Intelligence Is My Dump Stat: Getting Into Cybersecurity

SANS Institute · Beginner ·🔐 Cybersecurity ·5mo ago

Key Takeaways

The SANS Institute presents a talk on getting into cybersecurity using RPG concepts as a mental model for neurodivergent learners, featuring Dungeons & Dragons as a framework for navigating cybersecurity learning.

Full Transcript

Hey everyone. Um, thank you Satie for that amazing introduction. Um, like she said, I'm Liz Gore and today I want to talk to you about one of my favorite obsessions, Dungeons and Dragons. Um, more specifically, Balders's Gate 3, a D&D inspired role- playinging video game that came out back in 2023. Um, since then I have been like deeply immersed, uh, killing good guys, kissing bad girls, and trying to save the world. Um, for most of my life, my tendency to hyperfocus was like embarrassing. Uh, I'd spend hours on hours locked into romantic books, video games, my comfort TV shows. And in the past, if you asked me how many hours I spent in a hyperfocus haze, I would have hidden it because that kind of like fixed attention, that obsessive deep dive into something that brings you joy but isn't seen as like productive, I'd always believed that that was a problem. But today, I'm going to tell you why that problem is actually my greatest professional asset in cyber security. So, a little deep lore about me. Um, born in the 1900s, late diagnosed everything. I spent 38 years thinking I was just bad at being a person. Uh, I crave routine but struggle to keep it. Friends call me flaky because I love to make plans but then never leave the house. Um, people I love have called me a failure because I have like lofty goals and no follow-through. And yeah, if you text me, it might take six weeks for me to respond because I missed the socially acceptable deadline to respond and now I don't want to like bother you. So, I'm a walking juxtaposition. Anyone else like this? Uh, drop your diagnosis in the chat. Um, so I failed at being an actor. So, I spent 15 years as a theater teacher, which on paper is about as far from cyber security as you can get, right? Um, but then I got pulled out of the classroom and forced into googling, why won't this printer print while maintaining eye contact with the teacher who like needed those grades printed or we would all fail an audit, right? So, I became an IT guy accidentally. Everything I knew about Wi-Fi was against my will. But um one day I solved a problem for someone in terminal. I was their like hero and I felt a spark that I hadn't felt since like 1998 back when I made a truly terrible angel fire website. U if you know you know. Um [laughter] but my dopamine deficient ass really wanted to like chase that feeling. So, I tried learning on my own, but like no one path seemed to align with me being a full-time mom and a career changer. Like, I took an AWS class at the local community college, but the pace was like so slow and I got bored very quickly. Uh, and I always had a vague peripheral knowledge of SANS, but I never thought that like I had the skills to do that level of training. Um, I applied to SANS Cyber Academy anyway and got rejected. [laughter] I spent the following year attending every SANS virtual summit that I could, furiously taking notes and writing down like all of the words and acronyms that I didn't know. And then I like fell in love with all the possibilities a new career in security could bring. I applied again in 2024, was accepted, got my three GXerts, and finished the program back in May. [clears throat] Um, and yeah, uh, these 700 plus hours in Balders's Gate 3, still haven't finished it. Um, I keep restarting to try different builds, which uh, honestly explains my entire career. So [laughter] let's see the challenge. So when I started researching how to break into cyber security, I'd open Google, Reddit, LinkedIn, and immediately my brain would just like freeze. Um there were like a thousand different certification paths. Every person had conflicting advice. Start with cyber security plus. Uh no, skip security plus and go go straight to learning bash. Um actually, you should get a computer science degree first. Some people might look at infinite possibilities and get like super excited. In my experience, neurode divergent brains can suffer from choice fatigue. So, my ADHD brain took one look at that infinite skill tree and went, "Nope, I'm out. We're out." So, I'd leave all 10,000 tabs open and just go back to doom scrolling on TikTok and then I'd feel guilty about it and the cycle would repeat. Does this sound familiar to anyone? Yeah. So, even after getting my SAM certifications, I still felt stuck. Analysis paralysis to the extreme, but I reverse engineered why my brain can spend so many hours in Balders's Gate. When I'm building a character in that game, I I don't feel paralyzed. I feel focused. Why is it the banging soundtrack? Sure, maybe. But that character creation screen also gives me six ability scores to sync points into. It gives me bounded