Red team methodology, APT tradecraft, and lessons from both sides of the wire. More useful than most red team content because it connects offensive findings to defensive outcomes.
Moving from individual contributor to security director faster than the expected timeline. The struggles, the identity shift, and what I would tell myself at the start.
The assumed breach model forces realistic threat scenarios. How we scope engagements, document findings, and report to stakeholders who are not technical.
Healthcare networks have constraints that make standard lateral movement techniques behave differently. What we have observed and how defenders should respond.