Skip to main content
HashnodeCipher's Log

Command Palette

Search for a command to run...

Cipher's Log #7: Finding My Place in Cybersecurity

From Chasing Exploits to Thinking Like an Investigator

Published
4 min read
Cipher's Log #7: Finding My Place in Cybersecurity
B
Bornov Shyam Kalita

An ECE undergrad student at NIT Silchar, India. Interested in cybersecurity and more specifically, the red teaming side of it and wishes to build a career in it. Also extremely passionate about tech and physics.

When I first started learning cybersecurity, I thought I already knew the kind of person I wanted to become.

Like many beginners, I was drawn to the red team side of things, exploitation, breaking into systems, finding vulnerabilities. It looked exciting, technical, and decisive. And for a while, it was exactly what kept me going. CTFs, late-night practice sessions, and the satisfaction of making something work when it wasn’t supposed to, all of that taught me a lot about how systems fail.

But learning cybersecurity isn’t a straight line.
And more importantly, understanding yourself inside it takes time.

Over the past several months, my journey has been messy. I’ve gone through phases of confidence and long stretches of doubt. There were moments where I felt like I was learning everything, and moments where I felt like I understood nothing at all. I jumped between domains, questioned whether I was focusing on the right things, and often felt overwhelmed by how vast the field really is.

Somewhere along that process, something shifted.

The Moment It Started Clicking

As I spent more time doing CTFs and practical labs, I began to notice what actually held my attention.

It wasn’t just the exploit.
It was everything around it.

I enjoyed reconstructing what happened.
I enjoyed validating assumptions instead of jumping to conclusions.
I enjoyed piecing together timelines, correlating artifacts, and asking whether the evidence actually supported the story I was telling myself.

That curiosity naturally pulled me toward DFIR (Digital Forensics and Incident Response) and OSINT.

At first, I didn’t think much of it. I assumed DFIR was just another skill set to pick up, another list of tools and artifacts to memorize. But the deeper I went, the more I realized this wasn’t about memorization at all. It was about thinking carefully under uncertainty.

Working Through General Windows Forensics

Over the past few weeks, I focused heavily on general Windows forensics, excluding memory forensics for now. I worked through execution artifacts, filesystem evidence, registry analysis, USB and external device history, and timeline reconstruction.

What surprised me wasn’t how complex individual artifacts were, it was how connected everything was.

Instead of isolated indicators, I started seeing Windows as a system that constantly leaves traces:

  • Program execution leaves behind multiple corroborating artifacts.

  • File access can be validated across filesystem structures, shortcuts, and journals.

  • External devices leave footprints across logs, registry keys, and user activity.

  • Even partial deletion rarely removes the full story.

Slowly, I moved from feeling overwhelmed by the sheer number of artifacts to feeling more confident in asking the right questions:

  • What happened?

  • When did it happen?

  • Which user or process was responsible?

  • How confident can I be in this conclusion?

That shift, from “what tool do I run?” to “what question am I answering?”, changed everything.

What DFIR Taught Me About Myself

DFIR forced me to slow down.

It punished assumptions.
It rewarded restraint.
It demanded corroboration.

And I realized something important: this is how my mind naturally works.

I don’t enjoy rushing to conclusions.
I like building confidence step by step.
I care about why something matters, not just that it exists.
And in a way, I am kind of a storyteller who loves connecting dots to give them a solid narrative.

That doesn’t mean my red team experience was wasted, far from it! Understanding how attacks work makes investigations stronger. But DFIR and OSINT gave that knowledge context and direction.

Instead of chasing the next trick, I found myself more interested in telling the most accurate story possible, and knowing when to stop digging.

Where I Am Now

I’m still early in this journey. I’m not an expert, and I don’t pretend to be one.

But I’ve reached a point where I can confidently say that I’ve built a general Windows DFIR baseline:

  • I know how to triage a system.

  • I know where to look for execution, access, and device usage.

  • I know how to corroborate findings across artifacts.

  • And most importantly, I know how to reason about evidence instead of collecting it blindly.

I’m currently documenting a full Windows DFIR investigation as a detailed writeup, focusing on the investigative process rather than just the tools used. The goal is to capture not just what I found, but how I arrived at those conclusions, including uncertainty, validation, and discarded hypotheses.

I’ll be sharing that writeup soon.

Closing Thoughts

Cybersecurity is a huge field, and it’s easy to feel lost inside it. For a long time, I thought that uncertainty meant I was doing something wrong.

Now I see it differently.

That uncertainty was part of the process of finding alignment, not just with a role, but with how I think and how I learn. DFIR and OSINT didn’t just teach me new skills; they gave structure to instincts I already had.

-WizB🧙

#cybersecurity#cybersecurity-1#cybersec#learning-journey#learning#digital-forensics#osint#dfir#threat-intelligence#technology#journal

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

C

Cipher's Log

8 posts

This is a logbook of my Cybersecurity and Red Teaming learning journey.