choices, an intentional strategy of offering a limited number of options and and then I can see my strengths and weaknesses clearly. I can plan my build around them. Wild thought. What if I could do that but for my career? Right? So, I built this framework because my brain needs structure. It doesn't want it, but it needs it. Uh, my ADHD executive dysfunction means I struggle with open-ended tasks. Figure out your career path feels like navigating a maze with no walls. But my autistic monotropism, that deep singular focus on things that I'm interested in, loves clear categories. Suddenly, I can think, I can plan, I can make decisions. This framework reduces cognitive load with external structure. I don't have to hold all the career possibilities in my working memory. They're mapped to something visual and tangible and fun. Most importantly for me, it reframes deficits. So when I can say intelligence is my dump stat instead of I'm bad at memorizing technical stuff, it removes the shame. It lets me focus on what I'm actually good at instead of me like shame spiraling about things I have no control over. So, I've taken my current special interest DND and I'm using it to guide my brain where I want it to go. Just like Rex said in his keynote, like using it as a framework. My special interest might be completely different than yours. That's fine. The underlying principles work regardless of the metaphor. But today, I'm teaching you my version. And then at the end, I'm going to show you the architecture underneath so that way you can build your own. Why Dungeons and Dragons? Well, besides being my special interest, it's super cool, right? So, you may have seen Stranger Things, maybe you've heard of Critical Role, but when it comes to Dn D, all you really need to know is that there are dice and dragons and dwarfs. In Dn D, before you start playing, you create a character, and there is no wrong character. You're playing a game. The goal is to have fun. Every character has strengths. Every character has challenges. Every character has a role to play in the party. Dn D has six ability scores. That's like the perfect way to capture complexity without being too overwhelming. Having a low stat isn't some moral failing. It's a strategic choice. That's what a dump stat is. So, say you dump intelligence to max out strength and wisdom. You build a barbarian, not a wizard. No barbarian is running around the forgotten realms wishing they were smarter or faster or whatever. No barbarian smash, right? So, you don't even have to try and make every stat in 18. Honestly, you can't. You're working with what you've got. So, you lean into your strengths and find creative ways to work around your challenges to complete your quest. We can approach our careers and our neurode divergence the same way. So, let's dive into these stats. In D and D, of course, there's those six core abilities. I'm going to translate them to cyber security, and I want you to start thinking about which ones are your highest stats. So, strength is hands-on execution, actually doing the thing, running labs, brute forcing problems. Dexterity is adaptability, quick pivots, context switching. Constitution is persistence, but that hyperfocus, stamina, and resilience. Intelligence is technical knowledge, deep expertise, retaining information. Uh wisdom, pattern recognition, intuition, spotting those anomalies. Charisma is communication, teaching, collaborating. So neurode divergent traits aren't deficits here. They're unique abilities you were born with. They're class features, the traits that make you excel in specific builds. We're going to talk about the core abilities and break down each one step by step. And if you see a stat that resonates with you, let me know in the Slack. Drop it, please. Um, I want to read all about it when I'm done. Um, so let's start with my highest stat. It is charisma. [laughter] It's all about communication. Here I am communicating. Um, [laughter] technical writing, presentations, security awareness, making security make sense to people who don't speak security. I spent 15 years teaching Shakespeare to teenagers who would rather be literally anywhere else. So I had to max out on this one early. Uh I just swapped amic pentameter for fishing simulations. Um running a security awareness training as a walk in the park compared to doing Shakespeare in it. Yeah. Um at work I am direct blunt even maybe a little too much. Uh, I don't do corporate speak. Um, I don't play those kinds of games. I used to think that was a problem. But, you know, most people are desperate for someone who can demystify technology with everyday examples and tell it like it is. So, when I tell leadership, "This is a risk and here's why," they actually listen. I'm not burying it in seven layers of CYA language, right? Maybe I'm maxed out on charisma and I can get away with being blunt. something a wizard or a barbarian might not be able to do. But that's the beauty of the bard build. I don't need to max my strength if