(Beginner Guide) Beatrice didn’t think twice about it. She had just downloaded a new app. It promised smarter recommendations, faster results, and a more personalised experience powered by AI. She signed up, entered her details, and clicked: Accept All. A few days later, something felt different. The app seemed to know her preferences almost too well.It suggested things she hadn’t explicitly searched for.Even the timing of the recommendations felt… accurate. She paused for a moment. How much of my data is this app actually using? The Question Most People Don’t Ask In the UK today, AI is part of everyday life. From: These systems rely on data to function. Your data. But here’s the question many beginners don’t ask: Is your data actually safe? What Happens to Your Data When You Use AI When Beatrice signed up, she shared more than she realised. Not just her name and email. But also: AI systems use this data to: Over time, this builds a detailed profile. Not just of who she is. But how she behaves. This Is Where GDPR Comes In In the UK, data protection is guided by laws based on the General Data Protection Regulation. These rules exist to protect people like Beatrice. In simple terms, GDPR says: What GDPR Actually Protects Beatrice has rights, even if she doesn’t always realise it. She has the right to: This means her data is not supposed to be used freely without limits. There are rules. But Here’s What Most People Don’t Realise GDPR doesn’t stop companies from using your data. It regulates how they use it. So when Beatrice clicked “Accept All,” she gave consent. And that changes things. Because once consent is given: As long as it follows legal guidelines. The Gap Between Protection and Reality This is where things become more complex. Even with GDPR in place: So while the law provides protection… Many people don’t fully understand how their data is being used. A Cybersecurity and GRC Perspective From a cybersecurity and governance point of view, this raises important questions: Because protecting data is not just about security. It’s about: The Real Question Beatrice’s data wasn’t stolen. It wasn’t hacked. It was used… exactly as she had allowed. But she didn’t fully understand what she had agreed to. And that’s where the real risk lies. On A Final Note AI is powerful because it learns from data. And in the UK, GDPR exists to make sure that learning happens responsibly. But protection doesn’t replace awareness. Because at the end of the day: your data may be protected by lawbut your choices still shape how it’s used If you are starting your journey in cybersecurity, this is something worth remembering: Data privacy is not just about laws It’s about understanding how your information flows and who controls it
How Your Online Behaviour Is Used to Predict Your Decisions (AI Explained for Beginners)
Beatrice didn’t search for it. She didn’t type it.She didn’t say it out loud. But there it was. An ad appeared on her screen. Exactly what she had been thinking about the night before. Same product. Same style. Even the same color. She paused. How did it know? The Pattern No One Sees Beatrice hadn’t searched for the item directly. But over the past few days, she had: Individually, these actions felt meaningless. But together, they told a story. Not to her. But to the system. What Online Behaviour Really Means Every time you use the internet, you leave small signals behind. Things like: These signals may seem random. But to AI systems, they are patterns. And patterns can be learned. When Data Becomes Prediction AI doesn’t just collect information. It studies behaviour. Over time, it begins to understand: In Beatrice’s case, the system didn’t need her to search. It already had enough data to predict her interest. The Quiet Shift At first, this feels helpful. Better recommendations.More relevant content.Less time searching. But something changes. Instead of you deciding what to explore… The system starts deciding what to show you. And slowly, your choices begin to narrow. The Hidden Risk Beatrice didn’t realise it, but her online experience was being shaped. Not forced. Just guided. The more she interacted, the more the system learned. And the more it learned, the more it influenced. This creates a subtle shift:From user controlTo system influence Why This Matters This isn’t just about ads. It affects: AI systems are designed to predict behaviour. But prediction can become influence. And influence can affect outcomes. A Question of Control Beatrice wasn’t being watched in the way she imagined. But her behaviour was being observed, analysed, and used. Not to harm her. But to understand her. The question is: How much of your decisions are truly yours… and how much are being shaped for you? A Cybersecurity and GRC Perspective This is where things connect to cybersecurity and governance. Because it’s not just about data collection. It’s about: In GRC, this raises important concerns: On A Final Note Beatrice eventually clicked on the ad. It was exactly what she wanted. Or at least… what she thought she wanted. AI didn’t force her decision. It simply understood her well enough to guide it. If you’re starting your journey in cybersecurity, this is something to remember: Data is not just collectedIt is used to predict, influence, and shape behaviour Because sometimes, the most powerful systems don’t control what you do. They simply make sure you see exactly what they want you to choose.
