Methodology

How DecipherU is built.

Built on 84 peer-reviewed primary sources

DecipherU is built around the three tech careers that survive AI compression: elite enterprise sales, AI and cybersecurity operators and implementors, and a leaner C-suite. Every salary figure, skill map, and career recommendation is sourced from federal labor data, NIST and MITRE frameworks, and peer-reviewed research. No pop business books, no proprietary methodology brands. Here is exactly how.

Authorship and authority

How three graduate credentials inform DecipherU’s methodology

DecipherU is built on three credentials that map to three distinct authority pillars. Each pillar shapes a specific part of the methodology.

Educational design methodology

Ed.D. Learning Sciences (University of Miami)

Provides the educational design methodology behind DecipherU's content structure, scenario-based assessments, and credential design. Why scenarios and assessments work the way they do. Why credentials are designed for actual skill demonstration rather than memorization.

Cross-vertical technical authority

M.S. Applied AI specializing in Cybersecurity (Northeastern University, in progress)

Provides the technical authority for the AI-cybersecurity intersection. Why DecipherU can credibly cover applied AI career topics alongside cybersecurity. Cross-vertical bridges between cybersecurity and AI are authored from formal training, not opinion.

Practitioner authority for sales-track content

MBA in Marketing (Lynn University) plus B2B technology sales background

Provides the practitioner authority for sales-track content. Why Cybersecurity Sales Mastery and AI Sales and Solutions Engineering courses can be authored credibly. Sales pedagogy is grounded entirely in primary peer-reviewed academic research (Rackham, 1988; Webster & Wind, 1972; Follett, 1924; Walton & McKersie, 1965; Rogers, 1957), not in proprietary methodology brands.

Founder and reviewing editor

Julian Calvo, Ed.D., M.S.

Founder, DecipherU

Founder, DecipherU. Ed.D. Learning Sciences. M.S. Applied AI specializing in Cybersecurity at Northeastern. Career insights for the AI economy.

Doctor of Education in Learning Sciences, University of Miami (2026)
Master of Science in Applied AI specializing in Cybersecurity, Northeastern University (in progress)
MBA in Marketing, Lynn University (2020)

Full bio →Read the methodology →

Honest scope

DecipherU positions three growing tech career paths and the elite courses, assessments, and intelligence built around them. The framing is “inside the tech sector.” It is not a claim about every job market.

A fourth tech category DecipherU does not serve

Frontier AI researchers and true originator-founders are also AI-resilient careers in tech. Researchers go straight from PhD to lab. Founders raise capital and build the next category. Both paths require different development models than a career platform can package. DecipherU focuses on the three career paths it can credibly guide.

AI-resilient categories outside tech

Skilled trades (electricians, plumbers, HVAC technicians) and licensed healthcare (physicians, registered nurses, physical therapists) are also AI-resilient. DecipherU is not the right product for those careers. The platform is purpose-built for cybersecurity and Applied AI work.

The middle 80% inside the tech paths DecipherU does serve

The survivor framing applies to the top decile of each tech path. Mid-level roles (analyst, generalist developer, junior PM) move into AI-supervision work or out of the market by 2030. DecipherU's assessments and courses help the addressable middle reach the top tier. If the path isn't realistic for someone, we recommend alternatives instead of selling them what won't work.

Sources: BLS Occupational Employment Projections (2024), ISC2 Cybersecurity Workforce Study (2024), Lightcast labor market data.

Data Sources

Federal Data

Bureau of Labor Statistics

Compensation data from the Occupational Employment and Wage Statistics (OEWS) program. Updated annually with 800,000+ establishment surveys.

Federal Data

O*NET

Skills, knowledge, and ability requirements from the Department of Labor's occupational database. 1,000+ occupations profiled.

Industry Framework

MITRE ATT&CK

Technique-to-role mappings derived from the globally recognized knowledge base of adversary tactics and techniques.

