Security Testing Journal Entry | w/e Friday April 19, 2024 - "Connections, Old & New Ed."

Highlights for the week

Made a new connection, have similar career paths; helped an old connection w. work; mentee is frustrated; gratitdue section to template

What We’re Grateful For

1. Happy that my wife & child are in good health
2. Grateful to have stamina and good health to work out
3. Happy that I get to have a great pair of mentees
4. Thrilled that, while I'm not working, I get to work on what I want to do with my career

What We Loved

1. Finally got Android and iOS DVA working. Successfully finished Android, on to iOS!
2. Also getting around to API Security Testing

What We Learned

1. Blogging - building an audience is goign to take time, but I'm proud of the work
2. Android Pen Testing
3. iOS Pen Testing (in progress)
4. API Pen Testing - managed to successfully complete 9 of 10 tests. The 10th didn't apply.
5. Web App Pen Testing (in progress) ... pushed to next week, maybe longer!
6. Azure DevOps - blocked! Sent request for parallelized testing
7. U-Test - Voice Assistant Testing; PII; Capture Crash logs on iOS/Android devices
8. "Husb..." - need to wrap this sucker up and get back to the real book

What We Longed For

1. As always: a proper job, pay, benefits, cool people, great location

What We Loathed

1. Nothing much to be angry about. Keeping it positive!

Security Testing Journal Entry | w/e Friday April 12, 2024 - "Eclipse Ed."

Highlights for the week

This week was a mixed bag of highs and lows. A couple of notable highs include a solar eclipse that happened at the top of the week, and a 4.8 earthquake that shook my desk for a few seconds.

Some lows include having to turn down a TesterWork job. Not sure how long I'm keeping them, but until I land a job, I'll have to play the game. Another low was the struggle to get my ios app pen testing environment up. That took up most of my Thursday, and ate into my other tasks.

What We Loved

1. A big win! Finished another pen test. Sent that draft to my mentor for review, waiting on feedback.
2. Another win! Got my environment set up to do mobile app testing.
3. Loving the results of my workout. Need to eat better, but seeing some progress.

What We Learned

1. Automation - Finished Cypress and jumped back into playwright with python, finished automation for that form.
2. U-test - finished modules regarding testing, tickets, and capturing the evidence.
3. Azure DevOps - tried to deploy my project but got blocked by the need for a subscription. Will revisit again next week.

What We Longed For

1. As always, patiently wating for that job. ZERO - jobs applied to this week.
2. "Husb ..." - didn't get much writing done this week! Longing for more time. Priorities took up most of the week.

What We Loathed

1. Need to get more disciplined. Been procrastinating a teenie bit.

Security Testing Journal Entry | w/e Friday April 5, 2024 - "Pr-Eclipse Ed."

Highlights for the week

So yeah! We are having an eclipse on 4/8. There was also a 4.8 earthquake on Friday (the day of this journal entry). Thankfully, no one in the family is hurt and there was no damage to anything anywhere. Other than that, a fairly quiet week. Not a lot to report.

What We Loved

1. Another successful week of learnings.

What We Learned

1. Linked In Learning: Completed OWASP-Top 10.
2. Linked In Learning: Completed Threat Modeling fundamentals
3. U-Test: Signed up and started some of their tutorials. I feel like there's an issue with their "Bug Report" practice module.
4. RemoWork: Deleted that account. Nothing came out of it.
5. Azure DevOps: Finished the modules. Need to deploy my practice site.
6. Cypress: Need to finish some front-end tests. Need to play with the API tests
7. "Husb...": New chapter around D's origins.

What We Longed For

1. As always: a good job, a good paycheck, working with great people

What We Loathed

1. Phoniness on social media, namely linked in. You go and help people, no kind of a "thank you!"

Security Testing Journal Entry | w/e Friday March 29, 2024 - "Easter Week Ed."

Highlights for the week

This past 40 days of Lent commemorates the end days of our savior Jesus Christ. We honor his life, death, and resurrection. More importantly, we honor his mission on earth. The message was simple, "love each other as I love you." That is to say, unconditional, forgiving, and without pretext. Cheers!

In other news, had a brilliant study session with my mentee. Achievement Unlocked! Another pen test completed.

Oh! Let me not forget, my mentor forwarded my resume to someone within his company. Same one I interviewed last time .. and lost. Stay tuned! Hoping my luck changes.

What We Loved

1. Mentee-1 - As always, worked with one mentee to improve her resume.
2. Mentee-2 - Worked with my other mentee to get her better prepared with her studies.

What We Learned

1. Automation (Web) - learned that Cypress discontinued support for xpath. That being said, somehow, things are working again.
2. Automation (iOS) - Finished XCUI iOS tests. Refactor .. tbd!
3. QA - Completed a ton of QA related activities, like test plan, test scenarios, risk analysis, requirements traceability, testing, and reporting.
4. Pen Test - completed the security audit and wrote up the report. On to the next one ... love this :)
5. Linked In Learning - Learned how to use Azure DevOps and deploy a project to that CI. Next week, I'm going to try deployment with the project.
6. Cult.ure - "paused"; "Husb..." - in the final chapters of the story that ballooned over the past two months. Love it :)
7. UTest - Signed up for remote work with new site. Next week - onboarding
8. TesterWork - Opted out of one campaign that required being "ON" for seven days; Signed up for another .. who knows how much longer I will keep this one

What We Longed For

1. It was a bummer that I didn't land the job. Every rejection is a redirection!

What We Loathed

1. UNEMPLOYMENT - 545 days since my last paycheck! Rejections galore. It's possible most of these jobs listed are not even real!
2. RemoTask - not sure how much longer I'm going to keep this profile active. I haven't completed the onboarding because they want a profile pic to verify id .. sketchy!

