Focus. Re-evaluating what you are doing in the… | by Teri Radichel | Cloud Security | Aug, 2025
Re-evaluating what you are doing in the face of AI — is it worth it?
Aug 17, 2025
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Security Automation (Pre-AI). The Code.
⚙️ AI Automation. The Code.
🔒 Related Stories: Cybersecurity | Penetration Tests
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I haven’t been writing a lot lately because I was finishing a penetration test and been really deep into writing some code for one of the tools I use on such tests. Now it’s time to clear my head and move on to what’s next.
As I think about what’s next, I keep hearing about all these people losing their jobs or having problems finding jobs. I also feel like there’s an over-exuberance of investment and reliance on AI and it will be the downfall of some. Things are evolving. This all feels so familiar. History repeats.
What can people do who have lost their employment to the AI hype machine or having a hard time finding one?
Well, I don’t know if this will help but here’s what I am working on and what I’m doing in my own career to move into this brave new world and embrace the challenges and opportunities presented by AI.
With all this change, and life in general, there are a lot of distractions out there and you have to figure out how to focus on what matters to you despite all the noise.
You’ll also want to consider the return on your investment as you ponder various opportunities or things you were doing in the past that might not make sense in the future — is it worth it?
Determining Objectives — What Really Matters?
Not only was I working on that penetration test recently, I was revising my methodology for fuzzing which I spoke about at RSA 2020. There’s a live demo of a quick fuzzer I built at the end showing how I found a cross site scripting attack that reveals a JWT in an API running on AWS.
I’ve had thoughts and ideas for making that fuzzer better and have spent a little time on it over the years but not as much as I would have liked.
When performing penetration tests too much time goes into the reporting and not enough into the hacking and security testing. I spent a lot of time over the past few years working on speeding up that reporting process and making it more useful and accurate. I can also track customers’ key concerns and findings over time to help reduce duplicate effort since I have some repeat customers.
My goal is to reduce the repetitive and mundane parts of the process so I can focus on the real point of the test which is finding as many security vulnerabilities as I can in the shortest time possible. My fuzzer is one of those tools, along with various enumeration, recon, and attack mapping tools and optimized as possible use of third-party tools like Burp and Prowler.
Lately I’ve been working on making the fuzzer more easy to configure, storing configuration information, reducing duplication, getting better coverage, and tracking coverage. Those are the goals. I have some other ideas about different types of attacks as well.
I moved the fuzzer into my batch job system which has undergone a lot of revisions and improvements, but it’s too complicated to explain and publish all that right now. It would also fall into the category of distractions below. Maybe someday.
The impact of AI on my plans after initial research
I’ve been trying out AI for various use cases and writing about it here:
So now AI has come out and does that make my fuzzer useless? I don’t think so.
Yes, AI works. To some degree, on some things, and in some cases in a very interesting convoluted way it comes out with the right answer using logic that doesn’t make sense.
The key point in the end is — the answer is correct even if it’s based on a hallucination somewhere in the middle, and some other deterministic process can validate the results. But if it’s not based on actual deterministic logic, isn’t it just another form of fuzzer? Maybe in some ways, it’s a better or more creative fuzzer. Perhaps.
But is it better? Maybe it’s just a different kind of fuzzer. The proof is in actually doing what I have been planning to do all along and proving whether it works or not. I need to work on it and get it done and prove that it can work — yes or no — instead of talking (or writing) about it.
But maybe this is not an either-or solution. I’m thinking about how I might combine the two approaches with a combination of AI and deterministic code to achieve an even better objective. I wrote about using AI to produce deterministic code here:
But it’s all talk or thoughts in my head until I do it, right?
Doers Versus Talkers
On that note — It seems like there are a lot of people talking about what works and what to do in cybersecurity lately and not enough people actually proving it, if you ask me. So many talking heads and then there are the doers.
Who are you listening to or reading or following and what have they done lately?
