Saturday, April 1, 2023

Security Testing Journal Entry | w/e Friday March 31, 2023


Highlights for the week

In my last post, I wrote about the state of the job market. A week later, and there's news about more layoffs to come. Seems like the Big Boy tech companies overextended their staffing during lockdown, and the consequence of a failed gamble on continued earnings is a reduction in staff to recoup losses. The recurring theme is profits over people. Loyalty be damned! Oh you think being committed to your job buys you immunity? Nope! You think being a lifer in the ranks keeps you safe from the layoff lotto? Try again!

And don't even get me started on performance. What a joke that is. You can be a rockstar, 10x, "ninja" employee hitting all the top marks. That won't guarantee your job is secure. A Performance Improvement Plan - that's just management's cudgel. Push back in the slightest and you're no longer their darling gold-star employee. Now you're a problem that needs to be dealt with.

But it's not all doom and gloom for this guy! With over 100 jobs applied to in the now 7.5 months of unemployment there is at least 1 job in the final rounds of the interview process.

That being said, there was a lot of other cool things that happened this week. Below are some of what went on:

What Went Well

  1. Network+ - Paused on Networking to complete the Google Cloud learning module.
  2. Security+ - Paused on this as well. In it's place were a live Capture The Flag event hosted by Snyk (fun!) and completion of Mitre ATT&CK suite.
  3. Burp Suite - Completed modules for DOM attacks.
  4. Automation - Python is working again and the work to clear out the board is in progress.
  5. The Book - Completed Chapter-5, Chapter-6 is on deck (have notes, will write).
  6. Personal - Finally got around to cleaning up GMail and Outlook. Now there's the bookmarks and Linked-in "saved items".

What We Learned

  1. "Blue Team" tactics and what to look for regarding the 6-step Mitre process.
  2. How google cloud works and what their services offer.
  3. CFT Exercise taught us about JS "prototype pollution" exploit, as well as a python "pickle" exploit for base-64 deserialization.

What We Longed For

  1. A paycheck. The money in my emergency fund is about to run dry in the next few weeks if a job doesn't manifest itself.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)