cares about people, you want to be there for everyone — reply to every DM, support every friend, show up for every event.

But you can’t pour from an empty cup. I’ve learned to set boundaries. Some people only know how to take, and if you’re not careful, you’ll burn out trying to give them more than you have.

Be present for the people who matter — but protect your own peace too.

20. Obedience > Sacrifice

This one comes from my faith. It’s possible to be doing “good” things — helping others, building things, making moves — and still be out of alignment with what God has called you to do.

I've learned that obedience to that purpose brings more peace than any sacrifice ever could.

Sometimes the most powerful thing you can do isn’t to hustle harder — it’s to listen and follow the path you’re meant to walk.

21. Embrace Chaos and Disruption

I like structure. I thrive in routine. But life doesn’t always play by your rules. Chaos happens — burnout, career shifts, heartbreak, unexpected opportunities.

In the past, those seasons would shake me. Now, I lean into them. I look at chaos as a chance to learn, adapt, and grow.

Resilience isn’t built in comfort — it’s built when everything feels uncertain, and you keep showing up anyway.

22. Don’t Prolong Unhealthy Relationships

Sometimes we hold on to relationships — friendships, romantic, or even family — because of history or guilt. But I’ve learned that if something is consistently unhealthy, it’s okay to let go.

You don’t have to hate them. You don’t have to make it dramatic. But you do have to protect your peace.

Not every relationship is meant to last forever — and that’s okay.

23. Keep God First

This is the foundation of everything for me. Every time I drift away from my faith, I feel it — mentally, spiritually, emotionally.

But when I’m aligned with God, everything falls into place. I don’t mean life becomes easy. I mean, life becomes anchored. I feel rooted and established. Unshakeable. Untouchable.

If I’ve learned one thing that will always guide me, it’s this: When I keep God first, I walk with peace, clarity, and confidence — no matter what season I’m in.

Cyberwox Resources

Resources for your career

🔹Join the Cyberwox Academy Discord!!

🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform

🔹Cyberwox Cybersecurity Notion Templates for planning your career

🔹Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹Learn AWS Threat Detection with my LinkedIn Learning Course

Recent Content

A few publications I’ve released recently.

Governance, Risk & Compliance (GRC) Engineering with Ayoub Fandi | Cyber Stories Podcast EP 24

A conversation with Ayoub Fandi, a Staff Security Assurance Engineer at Gitlab and host of the GRC Engineering Podcast, as we discuss transforming GRC from a cost center into a strategic product through automation and engineering.

Ayoub shares his journey from aspiring economist to successful cybersecurity professional. We explore whether GRC is technical and introduce GRC engineering, which uses engineering practices to enhance governance, risk, and compliance. We highlight the shift in GRC professionals' backgrounds and how technical skills improve GRC workflows.

We also emphasize the importance of cybersecurity knowledge in GRC roles and what it means to operate at the staff level.

This conversation offers invaluable insights for aspiring staff engineers, including advice on getting into GRC and building a career in GRC Engineering.

Cyber Stories Podcast

Governance, Risk & Compliance (GRC) Engineering with Ayoub Fandi

A conversation with Ayoub Fandi, a Staff Security Assurance Engineer at Gitlab and host of the GRC Engineering Podcast, as we discuss transforming GRC from a cost center into a strategic product through automation and engineering. Ayoub shares his journey from aspiring economist to successful cybersecurity professional. We explore whether GRC is technic…

Listen now

a year ago · 1 like · Day Johnson

FAANG Cybersecurity Engineer Reacts to Cybersecurity TikTok Advice

Bringing some cybersecurity reaction content back to the timeline...this one was a mixed bag. Lots of really great advice and some really bad

How To Learn Cybersecurity Fundamentals - Computer Networking (Breakdown)

For the longest time, I've been a strong proponent of learning cybersecurity fundamentals, especially computer networking. This video demonstrates how to approach this.