Federal Framework

NICE Framework

Work role alignment using NIST's National Initiative for Cybersecurity Education framework (SP 800-181).

Industry Research

ISC2 Workforce Study

Market demand and skills gap data from the annual cybersecurity workforce study.

Industry Data

CyberSeek

Job posting analytics and career pathway data from the industry's leading labor market tool.

Salary Data

How we source and present compensation data

Source: Bureau of Labor Statistics Occupational Employment and Wage Statistics (OEWS)

All salary figures come from the BLS OEWS program, which surveys approximately 800,000 business establishments twice per year. The May 2024 data release is the primary source for all compensation figures on DecipherU.

What We Report

Annual median wage (50th percentile)
10th, 25th, 75th, and 90th percentile wages
National figures only (state data from same BLS program)
SOC code cited with every figure

What We Do Not Report

Proprietary survey data (Glassdoor, Payscale, LinkedIn)
Total compensation including equity or bonuses unless specified
Self-reported salary figures from any source
Analyst report estimates behind paywalls

Salary data is refreshed annually when BLS publishes new OEWS figures. Each page shows the survey year. Verify current figures at bls.gov/oes before making career decisions.

Demand Levels

How we calculate and assign demand ratings to cybersecurity roles

Each cybersecurity role on DecipherU carries a demand level (Very High, High, Moderate, Low). We calculate this from three public sources, weighted and combined into a composite score.

BLS Employment Projections40%

10-year projected growth rate for the role's SOC code. Faster than average (+7%) = High. Much faster (+14%) = Very High.

CyberSeek Job Openings35%

Active job postings for the role from the NICE/CompTIA/Lightcast workforce tool. Higher openings relative to supply = higher demand score.

ISC2 Workforce Study25%

Skills gap data from the annual ISC2 Cybersecurity Workforce Study. Wider gap between supply and demand = higher demand score.

Very High

Composite score 80+. Critical shortage, fast growth.

High

Score 60-79. Above-average growth and open roles.

Moderate

Score 40-59. Stable demand, competitive market.

Low

Score below 40. Slower growth or oversupplied.

Career Assessment

The psychometric instrument behind DecipherU career matching

RIASEC / Holland Codes

The personality assessment uses items from the International Personality Item Pool (IPIP), which are in the public domain and have been validated against Holland's RIASEC model across decades of research.

48 items, 8 per RIASEC dimension
Reverse-scored items to detect careless responding
Mapped to cybersecurity role requirements from O*NET
60 total questions including aptitude and scenario items

Behavioral Scenarios

Scenario-based items measure behavioral tendencies across six dimensions that predict job performance in cybersecurity roles.

Calibrated to career stage (entry to executive)
Response integrity scoring flags inconsistent patterns
Normative comparisons by user cohort
Results reveal role matches with salary and demand data

Content Standards

How DecipherU content is written, attributed, and reviewed

Authorship

All content is written or supervised by Julian Calvo, Ed.D. Learning Sciences, MBA, and M.S. Applied AI specializing in Cybersecurity (Northeastern). No AI-generated text is published without human review and editorial rewrite. Author credentials appear on every long-form guide.

Citation Standard

All factual claims cite a primary source. Citation format follows APA 7th Edition. No secondary citations (citing a citation). Every source is publicly accessible or government-published.

No Proprietary Data

DecipherU does not use Glassdoor, LinkedIn, Indeed, Payscale, or any job board's proprietary salary data. No Gartner, Forrester, or IDC report data is cited without noting it's behind a paywall.

Review Cycle

Career guides, salary pages, and certification pages are reviewed every 6 months. A 'Last verified' date appears on every page. Stale content is flagged internally before the review date passes.

Original Writing

No sentence on DecipherU copies any external source. Definitions are written in plain language, not reproduced from NIST, Wikipedia, or Gartner. All company descriptions are original factual summaries.

