This is my first post on a brand new site, which means it doubles as an introduction and an announcement. Before we get into anything else, here is how I ended up writing it.
I have spent the last fifteen or so years working in IT and cybersecurity, with the last six focused specifically on offensive security. That is the short version. The longer version is a career that started with cables and ended with a decision to start something new, and the road between those two points is what this post is about.
The TechCon Years
I joined the Marine Corps in 2009 and started out as a technical controller at Camp Lejeune. The job was unglamorous and exactly what I needed. Communications networks for training exercises and real operations, hundreds of pieces of equipment, hundreds of users, and a constant supply of things that were not working the way they were supposed to. This is where I learned to fix everything that is broken. Most of what came later in my career, including the parts that look more sophisticated on paper, traces back to the discipline I built sitting in a comms shop trying to find the one cable that was causing the whole problem.
One of those tours took me to Camp Leatherneck in Afghanistan, where I was responsible for the communications activity supporting the units on the ground. Running comms in a deployed environment teaches you things that no certification can. You learn how networks break under pressure, what redundancy actually means when the stakes are real, and how to make decisions without all the information you would prefer to have. Useful background for everything that came later.
Okinawa
In 2015 move over to cybersecurity and became the the Information System Security Officer and eventually Manager for the logitics group in Okinawa, and stayed there for three years.
The job was a real expansion of scope. I was running the cybersecurity program for the organization, advising leadership, inspecting subordinate units for compliance with DoD policy, and managing the cybersecurity workforce. It was my first long stretch in pure cybersecurity territory, and looking back, it shaped how I think about the relationship between governance, operations, and the humans who have to actually do the work.
It was also, by a wide margin, one of the best places I have ever lived. Okinawa is hard to describe without sounding like a travel brochure. The diving is some of the best on the planet. Coral, wrecks, water you can see thirty meters through on a good day. The food deserves its own post and will probably get one. There is a quality of life there that is genuinely difficult to leave, and it took some adjustment to come back to the continental United States when that tour ended.
After Okinawa I spent a year back at Quantico as a Cyber Threat Analyst, looking at Marine Corps networks through the lens of MITRE ATT&CK and figuring out where the cracks were, and also going through school after school, cert after cert. That work pulled me toward the offensive side, which is where things really started to click.
The Marine Corps Red Team
In 2019 I joined the Marine Corps Red Team as the Engineering Cell Lead. The first thing I did was take a hard look at our phishing capability and decide we could do a lot more with it. By the time I rotated out of that role, I had run the phishing program for the entire Marine Corps, modernized the tooling, and helped consolidate the team's infrastructure. The Engineering Cell Lead job was where I really started learning what it meant to run offensive operations at scale rather than just execute them. Different skill set. Equally important.
Two years later, I took over as Marine Corps Red Team Chief. I led a team running operations across the spectrum. From conducting red team operations at the request of Marine Corps Forces Cyberspace Command and US Cyber Command to trying to hack an armored personnel carrier or helping the SEALs train by working with Naval Special Warfare Command. The work was a constant cycle of operational vulnerability assessments, aggressor missions, and penetration tests against acquisitions programs, and we got to go after some genuinely hard targets. Some of my most memorable work happened during the many times supporting the MAGTF Warfighting Exercise, or MWX, which is its own story and one I plan to write up in a future post. The short version is that exercising at that scale taught me more about adversary simulation than any classroom ever could.
A lot of that time was spent trying to make the team better, not just busier. I built out a centralized logging capability to bring some sanity to the various command and control frameworks we were running. We worked on tradecraft, on tooling, on how we wrote reports. I spent a lot of time with leadership translating what we found into something they could actually act on. There were fun ops and there were shitty ops, and both categories taught me something. The fun ones taught me what good looks like. The shitty ones taught me what to fix.
Somewhere in that stretch I met Pete McKernan. We bonded almost immediately over the fact that we had both come up as technical controllers before finding our way to red teaming. That shared background made for a particular kind of conversation, the kind where you can skip a lot of explanations and get straight to getting the job done. We have been talking shop ever since.