23 Things I Have Learned As a 23 Year Old Cybersecurity Engineer ~ Day's Engineering Diary EP14

The YouTube version of this post!

Closing

Once again, you made it this far :)

These aren’t just things I’ve learned — they’re things I’m living through. 23 has already come with its own challenges and lessons, but I’ve never felt more grounded, focused, and expectant. If anything here resonated with you, thank you for reading.

Feel free to reply, share your own lesson, or pass this on to someone who needs it.

Thanks for reading. If you so desire, subscribe and restack - it helps spread the word and keeps me writing content. If not, I’ll see you around…somewhere on the internet!

I'm going to guide you through the process of becoming a cybersecurity engineer, with a special focus on Defensive Security Operations Engineering, which includes high-demand roles like threat detection and incident response.

These roles are crucial in defending organizations from cyber threats and are highly technical and among the most demanded and well-compensated in the cybersecurity field.

About Me

If you’re new here, my name is Day, and I’m a Security Engineer at Amazon with a previous focus on Incident Response Engineering and a current focus on Proactive Security Operations covering Threat Hunting, Threat Intelligence, & Adversarial Emulation.

In the past, I’ve worked as a Detection Engineer at Datadog, where I focused on Cloud, Network, Endpoints, and SaaS Applications. And have also previously worked as a Tier 1/Tier 2 Analyst at various SOCs & MDRs.

With all of this experience, I will give you a step-by-step road map to get you to become a cyber security engineer even if you don't have a degree or any technical knowledge yet; as a matter of fact, this newsletter has no college education requirements.

I personally was able to break into cybersecurity as early as my freshman year of college. I’ve gotten several jobs and interviews prior to ever having a college degree, and I’ve helped thousands of people do the same on my various content channels and in my Discord Community.

Join a vibrant cybersecurity community of over 6,000 people who are constantly engaging in conversations and supporting one another—covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.

Join Us!

Establishing a Foundation

When you’re getting started on your journey to becoming a Security Engineer, this journey can start from various points, whether you're currently in an IT role, such as a network engineer or a systems administrator, or even in a Security Role, like a SOC analyst, or entirely outside the tech industry, such as nursing or retail.

The critical first step you need to take is understanding the fundamental concepts of cybersecurity, which will form the backbone of your expertise in threat detection or incident response.

Educational Pathways and Certifications

To build a strong foundation in cybersecurity, I recommend pursuing certifications & training that provide a blend of theoretical knowledge and practical experience.

Cybersecurity Basics

Opt for industry-recognized certifications like Google’s cybersecurity certificate or Microsoft’s cybersecurity analyst certification.

These programs are specifically designed to equip you with essential skills and include hands-on labs, which are crucial for grasping the intricacies of security operations.

The great thing about the hands-on labs is you get to practice what you learn, so things make a lot more sense when you’re using those skills in the real world as a cybersecurity engineer.

The Google Cybersecurity Training includes labs that teach you Linux, which is a core skill for any cybersecurity engineer; MySQL, which will help you understand the basics of data analytics; and Python, which will be super important for scripting and automation - more on this later in the newsletter.

I also like that this program prepares you for CompTIA Security+, which is a staple foundational certification in the security industry.

My first impressions of the Google Cybersecurity Professional Certificate:

On the other hand, the Microsoft Cybersecurity Analyst Training will introduce you to the Microsoft Azure cloud and the Microsoft Sentinel platform - this is great because you get an introduction to a top cloud provider and, on the other hand, atop SIEM (Security Information & Event Management).

This program also prepares you for the Microsoft Security Operations Analyst Certification, which is also another great certification.

Is the Microsoft Cybersecurity Analyst Certificate Worth It?:

Computer Networking

Another foundational skill that you need to give significant consideration to and should never be overlooked if you want to become a proficient and effective cybersecurity engineer is an understanding of computer networking.

