This weekend got the chance to go to my first BSides in Augusta. Smaller conference, but just as good as any big one.
The talks I sat in on were excellent, especially one about the infosec community and culture. It was basically about how people perpetuate a toxic culture feeding into this ‘hero’ mentality. Part of the issue is instead of seeing the attackers as the villain people see the users as villains and beneath them because they make “stupid” mistakes. It goes along with this book I’m reading: ‘The Smartest Person in the Room” which is about all the ego in tech.
I also got to try my hand at soldering for the second time and did pretty well. Like my little badge response to tapping and lights up like it’s supposed to. Now I’m going to go practice picking locks or soldering something else….lol.
So, this was my first time at Black Hat, first time at DefCon, first time in Vegas and it was so much. So much to see and do. It was a tadbit overwhelming, it took 2 weeks after to adjust back to life.
First I will say that both events were everything people say they are. There’s so much to see and do. I learned a bit about soldering, picked my first lock, and got to meet a good deal of cool people. I found an Illuminati Coin and got to play around with badges and fell down the badge mystery rabbit hole.
I would highly suggest going at least for everyone in cybersecurity.
I saw a few great talks (will watch more on youtube) and grabbed a ton of swag and I really can’t wait to do it all again next year.
It’s been a fantastic week. I’ve started a new position and I’m amped for the work. It’s been a long time since I was genuinely excited about working. I think good things are in store.
Also we’re counting down the days to my first Black Hat and Defcon. They say every Infosec person has to go at least once, and this is my time. Even got a village presentation that everyone is excited about which makes me nervous and excited as well.
Even if you’re not around hopefully people will catch the stream of the talks.
So, one of my goals as I wrote before was to get better at public speaking. I worked on thos by applying for talks…even though it frankly terrifies me to think of being in front of a room full of people with all eyes on me. Luckily for my anxiety I got chosen to speak but both were to be pre-recorded.
Which is great because it still gets me speaking, but also doesn’t make me have to deal with the anxiety of the moment. It’s an important step and even an confidence boost to have my presentations be accepted. And even just being accepted and being able to add, Presenter @ so and so conference to my CV/Resume and speak on it in interviews has been helpful.
So, my advise this Saturday for someone trying to expand their cyber presence:
Make an effort to attend some conferences
If your interested apply to call for papers, you never know when something that seems interesting to you might be interesting to others
Its’s ok to have fears, we sll have them, but we cant let them control what we accomplish in life
I’m currently sitting in the basement of a coferemce center, because my battery need a recharge. It’s not quiet, and people a near, but I’m sitting alone and just kinda soaking it all in.
I’m at Cyberjutsu Con which has the distinction of being my first ‘post’ Covid conference as well as my first conference as a speaker (albeit my presentation was pre-recorded and presented online).
Can I just say: Join the professional groups!! They are here for the community and networking everyone says we should be doing. I can definitely appreciate the Cyberjutsu folks for being down-to-earth and pretty chill. Everyone is helping everyone and the talks have been excellent.
I’m glad that they chose my talk and hopefully people are digging it.
Now let me get on my second presentation for this conference season….1 hint, via Las Vegas…..
So, one of my goals was to try to network more and kind of work on my personal brand as well as contribute to the infosec community.
I always said I don’t in any regard want to be famous, but I do want my name to be well thought of and regarded. Luke I want my name to be synonymous with efficient, high-quality work. You can’t really have that type of regard and not attend conferences.
So, my plan is to hit at least 2, but maybe 3 ir 4 infosec conferences this year. I’d been to Hacker Halted before, but not for a couple years.
Another goal is that I want to get more comfortable with speaking in public. I’m like super introverted and public speaking has always been my kryptonite, but I can’t allow something that seems so simple be so debilitating.
That being said I’m presenting (although in both cases prerecorded) at 2 conferences this summer, so yay me!
I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.
There’s also hands-on by completing the ‘Boss of the SOC’ challenges.
Furthermore I recommend:
Splunk Certified Study Guide by Deep Mehta published by Apress
I highly recommend the above book to supplement study and test prep.
Last Friday I sat for an passed Microsoft’s Azure Fundamentals (AZ-900) certification test. During my hiatus I had sat for an failed Microsoft’s Security Analyst (SC-200) test.