Error Reporting

Every content page has a 'Report an inaccuracy' link. Reported errors are reviewed within 5 business days. Confirmed errors are corrected and the 'Last verified' date is updated.

Data Freshness

Sources monitored and their update cadence

Source	What We Track	Cadence
BLS OEWS	Salary percentiles by SOC code	Annual (May release)
BLS Employment Projections	10-year growth rates	Every 2 years
O*NET	Skills, knowledge, abilities	Quarterly
CyberSeek	Job opening counts	Quarterly
ISC2 Workforce Study	Supply/demand gap	Annual
MITRE ATT&CK	Framework version updates	Biannual
NICE Framework (SP 800-181)	Work role definitions	On NIST release
Certifying body websites	Exam costs, formats, prerequisites	Per-certification on change
CISA advisories	Emerging threat context	Monitored continuously

AI Impact Outlook calculation

How DecipherU produces the 0-100 AI Impact Outlook score for every cybersecurity role

How we read each role

Six dimensions

Each role gets read against six qualitative signals. Roles that score high on pattern-recognition and data-volume face more automation pressure. Roles that score high on judgment, creativity, and communication tend to stay resilient. The signals feed the weighted scoring rubric below.

Pattern recognition vs novel reasoning

Tilts more automation

Roles that pattern-match against historical signals (alert triage, log review) face the most automation pressure.

Data volume vs human judgment

Tilts more automation

Roles processing high-volume routine data without judgment calls collapse fastest.

Communication intensity

Tilts more resilient

Roles that translate technical risk for executives, customers, or regulators stay human-led.

Regulated decision-making

Tilts more resilient

Liability requires a named human accountable for the call. AI assists, doesn't decide.

Adversarial creativity

Tilts more resilient

Red team work, threat modeling, novel attack research. AI accelerates the work, doesn't replace the creativity.

Architectural complexity

Tilts more resilient

Designing systems, threat-modeling agents, building security infrastructure. Compounds with experience.

Six qualitative dimensions feed the five weighted components below. The mapping is the methodology, public, versioned, auditable.

AI Impact Outlook · 0-100 score

Five components, weighted

Task automatability40%

Share of role tasks (per O*NET) current AI can do end-to-end.

Augmentation potential25%

Where AI shifts work upstream rather than displacing it.

Talent supply elasticity15%

How quickly new entrants can train into the role.

Hiring intent signals10%

Direction of intent over trailing 18 months (SEC, CISA, transcripts).

Threat-landscape pull10%

Counterforce: rising threat volume keeps roles in demand.

Deterministic. No LLM in the path. Methodology version v2026.04.

The AI Impact Outlook is a deterministic score from 0 to 100 produced by a fixed rubric. The score is not generated by an AI model at request time. The rubric is reviewed quarterly by the founder and stamped with a methodology version. The current rubric is v2026.04.

Task automatability40%

Share of role tasks (per O*NET) that current generative or agentic AI tools can perform end-to-end without human supervision. Sources: O*NET task inventory, published model capability cards, peer-reviewed task automation studies.

Augmentation potential25%

Share of role tasks where AI shifts the practitioner's work upstream rather than displacing it. Higher augmentation typically lowers disruption risk for the human role.

Talent supply elasticity15%

How quickly new entrants can train into the role. Faster onboarding paths combined with falling AI cost typically raise disruption pressure on the median practitioner.

Hiring intent signals10%

Direction of hiring intent over the trailing 18 months across SEC filings, earnings transcripts, and CISA workforce signals. Falling intent tilts the score upward.

Threat-landscape pull10%

Counterforce: rising threat volume keeps roles in demand even as automation grows. NVD, KEV catalog, and CISA advisory volume feed this component.

Interpretation tiers

0-25 · Low

Limited near-term displacement risk.

26-50 · Moderate

Selective task automation; role evolves.

51-75 · High

Material restructuring expected within 24 months.