This skill is integral to cybersecurity as it provides the necessary knowledge to comprehend how data moves and communicates across systems.

You’ll need to understand the basics of IP addressing, Public & Private IP addresses, Network Address Translation or NAT, CIDR Notation, routing, network ports & protocols like HTTP, DNS, SSH, LDAP, etc.

You’ll also need to know the basics of Network Types & Topologies like peer-to-peer, client-to-server, Local Area Networks or LAN, Wide Area Networks or WAN, and so on.

All these can be learned from a good CompTIA Network+ course like the one from Professor Messer here on YouTube or paid ones on Udemy from Jason Dion.

Now, you don’t necessarily have to take this certification, but the knowledge you’ll gain from understanding how networks work will be extremely invaluable to your cybersecurity career.

I’ve landed several jobs, including my current job, just because of how I showed my strong understanding of networking during my interviews - do not overlook this skill at all.

Heck, dare I say you can not be a competent Cybersecurity Engineer without the basics of networking.

In this mini-course, we're going back to the basics. Many cybersecurity professionals don't fully understand how standard protocols and networking concepts work, largely because they've never interacted with these protocols beyond the theoretical level.

Think about it—have you ever seen how DHCP or ARP packets work? Do you genuinely understand packet encapsulation and decapsulation? Have you seen how TCP sessions end with reset packets or witnessed a TCP 3-way handshake? You'll find this mini-course valuable if you answered no to any of these questions.

In just over an hour, you'll level up your networking and protocol knowledge. My goal is to transform your theoretical knowledge from CompTIA Network+ or Security+ into practical understanding by showing you how to interact with these protocols and demystifying the complexities of computer networking.

ANY.RUN Security Training Lab

Gain practical knowledge, examine real-life scenarios, and become a cyber defense specialist with ANY.RUN's malware analysis course.

Learn Malware Analysis!

Specialized Learning in Threat Detection

Now, let’s talk about specializing in Threat Detection Engineering or Incident Response Engineering.

If your interest lies in any of these roles, you’ll typically be told that it's super important to become proficient in using monitoring and detection tools like Splunk or Crowdstrike, and while I think that is somewhat right, it is a half-truth.

All monitoring tools or detection tools are built on the foundation of native telemetry already provided by the system, be it cloud or Linux Windows - whatever the case is.

If you do not understand how these systems work or the threat against them, it does not matter how great you are at Splunk; you’ll never be able to detect anything.

This is precisely why I recommend understanding how a system works before trying to learn how to detect threats to it.

Let me give you a real-life example.

I was very new to the cloud when I first got my last job at Datadog. I had never done cloud detection engineering, but I had worked on some cloud security investigations in my previous roles as a SOC analyst.

However, in order to build detection rules and mechanisms for cloud threats, I first had to understand how the cloud worked.

One of my main projects was expanding our detection ruleset for Google Cloud, but I had never worked with Google Cloud in my life, so what did I do?

I dove into the documentation of Google Cloud, how IAM works, how the projects and organizations work, how resources are configured, service accounts, and several other things.

And you know how that helped me? In a matter of weeks, I was able to start building and testing detections for Google Cloud; I co-wrote an article on Google Cloud threat detection and even gave multiple talks on Google Cloud Threat Detection.

The moral of the story here is to replace Google Cloud with anything here - it could be Linux, windows, IOT, heck, it could be iPhones or Androids; the point I’m trying to get across is you need to understand the system, its intended use, and its weaknesses before you can detect any threats against it.

After this, you can then start learning tools like Splunk or Crowdstrike. The great thing about Splunk is that they offer free training that can take you from knowing nothing about it to becoming pretty decent at it.

You can also go through various tryhackme rooms that help guide you on Splunk and investigating with it. You can even deploy your own Splunk instance and ingest logs into it, as I’ve outlined in my cybersecurity home lab project.

I’ve made some videos on this, which you can find in my SecOps & Investigations playlist here.

