"Something just happened in cyber security that almost no one is talking about. When you see it, you'll understand why the usual advice no longer works. Let me show you."
This is the new way to work.
In 2025, a security researcher named Sean Heelan went looking for flaws in the Linux kernel — the code that runs much of the internet. He didn't do it the old way. He pointed an AI at it.
Together, they found a serious flaw nobody knew existed.
But here's what matters. The AI didn't do it alone. It threw up a lot of noise — and Heelan was the one who spotted the real flaw in it. He directed the machine, and he made the call.
You're not competing with the AI. You're the one who points it — and judges what it finds.
That changes everything about who gets into this field, and how. The old way in is closing. A new one is opening. So — where does that leave you?
So — which one is you?
Tap the one that fits. I'll show you what it means for you.
It isn't you. The advice was just half a map.
You did everything they told you — the certs, the home lab, the applications. And it still never added up. That's not a you problem.
The old roadmap trains you for the slow, by-hand work — and that's the work moving to the machine first. But the machine does the labour. It doesn't replace the person who points it and judges whether it got it right. That person is worth more now — and you can become them without years of grinding the old way.
And it's a race. Attackers already work at machine speed, so defenders have to as well — which is why the people who can direct the machine are the ones this field is scrambling to find.
The old way isn't slow. It's over.
The old way of doing security is by hand — type the commands, run the tools, grind through the alerts. That was the job, so that's what everyone learned, and what schools still teach.
But you just saw what changed: the machine does the by-hand work now — faster, and for almost nothing. So the exact part of the job everyone trained for is the part that's leaving. None of that skill is wasted — but on its own, half of it now points at a door that's closing.
And this isn't something you can wait out. Attackers already work this way — at machine speed. When one side moves that fast, the other has to as well, or it loses. So defence is going the same way, fast. There's no version of this where you keep doing it by hand and stay in the game.
So the real question is where that leaves you. Let's look.
Where does your role stand?
Type your current job. I'll show you how exposed it already is.
Try: SOC Analyst, IT Support, Web Developer, Business Intelligence Analyst…
—
AI-resistance score
See the full report on this role →
So what do you do about it? There's a new way to work — the part the machine can't take. Let's look.
The new way: you stop doing the work. You direct it.
Here's the shift. The old job was to do the work by hand — read every alert, find the flaw, write the fix. The new job is to direct the machine to do that work, and judge whether it got it right.
You're not the labourer anymore. You're the architect. You decide what gets built and whether it's safe to ship. The AI does the digging; you make the calls. And here's the part that matters: on its own, the AI is unreliable — brilliant one minute, wrong the next. What makes it work is everything you build around it — the checks, the guardrails, the judgement. The system is the genius, not the AI.
That's the skill the AI era actually rewards. It isn't a single job — it's a capability you can point at any of them.
And it's not theory. One person really does this.
I wanted a security review of a live feature on my site. The old way: a specialist, a few days, a report, fixes, re-testing — a week, maybe two. Here's an illustration of what actually happened.
I typed one sentence: review this for security problems. My system spun up five agents to hunt for flaws — three on one AI, plus two more on completely different AIs from other companies, because you never want one AI marking its own homework. A validate pass killed the false alarms; an adjudicate pass made the final call. Two real holes. I typed fix these, then push it live — it patched them, re-ran every test, and shipped. Four sentences. I never opened the code.
But don't mistake that for magic. Those four sentences only worked because the system behind them was already built — the five hunting agents, the cross-model checks, the validate and adjudicate passes, the guardrails. I built that, once. The AI doesn't review security on its own; I engineered the agents that do. That is the work — and that's what AI-Driven Engineering actually means: not prompting, but building the system that does the job.
Here's why it's worth it: it compounds. Build that review system once and it's yours forever — every future job reuses it, and the next thing you build is faster because the system got smarter, not because you did. The same one now scans my servers every week and built JobZone — a platform that would normally take a team months — in about two weeks.
So it's more work up front, and it's a real skill. The good news: it's a learnable one. The next question is what you actually need to learn.
So do you still need the technical stuff? Yes — but differently.
Here's where everyone gets it wrong. You need to learn less than before, and more — at the same time.
Less, because the doing-it-by-hand part is leaving. You don't need to memorise tool syntax or learn a scripting language by heart — the AI does that, faster than you ever will. Every hour grinding flashcards of commands is an hour spent on the part of the job that's already gone.
More, because the concepts now carry everything. How networks really work. How systems break. How an attack unfolds. What good security looks like, and why.
Because here's the rule the whole thing rests on: you can't supervise what you don't understand. When the AI says "I found two holes, here's the fix," the only thing that makes that safe is that you can tell whether it's right.
Keep — it's yours forever
the "why"
- how networks really work
- how systems get broken into
- why a fix is actually safe
- judging if the AI got it right
Let the AI have it
the "just type"
- memorising commands
- tool syntax by heart
- scripting from scratch
- running the tools by hand
So certifications still earn their place — A+, Network+, Security+. But you take them for the concepts, not the keystrokes. The knowledge half of the old advice is still good. The execution half is the part that's gone.
That's a much shorter list than you feared — and all of it is learnable. So let's do the thing this has all been building to: you're going to build something real.
Now it's your turn — build the capability.
A quick simulation. No code, nothing to break. Here's the kind of thing you'd actually build.
Threats and vulnerabilities turn up faster than any person can handle by hand. Miss one, and that's how a breach happens.
Build a small team of AI modules that run non-stop — one to watch, one to sort, one to investigate, one to fix. You don't write code — you say what you want in plain English, and direct it.
