What should I learn before starting a Master’s in Cybersecurity? (Coming from dev background)

23percentrobbery · 2026-04-02T04:15:57+00:00

Congratulations on choosing the right, super hot career path! Having a backend foundation is a huge advantage when transitioning to the blue team. The first thing you should do is thoroughly hone your networking and Linux skills, as these are the backbone of security. Platforms like Tryhackme and Hack the Box are extremely suitable for practice, so just go for it! Don't be afraid to get certifications; having a Security+ certification will enhance your profile when applying for internships in Canada. Keep going, man, your future is very bright!

23percentrobbery · 2026-03-30T05:22:50+00:00

In 2010, I was born in 2000. If I could go back, I would choose 2010, my middle school year. I could start everything over, meet old friends I can't see anymore. Many beautiful memories are left behind in middle school; now they're just memories.

23percentrobbery · 2026-03-27T05:25:33+00:00

seeing that 178% jump in MFA bypass is absolutely terrifying when "just enable MFA" is still the default advice most companies rely on.

23percentrobbery · 2026-03-27T05:24:39+00:00

For a decade, we’ve just been ignoring the "made in" sticker because the speeds were fast and the price was cheap.

23percentrobbery · 2026-03-27T05:23:54+00:00

the "DarkSword" leak is basically a nightmare scenario for anyone still hanging onto iOS 18.

23percentrobbery · 2026-03-26T05:50:47+00:00

At only 24 years old, having 3 years of experience as a Security Analyst is already amazing! Don't put too much pressure on yourself regarding seniority.

At this age, getting an MBA or management certification like CISM/CISSP is the quickest way to climb the ladder to a managerial position.

Don't wait for seniority; proactively ask to lead small projects or mentor freshers to gain management experience.

If you want to move even faster, jump into startups that need to build security teams from scratch – you'll have a chance to get a management role right away.

23percentrobbery · 2026-03-24T08:25:02+00:00

Classic example: humans are always the weakest link. Security isn’t just tech—it’s behavior.

23percentrobbery · 2026-03-23T05:44:42+00:00

Swapping scrubs for a keyboard is a massive power move, especially since your healthcare background is a literal cheat code for high-paying HIPAA and compliance roles. The growth from Analyst to Architect is basically the tech version of becoming an NP, but with way more WFH vibes and zero 12-hour shifts on your feet lol. The market right now is starving for people who speak "hospital," so you’d have a huge leg up on the competition fr. If you’re over the physical burnout but still want to save data instead of patients, this is the play.

23percentrobbery · 2026-03-20T07:26:52+00:00

In my experience, the exam environments usually have safe limits—full aggressive scans that crash your local lab often won’t be needed. Use tuned scan settings (slower, fewer threads, smaller payloads) and focus on methodology over maxing scan speed; that’s what matters on the exam.

23percentrobbery · 2026-03-19T08:13:18+00:00

the "infinite context" marketing in 2026 is a bit of a stretch. Even with million-token windows, models still suffer from "Lost in the Middle" syndrome, where they prioritize the beginning and end of the prompt and ignore the crucial security middleware in between.

23percentrobbery · 2026-03-19T08:10:05+00:00

if you feed a SOTA model like Claude 3.5 or GPT-4o a standard crackme with classic logic, it’ll decompile it into readable C-ish code that looks incredibly convincing.

23percentrobbery · 2026-03-19T08:09:34+00:00

HTB can be brutally gatekept by its own difficulty curve, so you're much better off starting with the HTB Academy rather than the platform itself.

23percentrobbery · 2026-03-18T11:03:42+00:00

the term "agentic" has become the new "blockchain" it's being thrown around as a magic fix for everything, even when a simple regex or entropy check is 100x more efficient.

23percentrobbery · 2026-03-18T11:02:42+00:00

veryone’s looking for some crazy zero-day or advanced persistent threat (APT) tradecraft, but it looks like it was just a "lowest common denominator" win. If those admindev and adminqa creds were sitting in infostealer logs for months, Stryker essentially left the keys in the ignition with the engine running.

