BLUF: When I’m looking for offensive cyber leaders, I’m looking for the career experiences that build real intuition: operational execution, zero-days, tooling, targeting, understanding of failure, and (increasingly) AI-first immersion.

I’m going to keep this deliberately high-level. This is about leadership pattern-matching and intuition, not tactics, not techniques, and not “how-to.” I was talking with a senior civilian leader in the Department of Defense a while back about what offensive cyber leadership career progressions should look like to develop their intuition about the domain as it is, not as they want it to be, and not as others believe it to be.

Here are five early-to-mid career experiences I look for in those on the path to offensive cyber senior leadership before they get into the established organizational curriculum of budgets, morale, training, etc. I’ll start with the sixth that’s becoming non-optional

1. Immersed in an AI-first environment
   This is the newest filter, and I’m going to be blunt: I don’t think this can be taught in a classroom yet and I haven’t seen it learned by dabbling. You have to live in it long enough for your instincts to change. Going in depth to what I understand, and what I know I don’t yet understand, is a post for another time.

2. Hands-on-keyboard on real operations
   I’m not looking for someone who merely “touched the mission.” I’m looking for someone who has personally pushed through the friction of execution. Using an analogy so I don’t publicly talk ops: in World of Warcraft terms, “gold farmers” do not become leaders. People who have actually run the raid are usually aware of and can work around the mirroring biases of themselves and others.

3. Discovered a zero-day
   In offensive terms, a “zero-day” is a non-public vulnerability. This part of cyber is still incredibly artisanal and has not been distilled down to science or engineering. Those who have found 0day understand that requirements should be levied from the access vectors and rarely onto the access vectors.

4. Built tooling
   Cyber is fractal: zoom out and you’re dealing with people, process, requirements, and effects; zoom in and you’re dealing in machine time. These people tend to be able to operate along the people-time to machine-time continuum. A practical reminder: a modern CPU is speculatively executing billions of micro-operations per second and often deciding only afterwards if it should save or ignore each result. A person’s five minute coffee break can be an eternity worth of decisions in machine time.

5. Built target packages
   I can usually tell within minutes who has done serious targeting and who hasn’t. People who have built target packages tend to start with the target as it is, then push derived requirements backward through the organization and logistics. People without this scar tissue often unconsciously think about the world as they want it to be, and then learn late late in their workflow that the target doesn’t care about their preference.

6. Owned an operation that didn’t go to plan
   The most valuable cyber intuition is understanding where to build in resiliency. Mike Tyson’s paraphrased quote “everyone has a plan until they get punched in the face” embodies it well. Computers and networks are strange: surprisingly brittle in some places, shockingly resilient in others. Leaders who have had to unstick their own mess tend to plan in ways that assume they’ll get hit, and those that don’t are more likely to leave a mess behind for forensicators to showcase to the world. Fortunately, this is one of the areas that I have seen effectively taught.

It’s rare to find all of these in one person. To be clear, I haven’t done them all either. But if we were designing a government personnel system, we should devise career arcs that produce leaders whose intuition is aligned with the domain as it is, not the domain as we wish it were.

If you’re building your own career arc, the point isn’t to collect badges. It’s to deliberately build the right experience points to level up.