I can convince the fighter to handle combat for me. I'm too busy at the tavern singing to the local winches. You know, [laughter] I don't need to be the security engineer if I can explain the risk of not having one to the person who writes the check. That's the power of knowing your build. And if your special interest, like me, is people and understanding what makes them tick, then you're probably rolling high on charisma. Wisdom is mapped to pattern recognition, a neurode divergent trait, often leading to like enhanced abilities in areas like logic and attention to detail. And this is where being neurode divergent becomes a genuine superpower in cyber security. Um, there's this thing that happens with my ADHD brain and and maybe yours, too. Uh, it's easy to look at pieces of data and think, "Oh, something's off." I'll be looking at logs or emails or uh even like network traffic and before I can even articulate why, my finger is hovering over that block button. You know, autistic attention to detail catches what others filter out. So the email formatting that's almost right, that domain pattern that matches a campaign from months ago, it's like magic. It's our brains wider associative network making connections faster than our conscious mind can process them. We're seeing those patterns and deviations simultaneously. That's wisdom, the intuitive leap that comes from processing information differently. This is a competitive advantage. companies playing an impossible game of among us. And we wise neurodeiverges are really good at picking out the imposters. And if you've ever hated someone based on vibes alone and then felt vindicated when they turn out to be a bad person anyway, well, that's high wisdom right there. [laughter] Intelligence, technical knowledge, following frameworks methodically, learning theory before practice, working through things step by step in the proper order. And of course, this is my dump stab. I'm a loosey- goosey funtime guy. I'm not a framework girly. Um, high intelligence is like effortlessly memorizing coding languages and retaining protocols, specifications, systematically studying theory, and then like just loving it, right? If you look at the cyber field from the outside, it seems like it's all about that, right? frameworks, methodologies, methodologies, like coding languages, playbooks. Even after getting my foot in the door, completing the cyber academy and like earning those Certs, I still managed to convince myself that I'm not like smart enough. Oh, why can't I have the intelligence build that real security professionals have? But, you know, I'm not looking at it the right way. I'm not a wizard. I'm a bard. Wizards need high intelligence. They they study spellbooks systematically. They prepare spell lists methodically. They approach problems with careful analysis and documented procedures. Bards, well, bards are spontaneous casters. We improvise, baby. We read the room. We [clears throat] adapt on the fly. We solve problems through charisma and creativity and intuition, not through systematic study. And both are valid. Now that I'm re I've reframed it that way. Now that I've like stopped seeing low intelligence as a failure and started seeing it as a strategic dump stat for the build that I'm actually running. Everything has changed. And if your brain is a steel trap for information and like you not only love a playbook, but you wrote the damn thing, that's solid intelligence. Strength, hands-on execution, going deep by doing rather than knowing. Strength is like, I can configure this thing until it works. Googling errors as I go and and then just troubleshoot when it breaks. Our ADHD brains thrive on this. The immediate feedback loop of try something, see if it works, adjust, keeps us engaged. The trial and error process feels like a puzzle game, not tedious study. Now, my strength is mid-tier. I am not a dedicated malware analyst or or a exploit developer. That's not my primary build, but I'm leveling it. Why? Because it's fun to break things. And also because understanding offensive security makes me better at my actual job. So, when I can tell my teachers, here's exactly how an attacker would exploit that behavior, it lands differently than just saying, this is a policy you have to follow. When I understand how pentesting works, I can design better defenses. So, I'm multiclassing bard with rogue. Multiclassing isn't abandoning your core. It's just enhancing it. And you don't need to max out every stat, but understanding where you want to add a few points as you level up, that's strategic character development. But if your learning style is like click every button and see what explodes, if a CTF like hates to see you coming, then you're probably high in strength. Dexterity, adaptability, context switching, pivoting fast, handling 12 things at once without dropping most of them. This is where ADHD shines. Some people freeze when things go wrong, but high dexterity gamers can take everything in stride and even thrive