Hey Bob , UnixGuy (Abed Hamdan) here!
I'm not gonna lie, I've been starring at this blank email page for 10 days now, which is highly unusual for me.
So here's the first and final draft of this email (please excuse any possible grammar or spelling issues...).
I want to tell you how 2025 went, what went well, and what nearly made me quit everything, and the recent and future updates to GRC Mastery that I committed to in 2026.
What went well in 2025:
The best and most important thing will always be the daily success stories that I receive from you telling me that you followed the advice in my videos and landed your dream job.
In 2025, I received messages like this on a daily basis, except there were often more than message per day, so that's 600+ success stories that I know of. This will always be personal measure of success.
However, we still have a problem..
What went wrong in 2025:
No matter how many videos I post, I still regularly get the following message:
Candidate:
"I applied to xxx number of cyber security jobs, and didn't get an interview, the market is rough or my resume is bad, can you review it?"
And make no mistake, 100% of the candidates who send messages like these have only done one or two certs maximum, usually Google Cyber cert and comptia sec+ or google cyber cert & tryhackme sal1
The issue is, none of the roadmaps on my videos consist of one or two entry level certs. No where did I (ever) say that one or two certs are a guaranteed path to a cyber job.
However, I take this as a personal failure of mine. I need to communicate this better. I tried to explicitly explain this in issue in this video:
In 2026, I need to do better. I need to expliclity state that one cert isn't a guarantee to a cyber job.
The 'market' is actually fine (contrary to what you hear from beginner youtubers), AI hasn't taken any cyber job (in fact, it created more cyber role to clean up AI mess created by beginner IT pros), and the problem was never the 'resume', it was always the lack of intermediate level training - to achieve that, simply follow my roadmaps to the end. Emphasis on 'to the end'.
Which brings me to my second failure of 2026: My health.
Now, I'm a very private person, I post on social media but I intentionally keep my life private, I'm as introverted as they come, but I feel like I need to share this. Here's a photo that summarise what happened in 2025:
This might look like an innocent photo, but I was 100% burned out here. I was trying to film a youtube video at 11:30 pm.. that's the time I have to create the videos that you see.
I got away with this, but my health decline slowly and surely and it all caught up to me. I'll spare you the details, but I need to get back to exercising, eating healthy, and getting more than 5 hours of sleep.
I just want to clarify: this has nothing to do with working in cyber security. My job is fine and in fact not stress at all. I just am very bad at managing my own time, and creating youtube videos after work is one thing
but doing it on top of updating GRC Mastery was something I didn't prepare for...
Which brings me to GRC Mastery.
GRC Mastery Recent and future updates:
What I'm proud of the most was this:
Not because it gave us Global Recognition, but because I didn't have to change anything in GRC Mastery material. In fact, the independent assessor told us that our training was the best he's ever seen....
Now, getting the recognition involved us getting audited, it took 4 months.... but hey we did it.
Now, I've committed to adding new stuff to GRC Mastery in 2026, and I'm letting you know in advance: GRC Mastery will get a lot of new modules and updates. We started already with this:
- Cyber Risk Quantification Module (Added in Dec 2025).
This was a significant update, it's an advanced topic and making it easy to understand with practical examples takes longer than it appears (certainly longer than it takes to finish the module).
The challenge is always to make it comprehensive but also not overly long so you actually finish it without getting lost.
I've done a lot of training in my life and let me tell you, there is nothing worse than a dude reading from slides he doesn't even understand, taking an hour to explain something that should've been 5 minutes at best... but I digress
The updates in 2026 won't be like we did in 2025. In 2025 I added ISO27001 Lead auditor all in one go. This time, I will be adding smaller modules every few months.
This way, it's more manageable.
I know what you want to know the topics, but where's the suspense in that