I’ve always leaned towards following the doers versus the talkers, myself. That’s why I have been enamored with James Kettle for quite some time and his latest talk at BlackHat was once again, completely astounding.
You can find the white paper here and the talk is recorded and around…I found it but it keeps getting taken down for some reason. I’m sure it’s out there somewhere.
In his presentation, James Kettle showed how a massive number of sites could be compromised with HTTP/1 desynchronization and the team working on it made over $300K in bug bounties.
Those are measurable results.
That’s what I always aim to achieve. May be not to that scale. But I do achieve them on my penetration tests where I generally find a myriad of security issues each time and can help my customers shore up their security, even after other pentesters and tools have scanned their systems.
But I feel like I can do more if I find a way to focus on these things. I have a lot of ideas I’d like to implement. So I’ve stepped away from things that feel like a distraction lately.
Do I need a certification or high profile affiliation?
Notice that James Kettle is not associated with any particular security organization as an instructor beyond his own company, nor does he promote a bunch of certifications. He happens to work for Portswigger but I think perhaps the company is more reliant on him than he is on the company.
I renewed a certification (well, 13 actually) a while back and studied for three months to do it in between other work and at my age and with my level of experience, not sure it will be worth it to do that again. I’d like to invest that time into writing software and research instead. It may be a mistake. I can’t predict the future. But it’s what I want to do.
If you are trying to break into the field, this may not be the best approach. A certificate or degree can help for reasons I wrote about in other posts. Just like a college degree, certificates serve a purpose and may be helpful but are not necessarily a requirement for success (examples: Bill Gates, Michael Dell, etc.)
But besides all that I already have three degrees as well — BA Business, Master of Software Engineering, Master of Infosec Engineering. How many times do I need to prove myself anyway?
Perhaps taking another test is a distraction that will detract from actual results at this point in my career.
Obvious Distractions
Distractions come in many forms. I’ll address a few of them below that affect me personally and how I’m dealing with them — hopefully. Some are a complete waste of time. Other distractions may not seem like distractions — but they are.
I’m so easily distracted and constantly telling myself to focus.
Easier said than done.
The obvious distractions are like “Oh look at that! Someone just posted a comment about the Gates of Hell in Turkmenistan. Is that real?” So of course I had to go watch a video about it, and it was fascinating! (Yes, that happened this week.)
Maybe that will help me when I play Jeopardy! with my husband because one day I saw a ladybug and had to research them and then a jeopardy question happened to come up the next day ironically and I knew the answer.
But it’s not helping me get my work done.
Edit: Just after publishing this post my husband and I were watching old Jeopardy! reruns from December 2022 and a question came up about structures people in Asia lived in. The category was Y-U. As fate would have it, I knew the answer thanks to the video I watched on the above topic. A yurt. The people stayed in a yurt when they went to see the Gates of Hell. Is the universe trying to tell me to watch more videos on Turkmenistan or watch less Jeopardy! ? But time with the hubby is important and it’s one of the only things I can get him to watch besides sports. 😆
So now you see my problem. I’m so curious about everything and easily distracted and I need to F.O.C.U.S.
Sometimes you have to just shut social media down and limit your time. There’s no other way.
There’s also a group I’m affiliated with that uses Slack. I am so easily distracted already. This is one more distraction that can suck me in, so I have to limit my time, not to mention the fact that I’m connected to yet another cloud service. Oh and they changed something and I got logged out and so now I have to re-figure out what my password is to get back in.
I have to keep that separate from the systems where I perform penetration tests and those additional network connections can increase my risk. If you don’t understand why, read my book. But probably if I run it on a network device on a separate network it’s ok. Just more to manage. To date, I have avoided most other chat channels.
Another obvious distraction is anything to do with politics and all those things going on in the world you can’t do anything about — until it is your turn to vote. Yes, stay informed, and yes vote — but make it a truly informed vote based on many sources — but don’t get caught up in the angst in between. It’s a waste of time and energy.