when everything's on fire and they're being pulled in a bunch of different directions. You know that that interview question um where do you see yourself in five years? I have never once been able to answer that truthfully. Like my career path looks like I rolled a d20 for each job. um barista, photographer, theater teacher, school operations, IT director, now cyber security. That's like six careers, bro. But every single one gave me context. What looks like chaos on a resume is actually high decks and I always land on my feet. So if you thrive in the chaos that would make other people cry, that's big dex energy right there. [sighs and gasps] Constitution, focus, and endurance. This one is um dropping stuff. This one is complicated for neurode divergent folks. Um hyperfocus allows us to dive deep on subjects we find intriguing, but even the best D&D party needs to have a long rest after a dungeon crawl. I burned out multiple times before I understood this. I'd have these incredibly productive streaks where I'd work 14-hour days, make huge progress, feel amazing, on top of the world, right? Then crash hard, lying on the couch for a week, unable to do basic tasks like showering hard. Our brains aren't motivated by importance. We're motivated by what I call quest. Uh quest, urgency, epic challenges, stakes, and what's thrilling to us. I can't make myself focus on something boring just by deciding it's important. Right? That's [clears throat] not how my nervous system works. But I can structure my environment to create the conditions for hyperfocus on things that matter. When I was earning my CS, I had to schedule hyperfocus. Same time, same place, same rituals. My brain learned this is the deep work cave. But burnout is real. Know your warning signs, y'all. Like, give yourself permission to stop when you're tired, not when the task is done. Know what fills your cup and what drains it, and act accordingly. So, doing this, I earned those threeerts without completely destroying myself like I thought I would. [laughter] I still had energy for my kid, my job, my life. That's sustainable constitution. And it's only possible because I stopped trying to be neurotypical. You might have high constitution if your hyperfocus has ever been described as like concerning by others. So now that we've covered the six stats, I need to circle back to intelligence. Right? Um because I glossed over something important earlier. This slide is the reason I wrote this talk. Okay? Why am I okay with intelligence being my dump stat? Uh most career advice in this field assumes high intelligence. It assumes you can follow a road map step by step. complete A before moving to B. Focus on fundamentals before advanced topics. Pick one specialization and stick with it. And when I'd read this advice, I'd think, yo, I'm doing this all wrong. Uh, I got interested in pentesting before I fully understood networking. I jumped into GCH concepts before I even mastered GCE fundamentals. Sh, don't tell anyone. I wanted to explore GRC and incident response and OSN and security awareness all at once instead of specializing. I feel like a fraud. Like I was taking shortcuts. Like eventually I'd be exposed as someone who didn't do it like the right way. Someone who is an outsider and doesn't really belong. Looking back now, I can see that change like what changed between my first and second application to the SAS Cyber Academy. I stopped trying to be someone else. That's it. The first time I applied, I tried to present like a mask of myself, what I thought they wanted to see. I am methodical. I have someone with high intelligence. I I I am someone that can follow the proper path. You know, the second time I knew more about myself and how I learn. And I applied as a bard. I led with my teaching experience. I highlighted my pattern recognition abilities. I showed how my chaotic career path actually gave me unique context. I owned being unconventional. And SAMS didn't fix my low intelligence. This learning path just works with my particular stat spread. The hands-on labs perfect for my learning style. The tight deadlines created that urgency that my ADHD brain needs. The community gave me people to learn from in real time, people I can admire and people I can hold hands with along the way. [snorts] And community is actually what I needed the most. In October, um, I presented at the SANS CloudSc Next Summit. Um, super exciting. Don't know how it happened. Um, but I mentioned during my talk that I just passed the GCH and the whole [snorts] room, this whole room full of really impressive cyber security professionals that I deeply, deeply respect started applauding. Nobody in my regular life even knows what the GCH is. And this was like so nice. I was just overcome with emotion and I like cried a little. It solidified for me that I actually belong here. Not despite my neurode divergence but um because of it. So practical application time. I want you to think about your own stats right now. Rate yourself on