Friday, September 29, 2023

Security Testing Journal Entry | w/e Friday September 29, 2023


Highlights for the week

September has come to a close and not a lot has changed since last week. Lots of jobs applied to. Lots of rejection letters. Practicing Pen Testing some more. Also, it rained a lot. I'm enjoying my friends prospering in their professional station. My turn will come. It has to!

What We Loved

  1. Finished the 4-stars for "Juice Shop" - I paused at some of the more outlandish ones, and employing the Password Reset featue.
  2. Was able get a tiny infusion of money from the credit card. I need a job a.s.a.p to pay these bills down.

What We Learned

  1. Sec+ - Steadily moving through Unit 4 Module concerning Incident Response. Really cool.
  2. TCM/Juice Shop - Closed the book on that. Started a new site, ready to run a PT next week. Strongly considering Mobile Pen Testing.
  3. Burp Suite Cert - Looked into it, it costs $99
  4. Signed up for ISC(2), will see how that works.
  5. Google Cybersecurity Cert - ?? - need info.
  6. Automation - Got some foundational scripts for WebdriverIO, but a recent update to Google Chrome disrupted the execution. An update didn't help. Will revisit next week.
  7. Cult.ure - Started "Bloodhound, Phase-5" chapter. I'm behind on my progress as job hunting was the #1 priority.

What We Longed For

  1. As always, a good job, great pay, benefits, and awesome people.

What We Loathed

  1. Rejection emails on Fridays are the worst!! WTF to that!
Posted by at No comments:

Saturday, September 23, 2023

Security Testing Journal Entry | w/e Friday September 21, 2023 - YEAR IN REVIEW

Show me a person who has never failed, and I will show you a failure of a person. What we learn from failure, and what we do with that knowledge, is what matters — M. Bloomberg

THE YEAR IN REVIEW

Welp! It has been quite the year. 12 agonizing months of unemployment. After serveral weeks of waiting, and waiting ... and waiting, the job I was hoping to land fell through. I prepared for that eventuality, but that doesn't make it hurt less. The funds are gone. Retirement - gone! Savings - gone! Emergency fund - gone! I can't even take out a loan to cover for the next few months without showing proof of employment. The longer I'm out of work, the worse for me it is. One has to wonder if the presumption is I'm "damaged goods" or a "risky" hire.

This week was a complete bust! The priority was the job search, kicked up several notches. Where I was a bit picky a year ago, I'm now settling for whatever. Still need to maintain a certain salary cap, but I'm considering other options as well. I don't think I hit any of the other goals I've set. Haven't written, haven't done anything automation-wise. I haven't even done much for Security+. There's still the weekend :'(

What Went Well This Past Year

  1. I'm completely debt free!!
  2. Finished Network+ .. not aiming to get certified.
  3. Learned how to use Metasploit and Brup Suite, as well as Kali Linux and Zap.
  4. Learned a lot about Security (Sec+)
  5. Have completed several learning modules with pen testing, vulnerability analysis, etc. and I feel more confident than ever that this is my career.
  6. Got to interview at a new Cybersecurity company. It didn't go like I hoped, but I learned a lot.
  7. Learned a few automation frameworks for QA - namely Cypress and Playwright, as well as Jest and SQL/DB testing.
  8. Finished the 3 Tiers of Hack The Box, along with the important modules for Vulnerability Assessment and Windows Active Directory (to name a few)
  9. Completed the TCM Web Application Pen Testing Course and have completed most of the tiers: 1-Star, 2-Star, 3-Star, and some 4-Stars
  10. Acquired a few mentors that have helped somewhat. Also have a "mentee" that is doing well.
  11. Got to do some great traveling and saw some wonderful sites, including the Mayan Ruins at Chichen Itza
  12. There was the wonderful time in Orlando, with Galaxy's Edge, Disney's 50th Anniversary, and the amazing fun that was The Halloween Haunted Houses at Universal Orlando.
  13. At home, the workouts have been producing great results. Seeing some abs as well as loss of inches.

What Didn't Go Well This Past Year

  1. Had a couple of referrals present with with great job opportunities, but those failed.
  2. 350 jobs applied to, with nearly a 50% rejection rate and the remainder go unresponded. Had 5 interviews to date that went to the final rounds: no offers.
  3. Had to liquidate my retirement to cover the year's expenses. Not looking forward to the tax penalty next year.
  4. Had a wonderful job in a new career bottom out. While the circumstances were beyond my control, it stings.
  5. Had my Web App Pen Test Capstone evaluated. The results were suboptimal. BUT! That's a win unto itself. I got to learn how to get better.
  6. Linked-In is the worst! Great for jobs, but shit for networking and posting content that gains little to no traction. Or perhaps it me.