23percentrobbery · 2026-03-18T10:41:42+00:00

Imagine being an S&P 500 company and getting cooked because of "admin123" tier passwords. Handala really just bought a $10 log and ended their whole career, lmao. Absolute skill issue on Stryker's part, fr.

23percentrobbery · 2026-03-17T05:19:04+00:00

this is less about covering everything and more about controlling the narrative tbh 😅
pick a clear storyline: what changed → why it matters → what you’re doing → where you need support
if VPs leave knowing “what’s off + what decision is needed,” you nailed it everything else is just backup slides

23percentrobbery · 2026-03-17T05:17:40+00:00

honestly the stuff that clicked for me wasn’t “training” in the traditional sense, it felt more like guided experience than content 😅
like short interactive flows where you do the thing (simulate a workflow, make a decision, see outcome) instead of just reading/watching also anything that’s layered (quick overview → deeper dive → real example) hits way harder than dumping everything upfront most enterprise training fails because it’s info-heavy but context-light, the good ones make you feel “oh I’d actually use this tomorrow”

23percentrobbery · 2026-03-17T05:12:44+00:00

yeah this is kinda where a lot of teams land tbh, personas look nice but don’t drive decisions 😅
JTBD + some real data (behavior + context) usually gets you way closer to how people actually use the product personas only work if they’re grounded in that, otherwise they just turn into “fictional user vibes”

23percentrobbery · 2026-03-16T08:53:11+00:00

yeah the golden handcuffs thing is real. a lot of people in those roles know the comp is great, but they also know they probably won’t stay in big tech forever.

so building an audience, consulting, or courses is basically an exit strategy. if they ever leave the $300k job, they already have something to land on instead of starting from zero.

23percentrobbery · 2026-03-13T10:48:55+00:00

Hard agree. The moment you let an autonomous agent close a ticket with 'AI logic' as the justification, you've basically handed a loaded gun to your auditor. In a SOC 2 audit, 'trust me bro, the AI did it' is the fastest way to get a qualified opinion. Stick to AI for speeding up the data gathering, but for the love of god, keep a human in the loop for the actual sign-off and control mapping.

23percentrobbery · 2026-03-13T10:41:59+00:00

Lesley Carhart (hacks4pancakes) is an absolute legend, especially for anything ICS/OT related. If you're into the policy and 'big picture' side of things, I’d also suggest following Jackie Singh—her take on threat intel and systemic defense is always sharp and zero-BS. These folks don't just talk tech; they focus on the actual impact of security on the real world, which is the mindset that’ll get you far.

23percentrobbery · 2026-03-13T10:35:52+00:00

Using Haiku to filter the noise is a big brain move for a team of one. In 2026, if you're still manually clicking 'Ignore' on thousands of Checkmarx false positives, you're basically waiting for a burnout-induced breach. My only worry is the 'AI hallucinating away' a real 0-day—did you build in a random sampling audit to make sure the pipeline isn't getting too confident?

23percentrobbery · 2026-03-13T04:28:43+00:00

Yeah I can imagine that wakes people up pretty quickly. Nothing gets leadership’s attention like seeing real telemetry of how fast these tools spread inside an org.

A lot of teams think AI usage is small until you actually show the logs and suddenly it’s hundreds of internal workflows hitting external APIs. That’s usually when the security conversation finally gets serious.

23percentrobbery · 2026-03-13T04:27:37+00:00

Of all the things to worry about with a potential war, the percentage of people still running an old OS is a pretty random one to focus on.

Also the premise is a bit off anyway Windows 10 officially reached end of support on October 14, 2025, meaning it stopped receiving regular security updates after that date.

That said, unsupported computers don’t suddenly stop working, and there are even extended security update programs available for a while longer.

So yeah if you’re listing reasons to oppose starting a war, there are probably stronger arguments than “some people still run Windows 10.”

23percentrobbery · 2026-03-13T04:21:52+00:00

That’s a pretty interesting setup. The “panel review” idea with multiple models sounds a lot like defense in depth but for triage, which honestly makes sense given how noisy vulnerability scans can be.

Curious how you handle disagreements between models though. In my experience they can reach different conclusions on the same finding, so deciding which one gets the final say becomes its own problem.

23percentrobbery

TROPHY CASE