these six stats. Use whatever scale works for you. 1 to 10. I like 1 to 20. Doesn't matter. But here's the key. Know thyself. Rate yourself honestly. Not what you think you should be good at. Not what job descriptions say you need. What are you actually good at? Like what weaknesses might actually be dump stats for your build. For me, charisma is highest. You know, wisdom second, dexterity also pretty high. Constitution mid tier growing, strength growing, intelligence low. But what's your build? Because once you know your stats, you can make better decisions about what roles to pursue, what searchs to prioritize, what resources will actually work for your brain, uh where to invest your development time, what to delegate or partner with others on. So like your highest stat is your primary build. Lean into that, specialize there, right? Your lowest stat, stop beating yourself up about it, man. Like partner up with people who have that as their highest stat or just accept it as a dump stat and move on. You know what? Drop your dump stat in the chat. I want to see it. [laughter] Let's let's hit it. Hit it. Let's go. Um, honestly, we don't need to be good at everything. We just need to be excellent at the things that match our build. Okay. So, where does knowing your stats lead, right? Your stat spread points. It it it gives you the direction you need to go. Specific cyber security roles. Here we go. All 13 D and D classes. Now, we're not going to go through each one in detail because I have time blindness and forgot that this was supposed to be only 30 minutes. Um, but I want you to at least see the breadth of options, right? Every single cyber security role maps to a D&D class and every class is valid. There's no best class. There's just the class that matches your stat spread. Take 10 seconds here to scan this. Like, sock analysts are fighters. A ranger hunts threats. Pentester a rogue. Purple team threat intelligence. security engineer, warlocks and druids and monks. Oh my. You know, there's a lot of career paths that aren't represented here, but these are the most common. Um, find one that aligns with your highest stats, and that's where you can start. And remember, most people multiclass. You don't have to stay in one lane forever. Now, all right, I know what some of you are thinking. Liz, h I don't care about DND. Well, good news. You don't necessarily have to. Okay, here's the dirty little secret. It's not actually about D and D, right? I use D and D because I love Boulders Gate 3 and the ability scores are already deeply familiar to me. They're my special interests. Duh, right? But if D and D doesn't resonate with you, use something else. Pokemon, music theory, ecosystems, it can be personalized. Um, these principles work regardless of the specific metaphor. And the skill here isn't I can use D&D for career planning. It's I can build cognitive scaffolding that works with my brain instead of against it. That's those teacher terms right there. And if you leave here and build a Pokemon career framework, well then you understood the assignment. So what's next? First, do not try to do everything. Oh my god. Don't try to level up all six stats at once. Start with one, your highest stat. Where do you already excel? Focus there. Build on your strength. Second, of course, I've got resources available. uh if you want hands-on strength training, tryhackme the box, you know, you can read it's all right here. Um the full resource list and then of course I have a little quiz on finding your build um on my website lizgore.com. Um start with one stat, one strength, one resource. That's your next quest. So before I close, I want to talk directly to some specific people who might be watching this. This talk [sighs] is for the person who was told they're not technical enough. The career changer who feels too old. The one who tried the right path and it didn't work. The the one who thinks their brain is broken. Babe, your brain is not broken. You're just using the wrong framework. Follow this framework and figure out your build. Understand what you're naturally good at. Play to your strengths. The success that I have found in cyber security is not despite my neurode divergence. It's because of it. I tried to fix myself, then I stopped and started leveraging it. You can do the same. The drive that got me to 700 hours in a video game is the same drive that got me through 800 plus hours of studying cyber security and helped me land those searchs. Everyone starts at level one. You're not behind. You're gaining XP every day and you'll be exactly who you need to be. So, go build your character, lean into your weird stats, level up your way, and join the party because the party needs you. Thank you. I am Liz Gore. You can find me as accidental IT guy pretty much everywhere. Tik Tok, LinkedIn, GitHub. Um, everything is at le fixing your dump stats. You level up by maximizing your neurode divergent strengths. Now, let's open up for questions if we have any time. I don't know.

