What an inaugural year it’s been for the Cybersec Café.

I started this newsletter 8 months ago, and here we are, 48 issues and hundreds of subscribers later, picking up momentum headed into 2025.

Let me start by expressing my gratitude to my subscribers, You.

Those of you who read every single week, those who interact with me on Twitter, those who have supported me with a paid subscription - Thank You.

Today, I want to take time to acknowledge my journey so far, talk about my favorite content I’ve produced to date, and let you know what to expect in 2025.

Let’s get into it.

The Journey

The reason I initially started this newsletter was as a way to develop myself in my career.

It was a way to not only document what I know but also what I was working on. I essentially saw it as a way to update my resumé weekly.

I never thought it would have turned into this.

If you’ve been here from the start, what you initially subscribed to is much different that what we have today.

For those of you who don’t know, the Cybersec Café started as a 4x per week newsletter with a cadence of Monday, Tuesday, Thursday, and Friday.

I was providing weekly hacking walkthroughs, cybersecurity facts, deep dives, news aggregation, case studies…

It was a lot, and I burned out quickly.

But going hard for three weeks showed me what was working.

The numbers showed me that you guys were loving my methodology walkthroughs and deep dives on various cybersecurity subjects, so I quickly pivoted.

In order to preserve the quality of my articles I decided to move to a weekly cadence.

I never could have imagined the support and growth I’ve received over the past 6 months since switching over, and can’t wait to continue writing articles you find valuable.

My Favorite Articles of the Year

How I Created an AI SOC Analyst

This article meant a lot to me for a couple of reasons. The AI SOC Analyst was not only one of the biggest wins of my career, but also the first article that I released code alongside. I integrated the solution into my custom SOAR (article on this to come soon, I know I’ve been teasing it for a while), and after full implementation, the reduction in time it took to triage alerts gave a lot of time back to the analysts and engineers in the SOC. This was also one of my biggest articles across all my platforms.

Python for Security Engineers

The idea for this article came to me after I had multiple friends reach out looking to pivot into the industry. Their one worry: they didn’t know how to program. I told them it’s really not as hard as they think and gave them a basic outline on what to focus on. Then I realized: there was no way they were the only people feeling this way. So I packaged exactly what I told them into this article in hopes it would enable others to make the jump too. The support I got from this article across all platforms made it worth the write.

Why Exceptions as Code Just Makes Sense for Your SIEM

This was an article I wrote not knowing exactly what people would think. But as an engineer at heart, I had to bring attention to the benefits that come from an “as Code” implementation at the Exception level in the SIEM. Maintaining exceptions in SIEM solutions are generally not intuitive, and as I’ve evaluated different SIEM products in my career, I’ve noticed that abstracting exceptions away from Detections is not common practice at all. It’s something I wanted to bring attention to in the industry, and I’m hoping this article can popularize it.

My Favorite Series of the Year

My favorite series of the year has to be my Methodology Walkthrough Series because it forced me to grow as a professional.

My expertise really lies in the Operations side of Cybersecurity, specifically Detection Engineering and Incident Response. But, this series forced me to grow into an area that’s different, difficult, and uncomfortable.

It forced me to learn more about Web Applications, Pentesting, the ins-and-outs of different vulnerabilities, and learn an all new tool in Burp Suite.

This has also been, surprisingly, my longest running series.

Seeing my personal growth from the beginning of the year when I did a 100 Days of Hacking series on Twitter, to the start of the Methodology Walkthrough series, to where I am now is night-and-day.

This series has made me realize the importance of rounding out your knowledge as a professional. I’ve already seen the benefits of understanding the attacker mindset pay off in my career, and I’m looking forward to continuing to hone my skills in 2025.

I hope that this series can inspire you to push yourself outside of your comfort zone too.

Future Plans for the Cybersec Café

More of the Same

I’m going to keep bringing value to your inbox every Tuesday.

My goal is to continue to not only challenge established professionals to think critically about various aspects of cybersecurity, but also to continue to open the doors to the industry for those starting out or those looking to jump in.

I also want to broaden my reach. While there’s still so much to cover in my own niche, there’s also an incredible amount of surface area to cover in the industry.

I already have an extensive backlog of articles to write for next year, and trust me, there’s a lot to look forward to.

Free Resources

I saw how receptive the community has been to the different free resources I’ve released so far, and I want to continue to create more.

Subscribers will get early access to those resources, so make sure you’re subscribed.

Paid Subscriptions

I’ve received some amazing support for the publication so far from my paid subscribers, and I couldn’t be more thankful.

As you see every week, this newsletter has no sponsorships (at least not yet) - it’s completely reader supported.

But I also want to find ways to provide my paid subscribers with additional benefits. There are some ways that I see publications do this:

• Paid Community - A way for me to connect directly with you, and also provide ways to connect with other like minded professionals.

• Additional Content - Additional monthly content only for paid subscribers

• Exclusive Content - Every other article is only for paid subscribers

But I want to hear from you - what would you want? Tell me in the Substack comments, or on Twitter!

Products

2024 saw the launch of my course - the Security Sip.

I created this product to be what I wished I had when I had started in the industry. While I know it’s not for everyone, I hope it can help those looking to break into the industry themselves.

But as some of you may know, I have a background as a developer myself.

I have some ideas flowing already, but am also interested in hearing what would make the lives of my readers easier in their own careers (again, in the Substack comments or on Twitter).

Thank You, 2024

If you’ve made it this far, again, Thank You for your support.

This newsletter is quickly turning into something I could have never expected, and I’m excited to see what 2025 brings!

Securely Yours,

The Cybersec Cafe

Just a heads up, The Cybersec Cafe's got a pretty cool weekly cadence.

Every week, expect to dive into the hacker’s mindset in our Methodology Walkthroughs or explore Deep Dive articles on various cybersecurity topics.

. . .

Oh, and if you want even more content and updates, hop over to Ryan G. Cox on Twitter/X or my Website. Can't wait to keep sharing and learning together!