Why ‘Accept All Cookies’ Is a Bigger Risk Than You Think (AI & Data Privacy Explained)
Beatrice didn’t even pause. The pop-up appeared at the bottom of the screen: “We use cookies to improve your experience.” Two options. Accept AllManage Preferences She clicked Accept All without thinking and continued scrolling. It was quick. Easy. Harmless… or so it seemed. A few days later, something felt different. The ads she saw were unusually specific.The content recommendations felt almost too accurate.Even the products suggested matched things she had only thought about briefly. It was as if the internet was watching her. In a way, it was. The Click That Feels Too Small to Matter Most people think cybersecurity risks come from big actions: But sometimes, the risk begins with something much smaller. Something we barely notice. Like clicking “Accept All Cookies.” What Cookies Actually Do (Simple Explanation) Cookies are small pieces of data stored on your device when you visit a website. They help websites remember things like: On their own, cookies are not always harmful. But when combined and shared across platforms, they begin to tell a story. Your story. What “Accept All” Really Means When Beatrice clicked “Accept All,” she didn’t just accept one thing. She gave permission for: And most importantly… She allowed this data to be used in ways she didn’t fully understand. Where AI Comes In This is where things become more complex. Cookies don’t just store data. They feed AI systems. AI uses this data to: Over time, these systems begin to understand patterns: And slowly, a digital version of you is created. Not who you are. But who the system thinks you are. The Hidden Risk Beatrice never saw this happening. There was no alert. No warning. Just a better “user experience.” But behind the scenes: The risk isn’t just that data is collected. It is that control is quietly given away. What Most People Don’t Realise When people click “Accept All,” they assume: It is just for this website. But in reality, the data can travel. It can be: This creates a much bigger picture than most people expect. Where Data Privacy Comes In This is why data protection laws like the General Data Protection Regulation (GDPR) exist. They are designed to ensure that: In theory, Beatrice had a choice. She could have: But like many people, she chose convenience. A Familiar Pattern Beatrice’s story is not unusual. It happens every day. A small decision.A quick click.A moment of convenience. And over time, those small actions build something much bigger. On A Final Note…. Clicking “Accept All Cookies” doesn’t feel like a cybersecurity decision. But in today’s world, it is. Because data is no longer just information. It’s influence.It’s prediction.It’s power. And understanding how it’s used is one of the most important steps in protecting yourself. If you’re starting your journey in cybersecurity, remember this: Not all risks look dangerousSome look like convenience
What Happens After You Click a Phishing Link in the Age of AI
Beatrice almost ignored the email. It looked routine. “Urgent: Payroll verification required.” The message was clear, professional, and written exactly the way her company usually communicated. No spelling mistakes. No strange formatting. Even the tone felt familiar. She hesitated for a second. Then she clicked the link. Nothing unusual happened. A login page appeared. Clean. Branded. Normal. She entered her details and moved on with her day. By 11:42 AM, someone else had logged into her account. By 1:15 PM, internal emails were being accessed. By 3:30 PM, sensitive files had been downloaded. And by the end of the day, what started as a simple click had become a cybersecurity incident. But this time, something was different. This wasn’t just phishing. This was AI-assisted phishing. The Attack Didn’t Start With the Click It started much earlier. The attacker didn’t randomly send emails. Instead, they used AI tools to: The result? An email that didn’t look suspicious. It looked perfect. In the past, phishing emails were easier to spot. They contained: Now, AI has changed the game. Attackers no longer need to be skilled writers. They just need the AI right tools. Step by Step: What Actually Happened Beatrice’s click was just one moment in a chain of events. Here is how it all unfolded: 1. The Fake Page The link led to a login page designed to look identical to her company’s system. Every detail matched. Because AI can now help replicate interfaces quickly and convincingly. 2. The Credential Capture The moment she entered her login details, they were sent directly to the attacker. No alarms. No warnings. Just silent access. 3. The Silent Login Within minutes, the attacker logged into her real account. No hacking required. Just valid credentials. 4. The Expansion From there, access grew. Emails were read. Contacts were mapped. Internal systems were explored. In some cases, attackers use AI to analyse large amounts of data quickly, identifying what is valuable. 5. The Impact What began as one compromised account quickly became a wider risk: Why AI Makes This More Dangerous The goal of phishing hasn’t changed. But AI has made it: In other words: The attack is no longer obvious.The mistake is no longer easy to avoid. The Real Risk Isn’t Technology It’s easy to think this is a technology problem. But Beatrice didn’t fail because she lacked technical knowledge. She made a decision based on what she saw. And what she saw looked real. This is where cybersecurity becomes human. Because no matter how advanced systems become, people still have to: A New Reality for Beginners If you’re starting your cybersecurity journey, this is important to understand: The risks are no longer just technical. They are psychological, behavioural, and increasingly AI-driven. You’re not just learning how systems work. You’re learning how deception works at scale. On a final note…. Beatrice’s story isn’t rare. It’s becoming more common. Because in 2026, cyber attacks are no longer just about breaking systems. They are about convincing people. And AI is making that easier than ever. Because sometimes, the most dangerous part of a cyber attack…is not the code behind it. It’s how real it looks.
