Dylan Shroll

Cybersecurity & Adversary Engagement

I was seventeen years old when I first encountered the transcendent beauty of “In a Sentimental Mood,” recorded by jazz legends Duke Ellington and John Coltrane. Instantly, I was transported—not merely to a physical locale, but into an immersive emotional experience, coexisting in that eternal, musical moment alongside Duke and ‘Trane. At the time, I found myself adrift, couch-surfing within the Drake Neighborhood of Des Moines, Iowa during the 2010s—a far cry from Rudy Van Gelder’s iconic studio in Englewood Cliffs, New Jersey 50-something years earlier. Yet, despite the temporal and geographical divides, the music bridged the gap, connecting me intimately to their artistry. Their dynamic collaboration epitomized a profound freedom, a creative liberty that deeply inspired my own aspirations.

Jazz transcends mere musical classification—it represents a vibrant, evolving artistic phenomenon deeply interwoven with the lived realities, enduring resilience, profound creativity, and rich cultural expressions of African American communities. Originating amid social struggle and cultural celebration, jazz encapsulates improvisation, adaptability, and collaborative dynamism. Its inherent responsiveness and intuitive adaptability echo the historical realities faced by its creators. Similarly, the field of cybersecurity necessitates navigating unpredictability and adapting swiftly to emerging threats. Like jazz artists spontaneously innovating, cybersecurity professionals must constantly pivot and dynamically respond to unforeseen challenges, underscoring a shared essence: the nuanced artistry of adaptation.

One foundational lesson derived from jazz is the critical importance of timing. Precision in timing governs a percussionist’s rhythmic contributions just as effectively as it guides cybersecurity professionals formulating strategies and threat-detection cadences. Beyond mere intellectual understanding, both musicians and cybersecurity experts must intuitively sense and seamlessly integrate their actions within complex, interacting systems. Whether one is a forensic analyst meticulously uncovering an adversary’s hidden actions, a red-team strategist orchestrating precise attack vectors, or a trombonist captivating an enthralled audience at the revered Noce jazz club in downtown Des Moines, mastery of timing is paramount.

An equally significant principle is mindfulness and situational awareness. Jazz musicians engage in active, purposeful listening, deeply attuned to their fellow performers’ nuanced emotional and rhythmic shifts. Even slight variations provoke instantaneous adjustments, exemplifying heightened sensitivity and responsiveness. Similarly, cybersecurity professionals maintain continual vigilance, meticulously observing evolving digital landscapes for subtle signals that herald emerging threats. This vigilance demands more than mere technical proficiency; it requires an intuitive capacity to decode intricate anomalies. Much like a pianist foreseeing the saxophonist’s next improvisational turn, security analysts proactively anticipate adversaries’ strategies through subtle pattern recognition.

Effective collaboration and precise communication constitute the lifeblood of both jazz ensembles and cybersecurity teams. Jazz musicians intuitively communicate through musical dialogues characterized by trust, nuanced understanding, and spontaneous responsiveness, resulting in performances that appear effortlessly cohesive. Likewise, cybersecurity teams rely heavily upon rapid, accurate communication to manage crises effectively. Transparent sharing of responsibilities, insights, and strategies ensures a coherent, unified response. Similar to skilled jazz ensembles, cybersecurity teams flourish through mutual respect, clear roles, and synchronized coordination, achieving harmony in their collective efforts.

Resilience and adaptability are further critical intersections between jazz and cybersecurity. Skilled jazz performers adeptly navigate unexpected developments, gracefully transforming potential disruptions or mistakes into innovative and compelling improvisations. Similarly, cybersecurity professionals often face unexpected scenarios, rapidly pivoting strategies when initial defenses or planned approaches falter. Viewing unexpected challenges as opportunities for innovation rather than setbacks, successful cybersecurity professionals embody resilience akin to accomplished jazz musicians who skillfully convert uncertainty into artistic triumph.

Both jazz and cybersecurity thrive through continuous evolution and perpetual learning. Jazz continuously integrates diverse cultural, historical, and stylistic influences—from swing and bebop to fusion and contemporary interpretations—exemplifying adaptive openness and continuous renewal. Similarly, the cybersecurity landscape rapidly evolves, demanding that practitioners pursue ongoing education and constant skill refinement to remain effective. As jazz musicians evolve through collaborative experimentation and diverse influences, cybersecurity teams must similarly embrace continuous learning and adaptive innovation to maintain relevance and effectiveness.

