Introduction
Continuing the tradition I started last year, as 2025 comes to a close, I’m taking some time to reflect on my year in terms of my cybersecurity career and learning journey.
This is the second year I’ve maintained this blog, which is crazy to think about, as it doesn’t feel like that much time has passed. Looking back at myself two years ago really highlights how far I’ve come since I decided to dive into the world of cybersecurity.
I’ll begin by sharing some of the milestones I achieved this year.
Milestones
More Certifications
In last year’s post, I set a goal for myself: to earn more offensive cybersecurity certifications in 2025. I’m thrilled to say that I achieved that goal, earning both the OSCP+ and OSWP certifications from OffSec!
Earning the OSCP+ feels like a particularly meaningful achievement. When I first decided to dive into ethical hacking, I started from almost zero, and the OSCP seemed like this elusive milestone reserved for the most elite hackers. The whole Try Harder slogan, combined with countless stories of people struggling (or failing) the exam, made me wonder if I’d ever get there.
Now, two years later, I can confidently say that I’ve surpassed my own expectations. I passed the OSCP+ with relative ease, which was both humbling and exciting. I’ve also long realized that the OSCP is not some unattainable pinnacle. It’s an entry-level certification, a solid foundation, and just the beginning of a much larger journey. I know there are far more challenging certifications out there, and I’m excited to tackle them in due course!
CVE Discovered
Another goal I set for myself last year was to register a CVE that I discovered. I’m happy to say that I also completed this resolution… kind of!
I did discover a vulnerability (a high severity one, in fact) but due to the circumstances of how it was found, it wasn’t registered under my legal name, and I’m not allowed to discuss the details. I wish I could share more about it, but unfortunately, I can’t.
So, I’ll call this a partial success. Technically, I found and registered a CVE, but you’ll have to take my word for it! Hopefully in 2026, I’ll have the opportunity to register one under my own name and be able to talk about it publicly.
HackSmarter Presentation
One of the more unexpected developments this year ended up slightly shifting my trajectory. I’ve mentioned before that my CPTS and notetaking blog posts have gained some traction in the HackTheBox and OSCP communities, with plenty of people reaching out to discuss the certifications or my notetaking process.
Eventually, my posts caught the attention of the folks at HackSmarter, Tyler Ramsbey’s infosec community. They invited me to give a ~30-minute workshop on my notetaking process, which I made about my field manual.
You can watch the recording here:
(Blog post about this presentation here)
This was my first time ever presenting on a cybersecurity topic, so it felt like a big milestone. Public speaking (well, speaking in general) is one of my biggest weaknesses, so I was definitely out of my comfort zone. Yet, the positive feedback and appreciation from the community was incredibly encouraging. For the first time, it made me consider producing content in video form, rather than relying solely on this blog.
YouTube Channel
Shortly after the HackSmarter presentation, and encouraged by the excellent feedback I received, I decided to try turning my most popular blog post, HTB CPTS Tips & Tricks, into a video presentation. That was the beginning of my YouTube channel!
There were several reasons behind this shift. First, I felt that my content could reach a broader audience on YouTube, helping me continue my commitment to giving back to the infosec community.
Second, since my blog doesn’t have a comment section, it’s difficult to gauge reach or gather feedback. YouTube, on the other hand, makes it incredibly easy to interact with viewers and see which topics resonate.
Third, creating video content will prepare me to do more presentations / live talks. As I said before, I’m not good at it and making videos put me outside of my comfort zone. I think there’s value in doing hard stuff for the sake of it.
And fourth, and admittedly the least noble reason, blogs are hard to monetize without being intrusive or annoying. As someone working in tech, I think it’s wise to diversify and build resilience against layoffs or automation. Even a small additional income stream from YouTube helps move me toward that goal.
I’m happy to say that this YouTube experiment has been, in my estimation, a huge success so far. The feedback has been overwhelmingly positive, and the growth has been incredible for such a new channel. About six months after uploading the first video and four videos in, the channel just reached 1,000 subscribers. I attribute a lot of this momentum to the presence I’ve built in my niche through this blog.
Promotion
And for the final milestone I want to share: this year I was promoted at my job exactly one year after joining as a Jr. Application Security Engineer. I’m happy to say that I’m officially no longer a junior!
Losing the Junior title feels like a significant milestone because it signals that I’m no longer a novice in the hacking world. In many ways, the shift is reassuring: it boosts my confidence and helps loosen the grip of imposter syndrome, something that’s all too common in cybersecurity.
At the same time, it’s a bit intimidating. I can’t hide behind the Junior label anymore. I’m a big boy now, the training wheels are off!
Conclusion
I made plenty of progress in 2025, both in areas I had planned for and in a few unexpected directions. Beyond the professional wins, I also hit some major personal milestones this year, made possible largely by the financial stability and skills my work in cybersecurity has given me.
Still, I ended up completing two of the four resolutions I set for myself in 2024, leaving two still unfinished:
- Achieve Holo tier in Hack The Box Seasons:
Looking back, I don’t think I completed a single CTF box that wasn’t tied to certification prep. CTFs just aren’t as central to my current development as they were a year ago. I’m not disappointed about missing this goal, it simply became outdated. - Find a valid bug in a Bug Bounty program:
Over the past year, my perspective on bug bounty programs has changed… I’ve realized they’re not a good fit for me, as the time-to-reward ratio is not really great and the added time pressure takes away the enjoyment, so they’re no longer a priority for me at the moment. I’ll rather do some independent security research at my own pace. :)
And now, here are my cybersecurity resolutions for 2026:
- Earn more certifications, likely OSWE and maybe OSEP.
- Grow my YouTube channel to 5k subscribers. I have no idea if that number is realistic, but it’s a nice round number. At the very least, I want to get the channel monetized.
- Release my completed field manual to the public.
- Present another workshop or seminar on a cybersecurity topic (if the opportunity arises).
- And finally: a secret, most important resolution that I’ll reveal only if I achieve it. :)
Happy 2026 and happy hacking!