Security Testing Journal Entry | w/e Friday March 22, 2024

Highlights for the week

Lots of good stuff this week! Ran some personal errands which impacted some goals, but otherwise had a great week where I got to meet a new Pen Testing Professional. We talked a bit about the craft and what it takes, as well as how to get started. The answer - personal branding.

On the automation front, getting "ok" with XCode. It only took 14 years to finally get around to it. Coupled with knowing Espresso, I feel really proud of how that's come along.

Another site to practice pen testing is selected. Been grinding along.

What We Loved

1. Meeting with a new Cybersecurity professional. Nothing new learned, but it was still fun.
2. Made a new contact with a CISSP Security Professional. She seems like great people.
3. As always, meeting with my mentees is always the highlight of my week. Got to iron out some important things regarding her job prospects and career choice.
4. Lovin' my new PPL workout.

What We Learned

1. Automation - Learned about using POM w. XCode. Need to put that in place next week. Also learning about Azure DevOps (finally!)
2. Burp Suite - Closing in on completion of the labs. I won't get to all of them because I need BS Pro!
3. Security - New pen testing underway. Nothing new this week.
4. Security 2 - Learned a couple of things about threat modeling.
5. Cult.ure - "paused"; "Husb..." - exciting chapter and interesting character revelation.
6. Personally - improving the negative self talk. Learning to accept the consequences of my actions and the "why" behind them. Hoping I'm living to my true purpose.

What We Longed For

1. Another week, no new updates regarding a new job. This is getting really bad!

What We Loathed

1. Rejection for jobs that keep getting reposted.
2. Technical interviews that involve a Leetcode/Hackerrank code challenge with zero relevance to the job you'd actually be doing.

Security Testing Journal Entry | w/e Friday March 15, 2024 - "Luck o' the Irish Ed."

Highlights for the week

St. Patrick's day is fast approaching, commemorating 7 years since the passing of my grandma (RIP!). The time is flying by. Lots of decent news to report, starting with landing another freelancing gig testing AI, interviewing with an agency for a new role, and finally finishing both the pen test and linked in learning.

What We Loved

1. Finally got to start that new PPL workout. So far, so good. The love is in the grind!
2. Confronted my tech interview fears and did not feel like a failure. I didn't succeed, but not because I didn't try. I studied wrong .. sort of.

What We Learned

1. Automation - Big key win taking a crash course in XCUI Automation. Things are working and moving steadily.
2. AI - Got under the hood by preparing for a hackerrank interview (that I bombed) and had fun along the way. Will be blogging about it.
3. Pen Testing - Completed the report for the practice site. My mentor provided some insight and new scripts. He says I'm doing the right things
4. Linked In Learning - Completed the module for Security Fundamentals. Nothing too revealing to learn, but there were some OSINT tips that came in handy.
5. Cult.ure - paused; "Husb.." - made a little progress. Paused on the writing due to other priorities.
6. Burp Suite - Completed the module for Server-side Request Forgery. Will complete the Race condition one a.s.a.p.

What We Longed For

1. As always, not having a proper job is frustrating. But I'm not so concerned about where I work. I want the right environment, with the right people, for the right pay. I pray for a little bit of Irish luck to find its way to our family.

What We Loathed

1. Interview process where there was no proper introduction, but rather jump right into the technical assessment. The Worst!!

Security Testing Journal Entry | w/e Friday March 8, 2024

Highlights for the week

A very exciting week. Had a couple of opportunities presented to me, one being a potential for a new job, and another learning LLM. I got to finish the Pen Testing course and started cleaning up my linked in learning modules from the last time. Hoping of hopes to land a new job a.s.a.p! The debt hole is getting deeper and deeper.

What We Loved

1. Having a network of friends, online or in real life, has been instrumental. It feels good to be surrounded by good vibes.

What We Learned

1. Automation - finished another round of tests with a practice site. There was a lot of problems with the site itself, so there was only so much to test.
2. Burp Suite - Started Server-Side Request Forgery module.
3. Coursersa - Finished the Pen Testing/Forensic Data learning. It was very high-level, but I learned a bunch regarding forensic data analysis.
4. Linked-In Learning - Huge learning module regarding API security testing. I leveraged LLM to create a suite of automation test scripts in python. SOOO COOL!!
5. Pen Testing - started a new security audit with a bank app. Work in progress!
6. Blog - Finally published another blog regarding LLM and how it might benefit QA.
7. Cult.ure - paused! "Husb" - got over the writing block and got to a good place. I should start to wrap up the story .. it's getting away from me a little!

What We Longed For

1. As always .. a job and pay

What We Loathed

1. Freelancing QA site TW is dicey when it comes to how they moderate bugs reported. It takes a fight to convince people your bug is right. So exhausting.