The Symmetries Between Cyber Domains

Ever notice how some cyber professionals move fluidly between cyber domains?

One week they’re doing red teaming.
Next they’re knee-deep in incident response.
Then they’re coaching developers on secure coding.

They don’t have a higher IQ than you.
They’re just seeing the game differently.

They’ve learned that cyber has symmetries - patterns, skills, and mental models that repeat across domains.

Continue reading →

Challenging Traditional Cyber Training Models

I started teaching cybersecurity back in 2015.
Great content. Hands-on labs. High ratings.

But something was off - students weren’t applying what they learned.
And it didn’t take long to figure out why:

We spoon-fed answers
Labs were scripted
I solved problems for them
2-5 days isn’t enough to build real skill

Here’s the truth: most cyber training creates the illusion of progress, not the reality of mastery.

If you want to get great - really great - you need consistent reps, real problem-solving, and unscripted challenges.

Continue reading →

Thinking About a Web of Causes

Most people look for one cause. That’s not how cyber works.

If you want to grow fast as a cybersecurity leader, stop thinking in straight lines.

Today I spent an hour mapping a Web of Causality - 50+ factors behind breaches. It’s not complete, but it shows why cyber is a Wicked Problem.

Continue reading →

Dimensioning Cyber Incidents: Is? Is Not? Why Not?

Got a compromised system? Don’t Panic. Investigate.

The first move in incident response isn’t action - it’s understanding.

I use a simple framework that’s helped me resolve over 100 cyber incidents with clarity and speed. It’s called:

“Is? Is Not? Why Not?” (IINWN)

Continue reading →

The 4DE Cyber Expertise Model

In a field as critical and complex as cybersecurity, technical skill alone isn’t enough to earn trust or influence. The stakes are too high, and the noise is too loud.

If you’re not being pulled into strategic discussions—if your recommendations aren’t driving decisions—it’s not because you’re not smart enough. It’s because you haven’t built authority across the right dimensions.

Continue reading →

In software, a breakpoint is an intentional pause in a program, used for debugging. On this website, it is our blog. Its purpose is to debug your mental models so that you can achieve massive growth and development in your cybersecurity career.