I pretty much cut politics out of my feeds by blocking certain keywords and accounts and then I have a separate new feed for that stuff when I want to spend time looking at it. Others will disagree with me on this point. If you feel that what you are doing is actually making a difference — then do it. Do what you feel is right and what you need to do within the limits of the law. But evaluate how you are spending your time and the impact it has on the desired outcome. Perhaps there is an alternative that will be more effective.
You may have your own distractions that are obvious time wasters. Figure out what they are. Determine how to limit the time you spend on them. Try to adjust your time to focus on more productive activities unless you are truly taking a break. Track how much time you spend on different activities. You may be surprised.
More Subtle Distractions
Here’s an example of a more subtle distraction — the kind where you are making money or you think it may be providing some sort of marketing or social benefit. But if you start to do the math realistically, the return on your investment of time, money, or both is not enough to compensate you for what you are giving in return.
If you are truly doing something because you love it and you don’t care about getting paid then it is a hobby. Or perhaps you are doing something for free because it is for charity. But otherwise it’s something that is distracting you from more important things that could offer better ROI.
It may even be that you are doing something that is generating feelings that are bringing you down like you are somehow inadequate or not good enough or making you feel guilty because you don’t want to do it anymore. Perhaps it is something that gives you “exposure” or “prestige” that you feel you cannot live without. You can make a positive difference by focusing your energy and thoughts on other endeavors because that’s just a drag on your overall well-being. Sometimes you have to do things to pay the bills, but hopefully you can do that and still find a way to feel good about yourself in the process.
When it comes to cybersecurity, I want to make a difference. I would like to help people secure their systems, not just talk about esoteric things and solutions that they want to hear — or make people feel like they are at Disneyland during training as I was once told to do — but rather give them solutions that work and help them improve their system security.
I recently had to cut something out and it was not easy an easy decision. I probably should have done it a year ago but I was hesitant. I can research and dive into and answer questions about random security topics pretty well. I had to do that a lot on security consulting calls in the past for which I was paid a small fee — small when considering the time I put into each call. I loved helping people and I felt like (and my customers’ scores indicated) that my research and answers were pretty good.
I had a 9.5+ rating for the most part over the years of performing that service. I know that because I was on a call where they introduced me to the team at some point and said that to the group. I was actually surprised when they said it because I wasn’t tracking it.
But things change when you start getting obscure calls that are not in your area of expertise and less calls. When you start getting calls you can’t answer quickly you have to spend a lot more time researching and that cuts into your return on investment. You’re spending more time for the same amount of money.
Perhaps the company “expands” and there’s less work to go around. Perhaps there are less customers. For whatever reasons you’re getting less work and work that takes you longer to complete. Whatever the reason is, it’s beyond your control if the company is going in a direction that is not beneficial to your association with them.
If you have a lot of calls one outlier doesn’t make that much difference. But when you start getting hardly any calls, then one bad call can tank your rating. And if you get bad ratings you’re negatively affected in some way — either by the company or by yourself feeling bad about it. If you are involved in any such “rating” system I’d say get out if it is stressing you out. Life is too short. It’s not a true evaluation of your capabilities — or fair.
This also applies to those rating systems within companies where your whole life depends on a single rating from a manager who doesn’t like you or ratings from your peers where everyone is knocking each other down so they can get a better raise themselves. In those cases ratings are irrelevant.
Even if you know logically that the system is flawed, a bad rating can make you feel bad and distract you from what you should be focusing on — which is not that.
I never once looked at a “report card”, a particular company was giving me. It was irrelevant to show me everyone else’s rating given that the distribution of calls was uneven and the calls I was getting were not what I was requesting. Calling it a “report card” also feels juvenile to me, but maybe that is just my perception.
Even when I had 5 out of 5 at a particular event while working for a company they discounted that based on the number of ratings submitted. Instead of getting more work based on positive ratings, I got less. At another company even though I repeatedly hit the bonus after my initial struggle to ramp up very quickly, one bad rating from one person at my very last event tanked me. When I asked about the fact that I had gotten the bonus and high scores in prior events they said, “That’s not how it works.”
