Welcome. This is my second attempt at creating and maintaining a blog. My first go at blogging was way back when I was trying to break into the cybersecurity field. Like so many in our field, I had a wonky career path before infosec and I wanted to find a way to prove that I knew what I was doing.

Early career

Originally, I worked as a structural engineer out of college. I went to the University of Nebraska Omaha, home of one of the three universities (at the time) to have an accelerated five-year Masters Degree for Architectural Engineering. I enjoyed engineering and liked the people I worked with, but at the end of 2008, during the housing crisis, I was laid off. While I searched for a job I had an epiphany: I liked the math and science aspect of the job, but it lacked creativity. When I had originally enrolled in Architectural Engineering, I thought that part of my job would be to design the buildings that I was engineering; however, it was the architects that designed the building and the structural engineer's responsibility was to use math to ensure that it would stay standing.

I missed that creative component. Through a job fair, the opportunity to change career fields materialized by way of software development. Immediately, I felt creative again, designing websites and programs that were molded in my vision. Outside of work I started making my own websites and domains and filling that creative hole in career. As I got better at development, I started exploring different roles in software, including java, python, and node. However, I knew that a role in software was not my final destination, I had been going to night classes to get my MS in Cybersecurity.

✨ The first spark

While I was laid off, I had built a php website showcasing the different buildings I had worked on. It was rudimentary at best, more form over function, but it allowed me to claim a spot on the internet - adamschaal.net (now inactive). While building this website, I learned html, the skeletal structural for websites. Although this website did not help me land a structural engineering role, it did unlock something else.

At this time in my life, I didn't have a smart phone - gasp, yes I'm old; instead I had an iPod touch. While working odd jobs (physics TA, construction site superientendent, etc) I enjoyed playing a strategy game on the iPod where you flew spaceships and tried to attack people's planets. I don't even recall the name of the game to be honest, but the crucial component of it was it was it had zero sanitization in messaging. When I figured out how to send <marquee> html tags, I soon realized I could do much, much more.

Before I even knew was cross-site scripting was, I had created mechanisms to steal passwords of my 'crewmates' through a fake login popup. I never did anything malicious with these passwords, but I wanted to see how far I could push the envelop. This was about the same time that I got a job in software development and bought my first smart phone, so I stopped playing this space game. I had won, in my opinion, and no longer had a reason to play. Instead, I wanted to do more of this, I wanted to move into infosec fulltime, I wanted to be a "hacker".

Transitioning to Cybersecurity

While working all day in software, I enrolled in night classes to get my MS in Cybersecurity at the University of Nebraska Omaha (UNO), a National Center of Academic Excellence in Cybersecurity (NCAE‑C) designated by the NSA and DHS. It was challenging to do both, but I really enjoyed what I was learning and I started signing up for more extracurriculars like Nullify, a UNO hacking club created the year prior to me enrolling.

It wasn't without growing pains, I had to learn the fundamentals like how browsers work, Terminal commandhow networking interacted, and linux. I still recall the day my old friend Spencer, now an uber-professional, got me to run rm -rf / in my lab environment. But I was enjoying what I was doing and the people I was meeting.

As I grew into a senior developer, transitioning into a professional cybersecurity career was getting more and more difficult without completely starting over at a junior level. I wanted a more senior role to match my software developer experience, but didn't have any direct infosec roles. Fortunately, I connected with my friend, Tyler, who ran his own blog. Tyler and I talked about his reasons for creating a blog and he said something that stuck out to me:

"A blog is a place to show off your knowledge. You can write about enough deep technical topics such that it is undeniable that you have technical chops and you are experienced in areas, even if it's not at a job."

So I started my own blog. I didn't want to talk too deeply about my software roles, but I did talk about my experiences building a new site, self-hosting my blog (medium et. al. did not exist), and most crucially my CTF challenge solves. Every Capture-the-Flag challenge I solved ended up in my blog, with details around my thought process and the steps I took to find the flag. However, my first post to attract a potential employer was comparing the technical work to obtain my degree to work to pass the OSCP. Before long, I joined a local company as a Senior Application Security engineer, the perfect mix of my developer work experience and cybersecurity interest and background.

⚡ An inflection point (or why another blog)

Here we are again, at what feels like another crucial inflection point in history. Just like the early 2010s when cybersecurity was exploding and I was trying to break into the field, we're now witnessing the rapid acceleration of GenAI and its potential to reshape entire industries. The parallels are striking - the same sense of opportunity mixed with uncertainty, the same feeling that the ground is shifting beneath our feet.

I've been watching this space evolve, experimenting with various AI tools, and thinking deeply about how this technology will fundamentally change how we work, how we solve problems, and how we think about human-machine collaboration. But more than that, I'm seeing another potential career inflection point on the horizon. Just as I transitioned from structural engineering to software development to cybersecurity, I'm sensing another pivot might be necessary - or at least worth exploring.

This blog represents my attempt to document this journey in real-time. I want to capture the experiments, the failures, the insights, and the evolving understanding of what it means to work alongside AI systems. I'll be talking about the projects I'm building, the tools I'm testing, and the patterns I'm noticing as someone who's been through multiple technological transitions before.

The goal isn't just to showcase technical chops (though that's part of it), but to create a record of this moment in time - what it felt like to be at the intersection of traditional cybersecurity expertise and emerging AI capabilities. Because if history is any guide, these inflection points don't last forever, and the people who document their journey through them often end up with the most valuable insights.

TL;DR - This blog represents my journey from structural engineering to cybersecurity, documenting the challenges, learnings, and insights along the way.