CODY KELLER
Category: Professional Tips
-
February is often “Bonus Season.” If you were lucky enough to see a performance bonus hit your account this month, the temptation is immediate: a new watch, a 4K monitor, or perhaps throwing it into a volatile crypto coin. But if you treat your career like a business—let’s call it “You Inc.”—you know that the…
-
It is tax season, which means it is also “Tax Scam Season.” While we all know to avoid phishing emails claiming to be the IRS (pro tip: the IRS never emails you), there is a more sophisticated threat: Stolen Identity Refund Fraud. This occurs when an attacker uses your Social Security Number (SSN)—likely stolen in…
-
An interview is a two-way street. While the company is evaluating your technical skills to see if you can protect their network, you must evaluate their culture to see if you can protect your sanity. Security burnout is real. It is rarely caused by “too much work”; it is almost always caused by poor management,…
-
We often use the terms “Security” and “Privacy” interchangeably, but they are two very different disciplines. In February, as we reflect on Data Privacy Day, it is critical to understand the distinction—because getting it wrong can lead to massive fines. Here is the simplest way to visualize the difference: You can have perfect security (a…
-
You can be the greatest penetration tester in the world, but if you can’t explain why a vulnerability matters to a Chief Financial Officer (CFO), you may hit a career ceiling. The most high-value skill in 2026 isn’t Python or Reverse Engineering. It’s Translation. The Translation Gap: How to Practice: Next time you find a…
-
It is performance review season. For many security professionals, this is a painful exercise. Why? Because in cybersecurity, success is often invisible. If you write your self-review based solely on “what went wrong” or “what I fixed,” you are underselling your value. You need to shift the narrative from “Operational Activity” to “Business Enablement.” Here…
-
Let’s start with a scenario that every GRC analyst has lived through. The Real-World Disconnect Imagine you are onboarding a new SaaS provider, “Vendor X.” You send them your standard SIG Core questionnaire (all 300 rows of Excel). Three weeks later, they reply. You mark them as “Compliant” and approve the contract. Two months later,…
-
‘Tis the season for new gadgets. Whether it’s a smart TV, a new connected speaker, a security camera, or a “smart” appliance, these devices (part of the “Internet of Things” or IoT) are popular gifts. But this excitement comes with a risk. IoT devices are notoriously insecure, and a single “hacked” device can give an…
-
The Two Paths: Information Security Manager vs. Principal Contributor As your career in information security progresses, you move from mastering technical skills to demonstrating leadership. You’ve become the go-to analyst, the person who understands the complex GRC requirements, or the engineer who can deconstruct any problem. Now, you’ve reached a fork in the road: Do…
-
Let’s be honest, for most professionals, the term “cybersecurity” can conjure up images of a hooded figure hunched over a glowing screen in a dark basement, furiously typing lines of cryptic code. It all feels very Hollywood and, more importantly, very distant from our day-to-day realities of spreadsheets, presentations, and endless video calls. We get…