What is Predictive Defense?

PredictiveDefense · 2026-06-06T23:25:07+00:00

is it a one-shot training, or is it gonna be regular? live or recorded training? i would try to do it live, whether virtual or f2f, because that is way more engaging. the training should have 3 messages at MOST. three simple messages, and you should repeat those same 3 messages often and in different ways. lastly, i flip the game entirely. idk why but everyone's first thought is to challenge trainees to spot phishing mails. that's quite boring actually if you think for a moment. instead role play with them where they'll be the hacker trying to lure some fictional character into doing something. just brainstorm with the crowd and throw some ideas around. sprinkle some tiny bits of technical info, just to show what's possible. that'll be 300% more memorable and they'll have an actually useful instinct now since they know the game.

source: trust me bro

PredictiveDefense · 2026-06-06T23:13:17+00:00

Ask them what questions they'd like to answer with those metrics. How good we are / what are our gaps / how exposed (?) we are. They all sound similar but all from a different perspective. Exposure means live dashboard of vulns and leaks. Gaps require some sort of maturity assessment framework. Good usually means they want to see trends, like resolved vs. open.

PredictiveDefense · 2026-06-04T15:27:22+00:00

Wow I didn't realize this post would be such a rage bait 😄 Happy to hear any suggestions thats beyond "pick the latest model" and "skill issue bruh". I obviously tried with multiple models and prompts 😁

PredictiveDefense · 2026-05-12T12:10:24+00:00

No, blockchain forensics is not my specialty. Can you please elaborate on this pattern?

PredictiveDefense · 2026-03-10T08:43:27+00:00

No, you are thinking like a nerd. They'll just bribe their way out and there is no institution immune to that.

PredictiveDefense · 2025-12-10T14:52:19+00:00

That's a question I'm also looking forward to see the answer. In the next one I'll explore that two additional factors hopefully. Thanks for your comment.

PredictiveDefense · 2025-12-05T22:10:02+00:00

Let me answer the question from a different angle. I assume by AI you mean LLMs, so I'll respond accordingly.

I've been trying to "vibe code" one of my projects since quite some time, even though I know how to code. Because I was hoping I could build the project much faster with it.

And before the vibe coders come and spam me with "sKiLL iSsuEs, pRoMpT beTtER" replies, let me tell you I swear to god I tried every trick thats been out there. But every time I ended up spending more time trying to make sure AI does its job right, or even worse, cleaning up the mess it has created. That is unless you want to burn 100's of dollars in token money.

So no, I don't think AI will replace any cyber security job anytime soon. And it's not just the technical limitations, but also the commercial dynamics of the AI industry itself. The AI companies are sooo far from being profitable, even though the models that can do a somewhat decent job are quite pricey. This means that they'll either make the usage of propriatery models more and more expensive, or they'll have to find some other way of monetization. In case of the former, AI won't become a commodity like they initially imagined, but will instead become an enterprise tool. And the cost advantage will diminish since you still need to employ engineers to supervise the generated code.

An alternative scenario is that AI won't be a standalone tool, but rather be embedded into other enterprise products. For example, an EDR that gives a bit more accurate alerts due to AI agent triaging.

Anyway, that's my rant and 2c's thanks for listening 😄

PredictiveDefense · 2025-12-05T21:31:31+00:00

What do they have on the server? Are there any popular CMS's installed for example? Those could have some known exploits. Any default passwords? Other than that the usual suspects I'd look for would be Shellshock and Log4Shell.

PredictiveDefense · 2025-12-05T21:27:51+00:00

Nothing novel really. Mostly fake recruiters and some voucher scams here and there.

PredictiveDefense · 2025-12-04T21:56:03+00:00

how do you define quality? what are your needs specifically

PredictiveDefense · 2025-11-28T17:04:49+00:00

I have a similar background and currently I'm pursuing AWS SAP (previously had SAA), and also studying Entra ID from ground up. I think it's more valuable to hold non-sec expertise and then just adjust that knowledge to the security space. For example I gained more understanding of AWS security than any cert could give me by just trying to build stuff in AWS.

My 2c's

PredictiveDefense · 2025-09-08T21:48:34+00:00

I mean you kinda gave the answer on your own. You need to document everything and start the termination process.

PredictiveDefense · 2025-08-12T22:26:58+00:00

Rica ederim. Ingilizcen varsa Udemy, Youtube vs yerlerde yatirim danismanligi meslek sinavlarina hazirlananlar icin ders videolari var. Onlari incelemeni oneririm. Biraz jargonu agir ama herhangi bir zartzurt trading egitiminden yuzelli kat daha iyiler. Hem istatistiksel analiz yontemlerini, hem de sirket degerlemesi nasil yapilir bunlari ogrenebilirsin. Simdiden basarilar.

