If you're reading this past 11pm because something woke you up, or because you just got off a ticket that shouldn't have needed you, or because the SOC escalated something at 2am that turned out to be nothing; I want you to know I see you.
That's the first thing. Before anything else, before whatever I'm trying to convince you of by the end of this post: I see you. You're tired in a specific way that doesn't show up in metrics. You're carrying something that doesn't get reported to leadership as a line item. You've been doing it long enough you don't even notice it anymore. It's just Tuesday.
Let's talk about it
If you've read my other posts, you know where I'm coming from. By day I'm a support engineer; I manage tickets, junior techs, projects, SaaS product researh, the whole 9 yards. I knew that one day I was going to be in cyber security, but not like this. Not as a tier-3 tech who not only has to manage a ticket queue or teach people the difference between Active Directory and Azure, but also do the threat hunting, telemetry log analysis, writing IRP's for customers in senstive verticals, and figuring out how to lock down the 10 new AI tools that get pumped out every day.
The tools that are supposed to protect our customers don't catch what hurts them most of the time. Not the big obvious ransomware. Sure, the tools catch that. But the slow stuff. The quiet stuff. The fifteen-second harvest from an unlocked workstation at a reception desk. The cleverly-encoded PowerShell that didn't match a signature. The behavioral pattern that looked normal because the analyst doesn't know what normal actually looks like in your environment.
When that stuff happens, and it does happen, we're the ones who clean it up. We do the breach investigation. We figure out the scope. We find the lateral movement. We write the post-incident report. We talk to the customer. We do all the work the MDR was supposed to do, and we do it after they've already said "yeah, looks fine to us."
I'm not saying it happens all the time, but it happens enough. You know this. I know this. The reason I'm writing this isn't to tell you something new. It's to tell you that you're not crazy, and you're not alone.
On the flip-side of that coin🪙
There's another group I want to talk to before I get to my actual point.
The hobbyists. The ferral cyber enthusiasts. The people who go home from a day job and fire up your lab in your basement because you heard about a new zero-day and you just NEED to see it for yourself. The people who run CTFs on Saturday mornings. The people who file pull requests to open-source security tools at 1am. The people who post writeups on personal blogs that nobody's paying you for AHEM👀. The people who maintain detection rules in public repos because you couldn't stand watching them go undetected anymore. The people who learned offensive security and chose to point it at defense instead of payouts.
You're doing something important and you don't get told that enough. The industry talks about vendors and products and platforms. It doesn't talk about the practitioner who reverse-engineered some malware on a lunch break and pushed an IOC to a public feed that ended up protecting a hospital you'll never know about. It doesn't talk about the person who wrote the Sigma rule that's now in everyone's SIEM. It doesn't talk about the person who built the open-source tool that the for-profit vendors are quietly using under the hood.
That work matters. It might matter more than the vendor work, honestly, because it's the only work in this industry that scales without being throttled by a profit margin📈
Let's get to the point
Here's the thing I've been circling toward.
The exhausted engineer and the basement hobbyist are the same person. Not always literally, but structurally. We're one community. The MSP tech doing post-incident forensics at midnight is the same energy as the researcher publishing a detection rule on a personal GitHub. We're both filling the same gap. We're both doing work the commercial layer was supposed to do and didn't. We're both running on a mix of stubbornness and curiosity and a refusal to accept that "the dashboard said it was fine" should be the end of an investigation.
If you're in either camp, you should know the other camp is doing the same work from a different angle. The hobbyist makes the engineer's job possible by writing tools and sharing findings. The engineer makes the hobbyist's work matter by deploying it where it actually defends people. We need each other. The vendor ecosystem mostly doesn't acknowledge that, because acknowledging it would mean admitting their products aren't enough.
Why do I care and how do I know?
I run my lab in my free time because I love the work. That's the honest answer. ValorWorks is just the face of what I stand for. I run it because watching an EDR miss a payload I built is the most interesting thing I've done all week. Not because the rest of it isn't stimulating or stressful, but because every time I catch something the tools missed I learn something I can use the next day at work.
But somewhere along the way the lab stopped being just personal. The findings turned into blog posts. The blog posts turned into a Discord. The Discord turned into a small community of people doing the same kind of work I'm doing. And I started realizing that what I thought was a hobby was the same thing every other person in that community was doing in their basement, late at night, when everyone else is asleep.
This is the real security industry. Not the vendor floor at conferences. Not the marketing copy. Not the dashboards. The real industry is people in homelabs, writing detection rules, testing the things no vendor will test, publishing what they find, helping each other. It's the technicians who have the nerve to challenge those 3rd party tools. It's a community held together by curiosity and grit, not by quarterly earnings calls.
The Force is with you. Always.
ValorWorks started as my personal site that was, itself, just a new avenue I wanted to learn. Learning what goes into web development and all the ways to skin that cat. I'm honestly not sure what it's becoming yet. But the more nights I spend doing the gap-filling work both at the day job and in my lab, the more I think it might become a place for the rest of us. The engineers who are tired. The hobbyists who are doing the work that doesn't show up in any product roadmap or ROI projections. The people who think there has to be something better than what the channel is selling, and are quietly building it themselves.
If that's you, come find me. Either here at valorworks.dev or on the Discord linked. I don't have a product to sell you. I don't have a course to enroll you in. I just have a lab, some scars from the day job, and a belief that the people quietly filling the gap are the ones who matter most in this industry right now.
Keep going. The work you're doing matters. Even when nobody at the vendor level sees it. Especially then.
I'm Dillan Valor, and I approve this message.