From Flight Paths to Prompt Paths: How I Design Techtakeoff with AI
When I started my transition from aviation to cybersecurity, I knew I wanted Techtakeoff to have a unique visual identity. I didn’t want generic stock photos; I wanted images that reflected my journey, my style, and the future I am building. That’s when I stepped into the world of Prompt Engineering. I did a course in AI for creatives. What is an AI Prompt? Think of an AI prompt like a flight plan. Just as a pilot needs specific coordinates, weather data, and altitude instructions to reach a destination, an AI model needs descriptive text to land on the right image. My Creative Process To create the visuals you see on this blog, I use Text-to-Image generative tools. I don’t just type “girl at a laptop.” I have to be the director, the lighting technician, and the stylist. For example, to create my “Tech Branding” images, I use detailed prompts like: A high-quality 3D animation style illustration of a confident Black woman with a sleek bob and glasses, sitting at a modern outdoor cafe. she is writing in a notebook labeled ‘Techtakeoff,’ with a laptop and coffee nearby. Cinematic lighting, soft morning sun, professional and chic aesthetic. Why This Matters for My Tech Journey You might wonder: What does making art have to do with Cybersecurity? The answer is Precision.
Why Cybersecurity Is a Business Problem, Not Just an IT Problem
When people hear the word cybersecurity, they often imagine technical teams working behind the scenes installing firewalls, monitoring systems, and defending networks from hackers. Because of this, many assume cybersecurity is simply an IT responsibility. But the reality is different. Cybersecurity is not just a technical issue. It is a business risk issue that affects operations, finances, reputation, and customer trust. When a cyber incident happens, the consequences extend far beyond the IT department. Understanding cybersecurity as a business problem helps organisations make better decisions about risk, resources, and long-term resilience. Cyber Incidents Can Disrupt Business Operations One of the most immediate effects of a cyber attack is operational disruption. When critical systems are compromised or unavailable, normal business activities can come to a halt. For example, ransomware attacks often lock organisations out of their own systems, making it impossible to access files, process transactions, or communicate internally. In some cases, companies cannot deliver services to customers or run essential operations until systems are restored. This is why cybersecurity is closely tied to business continuity. When systems fail, the impact is felt across the entire organisation not just in the IT department. Financial Loss Is a Real Risk Cyber incidents can also lead to significant financial consequences. Organisations may face costs such as: Even when systems are restored quickly, the financial impact can be substantial. For many organisations, cybersecurity failures are not just technical problems they become financial risks that leadership must manage. Customer Trust Can Be Damaged Modern businesses rely heavily on customer trust, especially when handling personal data, financial information, or digital services. If a cyber incident exposes customer data or disrupts services, customers may begin to question whether the company can protect their information. Rebuilding trust after a major security incident can take years. In some cases, customers simply move to competitors they believe are more secure. This is why cybersecurity is closely connected to brand reputation and customer confidence. Regulatory Consequences Can Follow Many industries are now subject to data protection and cybersecurity regulations. When organisations fail to protect sensitive data, regulators may investigate and impose penalties. These consequences can include fines, legal obligations, or increased oversight. For leadership teams, this means cybersecurity risks must be managed not only from a technical perspective but also from a compliance and governance perspective. Cybersecurity Requires Business-Level Decisions Because cybersecurity affects operations, finances, reputation, and compliance, it cannot be managed by technical teams alone. Effective cybersecurity requires business-level decision making, including: These decisions often involve senior leadership, risk managers, legal teams, and operational leaders not just IT specialists. Security Teams and Business Leaders Must Work Together Cybersecurity works best when technical teams and business leaders collaborate. Security professionals can identify threats and recommend controls, but leadership must decide how risks align with the organisation’s risk appetite, priorities, and resources. When cybersecurity is treated purely as an IT issue, organisations may underestimate the broader consequences of cyber incidents. When it is treated as a business risk, security becomes part of strategic decision-making. On a final note…. Cybersecurity is often associated with technical tools and defensive technologies. However, the real impact of cyber incidents is felt across the entire organisation. System disruptions, financial losses, regulatory exposure, and damage to customer trust all make cybersecurity a business problem, not just a technical one. Organisations that understand this shift are better prepared to manage cyber risk, protect their operations, and maintain trust with customers. In the end, cybersecurity is not only about defending networks it is about protecting the business itself.