A combination of strong system understanding and Splunk (or other SIEM tool) engineering will make you very suitable for detection engineering or threat detection roles.

The same thing applies to incident response. This specialization requires a thorough understanding of response processes and recovery strategies, and learning to manage and respond to security incidents effectively is key, but you’ll still need to understand the underlying system.

Deciding between Threat Detection and Incident Response:

Transitioning between Threat Detection & Incident Response:

Advanced Training in Incident Response

Now, how do you begin to build the core skills for these roles? This in itself is a whole breakdown, which I’ve covered in a previous video, covering several certifications and training to consider for various skills you might be looking to learn.

Everything from the BTL1 to the CDSA, BTL2, CCD and others.

In regards to training providers like Constructing Defense,13 Cubed, TCM Security DFIR DIVA, Purple Labs, XINTRA, and several others.

I highly suggest watching the video:

Hands-on practice and continuous learning

Now let’s talk about practice and labbing.

It is crucial to master the tools specific to your chosen specialization—whether threat detection systems like SIEM for detecting attacks or incident response techniques for mitigating them.

Each tool and technique requires a deep understanding of specific aspects of cybersecurity, such as network traffic analysis or log analysis for threat detection or forensics and crisis management for incident response.

So here are some platforms to help you practice these skills:

• ACE Defender

• BTLO

• THM

• Pwned Labs

• HackTheBox Sherlocks

• LetsDefend

• Cyber Defenders

• RangeForce

Applying your knowledge through these real-world simulations and practical labs is essential.

Start with foundational training on platforms like TryHackMe, which covers everything from basic security principles to complex system and application security tasks.

Then, advance to more specialized modules that focus on the intricacies of network and system security, malware analysis, incident management, etc.

Building Scripting and Automation Skills

The next thing you need to build on is your scripting and automation skills. In threat detection and incident response, having scripting and automation skills is very important.

You’ll need to automate redundant processes or make things more efficient, and scripting helps with this.

One of the best languages to start with is Python due to its simplicity and powerful capabilities.

Python is widely used in cybersecurity for automating repetitive tasks, parsing large amounts of data, and developing software tools.

With Python, you can automate boring or repetitive tasks and focus more on the strategic aspects of your job, such as threat analysis and incident response.

Starting with the basics, there are many online resources available to learn Python. I personally recommend learning Python the hard way through Zed Shaw, Code with Mosh’s Python course, and Code Crafters.

However, Codecademy, Coursera, and edX offer beginner-friendly courses that teach you Python programming fundamentals.

The key thing here is to pick a course and stick with it long enough to build your Python skills.

Once you have a good grasp of the basics, you can start exploring modules and libraries used explicitly in cybersecurity, such as Scapy for network analysis, pandas for data analysis, JSON for parsing JSON files, requests for making web requests, or BeautifulSoup for web scraping.

Also, various platforms provide cybersecurity-focused Python challenges that allow you to apply your newly acquired skills in practical scenarios.

For example, HackInScience’s Python challenges or Programming Hero’s 100-plus Python coding challenges are great resources for learning and practicing Python in cybersecurity.

Remember, the goal is not to become a software developer but to use Python to enhance your threat detection and incident response capabilities.

Therefore, focus on practical applications of Python in cybersecurity, such as automating data analysis, building simple tools, or integrating different security solutions using APIs.

Some other languages to consider will be Golang & Javascript, as they also help in various cybersecurity automation and integration workflows.

For scripting, Powershell for Windows and Bash for Linux.

Auxiliary Skills - Cloud & IaC

In addition to learning a programming language, understanding cloud and Infrastructure-as-Code is a crucial auxiliary skill for cybersecurity engineers focused on threat detection or incident response.

Cloud knowledge is essential because many organizations are shifting their operations and data storage to cloud-based solutions.

