When I first starred in cybersecurity I wanted to do Digital Forensics. I thought the field was very Sherlock Holmes. Thought it was cool to dig deep into a computer’s innards to try and find a hint or clue.
Hand with black nail polish holding a magnifying glass – Pexel
Stumbled on this job during a recent job search. This had never been on my radar as a possible field of interest, but after interviewing and learning about the position I was intrigued.
A vulnerability researcher basically investigate, identify, and study vulnerabilities and exploits in software and/or systems. Sometimes this can be independently, but often it is part of an enterprise or in conjunction with continuous monitoring services.
Last Friday I sat for an passed Microsoft’s Azure Fundamentals (AZ-900) certification test. During my hiatus I had sat for an failed Microsoft’s Security Analyst (SC-200) test.
To be honest I really wasn’t prepared for SC-200. I breezed through the Microsoft Learn coursework and didn’t really study the material. Although I had hands-on with their security tools I’d never used Kusto Query Language. I kinda wanted a feel for how Microsoft tests were comparatively speaking.
Failing SC-200 wasn’t a big hit because I was aware of my shortcomings.
Still to me, Microsoft Cert Tests are trickier and have section blocks that limited the ability to go back and change answers, which I wasn’t prepared for the first time taking one of their exams, but was ready for taking the Fundamental exam.
This is exam is basically theoretical and based on understanding Azure on a high level and the using the cloud as a whole.
I would recommend using the following to test prep:
Microsoft Learn for AZ-900 (free Microsoft course)
Jim Cheshire book (pictured below)
I microsoft also has ‘Virtual Training Days’ which can help.
Jim Cheshire – “Microsoft Azure Fundamentals Exam Ref AZ-900”
Burnout: Burnout is a state of emotional, mental, and often physical exhaustion brought on by prolonged or repeated stress. -Psychology Today
So, like I said in my last post I accomplished a great deal next year, but I think overall it cost me alot as well. I was able to pass Cloud+, Pentest+, CYSA+, and Splunk Certified User. I also completed my Master’s degree. I Competed in 2 National Cyber League CTFs and lead one of my school’s teams each time. I also had to deal with the demands at work that kind of intensified with co-workers coming and going.
By November I really just felt tired.
I basically didn’t want to do anything at least career related and in some ways not even big life stuff. So, because I know myself well enough I took December 2021-January 2022 off. I still worked, but I wasn’t like actively trying to like improve myself.
I didn’t try to study for any new certs, didn’t try to find any challenging ctfs, didn’t take anymore classes, nothing. I just sailed for a bit instead of striving and trying to compensate for starting later than others or being newer to the field. I stopped telling myself I didn’t belong in the conversation or at the table because I just got here and needed to prove something and I just relaxed.
It’s hard to just relax and it’s super hard to silence the voices in your head telling you that you’re not as good or even the voices outside that say the same, but it’s important that we don’t let them overwhelm you and especially don’t let them talk over the voices of confidence.
It’s been a while. I kept trying to say that I would be back blogging, but there were so many compounding things.
Covid-19: I wanted to be one of those people who was super productive during Covid not realizing how changes might effect mood. I’m an introvert by nature and it felt like ‘no big deal’….til it was. I ossicilated between being feeling like nothing was changing and I was stuck to making a lot of headway last year. I made all this progress, but felt isolated…it’s not a good headspace to write from.
Changing Jobs: When I first went on radio silence I had just left a position, my first real infosec position and there was a period of like 3 weeks where I technically had a job, but wasn’t working. I did not know how panicky not having a steady income would be (even with savings), but it was….when you’re money is funny you are not in a place to blog.
Contracting is for the Birds: This came later, there was a period where I transitioned from subcontracting to contracting and thay was stressful. There was poor communication and a back and forth on whether I needed to find a new job, so basically I was back to panicking and stressing about what comes next. It worked out, but it also made me realize I didn’t want to stay a contractor for much longer.
2021: I turned a corner in 2021, if anything this was a great year because all I accomplished. I racked up certs, worked and felt in my niche. I mean by the end of 2021 I felt like I had really made a little establishment in my new career. On my team my name was synonymous with great work and I knew it, but I also was burning myself out trying to prove that I belong (burnout is real. Imposter syndrome is real. And I will discuss in a later post). I was moving so much I couldn’t even think about slowing down to commit to blogging.
Now: Here we are.
I’ve got an awesome mentor
Have been motivated to think about branding (which is exciting)
I think about where I want to fit into and give back to the infosec community as a whole
I got to do a CTF that made me more secure and what type of infosec path I want to be on (more on this later)
All in all I’m ready to commit to this again, but with caveats. This will only be a weekly blog, the calendar I wanted was too much to busy and hectic. This is manageable and it’s good to set boundaries (even with yourself).
In the coming weeks I will also be changing the look of this blog. Thanks to anyone who still reading this and sorry that I left you in the lurch.
(Late because I took CYSA + Beta on Thursday 1/09) [Fingers-Crossed]
I think people direct people to “find what they love and do it…” They say that as if doing that is just the easiest thing, but sometimes it isn’t. For example the number of things I thought I really wanted to do and then finally realized I wasn’t suited for or I really wasn’t as interested in are too numerous to list here. I will admit that it is important to find the things that you are most interested in because it makes you want to learn more about it. Although, there is often things that one has to learn in order to move forward or change careers or what have you, it’s also important to kind of focus in one the things that really interest you and learn about them.
Peerlyst
For me, Digital Forensics and Penetration Testing is one of the subsets of Cybersecurity that really interests me. I may have to learn to do SIEM investigations and log analysis for work, but learning these things isn’t a passion project for me, it’s a means to an ends. These things are still interesting , but when I learn them it’s not the same sense of pride or what have you as I feel when I uncover something or even when doing a CTF.
CompTIA
I 100% am not set on what exactly what I will be doing in 5 or 10 years. Because my path has diverged so often and in such varied ways I try not to make solid plans, but rather have an outline of things I would like to learn or do. Whether that would work for others isn’t for me to say. I just know that I tried to rigid planning thing and that didn’t work for me at all. The unplanned plan does work.
SANS
My best advice would be to learn, to be open to learning and always be researching shifts and changes and developments and then just to absorb the things that interest you the most and see where these things might take you.
Build A Security Ninja 