Perhaps most compellingly, jazz illustrates the invaluable practice of improvisation. Each jazz performance is uniquely sculpted by the artists’ spontaneous emotional expressions, audience interactions, and the immediacy of the moment. Cybersecurity also demands constant improvisational agility, requiring practitioners to devise innovative responses to unanticipated threats. Predictable threats are rare, and rigid methodologies quickly become obsolete. The most resilient cybersecurity teams embrace uncertainty, converting unpredictability into a strategic asset, much as jazz musicians transform unexpected notes and rhythms into memorable artistic expressions.

In the vibrant interplay between jazz and cybersecurity lies a profound lesson: thriving amidst complexity and uncertainty necessitates embracing the jazz ethos—mindful attentiveness, articulate communication, unwavering adaptability, and courageous improvisation.

I spent nearly a decade in the coffee industry, working as a barista and a shift manager, a repair technician and managing service providers across the country. From each one of these stops along the way, one point was made abundantly clear: communication is essential. Whether it took the form of relationship building with customers, maintaining expectations with coworkers and stakeholders, or providing context and options to business owners, it was clear that to thrive, communication is key. This rings true not just in my former life as a barista, but today in my day-to-day life as a security professional.

The most insightful lesson on communication I learned from the brisk pace of the coffee business was the relationship between the pace of business and the need for context and communication. As a barista, being able to understand the needs of the customer, articulate those needs in a common language with fellow employees, and respond to those needs accordingly was the determining factor in the success of the business. There was a clear mission for the organization that was conveyed at every level and reinforced by every process: consistently and efficiently delivering on the customer’s specific needs. Though this seems simple enough, in practice there was quite a bit of nuance in how it was executed. For my example, the pace at which the business could operate was correlated with the pace at which we could communicate the orders as much as it was with the pace, we could craft beverages.

This became especially evident when systems like the drink label printers would go down. Because the store had to fall back to hand-writing the orders on cups, and since that introduced friction into the communication of orders across the store, there was significant operational impact. The value we provided to the customer was diminished because of long wait times and incorrectly filled orders. This resulted in wasted product and labor for the business as well as stress and frustration for employees and customers.

Specific pivots needed to be made during events like these: the prioritization of communication skills became more important– employees who excelled at written and verbal communication were placed in direct contact with customers – even when those same employees had a relative advantage in order production too. These skills also became something I prioritized when staffing decisions were made. This resulted in more efficient operations, but unexpectedly also decreased the time and energy needed to train staff; the same skills which enabled them to interface with customers also positioned them to consume institutional knowledge at an accelerated pace.

These same lessons have held true as I’ve grown my career in the technology and cybersecurity space. The rate at which defenders can respond to evolving risks is directly related to their ability to parse, understand, and synthesize information, and to relate that information to business owners. Only then can they respond to the associated risks.

But what can today’s cybersecurity professionals do to hone their communication skills? There are two things I can personally attest to improving my ability to communicate with stakeholders and colleagues.

The first way I improved my communication skills was to really engage with the practice of active listening. Our goal should be to have more than half of our communication activity be listening and absorbing information. The more information we can take in and distill down for our stakeholders, the more value we’re able to add to the communication and decision-making chain. In cybersecurity and technical fields, active listening is crucial for problem-solving, collaboration, and even adversary engagement. Whether it’s understanding a user’s security concerns, gathering intelligence from threat actors, or mentoring others, the ability to listen actively can be a game-changer. It helps build trust, improves communication, and ultimately leads to better decision-making.


Beyond listening, another unexpected practice sharpened my communication skills: meditation. I’d be skeptical too, if someone tried to tell me that sitting silently and staring at a wall was going to improve my communication skills. As Chen H. et al found in their study on operating room communication by surgeons; a regular, focused meditation practice can dramatically improve the speed and accuracy of communication during high-stakes situations. My anecdotal experience is that my meditation practice exercises the muscle of attention, which is key in both consuming information rapidly as well as expressing it and its’ relevance succinctly. I started meditating while I was working in coffee, and I noticed I was able to communicate better, more effectively, and (as a nice little bonus) more compassionately.

The pivots we, as an industry, must make are clear then. At every level of the talent pipeline communication skills must be prioritized and developed. Similarly, cybersecurity organizations must create and mature communication norms both internally and externally to facilitate the exchange of knowledge and accelerate their ability to respond to evolving threats. Industry-wide efforts to create standards for communications related to cybersecurity exist and deserve our support.

As a cybersecurity professional, I couldn’t begin to quantify the volume of information I’ve had to distill for stakeholders, the amount of time I’ve put into communicating with them, or the effort that has gone into executing on their vision. It’s been just as much a factor in this chapter of my life as the last.

