The Marathon Mindset: Lessons from a 20-Year Journey

In the fast-paced world of cybersecurity, it’s easy to get caught up in the "sprint"—the next certification, the latest exploit, or the newest tool. However, a recent conversation with Jayson Vallente, Director for Offense at Theos Cyber, served as a powerful reminder that this field is actually a marathon. Jayson, a self-described "Hacker Enthusiast" and "Coffee Ninja," has spent two decades navigating the evolving landscape of security, and his path offers a masterclass in persistence and the "doer" mindset.

From the Server Room to the Director’s Chair

Jayson’s journey didn't begin at the top. In 2008, he was working in technical support and webhosting administration for HP. His "aha!" moment didn't come from a textbook but through hands-on experience and the guidance of mentors like Dax Labrador, who introduced him to the ROOTCON community. This highlights a critical insight for anyone entering the field: technical skills are the baseline, but community and mentorship are the catalysts for growth.

His career is a story of creating your own luck. While working as a system administrator at PSBank, he proactively engaged with the CISO to take on security responsibilities, effectively building his own bridge into the world of professional security. This eventually led him to specialized roles in Singapore and back to the Philippines, where he rose through management to become a Director.

The "Doer" Gap: Transitioning from Theory to Execution

One of the most profound insights Jayson shared was the challenge faced by those moving from academic or leadership backgrounds into technical offensive roles. He observed that highly intelligent people often fall into the trap of over-thinking or prioritizing theory over action. In the world of offensive security, success is driven by execution.

"Move first and learn along the way," Jayson advised. For those transitioning, this means shifting from a "thinking" mindset to a "doing" mindset. This is reflected in his technical roadmap: rather than collecting general knowledge, he advocates for going deep. He recommends mastering networking fundamentals, focusing on one programming language, and targeting high-impact, practical certifications like the OSCP, CPTS, or BSCP for web applications.

The Statistics of Risk

Jayson’s academic background is as unique as his career path. Having a background in Statistics and degree in Computer Science, he uses that analytical foundation to view security through the lens of risk. "All cybersecurity is driven by risk," he noted. In a penetration test, time is limited, and a statistical mindset helps a tester prioritize effort where it will have the most significant impact—much like a boxer looks for the highest likelihood of landing a damaging blow.

Sustainable Growth and the Hacker Way of Life

The most important takeaway for any enthusiast is Jayson's philosophy on longevity. To survive two decades in a high-pressure environment, one must avoid the "burnout sprint". His rule of thumb is sustainable: "one cert a year, one topic a year". By focusing on depth rather than width, you allow yourself the space to actually enjoy the process of discovery.

Ultimately, Jayson views "hacking" as more than just a job; it is a way of life. It’s a creative way of thinking—looking at a system and finding a way around it. Whether he’s brewing a quick "Vietnamese-style" coffee or leading a complex offensive engagement, that mindset of creative problem-solving remains the core of his success. For those of us following in his footsteps, the message is clear: Stay curious, stay passionate, and above all—Try Harder