Build it — just ask, in plain English
Now use it — on a real morning.
4,800 alerts came in overnight. Nobody can read those by hand — and buried in them is one that's genuinely dangerous.
Point the team you built at the whole pile. It clears the noise, confirms what's real, and brings you the one call only a human should make.
Run it
⚠ One threat needs a human
👇 Choose one — it's your call
The system was the easy part. It read 4,800 alerts and found the one that mattered in seconds — you built that. But that last call? That feeling of "I think that was right… but I'm not sure" — that's real. That's the actual job.
A book can't tell you if you got it right. Neither can the AI — it did exactly what you told it. The only thing that closes that gap is someone who's made the call a hundred times, looking at your call and telling you straight. That's the part that takes people.
So how do you actually build all that?
You just did it in a simulation. Now the honest answer to the obvious question — how do I build the real thing? You don't go and learn to code for two years. You build it up in three moves.
🕹️Learn to drive one AI tool
Start with a single AI coding tool — Claude Code, Cursor, Codex, Gemini CLI, or OpenCode (free and open-source). Which one barely matters. You learn to direct it in plain English instead of doing the work by hand. The tool is the easy part — anyone can start today. It's what you build on top that separates a hobbyist from a professional.
📈Build your own AI infrastructure
This is the real leap. Don't start from scratch every time — build a personal AI system that remembers you: your standards, your past decisions, the tools you've already made. Now your work compounds — every problem you solve makes the whole thing more powerful, forever. This is where most people's first attempt quietly falls apart — and the catch is you can't see your own blind spots. It's exactly where a second pair of expert eyes changes everything.
🛡️Bake your standards into it
The AI is fast but careless — it'll cut corners the second you look away. So you build your known-good safety and quality standards right into the system, so it can't skip them. That's the moment you become a real problem-solver the field is short of. Get this wrong in security and "fast but broken" isn't a bug — it's a breach. Knowing what "good" even looks like is the judgement that takes real training.
None of this needs a computer-science degree. But notice the pattern: the tool is free and easy — and every rung after it is about judgement you can't get from a tutorial. What to build, where your blind spots are, what "safe" actually means.
That's the climb. Doing it right — instead of losing months to the wrong turns, alone — is the whole game. Which is exactly what most people get wrong. Let me show you why.
One last thing — and it's the one most people skip.
You've got the new way of working, the foundations, and the three moves to build a real capability. So why do most people who set out to learn something like this still never finish? And it's not just beginners — strong practitioners stall here too when they're retooling on their own.
It isn't that it's too hard. It's that they go it alone — they hit a wall, no one's there to tell them what they got wrong, and they quietly stop. The numbers on this are brutal.
- ✕Working alone — no one to spot your mistakes, no one to answer to. You hit a wall and quietly stop.
Here's the flip side. The people who actually make it have one thing the quitters didn't: someone in their corner.
- ✓A mentor — someone who's already done it, who looks at your work and tells you "that's right" or "no — here's why."
- ✓A mastermind group — a small circle of people on the same mission as you. You meet regularly (online or in person), share what you're building, swap help, and keep each other moving. You're never stuck on your own.
The one thing a book, a video, or even the smartest AI can't give you is real feedback on the thing you built, from people who've already done it. That's what gets you over the line.
And here's what most people don't expect: the ones who get that support don't just scrape across the finish — they go further than they ever planned to. Which raises the real question: how far could you take this?
Sources: Ho, Chuang, Reich et al. (2015), HarvardX and MITx: Two Years of Open Online Courses — ~5% of registrants earned a certificate across 68 courses (1.7M learners); a broader review (Katy Jordan, 2015, 221 courses) puts median completion around 12%. · Harvard Business School Online cohort completion, reported in EdSurge (2019). Figures are from external studies and the institutions named.
Stop chasing a job. Build a capability.
The old roadmap had one finish line: start at the bottom and spend years working up. But look at what you'd actually have once you can do this:
You can take a security problem, direct AI to build the solution, judge whether it's right, and ship it. That's not a spot at the bottom of the ladder. That's a capability — and a capability converts three ways.
You're the person who builds AI-driven security — not the bottom rung, nowhere near it. In the US, the median for this work is $129,180 a year US Bureau of Labor Statistics, 2025.
The same capability, sold to several companies instead of one. Your rates, your hours, your clients.
Ship a security product that used to need a funded team. Some people take this capability and simply build the business themselves.
And you're not locked in. Consult for a while, take a senior role, launch a product later. You pick — and the choice can change.
The capability is the asset. The career is just how you choose to spend it. That's the ceiling — and it's a lot higher than a job. The only question left is how you actually get there.
You read the whole book. Most never do.
But a book can't sit beside you while you do the real thing — that part takes people in your corner.
Become the one who can do what almost no one else can.
While the old way's fading.
Almost no one can direct AI to build security solutions yet — get in while it's still rare.
You can already do the work. This is how you become the one who directs it — while the window's open.
A short session — I show you AI-Driven Engineering in action and exactly how the Master's takes you all the way. Or see the program now →
Not ready yet? Here's a lighter next step →
Not ready to take that step? That's fine.
You came in to understand what's happening to cyber security — and now you do. That puts you ahead of almost everyone. There's no rush. Keep learning, stay close to the work, and step up when you're ready.
Join us — and keep learning, free:
Read the articles
The same thinking as this book — AI security, the career shift, what's really happening. New every week.
And when you're ready to go all the way — the Master's is right here. It's not going anywhere, and neither is the offer.
— Nathan