I will say this about that period: I loved the work and I loved the people, but the funding situation was a steady source of frustration. Doing well as a small, sharp red team had a strange consequence, which was that the better we performed, the harder it became to make the case for additional resources. We were already producing. Why give us more. I lost count of the number of times I paid for infrastructure or domain registrations out of my own pocket because we had no budget line that fit. You learn to squeeze every drop of value out of what you have. That is a useful skill. It also wears on you over time.
Eventually it was time to go. Two things were true at the same time. My body had taken enough wear that I could see the math on a full career, and it was not adding up. And for the first time, I had found work outside the Marines that I genuinely loved more than the Marines, which is not something I ever expected to say. With those two truths sitting next to each other, the decision more or less made itself. I exited the Corps as a Gunny in early 2023.
SpecterOps
I joined SpecterOps as an Adversary Simulation Consultant. About two and a half years later, and working my way up the chain, I moved into a Managing Consultant role. The work spanned U.S. Government, Military, and Fortune 100 clients across a wide range of sectors.
The first thing that struck me coming from the government side was the security posture of well-resourced private companies. There is a tendency in government circles to assume that the public sector is generally more secure than the private sector, and in my experience that is not always how it shakes out. When a company's actual revenue is on the line, the incentives align in a particular way. Some of the most mature security programs I have ever worked against have been in the private sector. That observation alone shifted how I think about adversary simulation and what good defense looks like. I'll likely talk about this eventually as well, that compliance and security are absolutely not the same thing.
The team at SpecterOps is one of the reasons I stayed as long as I did. Working in services with a group of operators who are not just competent but genuinely interested in the craft is a different experience. You bounce ideas around constantly. You operate together and learn from how someone else approaches a problem. You grow in ways that solo work does not produce. I grew a lot in that environment, and I owe a lot of people there a real debt for it.
Somewhere along the way I took over as the course architect for Adversary Tactics: Red Team Operations and started delivering training at Black Hat USA and Black Hat Europe. Teaching turned out to be one of the most rewarding parts of the job. There is something about helping a practitioner connect the dots between offensive tradecraft and what defenders actually need to do that never gets old. The classroom is one of the few places I feel like I can pay forward the time other people invested in me.
A lot of my consulting work eventually centered on helping internal red teams get better. Building out infrastructure for them. Running maturity assessments. Sitting with team leads and working through what they wanted their program to look like in three years, and what was in the way. That work scratched a particular itch. It is one thing to find vulnerabilities in a target environment. It is another thing entirely to help an internal team build the muscles they need to find those vulnerabilities themselves, every quarter, indefinitely. The second one outlasts you. I find that meaningful.
What Comes Next
Which brings me to here.
Pete and I have spent lots of time together over the years talking about the kind of work we both wanted to be doing and the shape of the place where it would live. Eventually it became clear that the answer was to build that place ourselves. So I am leaving SpecterOps to do exactly that and join Pete here at ItsBroken. Pete is definitely the charismatic public persona embodied. I've always been more of the man standing behind the curtain with a clipboard telling people they're wrong. More about the company as things firm up, but the short version is that this site is the start of it.
I am not going to tell you that you should read what I write here. There are plenty of smart people in this field, and I am one voice in a large and noisy room. What I will say is that I have had a lot of reps. Government, military, big enterprise. Small teams, large teams, classroom, console. Security operations, engineering, incident response, offensive ops. I have seen a lot of things fail and spent a fair amount of time trying to figure out why. I never think I know everything, but I like to think I know a thing or two about a thing or two.
The way I think about it: offense and defense are not separate disciplines. They are two angles on the same problem, and the practitioners who do the best work tend to be the ones who can hold both perspectives at once. That belief shapes how I work, what I teach, and most of what will end up here.
The mission is straightforward. Stay more creative than the adversary. Help defenders see clearly. Have a good time doing it.
Glad you found the site. More to come.
Alexander K. DeMine. Former Marine Gunnery Sergeant. Former DoD Red Teamer. Current Loving Husband and Father. Co-Founder ItsBroken.ai.
Stafford, Virginia. May 2026.