// FRAMEWORK • THE OPERATOR’S DISCIPLINE STACK
The Grind.
Cybersecurity is a marathon disguised as a series of sprints. The threats don’t sleep, the certifications never end, and the field rewires itself every eighteen months. This is the operating framework I run on — the discipline stack that lets me grind hard for years without burning down the house.
“The quality of your output across a decade is set by the quality of your habits across a Tuesday. Stop optimizing the heroic effort. Optimize the boring repetition.” // PERSONAL OPERATING NOTE — 2024
$ cat ./framework/pillars.txt
Five Pillars of the Grind
Burnout in cyber rarely comes from one bad week. It comes from quietly neglecting one of these pillars for months. The framework is a checklist against silent collapse.
// 01
SLEEP
Non-negotiable. Seven hours minimum. Cognition is the asset; sleep is its uptime.
// 02
MOVEMENT
30 min/day, six days/week. Cardio for the brain, lifting for the spine, mobility for the desk.
// 03
FUEL
Real food, real water, no caffeine after 14:00. The body is the rig. Fuel it like one.
// 04
CRAFT
90 minutes of deliberate study or build per day. Not consumption — production.
// 05
PEOPLE
Family and chosen connections — the work means nothing without them. Block the time.
$ cat ./framework/principles.md
Operating Principles
Seven rules that took six years and one near-burnout cycle to internalize. Each is a tradeoff, not a rule of physics. They work together.
// 01
Compound Interest > Heroic Effort
Two hours of focused study per day, every day, beats a 14-hour weekend cram. The exam doesn’t care how hard the last week was — it cares how prepared the last six months were. The same is true of certifications, fitness, and relationships. Show up small. Show up daily.
RULE: Sustainable beats heroic. Calendar the 90 minutes and protect it.
// 02
Energy Is the Currency, Not Time
Time-management dashboards lie. You can have eight free hours and still get nothing done because the tank is empty. Schedule the hardest cognitive work into your peak window — for me, 06:00–10:00. Save shallow work (email, meetings, alert triage backfill) for the trough hours.
RULE: Protect the peak hours like a production system. No meetings before 10:00.
// 03
The 80% Rule
Cybersecurity is a perfectionist’s graveyard. There is always one more log to read, one more vulnerability to chase, one more chapter to re-read. Ship at 80%. The remaining 20% is achieved in production, not in your head. The blog post you publish beats the perfect draft you don’t.
RULE: Done and shipped beats perfect and pending. Always.
// 04
One Big Rock Per Quarter
Multitasking on certifications is a trap. One major credential per quarter, max. Right now: CISSP. Next quarter: CISM. The rest of the bandwidth goes to job, blog, lab, family. The list of what you’re NOT doing is more important than the list of what you are.
RULE: Pick the one rock. Move it. Then pick the next one.
// 05
Build in Public
Every blog post, every lab writeup, every skill tree update is a public commitment device. The cost of quitting goes up when the work is visible. It also compounds: a body of public work scales beyond a single résumé line item. Recruiters find writing. Algorithms don’t find résumés.
RULE: Publish the imperfect thing weekly. Edit it later.
// 06
The Home Lab Is the Cathedral
The job pays the bills. The lab builds the operator. You will never have time for the home lab — you will only ever make time for it. 30 minutes most evenings: Splunk + Sysmon + Atomic Red Team running in a tiny VM cluster. Break it. Detect it. Document it. Repeat.
RULE: 30 lab minutes > 0 lab minutes. Show up to the cathedral.
// 07
Recovery Is the Workout
In strength training, the muscle grows in the rest — not the rep. The brain works the same way. One day per week is fully off. No labs, no certifications, no security Twitter. Walking, family, food, books not about computers. The grind only compounds when the recovery shows up too.
RULE: One full off-day per week. Calendar it. Defend it.
$ cat ./framework/operating_day.txt
A Day on the Stack
An honest version of the operating day. It is not optimized. It is sustainable. The exact times shift; the structure does not.
// WEEKDAY — ON SHIFT
05:30Wake. Water. No phone for 30 minutes.
06:00Deep work block 1: study (CISSP / lab / writing).
07:30Movement — lift, run, or row. 30–45 min.
08:30Breakfast. Family. Real food.
09:00Work shift starts. Triage → deep work → meetings.
17:00Hard stop. Walk away from the screen.
18:3030 min lab or blog — if energy permits.
21:30Wind-down. Read. Lights out by 22:30.
// SATURDAY — OFF DAY
07:00Sleep in. No alarm.
09:00Long walk or hike. Sunshine non-negotiable.
12:00Family time. Errands. Slow lunch.
15:00Reading — a non-cyber book.
17:00Cook a real meal. No takeout default.
19:00Movie night, game night, or just talking.
22:00Sleep. Recovery is the workout.
—No labs. No CISSP. No security Twitter.
$ grep \”anti_pattern\” ./framework/*.log
Anti-Patterns
Failure modes I’ve hit, watched colleagues hit, or read post-mortems on. If you spot any of these in your week, you are leaking.
// THE PERPETUAL CRAM
Cycling between 16-hour days and three-day collapses. Average output is mediocre and you destroy your nervous system in the process. The tortoise wins this race — every time.
// CERT TOURISM
Stacking three certifications simultaneously and finishing none of them. The dopamine of starting eclipses the discipline of completing. One rock. Per quarter.
// THE INFOSEC TWITTER LOOP
Eight hours of consuming threat intel and zero hours of producing anything. Information without application is just anxiety with extra steps. Ship something this week.
// THE “ONE MORE TICKET” LIE
Every ticket closed at 22:00 buys you a worse one tomorrow because you’re fried. Hard stops protect tomorrow’s output. The queue will be there at 09:00.
// SKIPPING THE BORING REPS
Mobility work, fundamentals review, root-cause writeups — the boring stuff is where the operator gets built. The flashy stuff is just ego optimization.
// MEASURING ONLY OUTPUTS
Tickets closed, certs earned, posts published — all lagging indicators. The leading indicators are sleep hours, lab minutes, and family time blocks. Watch those.
// THE GRIND IS THE GAME
This framework is not a productivity hack. It’s an admission that I will be doing this for the next thirty years and I want to still be doing it well at the end. Steal what works. Discard what doesn’t. Run your own version. Just — keep going.
⚑ read the intel feed