In his book “Cybersecurity First Principles”, Rick Howard writes that the atomic mission of cybersecurity is to “Reduce the probability of material impact due to a cyber event…”. If our success as cybersecurity professionals is determined by our ability to execute on that mission, developing effective communication skills and strategies is an essential aspect of that function. The question remains, are we sufficiently investing in that skill for ourselves and our teams?

Transitioning from Coffee to a Security Career

When I first started my career, I wasn’t thinking about firewalls, encryption, or malware. I was thinking about lattes, customer service, and how to make the perfect foam. My days were spent behind a counter at Starbucks, mastering the art of coffee-making and engaging with customers.

Fast forward to today, and I’m a cybersecurity engineer working to secure digital spaces from adversarial threats. This journey wasn’t linear, and it certainly wasn’t easy, but it was driven by a few key lessons that I’ve learned along the way.

Whether you’re considering a career change or just stepping into the world of cybersecurity, I hope these insights will inspire and guide you.

1. Curiosity and Passion Will Pay Dividends

The cybersecurity landscape is vast and ever-changing. From ransomware to zero-day vulnerabilities, there’s always something new to learn. Early in my journey, I realized that cultivating a sense of curiosity was my greatest asset. Instead of feeling overwhelmed by the constant stream of information, I embraced it. I let my curiosity guide me, diving into topics that fascinated me and exploring the many facets of cybersecurity.

Curiosity also makes the learning process enjoyable. I treated each new challenge as a puzzle to solve, and each piece of knowledge as a tool to add to my arsenal. This mindset not only kept me engaged but also helped me adapt quickly to the rapid changes in the field. If you’re new to cybersecurity, don’t worry about mastering everything at once. Start with what excites you, and let that passion drive you forward.

2. It’s Never Too Late to Branch Out

Unlike many of my colleagues, I didn’t discover my passion for cybersecurity in high school or even during my first attempts at college. It took years of exploring different paths and thinking critically about what I wanted to do with my life. My journey to cybersecurity began with a willingness to pivot and try something new.

I’ll admit, there were moments when I feel behind or out of place. But those feelings are fleeting compared to the excitement of finding a field that resonates with me. Your starting point doesn’t define you—your willingness to take the leap does. Whether you’re coming from coffee, construction, or coding, there’s a place for you in cybersecurity.

3. Know Yourself, Know Your Needs

The best piece of advice I received during my transition was this: “learn about how you learn best.” For me, understanding that I am a tactile kinesthetic learner changed everything. I thrive with hands-on experiences and do my best work when I can actively engage with the material.

This self-awareness allowed me to tailor my study methods to what worked for me. Instead of just reading textbooks or watching videos, I sought out labs, simulations, and real-world scenarios to practice my skills. I built a homelab, and frustrated my partner by over-engineering our home network. Knowing yourself—your strengths, weaknesses, and learning preferences—is key to making the most of your efforts.

4. Be Mission-Driven

Cybersecurity isn’t always glamorous. There are long hours, high-pressure situations, and moments when it feels like the work never ends. During those tough times, having a mission to fall back on has been my anchor. My mission is simple: to make digital spaces safer for people, so that they can focus on occupying and inhabiting them. It’s what motivates me to keep learning, keep pushing, and keep showing up even when the going gets tough.

If you’re considering a career in cybersecurity, think about what drives you. Maybe it’s protecting your community, fighting against cybercrime, or simply solving complex problems. Whatever it is, hold onto that mission and let it guide you through the challenges.

5. Make Connections, Ask Questions

Breaking into cybersecurity is often about who you know. My first opportunity came because someone was willing to take a chance on me—but that chance wouldn’t have come if I hadn’t made the effort to connect with others in the field. I spent many long hours messaging strangers on LinkedIn, asking for a cup of coffee and 30 minutes of their time. This isn’t just something I used to do, but something I have carried forward as my own goals have evolved.

I’ve found that people are generally eager to share their knowledge and experiences. Don’t be afraid to reach out, ask questions, and build relationships. Whether it’s attending meetups, joining online forums, or simply striking up a conversation on LinkedIn, connections matter. They can open doors, offer guidance, and become invaluable allies as you navigate your career.

Final Thoughts

Transitioning from coffee to cybersecurity was one of the most challenging and rewarding decisions of my life. It required curiosity, resilience, and a willingness to step out of my comfort zone. If you’re thinking about making a similar leap, remember: it’s never too late, and you don’t have to do it alone. Stay curious, stay driven, and don’t be afraid to ask for help. You never know where the journey might take you.

Wishing you all the best,

-Dylan