To be honest I really wasn’t prepared for SC-200. I breezed through the Microsoft Learn coursework and didn’t really study the material. Although I had hands-on with their security tools I’d never used Kusto Query Language. I kinda wanted a feel for how Microsoft tests were comparatively speaking.
Failing SC-200 wasn’t a big hit because I was aware of my shortcomings.
Still to me, Microsoft Cert Tests are trickier and have section blocks that limited the ability to go back and change answers, which I wasn’t prepared for the first time taking one of their exams, but was ready for taking the Fundamental exam.
This is exam is basically theoretical and based on understanding Azure on a high level and the using the cloud as a whole.
I would recommend using the following to test prep:
Microsoft Learn for AZ-900 (free Microsoft course)
Jim Cheshire book (pictured below)
I microsoft also has ‘Virtual Training Days’ which can help.
Jim Cheshire – “Microsoft Azure Fundamentals Exam Ref AZ-900”
Burnout: Burnout is a state of emotional, mental, and often physical exhaustion brought on by prolonged or repeated stress. -Psychology Today
So, like I said in my last post I accomplished a great deal next year, but I think overall it cost me alot as well. I was able to pass Cloud+, Pentest+, CYSA+, and Splunk Certified User. I also completed my Master’s degree. I Competed in 2 National Cyber League CTFs and lead one of my school’s teams each time. I also had to deal with the demands at work that kind of intensified with co-workers coming and going.
By November I really just felt tired.
I basically didn’t want to do anything at least career related and in some ways not even big life stuff. So, because I know myself well enough I took December 2021-January 2022 off. I still worked, but I wasn’t like actively trying to like improve myself.
I didn’t try to study for any new certs, didn’t try to find any challenging ctfs, didn’t take anymore classes, nothing. I just sailed for a bit instead of striving and trying to compensate for starting later than others or being newer to the field. I stopped telling myself I didn’t belong in the conversation or at the table because I just got here and needed to prove something and I just relaxed.
It’s hard to just relax and it’s super hard to silence the voices in your head telling you that you’re not as good or even the voices outside that say the same, but it’s important that we don’t let them overwhelm you and especially don’t let them talk over the voices of confidence.
It’s been a while. I kept trying to say that I would be back blogging, but there were so many compounding things.
Covid-19: I wanted to be one of those people who was super productive during Covid not realizing how changes might effect mood. I’m an introvert by nature and it felt like ‘no big deal’….til it was. I ossicilated between being feeling like nothing was changing and I was stuck to making a lot of headway last year. I made all this progress, but felt isolated…it’s not a good headspace to write from.
Changing Jobs: When I first went on radio silence I had just left a position, my first real infosec position and there was a period of like 3 weeks where I technically had a job, but wasn’t working. I did not know how panicky not having a steady income would be (even with savings), but it was….when you’re money is funny you are not in a place to blog.
Contracting is for the Birds: This came later, there was a period where I transitioned from subcontracting to contracting and thay was stressful. There was poor communication and a back and forth on whether I needed to find a new job, so basically I was back to panicking and stressing about what comes next. It worked out, but it also made me realize I didn’t want to stay a contractor for much longer.
2021: I turned a corner in 2021, if anything this was a great year because all I accomplished. I racked up certs, worked and felt in my niche. I mean by the end of 2021 I felt like I had really made a little establishment in my new career. On my team my name was synonymous with great work and I knew it, but I also was burning myself out trying to prove that I belong (burnout is real. Imposter syndrome is real. And I will discuss in a later post). I was moving so much I couldn’t even think about slowing down to commit to blogging.
Now: Here we are.
I’ve got an awesome mentor
Have been motivated to think about branding (which is exciting)
I think about where I want to fit into and give back to the infosec community as a whole
I got to do a CTF that made me more secure and what type of infosec path I want to be on (more on this later)
All in all I’m ready to commit to this again, but with caveats. This will only be a weekly blog, the calendar I wanted was too much to busy and hectic. This is manageable and it’s good to set boundaries (even with yourself).
In the coming weeks I will also be changing the look of this blog. Thanks to anyone who still reading this and sorry that I left you in the lurch.
Build A Security Ninja 