A resume that’s only skills-focused doesn’t move the needle. Anyone can list tools and keywords. Recruiters see that all day. Projects show real ability. They prove how you applied those skills, what problems you solved, and what impact you made. That’s what hiring managers actually care about. I still include skills, but I anchor them inside projects. Example. Instead of listing tools like SIEM or Incident Response, I describe: - Investigating brute-force and persistence activity using Windows event logs and SIEM queries - Building alert enrichment or automation workflows to speed up triage - Mapping detections to MITRE ATT&CK and documenting response actions Skills help with ATS. Projects drive interviews. If you’re entry-level, this matters even more. Labs, detections, and automations are your experience. What do you focus on more in your resume. Skills or projects?

We’ve all seen those random bursts of failed logins. Sometimes it’s just a user fat-fingering their password. Other times it’s the first hint that someone’s testing the doors. How do you look at it? - Do you treat failed logins as background noise or as an early sign that something’s heating up? - And when you notice a spike, what’s your first move? Drop your thoughts. This one gets people fired up.

People love to argue about bootcamps. Some say they changed their life. Others say they’re overpriced courses wrapped in good marketing. There’s no middle ground. What’s your experience? Consider things like: - Did the curriculum actually prepare you for real work? - Were the instructors legit or just reading slides? - Did the job-placement support actually help you get interviews? - Was the cost worth the outcome? - Would you recommend it to someone starting today? Don’t sugar-coat it. If you’ve taken a bootcamp or you’re thinking about one, share your real opinion so others can make smart decisions.

For me, the one that really made me pause was: “Tell me about the worst incident you handled. Walk me through what you did from the moment it started until it was resolved.” It wasn’t about theory. They wanted to see how I actually think when things get messy, how I break down an investigation, and where my real hands on experience shows up. Now I’m curious! - What question caught you off guard or made you stop and think? Drop yours below.

MITRE has hundreds of techniques. Some are old classics. Some are getting abused more than ever. Which one catches your attention right now? Maybe it’s: - T1059 – Command & Scripting Interpreter. Attackers keep using PowerShell and CMD because defenders still miss the context. - T1027 – Obfuscated/Encrypted Files & Info. Everything is encrypted now, even malware payloads. - T1071 – Application Layer Protocol. C2 over HTTPS blends in too well. - T1566 – Phishing. Still the easiest way into most environments. - T1110 – Brute Force. Password spraying is non-stop, especially on cloud apps. - T1047 – WMI Execution. Quiet, powerful, and still under-monitored. Drop the technique you think deserves more attention and why. Teach the community something others are overlooking.