Career

The Spanish National Cybersecurity Institute documented ransomware campaigns targeting Spanish speakers using natural, regionally appropriate Spanish generated with AI assistance — delivered through Google Drive links disguised as financial documents. The social engineering worked because the language read correctly. A monolingual analyst reviewing that email in a log sees foreign-language content and flags it by pattern or script. A bilingual analyst reads it and identifies the technique. That is not a soft skill. That is a detection capability. ...

During Advent of Cyber, a room felt manageable — not because the concepts were simple, but because the room told you which system to examine, confirmed that a threat was present, and guaranteed that completing the steps would surface an answer. That structure is useful for learning. It is also the exact thing that disappears in a real investigation. The gap between TryHackMe and real incident response is not difficulty. It is the absence of a defined answer. ...

In a live security environment, alerts fire without labels. No task question. No confirmation that something is there. No rubric for how long to spend on a given signal before surfacing it. The volume on day one is unlike anything a certification exam simulates, and the volume is not the problem. Calibration is. The credential gets you past the filter. What you do with alerts in the first 90 days determines whether you clear probation. ...

CompTIA Security+ has a domain called “Security Operations.” It is the largest domain on the exam at 28%. CompTIA CySA+ has a domain called the same thing, at 33%. The Security+ version covers asset management, vulnerability management, identity controls, and incident response. The CySA+ version names specific tools in its exam objectives: Wireshark for traffic analysis, SIEM platforms for detection and correlation, VirusTotal for threat investigation. Security+ covers enough to recognize those concepts in a multiple-choice question. CySA+ covers enough to use them in an investigation. ...

The first cybersecurity tool most people install is a SIEM. A SIEM without the fundamentals is a dashboard full of alerts you cannot interpret. The pattern repeats: someone decides to get into cybersecurity, reads a list of enterprise tools, installs a Splunk trial or a commercial EDR, stares at it for two weeks, and concludes that security work is too complex to break into. The tool was not the problem. The sequence was. ...

My first home lab was five used computers networked together with old vulnerable routers I picked up for almost nothing. Each machine had a specific role. It worked, but it was loud, it took up space, and maintaining five physical boxes taught me more about cable management than cybersecurity. Now I run VirtualBox on a homebuilt rack server. Same concept, a fraction of the footprint. The most common thing I hear from people trying to break into cybersecurity is that they don’t know where to start. The lab is where you start. And it costs nothing. ...

You can ask AI for the answer to every Security+ practice question. You will pass the practice test and fail the exam. I am studying for Security+ right now. I use AI every day for it. The difference between using it well and using it badly comes down to one question: are you asking it to give you answers, or asking it to help you build understanding? Asking AI for the answer produces a correct answer. It does not produce retention. The moment you close the chat, the answer is gone. You have outsourced the cognitive work without doing any of it. ...

I got my Novell NetWare certification in the 1990s. Between jobs after that, I ran network cables and configured routers as freelance work. When I moved into IT full time, I was configuring the same routers. When I eventually moved into cybersecurity, I did not struggle with the concepts the way I watched others struggle. Not because I was smarter. Because I already knew what a subnet was, how routing worked, and what happened to a packet between point A and point B. ...

The optimistic version of artificial general intelligence is not hard to imagine. A world where disease gets solved faster, energy is abundant, and human labor shifts toward things humans actually want to do. Gene Roddenberry built a franchise on that premise. The technology trajectory Altman describes follows a logical endpoint: compounding capability with no ceiling in sight. The destination is fine. The transition is where the damage happens. The Operator in the Room Altman’s role at OpenAI is operational: he decides when to ship. In 2022, OpenAI’s leadership was debating whether to release ChatGPT at all, arguing for a more powerful version. Altman pushed to go. ChatGPT launched in November 2022 and reached 800 million weekly users. The timing was his call. ...

The Security+ exam will ask you to match a port number to a protocol. The job will ask you to look at a SIEM alert at 2 AM and decide whether it is worth waking someone up. Those are different skills. The certification is still worth getting. But going in without understanding the gap leaves you underprepared for the work even after you pass. What the Exam Tests The current Security+ (SY0-701) has up to 90 questions across 90 minutes. CompTIA divides the content into five domains: General Security Concepts, Threats, Vulnerabilities and Mitigations, Security Architecture, Security Operations, and Security Program Management and Oversight. ...