Original Description

Intelligence is My Dump Stat: How I Got Into Cybersecurity Anyway 🎙️ Liz Gore, Director of IT and Operations, Educators for Quality Alternatives 📍 Presented at SANS Neurodiversity in Cybersecurity Summit 2025 Starting in cybersecurity feels like facing a level 20 boss when you're still at level 1—overwhelming, intimidating, and unclear where to begin. As someone with AuDHD who just completed SANS Cyber Academy, Liz Gore found an unexpected guide: Dungeons & Dragons. This talk explores using RPG concepts as a mental model for the neurodivergent learner navigating cybersecurity learning—a framework that works brilliantly for some neurodivergent minds (though not all, and that's okay!). By treating character creation as self-discovery, skill trees as certification roadmaps, and career paths as campaigns with milestones and rest stops, the overwhelming scope of cybersecurity becomes a bit more manageable. This talk reframes neurodivergent traits as class features: pattern recognition as perception checks, hyperfocus as concentration spells, and systematic thinking as proficiency bonuses. Attendees will leave with visual character sheets for cybersecurity roles, skill tree maps, and practical resources for starting out—whether rolling their first character or multiclassing into cybersecurity. No D&D experience required.
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from SANS Institute · SANS Institute · 0 of 60

← Previous Next →
1 SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
2 SANS Institute Cybersecurity Training Customer Stories
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
3 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
4 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
5 CISSP® Prep Exam, MGT414, by SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
6 SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
7 Information Security Training from SANS Institute - Student Testimonials
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
8 SANS NetWars
SANS NetWars
SANS Institute
9 SANS DFIR NetWars
SANS DFIR NetWars
SANS Institute
10 Hack The Drone - SANS Cyber Academy UK
Hack The Drone - SANS Cyber Academy UK
SANS Institute
11 SANS VetSuccess Immersion Academy
SANS VetSuccess Immersion Academy
SANS Institute
12 SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
13 The 2015 SANS Holiday Hack Challenge
The 2015 SANS Holiday Hack Challenge
SANS Institute
14 SANS VetSuccess Academy: Hands-on Skills
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
15 SANS VetSuccess Academy Overview
SANS VetSuccess Academy Overview
SANS Institute
16 SANS ICS Security Summit & Training 2017
SANS ICS Security Summit & Training 2017
SANS Institute
17 Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
18 WannaCry recap, patches, and analysis
WannaCry recap, patches, and analysis
SANS Institute
19 If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
20 Graduation Day - SANS HM Gov Cyber Retraining Academy
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
21 Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
22 SANS Data Breach Summit & Training 2017
SANS Data Breach Summit & Training 2017
SANS Institute
23 SANS Secure DevOps Summit & Training 2017
SANS Secure DevOps Summit & Training 2017
SANS Institute
24 How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
25 SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
26 SANS Cybersecurity Programs for the Department of Defense
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
27 SANS Pen Test HackFest Summit & Training 2017
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
28 SANS SIEM & Tactical Analytics Summit & Training
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
29 If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
30 SANS Institute
SANS Institute
SANS Institute
31 ICS515: ICS Active Defense and Incident Response
ICS515: ICS Active Defense and Incident Response
SANS Institute
32 SANS Institute
SANS Institute
SANS Institute
33 Introducing the NEW SANS Pen Test Poster
Introducing the NEW SANS Pen Test Poster
SANS Institute
34 SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
35 SANS ICS Security Training, Munich, Germany
SANS ICS Security Training, Munich, Germany
SANS Institute
36 SANS Automotive Summit Webcast
SANS Automotive Summit Webcast
SANS Institute
37 Privesc Playground - SANS Pen Test HackFest Summit 2017
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
38 Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
39 Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
40 SANS Security Operations Summit & Training 2018
SANS Security Operations Summit & Training 2018
SANS Institute
41 Sh*t Happens!  (But You Still Need to Drink the Water) – SANS ICS Summit 2018
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
42 ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
43 You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
44 A Sneak Peak at the New ICS410
A Sneak Peak at the New ICS410
SANS Institute
45 Jumping Air Gaps – SANS ICS Summit 2018
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
46 Introduction to Linux
Introduction to Linux
SANS Institute
47 Introduction to Malware Analysis
Introduction to Malware Analysis
SANS Institute
48 You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
49 Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
50 Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
51 Apples and Oranges?:  A CompariSIEM – SANS Security Operations Summit 2018
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
52 SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
53 SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
54 The Science of Security: The Psychological Impacts of Security Awareness Programs
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
55 How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
56 Practical Advice for Submitting to Speak at a Cybersecurity Conference
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
57 SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
58 SANS Webcast - Zero Trust Architecture
SANS Webcast - Zero Trust Architecture
SANS Institute
59 SANS STX Cyber Range
SANS STX Cyber Range
SANS Institute
60 Part 1 – SANS Institute and Tenable talk about cloud security
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute

This talk explores using RPG concepts as a mental model for neurodivergent learners navigating cybersecurity learning, providing a framework for managing the overwhelming scope of cybersecurity.

Key Takeaways
  1. Treat character creation as self-discovery
  2. Use skill trees as certification roadmaps
  3. View career paths as campaigns with milestones and rest stops
  4. Reframe neurodivergent traits as class features
  5. Utilize pattern recognition as perception checks
  6. Apply hyperfocus as concentration spells
  7. Leverage systematic thinking as proficiency bonuses
💡 RPG concepts can be used as a mental model to make cybersecurity learning more manageable for neurodivergent individuals.

Related Reads

📰
Australia finds serious gaps in Big Tech’s response to child sexual abuse online
Australia's online safety regulator finds Big Tech's response to child sexual abuse online inadequate, citing existing tools not being utilized
The Next Web AI
📰
The Future of Endpoint Security: Why Visibility, Intelligence, and Automation Will Define the Next…
Learn how visibility, intelligence, and automation will shape the future of endpoint security and why it matters for businesses
Medium · Cybersecurity
📰
Why Every Cybersecurity Product Needs Enterprise-Grade Connectors in 2026
Learn why enterprise-grade connectors are crucial for cybersecurity products in 2026 and how they can improve integration and efficiency
Dev.to · Shivang Patel
📰
Malware Deep Dive: Gandcrab
Learn about Gandcrab ransomware and its analysis to improve cybersecurity knowledge
Dev.to · jordanricky1604-ship-it
Up next
8-Step Cybersecurity Engineer Roadmap 2026 | GenAI Era | #shorts
SCALER
Watch →