I remember at one point a woman asked me why I thought I wasn’t as good as some other guy who had been doing the same thing for 20 years. I’m no rocket scientist but I think I could probably guess. Not to mention he was presenting his own material. It’s always easier to present your own material.
I’m just so tired of all these subjective and potentially manipulated “ratings” systems. I’d rather work in a different way. If you like my work and the results, hire me. If you don’t, then don’t. Stop trying to make me into something I’m not and please stop trying to make me feel like garbage with some arbitrary rating system.
Let me give you an analogy from a completely different point of view as to why you should ditch these systems if they are not working for you instead of constantly trying to prove you are as good as everyone else and conform to something that doesn’t make sense.
I used to ride horses in 4-H. You’d ride your horse around the ring in a performance event and try to look pretty. You had to sit in the saddle a certain way, etc. One judge stood in the middle and judged all the riders that day. You’d get a ribbon. Usually the prettiest girl on the most boring “smooth” horse with a saddle covered in silver (i.e. more expensive) would win. I got blue ribbons, just not the “grand champion” ribbon with that particular horse in those particular events.
One of the problems was, my horse thought it was a race. He was my favorite horse because he was smart (unlike the boring ones I had as a small girl on which I may have done better.) Well I guess he was not always smart. But for whatever reason I liked him best.
He would try to go faster than all the other horses, not figuring out that — dude — we are in a never ending circle. There’s no “winning” by going faster. But still he tried and I did my best to look calm as he flipped his head in the air and pulled on the reigns.
I remember we went on a trail ride with one of the girls who would win all the time. We used to ride on the military reservation near Fort Lewis when such things were legal. Her horse took off, she fell off, and came crying all the way back to the trailers. That girl couldn’t really ride.
I tried to train my horse not to flip his head around and to go smooth and slow but it was always a battle. Finally I gave up on performance and started riding my horse in races instead (called gaming in horse terminology)— barrel racing, pole bending, key race, etc. And we won. We usually won almost every race at the county fair and we got decent ribbons at state. We weren’t the best but we did get a fourth place in state in our best race (the figure 8 race or stake race) and I think my sister got a top ribbon on him in her best event (the flag race).
The stake race we did kind of looked like this but the way we did it, you had to keep running after the second pole all the way back past the finish line and then stop, showing you could maintain control of your horse. The way this horse is prancing and getting excited before the race is the same thing my horse used to do and he kind of looked like this horse — a brown quarter horse.
Here’s a video of the flag race. It was a bit different the way we did it but essentially you have to run by and grab a flag and then put it in another barrel on the way back.
Here’s a video showing a Western Pleasure class. I forgot the actual name of the class until I looked it up. As you can see it’s a bit different.
My point is — subjective rating systems are just that. If you want a fair rating, use non-subjective measure like a clock controlled by electronics, not a human. The fastest horse wins. Or whatever your criteria is for the objective you’re trying to meet. And if you’re feeling bad about some subjective form of measurement, maybe you’re in the wrong event or you’ve got the wrong judge. Try something different.
At some point you just have to let it go so you can spend your time focusing on positive things versus rating systems or people sent to give you ratings to tank your otherwise good ratings. You also need to do things that are fulfilling, make a difference, and make you enough money to be worth your time.
Life is too short.
When considering ROI on some activity or job you are doing and whether it is worth continuing, consider ALL the time invested including the time spent stewing over things that bother you. If it bothers you that much you might want to seek out something that distracts you less. You’re not going to change organizations you work for that much most of the time and it may just not be a good fit for you, even though others seem to be thriving. It’s not you, it may not be them (or it might), but in any case it’s not a good fit.
Distractions that are worth it but are exhausting
We all need to make money but at the end of the day, but in the end, I would like to also make a difference. And sometimes when you’re doing too many things you can’t do the one thing you want to do as well as you otherwise could. That was the case when I was trying to do training and penetration testing and write tools to perform better penetration tests.