What Aviation Taught Me About GRC (And Why Cybersecurity Needs It)
Amara didn’t miss a step because she didn’t care. She missed it because it was early, she was tired, and several things were happening at the same time. None of them felt serious on their own but that is usually how problems begin. In aviation, we expect moments like this.That’s why we have procedures. Not to control people, but to support them. That mindset is what first made Governance, Risk, and Compliance (GRC) feel familiar to me when I started learning cybersecurity. Aviation Runs on Governance Even If It Doesn’t Call It That In aviation, there is one clear goal: safe and reliable operations. Everything supports that goal: This is governance in action. What aviation calls “procedures” is really a way of making sure everyone knows: The structure exists to help the business run safely and consistently. That is exactly what good GRC is meant to do in cybersecurity. GRC Is Not the Problem Poorly Designed GRC Is When people complain about cybersecurity policies, they are often not reacting to GRC itself. They are reacting to: Good GRC is different. Good GRC connects security to business goals.It explains why controls exist and how they support the organisation. Just like aviation procedures support safety, trust, and continuity. Lesson One: Checklists Support People Under Pressure In aviation, even very experienced crew members use checklists. Not because they don’t know their jobs.But because pressure, fatigue, and distraction affect everyone. Checklists are there to make sure important steps are not missed when things get busy. In cybersecurity, GRC plays this role. Policies, procedures, and playbooks turn complex risks into clear actions.They help people do the right thing at the right time. This is not bureaucracy.This is risk management in practice. Lesson Two: Structure Helps the Business Move Faster Aviation is highly structured, but it is not slow. Because everyone knows: Decisions are made quickly and calmly, even in difficult situations. In cybersecurity, structure works the same way. Clear governance: Structure does not block the business.It protects it. Lesson Three: Reporting Without Fear Strengthens Risk Management Aviation encourages people to report mistakes and near-misses. The goal is not punishment.The goal is learning and prevention. This is strong risk management. In cybersecurity, GRC helps create the same environment. When people feel safe to report issues: Risk cannot be managed if it is hidden. From Blame to Better Design People will always make mistakes. Good systems are designed with that in mind. Aviation does not rely on perfect people.It relies on well-designed governance. Cybersecurity is no different. GRC is how organisations design security that works with people, not against them. Why This Matters for Cybersecurity Today Cybersecurity is becoming more complex. More systems.More data.More pressure on individuals. Without strong GRC, security becomes reactive and confusing. With good GRC: This is how cybersecurity becomes sustainable. Why GRC Makes Sense to Me Coming from aviation, GRC feels natural. Both industries deal with risk, trust, and responsibility.Both rely on clear rules to support complex operations. GRC is not about slowing things down.It is about helping organisations operate safely, confidently, and consistently. Security is not about perfect people. It is about clear governance, smart risk management, and systems that support the business when things are under pressure. That is the kind of cybersecurity I believe in.
Structure Is a Security Skill
When people think about cybersecurity, they often imagine firewalls, tools, and complex systems. But one of the most underrated security skills is not technical at all. It is structure. Structure is what keeps things from falling apart when humans get tired, rushed, or distracted. And since humans are always part of the system, structure becomes a form of protection. In security and GRC, structure shows up as policies, procedures, playbooks, and clear roles. Not because people don’t care but because caring alone is not enough. When there is no structure, decisions are made on the fly. And decisions made under pressure are where most security incidents begin. Structure removes guesswork. It tells people: Without structure, security relies on memory, good intentions, and “common sense.” And those fail when urgency, fear, or convenience enters the picture. Think about incident response. When something goes wrong, the goal is not to panic it is to follow a plan. That plan exists so people don’t have to think under stress. They just act. That is structure doing its job. Structure is also what turns awareness into action. Training tells people what could happen. Structure tells them what to do when it does. This is why GRC values documentation, reviews, and consistency. It is not paperwork for the sake of paperwork. It is a safety net. A way to protect people from their own limits. Strong security systems don’t expect humans to be perfect.They expect humans to be human and they build structure around that reality. Because in cybersecurity, structure doesn’t slow you down.It keeps you safe when it matters most. And that is why structure is not boring.It’s a skill.A security skill.