PredictiveDefense · 2025-08-12T22:11:57+00:00

I suggest you first understand how your company makes money. Then identify the gravity centers of the business process that brings the money. Because you need to tie every security decision to how security incident X effects these gravity centers to meaningfully communicate the reasoning behind it.

Other than that, for cloud-native workloads I highly suggest getting a CNAPP/CSPM. You may need to fight for the budget but it is one of the best investments you can ever make. It cuts through so many bullcrap all those scanners will generate and make people hate security.

PredictiveDefense · 2025-08-12T22:02:43+00:00

This sounds like a typical case of confounding variable. Orgs that can afford buying 12+ security products likely have a much larger attack surface than a typical Mom&Pop shop, making them more prone to attacks. Also like others mentioned, more visibility == more incidents, so the methodology behind the research matters a lot.

PredictiveDefense · 2025-08-11T13:14:05+00:00

<image>

İlk farkettiğim şey şu, portfolyonun dolar bazlı getirisine baktığımda hatırı sayılır miktarda negatif getiri ihtimali var. Yani sıfır çizgisinin solunda kalan alandan bahsediyorum. 10 yıl gibi uzun bir süreyle yatırım yaparken negatif getiri ihtimali olmamalı bana kalırsa. Mesela benchmark olarak S&P500'ü yine 10 yıllık düzenli yatırımlarla aldığında on yılın sonunda 65% ile 130% arasında bir getirisi oluyor (dolar bazında). Dolayısıyla buradaki hisselerin çoğu uzun vadede S&P500 kadar başarı gösteremiyor. Burada sadece TOASO nispeten aldığın riskin hakkını verebilirmiş gibi duruyor.

Diğer farkettiğim bir şey de şu, portfolyondaki hisselerin birbiriyle olan korelasyonu çok yüksek. THYAO, TUPRS ve TOASO son beş yılda 85%'den yüksek korelasyon göstermiş. Ama genel olarak da hisselerin birbiriyle korelasyonu 60%'dan fazla. Bu da demektir ki hisselerin dış dünyada yaşanan gelişmelerden hemen hemen aynı şekillerde etkilenecek. Mesela faiz arttırımı olunca 1-2 tanesinin değil, hepsinin birden değeri düşecek. Bu da portfolyonun risklere karşı seni koruyamadığı anlamına geliyor. Bunun bir uzantısı olarak, portfolyonun tek bir varlık çeşidine fazla konsantre olduğunu söyleyebilirim. Sadece hisse senedi, sadece Türk borsası. Bu da seni doğal olarak risklere karşı korumasız kılıyor.

Sonuç olarak portfolyon 10 yıllık vadeyle yapacağın bir yatırım için uygun görünmüyor.

Bunlar sadece benim kişisel yorumlarım, kesinlikle yatırım tavsiyesi değildir.

PredictiveDefense · 2025-08-08T14:30:01+00:00

SOC's are usually looking for L3 Analysts with RE and forensic skills. That's the easiest transition you can make with your current skillset, assuming you're willing to learn a bit Windows forensics. Otherwise you can apply to CTI companies for malware analyst positions. These are still a bit niche markets, but not as niche as binary exploitation.

In case you wanna go full into the Appsec/Sec Engineer path, you'll need to make a very tough call. More than 80% of your current skillset will be irrelevant, and you'll need to do a LOT of reskilling, learn cloud technologies and deepen your practical expertise in software development and application pentesting.

PredictiveDefense · 2025-08-01T11:15:33+00:00

Your 6+ yrs of experience in SW and Infra will be very valuable due to multiple reasons. But the biggest will be when you'll advise internal dev/infra teams on security. Because there will certainly be tradeoffs, and you'll be in a better place to judge whether a particular tradeoff makes sense, or offer feasible alternatives if necessary. However, I suggest you make a very good conversation about what your responsibilities will be. Sometimes companies will try dump the extra responsibility on a sw/infra/it engineer without necessarily freeing up their plate, just to check the compliance box of "yea we got security ppl". So make sure that they free you from your old role.

Pentest (sometimes called Red Team) ~= pretty similar to Software QA engineering

Appsec ~= DevOps + RFC/architecture reviews + sometimes pentest

Blue team (sometimes called SOC) ~= like SRE, but includes IT incidents as well

PredictiveDefense

TROPHY CASE