76-100 · Very high

Practitioners should pivot toward AI-resistant adjacencies.

Quarterly accuracy retrospectives compare 12-month-prior forecasts to actual outcomes and publish at /outcomes.

Risk Score routing

How the 2-minute Risk Score maps your inputs to one of three packaged paths

Risk Score · how the routing works

Your answers → one of three survivor tracks → packaged path

The score is the same every time for the same inputs. Auditable under EU AI Act + GDPR Art. 22. Persona refinement uses area + experience to pick the most-specific path within the track.

The DecipherU funnel

From traffic source to outcome, every stage is self-serve

DecipherU funnel

Visitor → packaged path → outcome

Traffic source

Paid ad · Organic search · Direct · Referral

Risk Score

2-min assessment · Email captured

Persona path

Curriculum + comp delta + courses

Course or subscription

Self-serve checkout · No founder time

Outcome

Survivor-track placement

Every stage is self-serve. No founder calendar in the path. The platform scales because no step requires Julian's time.

Range scenario scoring rubrics

How performance is measured across the three Range cybersecurity training modes

Crucible

Solo defender mode. Per-step scoring on detection accuracy, containment latency, evidence preservation, and reporting quality. Each step weighted 25/25/25/25 before scaling to a 0-100 composite.

Gauntlet

Team mode. Same per-step rubric as Crucible plus communication-quality and handoff-fidelity factors. Scoring uses median team performance with individual contribution adjustments.

AI Adversary

Frontier-tier mode. Live AI adversary fills tactics within scenario bounds. Scoring uses an ELO calculation that updates the practitioner rating against the scenario rating each engagement.

Range credential issuance defaults to a 75/100 scenario score threshold. Per-scenario thresholds may be tightened for high-stakes domains (incident response under regulatory time-bounds, for example).

Credential issuance criteria

How DecipherU issues verifiable credentials for cybersecurity skill demonstration

Credentials are signed with an Ed25519 keypair and published to a public verification endpoint at /verify/[id]. Anyone holding the credential ID can verify it; the platform never reissues the same ID.

Course completion: at least 90% module completion plus a passing score on the embedded assessment.
Range scenario clearance: scenario score at or above the per-scenario threshold (75/100 default).
Assessment milestone: completion of the relevant DecipherU assessment with a valid response-integrity score.
Marketplace placement: successful placement closure through the 90-day escrow window.

Editorial review process

What happens between drafting and publication on every cybersecurity content piece

Founder review on every page

Every published content piece passes founder review before going live. Bylines reflect actual review, not pseudonymous author personas.

AI disclosure metadata

AI-assisted drafts carry an ai_disclosure flag in the page metadata. The flag surfaces in the production-path note rendered in the page footer.

Sources cited required

No content piece publishes without a sources_cited field populated. Every salary, certification, and company claim links to a primary source.

Methodology version stamp

Every page carries a methodology_version string. When the underlying rubric changes, pages stamped with prior versions enter the regeneration queue.

Liability review for high-risk pages

Pages with disclaimer levels of high or very_high require liability_review_completed before publish. Salary, transition, and credential pages always trigger this gate.

Quarterly stale-content review

Pages older than 90 days enter the review queue automatically. Pages with year references in the title flag immediately when the year rolls over.

Version history

How DecipherU versions both content and methodology

Every cybersecurity content piece carries a content version and a methodology version. Content edits increment the content version. Rubric changes increment the methodology version, which forces regeneration of all dependent pages. Public methodology version history will be maintained at /methodology/versions as new versions ship.

methodology_version · current: v2026.04
content_version · incremented on every editorial revision
last_verified · date of most recent founder verification

A fourth tech category DecipherU does not serve

AI-resilient categories outside tech

The middle 80% inside the tech paths DecipherU does serve

Sources: BLS Occupational Employment Projections (2024), ISC2 Cybersecurity Workforce Study (2024), Lightcast labor market data.