Why I Chose GRC in Cybersecurity
When I first decided to move into cybersecurity, I didn’t know how wide the field really was. To me, cybersecurity was just… cybersecurity. I didn’t yet understand that it had many different roles, paths, and specialisations. That clarity only started to come after training. During my cybersecurity training, I was exposed to different areas, but I still hadn’t made a decision. I was learning, observing, and trying to understand where I fit. The Internship That Helped Me Be Honest With Myself I got an opportunity to intern remotely at a cybersecurity company for one month. During that time, we were taught more about penetration testing and report writing. And this is where something important happened. I was bored. Not because the work wasn’t important but because it didn’t spark anything in me. I paid attention to how I felt and chose to be honest with myself. I realised that this side of cybersecurity didn’t excite me, and pretending otherwise wouldn’t help my journey. That honesty mattered. Discovering Cyber Threat Intelligence Later on, I took a course in Cisco Cyber Threat Intelligence. This experience felt completely different. I loved it. It sparked my curiosity. I enjoyed understanding threats, patterns, behaviours, and why attacks happen not just how they happen. For the first time, I felt engaged instead of forcing interest. That curiosity pushed me further. The Moment I Found GRC I started watching more videos on YouTube, especially content related to risk management. That was when I came across GRC; Governance, Risk, and Compliance. Something clicked. I found myself drawn to this side of cybersecurity and couldn’t immediately explain why. So I asked myself a simple question: Why am I drawn to GRC? Connecting the Dots With My Work Experience Out of curiosity, I typed that exact question into ChatGPT. I explained my background, that I had been a flight attendant for over a decade. The response stopped me in my tracks. I was told that I was likely drawn to GRC because compliance, regulations, procedures, and safety rules had been part of my life for years. And that was true. As a flight attendant, compliance wasn’t optional. Regulations had to be followed. Procedures existed for a reason. Safety depended on structure, accountability, and consistency. I wasn’t starting something new.I was recognising something familiar. Why GRC Makes Sense for Me GRC focuses on: It’s about understanding what could go wrong, how to reduce the impact, and how to respond when things don’t go as planned. That mindset felt natural to me. On A Final note…. Choosing GRC wasn’t about chasing a title or forcing a role.It was about paying attention to my interests, my curiosity, and my past work experience. Cybersecurity is a big field.Finding your place in it starts with honesty. For me, GRC didn’t feel foreign.It felt like home just in a different industry.
Why Convenience Is The Enemy Of Security
In the beginning, convenience felt harmless. When I first started using social media, I didn’t think much about passwords. I wasn’t careless I was being practical. Using the same password for all my accounts made life easier. One password to remember. No stress. No confusion. It felt efficient. And honestly, I thought, “At least I won’t forget it.” What I didn’t understand then was that convenience quietly trades comfort for risk. When Convenience Feels Smart….Until It Isn’t Using one password everywhere worked… until it didn’t. When my Google account was taken over, the process of getting it back was long and exhausting. Emails. Verifications. Waiting. Proving ownership again and again. It took time, patience, and persistence before I finally recovered it. That experience alone was sobering. But when my Facebook page was taken over, I made a different decision. I didn’t fight for it the same way. I simply started again and built a new one from scratch. Not because it didn’t matter but because the cost of recovery felt heavier than starting over. Both experiences taught me something I had ignored before. Convenience Creates Single Points of Failure The problem with convenience is not that it is wrong it is that it concentrates risk. One password across multiple platforms means one mistake opens many doors. Once that password is exposed, everything connected to it becomes vulnerable. I didn’t fully understand this until I lived through the recovery process. It was during that time resetting access, securing accounts, rebuilding that the importance of passwords finally became clear to me. Security Is Designed to Be Inconvenient for a Reason Security slows you down on purpose. Multiple passwords.Verification steps.Authentication codes. All of these things feel inconvenient because they interrupt ease. But that interruption is intentional. It exists to protect you during moments when convenience would otherwise cost you everything. Attackers depend on ease.Security depends on friction. And most people are not patient, we are always in a hurry. What Changed for Me After those experiences, I stopped prioritising convenience over protection. I began to see passwords not as obstacles, but as boundaries. I understood that the slight discomfort of managing them properly was nothing compared to the stress of losing access and control over my digital life. Convenience had taught me comfort.Security taught me responsibility. Final Thought Convenience feels good in the moment.Security protects you in the long run. Most security failures don’t happen because people are reckless they happen because people choose what feels easiest. And sometimes, the easiest choice is the most expensive one. Want more like this?I write about human-centred cybersecurity, risk, and career transitions.