I've been relatively quiet on social media, my blog, my newsletter and most everywhere else. This is at least in part because I've been finishing off the final bits of a years-long career transition.
To really understand how and why this transition came about, I need to explain how my career began.
The Beginnings: 2010-2014
I began my journey into software development right around my freshman year of high school. I was lucky enough to have been sat beside a brilliant coder who introduced me to all manners of computer science and information security in one of the most boring possible classes: typing.
Because computer literacy was (and still is, unfortunately) incredibly rare in the rural area I grew up in, our most advanced computer-related class in high school was typing. I grew up in a more privileged household and had a computer in the home from a young age, so I had already been exposed to internet games and had learned how to type already, so the class was fairly redundant.
This meant I was bored, and had the choice of either goofing off during class or learning something new. I had pretty much decided on the former, until I sat next to Lee, a brilliant computer-savvy kid who was "goofing off" by writing an operating system from scratch in C and Assembly... in high school.
I took interest in watching the wizardry, and he was kind enough to introduce me to coding, starting with C and C++. He also introduced me to hacking, and taught me how to install Backtrack Linux, an older version of the now ubiquitous penetration testing operating system Kali Linux. I messed around with this for a while, and he got me started learning HTML/CSS and Python as well.
This is when my long journey of self-teaching began, and I can truthfully say I had self-taught 90% of the curriculum I would eventually learn in college by the time I graduated high school. I decided fairly quickly that software development would be my focus in college, and dove into learning as much as I could online before I went to college.
I already had my mind set that I would be going to the University of Mississippi. It was where my parents met, where my grandparents went, and it was one of the better schools in my state in computer science. What started as a casual recommendation from my mom, though, changed the course of my life and career thus far.
"You should learn a foreign language to make yourself more well-rounded."
This was a fantastic recommendation, and she had no idea at the time how much it would end up affecting my life afterwards.
I hated Spanish in high school (verb conjugation... ugh) so I looked online to find out what other options were available to me at UM. I found that they had just opened up an intensive Chinese language program at the university that required a couple of months of foreign travel, and on a whim I wrote up a quick application, threw together a paper on why I found language learning important (at that point in time, I really didn't find it important at all...) and sent my application in, expecting a rejection from the program that had seemingly impossible academic standards compared to my successful but limited public schooling experience.
My acceptance to the program came as a shock to me, and a terrifying one to my parents.
I had never been on a plane before in my life up until that point, and my acceptance to this program meant that my first plane trip would come in the summer after my freshman year... to Shanghai, China. I started my computer science studies in the fall, but my Chinese studies would begin days after my high school graduation in the summer. It was exhilarating, incredibly difficult and some of the best academic experiences of my four years in undergraduate studies.
My trip to China was similarly life-changing.
As a rural Mississippi kid, I didn't grow up with much of a diversified experience. My school was mostly white, I rarely traveled out of the south east US and the only real experiences I had speaking to people from outside of my small town were the occasional conversation with the very rare foreign exchange student. Now I was thrown into a completely foreign country with a completely different, rich culture and language than my own, and I thrived in it.
The timing, though, is what would change the course of my career.
I was in Shanghai, China in the summer of 2015, right as news broke of a historic breach of the US Office of Personnel Management (OPM). The breach would fairly quickly be traced back to a Chinese government building thought to be located in Shanghai, China... just a couple miles away from my dorm room. This incident marked a turning point in US-Chinese relations as tensions rose to levels not seen since the Hainan Island incident in 2001. I had been exposed to cyber security in high school but hadn't thought much about it as a career choice. Now, it was at the forefront of my mind as I fretted about what the breach would mean for the relationship between our two countries.
I returned to the US and resumed my studies, focusing on combining my liberal arts-focused degree in Chinese and my engineering-focused degree in computer science. Cyber security would prove to be the perfect combination of my two worlds.
Cutting my Teeth on Threat Intelligence: 2017-2022
Shockingly, my first introduction to the world of threat intelligence came from a Twitter thread.
A well-known cyber security researcher, Lesley Carhart (hacks4pancakes) would introduce me to the world of threat intelligence through a thread oriented around getting newbies like me hooked up with jobs. I detailed this journey in full in this post about accidentally getting into cyber security.
Threat intelligence is now a more mature field, but back then it was still in its infancy as an academic study being slowly productized as a service to private and public organizations and agencies. It can be clumsily defined as the study and practical application of learning how threat actors (hackers, both criminal and state-aligned) penetrate networks and applications to achieve their objectives, whether it be to lock networks with ransomware for profit or destruction, or to steal personally identifiable information (PII), state secrets or intellectual property.
This was, frankly, a fantastic application of my academic experience. It benefits a threat intelligence (TI) researcher to have deep cultural (and linguistic) knowledge of the threat actors they are studying, so my knowledge of the Chinese language, paired with my studies in computer science, made me a great candidate for TI research. I dove into the world, writing my first dozen or so Medium articles on Chinese hacktivism. Lesley's thread hooked me up with my first job writing analytical articles on cyber criminals, mostly based out of Russia, and I would soon transition to a research job at one of the world's top cyber security companies at CrowdStrike.
I didn't realize it then, but this career transition would take me away from my first love in computer science. I did plenty of engineering work, but it would primarily be on the side or as a passing interest as I dove more into the liberal arts-focused side of threat intelligence. I can't say I regret this: I developed lifelong friendships and a fantastic grasp on analytical writing through this career journey thus far. I am now with an incredible threat intelligence team at another massive cyber security company, SentinelOne, but over the years I began to miss the world of code.
I've since dove into engineering on the side, trying my hardest to do as much coding as possible in my day job and side ventures and projects. I ran into a very privileged problem, though: I built up a fantastic salary that I began to realize was a golden shackle. If I was to transition to engineering, I might have to take a hefty pay cut compared to my growing TI salary.
Since, I have focused on building my engineering experience, both through my day job and on the side, and have finally come to the pivotal moment in my career I've been waiting for: I will be starting a new opportunity as a Staff Full-Stack Engineer in the cyber security industry.
Because I'm staying in cyber security, I'm not taking a pay cut... in fact, my salary is increasing by 35%. It's the best possible way to transition to engineering from where I've been for the last 5 years. I'll be writing full stack applications to support threat intelligence and AI/ML efforts within my organization.
This is a huge opportunity for me and one that culminates what I view as a multi-year effort to get back to my engineering roots and passions. I'm super excited for what is to come, and the learning I will get to do as a result!