Some people wait to be told what to do. Others move like mercenaries, delivering value before anyone even realizes there’s a gap.
This isn’t about ego, titles, or theatrics. It’s about execution. About being the kind of operator who steps into chaos and leaves behind clarity through efficiency, and impact.
This is the mindset I’ve been reflecting on lately, particularly as I’ve transitioned through various roles and companies in my half-decade cybersecurity career.
We often discuss frameworks, titles, skills, and playbooks in cybersecurity. But sometimes, what separates good from great isn’t a fancy detection algorithm, a well-polished resume, or even years of experience.
It’s how you move.
I call it the mercenary mindset, but not in the “gun-for-hire” sense.
I’m also not talking about loyalty to the highest bidder or some kind of dark ops aesthetic.
I’m talking about the real mercenary archetype. The type of person who doesn’t wait for permission. They don’t stall for clarity. They don’t need a job description to act.
They step in.
Assess the landscape.
Adapt to the terrain.
Execute the mission with precision.
And most importantly, they leave things better than they found them.
About Me
If you're new here, I'm Day, a Cybersecurity Engineer at Amazon. With five years in cybersecurity, my experience covers Detection Engineering, Cloud Security, Incident Response, Threat Hunting, and most recently, Threat Intelligence.
Before Amazon, I worked at Datadog as a cloud threat detection engineer, where I researched cloud threats and built detections for various cloud providers and SaaS applications.
I've worked my way up from various SOC analyst roles, investigating everything from endpoint threats to building detection systems for cloud-based abuse, so I know exactly what it takes to break into this field and make career advancements.
I started, just like many of you, learning from scratch, asking questions, and figuring it out one step at a time. And now, I'm here to help you do the same.
If you want to stay up-to-date on the cybersecurity industry and everything technical and career-related, be sure to like and subscribe to the newsletter for more content like this.
Join a vibrant cybersecurity community of over 6,500 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.
The Mercenary Archetype
Historically, mercenaries have played pivotal roles in shaping outcomes.
This was not because they were the most powerful, but rather because they were efficient, decisive, and unencumbered by internal red tape.
Take Executive Outcomes, for example, one of the most well-known private military companies of the 1990s. With a few hundred well-trained personnel and outdated equipment, they helped stabilize conflict zones and secure strategic resources that entire national armies had failed to manage.
Their success wasn’t rooted in scale. It was rooted in clarity of mission and precision of execution.
Now think about that through the lens of your cybersecurity career.
How often do we see teams spin their wheels waiting for a Jira (or similar system) ticket to be resolved?
How many times do people hold off on building a solution because they haven’t been told to?
How many incident remediation tasks get delayed because no one wants to take ownership of the gray areas?
Mercenaries thrive in the gray. That’s where the impact is.
Personal Case Studies
Case Study 1: How I Built and Deployed an IR Analysis Procedure in a Single Day
Not long ago, while I was still working as a Security Engineer on my day job’s incident response team, a new detection triggered.
It was built recently and triggered on suspicious behavior, which was something worth investigating.
But as I looked into it, I quickly realized there was a problem. There was no documented response process for this alert—nothing for analysts to follow.
No clear runbook.
Just ambiguity.
Guess what? We love ambiguity over here.
But that ambiguity had a cost.
Analysts were escalating alerts like this to engineers because they weren’t confident in the next steps. The result was longer investigation times, duplicated effort, and a slow, inconsistent feedback loop.
Now I could’ve waited.
Sent a Slack message about it.
Logged a ticket.
Mentioned it in a weekly sync.
But that’s not how mercenaries move.
While actively working on the escalated alert, I created the missing process in real time. I defined the triage flow, codified the expected behaviors, and scoped it not just to that one alert, but to an entire class of similar alerts. That instantly multiplied the value of the effort.
Since the investigation involved decoding tokens, I also wrote a lightweight Python script to automate that decoding. It was designed to work within our data confidentiality boundaries while saving analysts significant time.
By the end of the same day, I had:
Investigated and closed the alert
Created a repeatable response framework for similar detections
Built a Python tool that the team could use going forward
Reduced time-to-resolution for all future alerts in that class
That wasn’t a heroic moment. That was a mercenary moment.
A single day of focused, strategic work that scaled our team’s capability in a measurable way.