For some people training is almost more like marketing. They get leads and business from their training. I did not find that to be the case. Although I loved my students and people seemed to like my classes for the most part, it was exhausting for me and as I get older even more so. I stopped doing that to focus on my research and hopefully this latest idea will pay off in some way.
I’ll still try to write here periodically to help people out and maybe speak at a few conferences in the area or at AWS conferences to talk about it. Who knows. But that will be just for fun because I enjoy it rather than something I have to do to make money.
I also will only speak on topics of my choosing, unlike conferences were I was forced to speak on particular topics chosen by others. Some of them felt like old news at times and although those topics are important, I’d rather be taking a more futuristic and research-oriented topics.
I’ll leave the 101 training to others and I’ve recently published some content from my classes to help them with that. Of course this is a bit dated, but a lot of the basic cybersecurity content is still relevant.
Economics — is what you are doing worth it?
In addition to what “works” and what you feel good about doing, there’s also an economic factor to all the things we choose to do. I tried writing on Medium and initially my payments started to rise. Like maybe to $150 a month after a month or two. Wooh. I thought maybe if I keep writing it will keep building up. I had something like 40K hits on my posts with little effort.
Yeah, no. The Medium experiment was an abysmal failure. Not only that people kept ripping off my posts. And now with AI it’s pretty much a joke to think that you’ll make any money by writing. You’ll be lucky if anyone actually finds your site or what you wrote. I got $10 this past month.
I had to stop writing so much to focus on what I really need to be doing. I will still write periodically but not quite as much because I have to get things done. In addition, watch my git repos. You might see some activity here:
But writing here doesn’t make any money.
So this month, all my post on Medium — hours upon hours of work — bought me a cup of coffee.
That was another failed experiment (buymeacoffee.com). I tried it out of curiosity mostly and there’s no way to prove you didn’t get donations if people want to give them anonymously. That reminded me of how I was breached on my hostel booking site in the above story on how network traffic got me into security. Yeah no.
I never expected either of those to really pay much but I was curious if they could add a decent amount to an income stream. They don’t.
Maybe you just like to write, as I do. I am a writer. Sometimes I have to write. Writing this blog brings me back into focus and frees me from things I don’t want to or shouldn’t be doing anymore. It reminds me to focus on what’s important. And maybe it will help someone else.
The Economics of AI — is it worth it?
There’s a new-fangled AI pentesting tool out called Xbow that most people in cybersecurity have probably heard of by now. It sounds pretty cool and I’ve looked into it a bit. I’ll let you research it in more detail on your own. But one of the most interesting things I heard about it so far that I just heard listing to this Critical Thinking podcast I listened to yesterday is that it’s running at a loss:
Well, sometimes startups run at a loss before they become completely profitable. In fact, some larger companies ran at a loss or with very low profit margins for years and still became powerhouses. So we’ll see how it plays out. Can they formulate a working business model by selling this tool to enterprises instead of running it on bug bounties?
Maybe, but I think back to the dot-bomb era where my CPA told me I was the first person to tell him all the over-funded startups were going to fail. That’s because they would never produce as much value as the money that was invested into them. There were a few winners but when the you-know-what hit the fan the Venture Capitalists I was working for were calling all their term sheets wallpaper.
I didn’t make a lot of money working for them but it sure was an interesting ride and I’m glad I did it for the experience. I’m not all about money.
But sometimes you need to think about the money and how you’re going to pay your bills and get decent returns on your investments.
I just wrote about dividends. These days, because life is short and I’ve probably already donated too much time over the years to non-profit endeavors, I’m thinking more about ROI. I’ve got a looming house project I need to finish — and pay for…and yes some people are struggling to buy a house but it’s not like this thing was handed to me.
What happened in my case was that I went through the dot-bomb era and instead of going bankrupt or screwing over investors as I saw other people do (sorry I can’t think of a better way to describe taking funding and then immediately shutting down your business), I attempted to stay in business, support my customers, pay my employees’ health insurance, and pay my bills.
