I have been meaning to get back to my Cybersecurity Notes project for over a year now.
The initial idea was to create an archive of Cybersecurity Projects from beginning to end, that would include the business logic, project assets and how to approach the same project based on company size.
A year later, after working with multiple startups and spending almost 2 months of interviewing canditates for various Cybersecurity roles, I have even more proof of how needed this project is.
The majority of businesses and consultants out there do not know what "Good" looks like. They might have had domain specific training and a long list of certifications but they lack real-world experience and how to implement something that not only works but would be a painful experience for any attacker that decides to exploit that system.
The most common expression I hear sadly is, "I just want to do the bare minimum". One client recently told me, "I just want to do the bare minimum and not have to think about security or see you again in a year".
Concepts such as Secure Configuration and even documentation is foreign for many businesses.
This mindset and behaviour is the root cause of breaches.
As the meme says, ransomwarwe groups having better documentation than businesses, is so real it hurts.
As my schedule became less hectic over the past month, I've had some time to digest and think about the road ahead and explore where things are going in the next 2-5 years. I can see work that I am currently being paid to deliver, can be easily produced by chatGPT or Claude with the correct prompting and it doesn't take long to get it right if you know what the output must look like.
That is today. Not in 5 years.
I posted my thoughts from my interviewing experience (HEY Blog) / (Substack) and I will be publishing a more detailed write-up on the road ahead in my Cybersecurity Notes blog in the coming days.
I’m writing a post on Getting Started and Navigating the Cybersecurity Industry in the next 5 years.
I’ve been noticing changes over the past year week on week which suggests we have to pivot and expand our scope as Cybersecurity professionals if we are to supervise and direct AGI rather than be subservient to it.
.png)
.png?disposition=attachment)
