So, in January 2025, I posted the first blog entry. It was basic and probably a bit rustic, but it was mine. And now, a year, and eleven entries into this project, I’ve found myself reflecting upon what’s been a difficult and enlightening process in every way.

“First Post” to Finding My Voice Link to heading

Reflecting on those first few months, I can see just how far the blog has come. My first few entries really laid the groundwork in every way. “My First Website — A Dream Turned Reality” and “Learning to blog” may seem like the documentation of accomplishments, but those are really posts where I’m learning the process as I’m going. There’s something rather humbling but also exhilarating about posting entries that, essentially, say, ‘Hey, I’m learning as we go, come along for the ride.’ April and the post “How I Got Into Cyber security - An accident turn into a career!” were like the turning point of my journey. By sharing my story of how I got into cyber security, I realized the importance of this blog for me. Cyber security is not my carefully considered profession, but it all happened by accident and turned out to be my passion. Likewise, my blog journey.

The Evolution of Content Link to heading

If I’m honest, when asked what type of cybersecurity blogger I would become, I’m not sure that I could have provided a clear answer back in January. Would I blog about tutorials? News analysis? Personal experiences? It seems that the answer, however, is that I did not need to make that choice. June was a turning point as I began posting more technical material. “Using AI to design, develop, and print my first maker coin!” demonstrated how I could incorporate creativity and technology. Later, “Sudo Gone Wrong” in July was my first foray into a vulnerability analysis. Posting this blog taught me how I could explain complex ideas in security and structure them in a clear manner.

“When Trust Turns into a Weapon” in September called upon me to quickly apply what was important in the security space. While “How to Pick the Proper VPN for You” in October allowed me to write content that would be relevant long after it was posted. Then came the Cloudflare outage in November, which saw it all come full circle as another major internet outage and one that I could explain simply as a result of all I had learned in the preceding months about tech writing.

What No One Tells You About Blogging Link to heading

Blogging is the technology in cybersecurity in and of itself is complex, but it can be even trickier to write about. It is always a fine line between these particular blog posts. How much technology can I include in this? How can I explain it without dumbing it down? When does an example in real life trump technology? I solidified that concept for myself in August with my CTF walkthrough series “Take Out The Trash”. A write-up of a CTF challenge could simply be a guide to how the challenge can be solved, but I wanted mine to be more than that. This required more than just detailing what I had done in each challenge, but also why I had done it and what the reader could do in similar circumstances. What has savored in the surprise wasn’t the factoring in the writing—it was the multiplying effect of the compounding. Each entry was a set-up for the previous one, not in terms of topic, but in terms of patience and capacity. The series in terms of developing this blogging act and this site wasn’t just an account—those entries were an example for myself.

The Unexpected Benefits Link to heading

When I began blogging on this site, it seemed like it would serve solely as a conduit for knowledge distribution. One of the areas where this site truly surprised me was its ability to enrich my knowledge on the subject matter. How can a person talk about a weakness like the sudo privilege escalation vulnerability without fully comprehending models of privilege? How can someone describe a type of attack on a supply chain without fully understanding a software development environment? Each blog entry was a forcing function for me to learn. Now, if I was going to write about something, I had to know enough about it that I could write clearly about it. This raised the bar for me and made me a more knowledgeable security practitioner, too. The blog also facilitated some unexpected connections. Writing about topics like the NPM crisis or Cloudflare outage allowed me to react to actual events when they were also being discussed by the security community. Topic associations help bring meaning and relevance out of these connections. They allow you to select topics and see their relevance to blogs. Through this process, you can understand the connections and associations of different blogs.

Lessons Learned Link to heading

Start before you’re ready. These blog entries about building the website and blogging were not honed for their audience, as they had to be done this way in order to be genuine. Consistency is compounding. I did not blog every week, but I blogged regularly. From the period of January to November, blogging regularly helped to create momentum such that blogging became easier than the previous one. You have a perspective that is yours alone. “The security world does not need another soul duplicating the consensus of thought of everyone else.” My experiences before coming into security, my “accidental” path to a career in security, and my interests that span everything from maker projects to vulnerability research this is all a combination that is my own. “Technical writing is a skill.” A skill which improves with practice just as riding a bike or fixing leaky faucets improves with practice. My July postings are clearly distinguishable from those in November; and this kind of progress is what ought to be promoted and celebrated and not kept under wraps. Variety is the spice of life. Some of the most fulfilling work I’ve done is the variation. News posts, evergreen tutorials, walkthrough’s, personal posts, projects, etc. all have different goals and a different audience. While it may help a personal site to concentrate, it’s been refreshing for me to just let it be eclectic.

What’s Next Link to heading

As I move into my second year, I am looking forward to building upon this foundation. I would like to continue in depth on some subjects, perhaps writing series that allow me to continue to develop these concepts over multiple postings. I am considering ways to interact with this community in a two-way fashion versus broadcasting. What I want to do most is continue doing the things that have worked so well: being authentic, being consistent, and being passionate about the material. The entries that have had the strongest resonance have not necessarily been the most complex on a technical level they’ve been the entries where my love for the subject is clear.

For Someone Just Beginning Link to heading

If you’re planning on starting a blog related to cyber security, this year has been an important learning experience for me, teaching me that: Don’t put off sharing a thought just because you’re not sure you are an expert. It’s actually some of my best musings that I wrote when I was learning about the subject matter myself. Simply teaching others about a subject will teach you a lot. Your first postings will be awkward, and that is perfectly normal. My “First Post” and “Learning to blog” postings, for example, aren’t going to win the Pulitzer Prize, but I had to do them. All professional bloggers that you admire had awkward first postings. Develop your own pace. I found that posting once a month was feasible for me while still posting quality content. Your pace may vary, and that’s perfectly fine.

Create content on what you find interesting yourself. Trust me, when I posted on my project of making a “maker coin,” it was not a piece of a content plan I was fulfilling. Rather, it was something I was passionate about and just wanted to share. There is enough happening in the world of tech for you to write about. Be it the vulnerability of sudo, supply chain attacks, or internet outages, you will never be short of material. It’s all about finding an angle that is yours alone, an angle that helps people understand the information in their own unique way. Now, after what is nearly a year, I can safely say that the decision to start this blog series has been one of the best career moves that I’ve made for myself within the Information Security industry. What began as “a dream turned reality” is now more than that; it is also an evolution. This blog series is, in fact, my own personal evolution. And here’s to next year, as it will come. More things to explain about the attack surface, more tools to demystify, more CTF challenges to master, and hopefully, even more posts that will assist another individual on their own cybersecurity journey.