What good did that do me? Given that in the end my main customer shafted me, maybe not so much. I wrote about that in my book. I ended up in a grand canyon of debt I had to climb out of like some people coming out of school today but for a different reason. It was a very stressful existence for a long period of time which I think affected my health.
But on the other hand, I wouldn’t have gotten a particular job I got later with a bankruptcy on my record. There’s also the general sense of integrity I feel in doing the right thing as much as possible. We all make mistakes and I certainly have, but I try to do what I think is right.
Unfortunately, I feel like I have been on the losing end of the stick more often than not. So I’m less apt to be swayed by promises or speculation and more apt to be swayed by actual money. I’m also less apt to help random strangers for a low amount of money who plead with me until I finally agree and later end up suing me after I fix their site and marketing partially out of my own pocket. Yes, that happened.
I’m a bit leery and more focused on things that feel safe and pay the bills these days instead of huge investments that may or may not pay off later. So things that are running at a loss are not my cup of tea at the moment, which most AI solutions seem to be doing.
The cost of performing some operations with AI seems to be astronomical. For some problems, I just don’t think the cost is worth it. And they have tons of high paid employees working on problems that perhaps can be solved in simpler ways with less compute power and the company isn’t making any money. How long is that going to last? We’ll see…
In general, things that pay money consistently and quickly. And people and investments I can trust.
Show me the money
On that note, I wrote a post about dividends recently.
I’ve been wondering for a while now how dividend earnings are reported by most financial systems. It seems like it’s incorrect but maybe I’m missing something. Let’s say my portfolio is $100K and I have $16K more total in my account after six months or $116K in value. What’s my return? Well let’s say I had $132 K after one year. So I made $32K.
32 / 100 = 32%.
Am I wrong? Because basically that’s what I’ve got in my portfolio (not those exact numbers I just used round numbers for simplicity) and I’m think I’m getting a higher return than all the investment apps are showing you. And if that’s the case, people may think their dividend investments are not as good as the more speculative growth-oriented stocks.
And if those are my actual returns and they come regular as clockwork I’m down with that. Even if it’s really only 10% because I made some mistake fine. That’s still pretty good. And I’m pretty sure it’s over that because the average of my yield on my dividend producing stocks is somewhere around there and yes I some go down in value while others go up but I’m still getting the money.
I made some mistakes early on but trying to be a bit more careful about the safety of the dividend and improve as I go. It’s consistent. I’ll take it. It’s real money in my bank account and money I can use to pay my bills in a jam. That’s why I like it.
So is that lower return these apps are reporting because they are only looking at the rise and fall of the stock and not including the dividends I got paid? Do they subtract the amount of dividends I reinvested into stock when they calculate the return? I don’t know. Maybe I’m missing something. Math is not my strong suit as I explained here:
But anyway, when you’re thinking about returns in terms of AI, you have to think about what it costs to run those AI systems not just what they are producing. Sure they are producing amazing results — but is it worth it? Does the cost justify the value produced by the results? What sort of return are you really going to get? Are your calculations and assumptions accurate?
My main question about AI is — could a lower cost deterministic solution do the same thing as AI and provide better ROI? Or some more cost-effective combination of the two? It could definitely be more reliable and accurate.
When I personally look at AI projects and use AI, the costs seem too high, not just in dollars but in time based on my use of it to date. I have to ask it so many questions and be very specific with my prompts, revising them over and over again to get what I want.
Maybe I’m doing it wrong or it will get better but there are only a few things I use it for consistently — not everything. Maybe it’s just the particular things I’m doing that AI has not been trained on as much. Sometimes I have to stop and dig in and write the code myself because it’s faster and cheaper than trying to bend AI to my will to write the whole thing with AI.
If it costs me more time and money to write the code with AI — I’m not going to use AI.
