Part 4 of 3: The Side Quest That Became the Main Quest
A three-part series having a fourth part feels about right for how my brain works.
The first three pieces were about how I would build a security team for the AI world, broken down the boring-but-useful way: People, Technology, and Process.
The thread running through all of them was this idea I keep coming back to: AI is a magnifying glass. It amplifies your people, your context, and your process discipline. Point it at a curious, capable team and it becomes leverage. Point it at a mess and you just get a louder mess.
This piece is not really another pillar. It is more of a side quest. A personal one.
If those articles resonated with you, I will be talking more about this at AISA CyberCon Melbourne 2026, running 14-16 October 2026 at the Melbourne Convention & Exhibition Centre. CyberCon describes itself as Australia's premier cyber security conference and Australia's largest annual gathering of cyber security professionals, leaders, and innovators.

I will be honest: that still feels surreal to write.
Not because I think conferences are magic, or because a stage changes the value of an idea. But because, for me, this stage represents a very long chain of small, stubborn steps. None of them looked impressive on their own. Together, they became a career.
I Think in Quests
I have always seen my career a bit like a video game.
Not in a polished LinkedIn "grindset" way. More like: there are levels, side quests, locked areas, weird boss fights, and occasionally a moment where you look back and realise the map is much bigger than you thought.
For me, sharing knowledge became one of those side quests.
I have always had this aspiration, somewhere in the background, to teach. Maybe not always in a formal classroom, but in the broader sense: take something confusing, wrestle with it until it makes sense, and then leave a cleaner path for the next person.
That started about 15 years ago, when I was still at university in Brazil.
I was struggling with a few subjects. My way of learning was to write things down in a very simple format: question, explanation, answer. Almost like an FAQ for myself. If I could explain the topic clearly, I probably understood it. If I could not, I knew exactly where the gap was.
At some point I realised my classmates were struggling with the same things. So I published the notes.
There was no content strategy. No personal brand plan. No funnel. Just a very basic thought: if one other person in the world has the same question I had, maybe this helps them avoid the same frustration.
That became the quest:
Write the thing I wish existed when I was stuck.

Useful Things Compound
Back in the prehistoric internet days, when page views were somehow the metric everyone cared about, that little site eventually collected around 4 million page views.
Which is funnier, and maybe a bit more impressive, when you remember the whole thing was in Portuguese. Not exactly the internet's easiest difficulty setting. The addressable audience was basically Brazil, Portugal, and, in my not so scientific counting, about five countries total if you ask most people to name who else speaks Portuguese.
I am mentioning the number carefully, because the point is not "look at this big number." The point is that usefulness compounds in strange ways.
Those early security articles led to conversations. The conversations led to jobs, to publishers in Brazil sending me cyber security books to review, not because I was famous, but because I had built a small reputation for explaining whether the material was actually useful for people trying to learn.
That led to more writing. More learning. More questions.
Then my university thesis became a presentation at Roadsec, a Brazilian conference. That was another level unlocked.

And because my brain apparently cannot leave a challenge alone, the next question became: how far can I take this?
Would people show up to hear my ideas? Would they make sense outside the small circle that already knew me? Could I keep improving until the rooms got bigger?
So I started speaking at small meetups in Brazil. Then I moved to Australia and did meetups in Sydney while trying to find my feet in a new country. Then came events across Victoria, meetups I organised, meetups I joined, panels, community talks, rooms where I knew almost nobody, and rooms where I slowly started recognising faces.
Earlier this year, friends from CCS invited me to speak at their CCS 2026 Brisbane Symposium, my first interstate conference. That one meant a lot too. It was another reminder that the map keeps expanding if you keep doing the work.
And now, CyberCon.
Why CyberCon Means So Much
CyberCon is not just another event on the calendar for me.
It is one of those milestones younger me would not have known how to even imagine. The student writing FAQ-style notes because he was struggling with university subjects would not have predicted this. The version of me nervously presenting a thesis in Brazil would not have predicted this. The version of me arriving in Australia and trying to rebuild career momentum from scratch definitely would not have predicted this.
That is why this matters.
Not because it proves I am special. It proves almost the opposite. It proves that ordinary, repeated effort can become something much bigger than it looks like at the time.
Every article was a small level. Every meetup was a small level. Every awkward first draft, every undercooked talk, every conversation after an event where someone said "that helped me think differently" was part of the same progression.
And yes, it has been bloody hard.
That is the part I do not want to smooth over. Inspirational stories can become useless when they hide the grind. Moving countries is hard. Building credibility twice is hard. Speaking in a second language is hard. Putting your ideas in public is hard. Getting better in public is even harder.
But hard is not the same as impossible.
The Same Lesson as the Series
The funny thing is that this personal story loops back to the same argument I was making in the AI security team series.
In Part 1, I argued that curiosity is the moat. That the future belongs less to people who only operate tools and more to people who build, question, reframe, and keep learning.
That is not just a hiring opinion. It is also the operating system behind most of my career.
The blog worked because I was curious enough to turn confusion into questions. The talks worked because I kept testing whether the way I explained something actually landed with people. The conferences came because every previous step created a little more leverage for the next one.
In Part 2, I wrote that context is the product. AI needs a clean room to think in. People do too. Writing forced me to build context around my own thinking. It made half-formed ideas visible. It showed me where I was hand-waving. It turned messy instinct into something another person could inspect, challenge, and use.
And in Part 3, the process piece, the principle was: build for the wobble.
That applies here as well. Careers are not necessarily linear. You will get things wrong. Some talks will not land. Some articles will be messy. Some opportunities will disappear. Some rooms will feel too big. The trick is not to avoid the wobble. It is to build a process that lets you recover, learn, and keep moving.
If You Are Trying to Follow This Path
Here is the practical takeaway, because I do not want this to become a soft-focus origin story.
If you want to build a career in this industry, especially if you are starting from somewhere that feels far away from the rooms you want to be in, do not wait until you feel fully ready to be useful.
Start smaller than your ego wants, and sooner than your fear wants.
Write the thing you just learned. Explain the concept that confused you last week. Give the meetup talk before it feels prestigious. Help one person. Then help ten. Then keep going.
Useful things compound.
That does not mean every blog post turns into a conference talk. It means every clear explanation makes you a little sharper. Every public idea gives people a reason to know how you think. Every time you teach something, you prove to yourself that you understand it well enough to carry it forward.
Practical version:
- Turn confusion into an artefact. If you had to struggle through a topic, someone else probably will too.
- Publish before it feels perfect. Your first version only needs to be useful enough to start the loop.
- Treat every stage like a level, not a verdict. A small meetup is not "small" if it unlocks the next room.
- Build visibility through usefulness. The goal is not attention. The goal is trust.
- Keep a bigger quest on the map. Mine is still Black Hat or DEF CON. CyberCon is not the final boss, but it is a serious level.
The Next Level
So yes, I will be at CyberCon Melbourne in October talking about security teams, AI, and what this new operating model demands from all of us.
But underneath that talk is the longer story: a student writing notes to survive exams, a blog that started as an FAQ, a series of small rooms, then larger rooms, then a conference stage I genuinely did not know was possible from where I started.
That is why I care about sharing this.
Because the point is not "look where I got to."
The point is: if you are grinding through your own early levels right now, the map is probably bigger than it looks.
The path is possible. It is also hard, uneven, and occasionally ridiculous. But if you keep learning, keep sharing, and keep turning your curiosity into something useful for other people, the next room opens.
I will see you at CyberCon.
And then, eventually, we go after the final boss.