Sunday, February 5, 2023

Security Testing | Security 4 No0bs - The Importance of Your "Why"

Knowing your why can determine your how

Hello Reader,
I rececntly came across a post on my LinkedIn feed in which the author wrote about a few questions that were introspective. I wanted to take a few minutes from my usual posts about tools and tactics to discuss why we are doing what we do. Why am I learning Cybersecurity? What are my goals? How will I get where I want to go?

Knowing our why is super-critical to determining the how. As I progress through this learning journey, I am often overwhelmed with the amount of information being disseminated. Things like "40 YouTube channels to checkout", "33 Websites to learn Cybersecurity for free", add 500 new connections today. OMFG! way too noisy!. It is critical to silence the noise and get to what is real. Here are the questions posted that you can ask yourself. I will post my answer below.

“I want to go into cyber because _______”

I never considered Cybersecurity as a career path. I stepped in it as a choice when selecting a track to focus while studying at Devry IT. I enrolled with the pretext of learning some basic computer skills, perhaps web development. This was all before boot camps like Flat Iron or General Assembly. There was a call for people to sign up and choose a particular path rather than general studies. Been in love since.

Sadly the school was inadequate in terms of teaching professionals, and to have made the most of my learning I would have had to continue in their 'Masters' program. I was already disappointed with the last year in school, and had to take out a bunch of loans just to finish.

To answer the question concretely, I want to get into cyber because (a) it will be a lateral move from my current station as a QA Engineer, and (b) I absolutely love the learning process and hunting for exploits.

“I want this company because _______”

I have yet to hang my hat on any one company, but there are several companies that speak to me in terms of what they do. BrightSec is a company that specializes in dynamic application security testing (DAST). They would be cool to learn from. Red Balloon is legit! Gremlin is a company I just interviewed for that employs different attacks to test site reliability. Overall, any company that is cool and can teach me something is the one for me.

“I want this role because _______”

I am still working through the exact role I want to occupy, but Pen Tester seems like the obvious choice. The start to Cyber seems to be in compliance, but threat modelling intrigues me. Overall, I would answer this question by saying I want the role of Pen Tester because it is a natural fit for skills and experience .. plus it is just too damn fun! Purple Team is the dream.

Conclusion:

Knowing your why is like having a latern in a dark forest. It will guide you. Structure your learning, orient your goals, and align your career objectives to those goals. When you know your why, those late nights grinding through boring lessons and tedious acronyms will make sense.

Ciao For Now!

Tune in next week, I will give a brief write-up on Burp Suite and some of the cool things I have learned.

No comments:

Post a Comment