Case Study 2: Dropped into New Terrain and Building from Scratch
In my previous role as a Cloud Threat Detection Engineer, I primarily worked on cloud infrastructure detections across AWS, Azure, and GCP.
That was my zone. I had a strong foundation there.
However, I was then temporarily reassigned to a team focused on cloud workload detection. Think Linux systems, container activity, and Kubernetes clusters.
This was less familiar territory.
I could have hesitated.
Could’ve waited to get trained up.
But mercenaries don’t (can’t) ask the terrain to change. They adapt to it.
Within one quarter, I developed a structured onboarding framework for new engineers, enabling them to write agent-based and rule-based detections for cloud workloads.
I mapped out common attacker behaviors, data sources, and detection strategies. I didn’t just ramp myself up. I reduced the ramp-up time for everyone who came after me.
Then I was handed a noisy detection for Network Utilities Executed in a Container. It triggered constantly. False positives everywhere. Most engineers would suppress it through exclusion-based detection filters.
Instead, I decomposed it into multiple high-fidelity detections.
One focused on curl or wget used for data exfiltration
Another focused on command-line requests containing suspicious URIs
This approach eventually surfaced real-world threats, including a live PyPI supply chain attack, which abused the curl utility to send data to an attacker-controlled infrastructure.
That detection wouldn’t have been possible without decomposing the original alert into something sharper and more intentional.
I documented the full methodology. I turned that one fix into a repeatable process that others could apply across other detections.
I wasn’t the loudest person in the room. I wasn’t the most senior engineer (in fact, I was the most junior engineer).
But I delivered the signal where there was noise.
That’s mercenary execution.
Mercenary Execution
Sometimes, Mercenaries Move Fast Because They Love the Fight
Here’s the part we don’t talk about enough.
Some people move like mercenaries, not because they’re forced to.
Not because they want recognition or the money.
Not because they’re trying to impress someone.
Some people move like mercenaries because they love the work.
They love the hunt. The build. The pressure. The challenge of untangling complex security problems and delivering sharp, effective solutions.
That’s me. And if you’re reading this, it’s probably you, too.
The reason I could build a runbook, script, and close an investigation all in one day wasn’t just because it needed to be done. It was because I enjoyed the challenge.
I liked the problem.
I was locked in.
When I stepped into an unfamiliar domain, such as Linux and container detection engineering, it wasn’t just about adapting. It was about embracing the opportunity to grow and build something useful.
I liked being in the arena. I enjoyed making the messy stuff make sense.
When you love the work, you don’t wait for direction. You move.
You build things no one asked for because you know they’re needed.
You care deeply about getting it right, not for applause, but because you find joy in the process.
Loving the work is the cheat code. It’s the engine behind sharp execution, fast iteration, and long-term growth.
It’s what turns “extra work” into meaningful craft.
The Mercenary Playbook
This mindset isn’t about breaking rules or ignoring process.
It’s about having a bias toward action and a habit of excellence.
It looks like:
Prioritizing outcomes over checkboxes
Owning the gray areas no one else wants to touch
Building tools, docs, and workflows that outlive your tenure
Learning just enough to ship, and then learning some more to keep iterating
Executing with precision, not waiting for someone to tell you to
Ask Yourself
What’s a broken process or detection flow that you could fix this week?
What uncomfortable space have you been avoiding because it’s unfamiliar?
What would happen if you stopped waiting for permission and started executing with conviction?
Final Thoughts
The mercenary mindset is not about ego or chaos.
It’s about precise, repeatable, decisive execution.
It’s about leaving things better than you found them.
And it’s about loving the mission enough to keep showing up, even when no one’s watching.
You don’t need to be the most senior. You don’t need a fancy title.
You need to be the one who gets things done.
Cyberwox Resources
Resources for your career
🔹Join the Cyberwox Academy Discord!!
🔷 Check out the episodes of the Cyberstories Podcast on your favorite platform
🔹Cyberwox Cybersecurity Notion Templates for planning your career
🔹Cyberwox Best Entry-Level Cybersecurity Resume Template
🔹Learn AWS Threat Detection with my LinkedIn Learning Course
Closing
Once again, you made it this far :)
Feel free to reply, share your thoughts, or pass this on to someone who needs it.
Thanks for reading. If you'd like, you can subscribe and restack - it helps spread the word and encourages me to continue writing content. If not, I’ll see you around…somewhere on the internet!
Share this post