Therefore, cybersecurity engineers need to understand how to deploy and build security tools in the cloud, secure cloud-based infrastructure, how the data flow is managed, and how access controls work in a cloud environment.

They should be familiar with platforms such as AWS, Google Cloud, or Azure.

In addition to this, Infrastructure-as-Code (IaC) is a key concept in modern IT operations. It involves managing and provisioning computing infrastructure through machine-readable scripts rather than manual processes.

For a cybersecurity engineer, understanding IaC can help in automating security controls and policies.

It allows them to integrate security earlier in the development lifecycle, enabling a 'shift-left' in security that results in more secure and scalable systems.

Tools commonly used for IaC include Terraform, Ansible, Chef, Puppet, and many others.

Projects

In order to bring everything together, working on a few personal projects relating to cybersecurity can be an excellent way to strengthen and solidify these skills.

This can involve utilizing a range of tools such as Security Information and Event Management systems (SIEMs), Cloud technologies, Python programming, and Infrastructure as Code (IaC).

By actively building out these projects, you are able to gain hands-on experience and a deeper understanding of the intricacies involved in these various cybersecurity tools and how they work together.

Furthermore, these projects can serve as tangible evidence of your skills and knowledge, which can be outlined on your resume, and this not only enhances your professional profile but also provides you with concrete examples and experiences to draw upon during job interviews.

Ultimately, these personal projects can significantly boost your confidence and competence as a cybersecurity engineer.

Choosing a Pathway in Security Operations Engineering

Now, once you’ve established a solid foundation and gained some hands-on experience, it's time to choose a specific pathway within Security Operations Engineering.

Whether you decide to focus on threat detection or incident response, your path should be guided by both your interests and the specific needs of the job market.

Bear in mind that Cybersecurity is a field defined by rapid evolution and constant change.

Continuing your professional development through ongoing education, staying updated on the latest threats, and continually refining your practical skills are going to be necessary for your growth as a cybersecurity engineer.

Cyberwox Resources

Resources for your career

🔹Join the Cyberwox Academy Discord!!

🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform

🔹Cyberwox Cybersecurity Notion Templates for planning your career

🔹Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹Learn AWS Threat Detection with my LinkedIn Learning Course

Recent Content

A few publications I’ve released recently.

The Cybersecurity Bootcamp Industry & Level Effect w/ Anthony Bendas | Cyber Stories Podcast EP 23

A conversation with Anthony Bendas - Co-Founder at Level Effect, where he designs and delivers cutting-edge cybersecurity training programs, including the Cyber Defense Analyst Program. With over a decade of experience spanning penetration testing, security consulting, and engineering, he has built a reputation for translating complex security concepts into practical, real-world applications.

Cyber Stories Podcast

The Cybersecurity Bootcamp Industry & Level Effect with Anthony Bendas

A conversation with Anthony Bendas - Co-Founder at Level Effect, where he designs and delivers cutting-edge cybersecurity training programs, including the Cyber Defense Analyst Program. With over a decade of experience spanning penetration testing, security consulting, and engineering, he has built a reputation for translating complex security concepts …

Listen now

a year ago · 1 like · Day Johnson

Building a DNS Server with Python - 1 (Repo & UDP Server Setup)

Starting a series on building a DNS Server with Python - guided by Code Crafters.

The Truth About The TryHackMe SAL1 Certification (Complete Review)

A breakdown of TryHackMe’s new SAL1 Certification.

Fastest Way To Become a Cybersecurity Engineer in 2025

The YouTube version of this post!

Closing

Once again, you made it this far :)

Thanks for reading. If you so desire, subscribe and restack - it helps spread the word and keeps me writing content. If not, I’ll see you around…somewhere on the internet!

Having spent the last half-decade immersed…

Read more

Writing has become a critical skill—one that’s shaping my journey toward becoming a staff or principal-level engineer. And if you’re not writing yet, you should start.

Here’s a video I…

Read more

Why? In this newsletter issue, I’m…

Read more