Notes from a week of red teaming

I spent a week in intensive cybersecurity training with DevelopHer and LuxDev — red teaming, penetration testing, and incident response. Here's what stuck with me.

Attackers think in graphs, defenders think in lists

That phrase came up early and it changed how I read logs. An attacker connects dots across systems. A defender often sees isolated alerts. The training pushed us to build the graph — what can this credential reach, what does this open port imply, where does this misconfiguration lead.

Pen testing is not about showing off

The best findings weren't dramatic. They were misconfigured permissions, forgotten subdomains, assumptions that "internal" means safe. The goal isn't to impress — it's to show a team exactly where their model of the system diverges from reality.

Incident response under pressure

The IR exercises were the hardest part. When something is actively wrong, you don't have time to be elegant. You need runbooks, clear roles, and the discipline to preserve evidence before you fix things. I'm carrying that mindset into everything I build now — design for failure, log for recovery.