The cost of AI mistakes
In addition to considering the cost of using AI, the code has to be correct. I was able to write some code very fast with AI recently to solve a particular problem. However, after trying multiple engines none of them could make it work for all my use cases. At least not without a lot of time and effort. I’ll try to get back to that again later and either fix it myself or query AI in different ways.
The recent trend of companies firing everyone because they think they are going to replace them with AI makes me think of all the times I was working for a manager who told someone to build a particular piece of a project and I would just cringe. I knew that person didn’t have the experience or understanding to build that particular piece of code correctly and it was going to put the project at risk. Not just because they might do it wrong. We could fix it. Sometimes you give junior people work to let them learn even if they make a mistake. That’s ok. That’s how we get better and figure things out.
But in some cases it would be a convoluted mess fix the code after the fact and delay the whole project. In other cases the piece of code was extremely crucial to the success of the project and mistakes might slip in. I always tried to avoid being associated with a project I knew was going to fail miserably. Often you can’t explain to people why it’s going to fail and even if you try they don’t listen. Their minds are made up.
The problem in many cases where this happened was that the manager had never actually written code and did not have enough knowledge of the details of the thing they were building. The manager could not accurately assess the person’s skill set or predict the outcome of that decision appropriately.
For the most part, I turned out to be right when I saw these looming disasters. I’ve had to rewrite other people’s code more than once or just left and found out later that the project I narrowly escaped crashed and burned. I don’t want anyone to fail, but if they are going to choose to do so, I’d rather not be associated with it.
AI is like the junior programmer who doesn’t have the experience to avoid critical mistakes. The people firing their whole staff because they see AI writing code faster is pretty much the modern version of the manager I’ve dealt with in the past.
AI is good for the boilerplate code and small widely used functions. It doesn’t seem to be good at parsing complex structures or getting into the weeds. It’s terrible at recursion and optimizing code on the first try. The longer and more complex the code becomes, the sooner AI is going to make some critical mistake.
I can get AI to do what I want with a lot of coaxing in some cases on small sections of code. But anyone relying solely on AI may be in a world of hurt later when some bug surfaces that produces some terribly incorrect result that wasn’t fully tested.
And the cost of that — may be more than the cost of a good development and QA team. Especially if it leads to lawsuits or a data breach.
Looking into the future
My focus right now is working on my software, research, and penetration testing at the moment. I’ll probably write more about it here and there as I go. I’ll also probably be writing about some AWS-y things and data breaches along the way to help people try to secure their systems.
But at the moment I’m all-consumed with this fuzzer I’m working on and other pentest, deployment, and related tools I’m running on my batch job system. That may or may not include AI jobs depending on the economics of those solutions and whether I actually need AI to get the job done.
Right now, I’m cutting out things that are distractions as much as possible. You might not hear from me quite as much here as a result but I’ll try to post things once in a while to help people with various security related topics.
If you’re worried about AI taking your job…I think AI is very powerful, but it also makes a lot of mistakes. If you’re recently lost your job or looking to keep one, I’d say learn as much as you can about AI, because in the end, you’ll need to be able to show where it went wrong and how to fix it. If you’ve recently lost a job to AI, I suspect some of those will return. Hang in there.
But sometimes things change and people need to adjust their skills and thinking to get the job that exists in some new day and age. For example, when the assembly line came along, people building cars had to adapt. And that seems to be the case right now. So instead of focusing on worry and the past, focus on what you can do with this new technology (or how to exploit it’s weaknesses and do what it can’t do better while everyone else is distracted by it). That’s what I’m doing.
Also consider whatever you’re doing right now from the perspective of the ROI and where your time is best invested for your future well-being. That includes your money, your mental health, and your personal dreams and goals.
Follow for updates
Teri Radichel | © 2nd Sight Lab 2025
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero Former SANS, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests & Security Research ~ 2nd Sight Lab
Cloud, SAAS, and Application Penetration Testing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ X, Threads, Blusky, Instagram, AWS BuildID: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