What Needs To Get Better

  1. Need to be a better husband/provider, father, and friend.
  2. No more fuck ups!! No more doing dumb shit!! I have to be better than this. This year had to happen to teach me that lesson.
  3. Need to land a job and stick it out.
  4. I cannot continue to be the same person and hope good things keep happening. Right now, I'm staring at my ineptitude and it's the worst.
  5. My goal was to have been certified by June. It's now end of September, and that is not feasible. But, I have gained completion in other areas that had more value. It continues.
  6. I have to decide if Security is the path I want to take and really push through the failure. Right now, it stings a little.
Posted by at No comments:

Friday, September 15, 2023

Security Testing Journal Entry | w/e Friday September 15, 2023 - Situation: Critical


Highlights for the week

Not a lot to draw on this week that went well. I did hit a few goals for the week, task-wise, but I'm no closer to landing a job than I was last week. There is some "hope" with the job I interviewed 3 weeks ago. The choice is between myself (a Jr.) and another person (a Sr.). The company offered an opportunity to bring on someone new and show them the skills. The experienced person presents the favorable prospect of bringing in someone that requires no training and can effectively start immediately, albeit at a higher salary.
Not gonna lie .. the wait has been absolute torture. I will be insolvent in the next 2 weeks. I have nothing coming in. No idea how I'm going to pay the rent or bills.
!!SUCCESS IS MY RESPONSIBILITY!!

What We Loved

  1. Not a lot to love this week. Stayed disciplined in my workout and education, but slipped in other places.

What We Learned

  1. Security+ - Wrapped up the module on "Public Key Infrastructure". Up next is the Operations & Incident Response section. Super-interesting.
  2. Automation - Closed the book on WebdriverIO videos. Going through a practice site now, starting with test plan write up using an updated template.
  3. TCM - no feedback on the Capstone, but at least that got done. Planning another Pentest.
  4. Cult.ure - Intersting turn of events so far. Need to get back into it and be more consistent. The story is shaping up nicely.

What We Longed For

  1. As always, a job, paycheck, and benefits. The hope for news (good or bad) is painful! I'd rather have a "no" now, than wait for a "yes" that might not come.

What We Loathed

  1. September 8th - I will commemorate this as the lowest of low-points in my personal life. NEXT TIME YOU WANT TO BE A DUMBASS AND FUCK UP AT WORK .. remember this date and the bs of no money, no job prospects, and having to get EBT to support your family Remember the empty fridge, empty bank account, cleaned out retirement and what- not
Posted by at No comments:

Friday, September 8, 2023

Security Testing Journal Entry | w/e Friday September 8, 2023 -- "Small Wins" Edition


Highlights for the week

Closing out the week on a mild high. While I wait for the Security role to manifest itself, I've had the chance to shoot my shots on a couple of roles. Nothing done yet, but for whatever reason, I'm not panicing .. yet! I will be insolvent by 9/15 so I need something now. That being said, a couple of small wins.

What We Loved

  1. I followed up on the job that I interviewed some two weeks ago. Per my mentor, the feed back was great. His words, "you were a frontrunner along with one other candidate who is fundamentally different from you" and that the business direction would determine who wins the race. Fingers crossed! But this does sound hopeful.
  2. I submitted my capstone (proof of mastery) to TTI for the Pen Test course. It was a complete labor of love as I thoroughly tested a demo site and reported on vulns.
  3. Acquired the SNAP card this week. Turns out whomever processed my application failed to mail out the card. Now I have an excess of $$ for two months.

What We Learned

  1. Security+ - Finished the module on "Authentication & Authorization." Working through the module on "Public Key Infrastructure" .. kinda long.
  2. Automation - Paused. I should probably resume with Webdriver next week, but tbh I'm way over QA. Still, I need a job and QA is the only thing I know.
  3. Cult.ure - Coming along great. A new chapter dealing with the kidnapping of a nosey journalist. Paul & Dulci get closer.

What We Longed For

  1. As always, longing for paycheck & benefits
  2. I need a Plan-B if the Security job doesn't pan out. But I can't accept anything less that success.

What We Loathed

  1. The entire job hunting process is the absolute worst. It's been a year and I never anticipated the harrowing ordeal of landing a new role.
Posted by at No comments:

Friday, September 1, 2023

Security Testing Journal Entry | w/e Friday September 1, 2023 -- Rabbit Rabbit


Highlights for the week

Welp .. it's happened. I'm 20 days from hitting 1 full year since my last paycheck, my last employment. I've learned a metric ton since the last time I answered to anyone. I've faced a lot of demons, confronted my ineptitude, and healed from a lot of the psychological and emotional trauma that comes with getting laid off .. repeatedly. I've learned a lot about what I want and don't want. I've interviewed a few times to no avail, but thinking the ~300 "No's" are bringing me closer to my "YES!!" The proof was interviewing for the Junior Security Consultant role. If I don't get it, well I took my shot. The TCM course on Pen Testing prepared me for that, and I cannot begin to think that was the best $1 I ever spent on myself.
I need a job, a good paycheck, and benefits, yet for some odd reason I'm not going to lose my mind of landing a role in QA that I don't want. Life is too short to settle. It's taken me 12 months to learn I need to be living for me, doing what I want, for a company that is going to suit my needs. I'm not a lemming to be disposed of when they see fit. I want to have the dream job, and I feel I'm getting closer to that.
*** GOALS ACHIEVED ***

  • Hit all my study goals this week
  • Completed Most of "Juice Shop 1 Star" (Pen Test Attack Difficulty) and most of the "2 Stars"
  • Fulfilled SNAP requirements. Should hear something by 9/2
  • Learned more about Sec+ and PTES .. the Penetration Testing Standard
  • Workouts have been consistent. Seeing the results

What We Loved

  1. TCM - Pen Testing Course. Learning the process and the skills to successfully complete a penetration test are immeasurable.

What We Learned

  1. Security+ - This week's module centered around Cloud Security & Account Management. Next up: Authentication & Authorization Services
  2. TCM - Course Completed. Now I have to do a Capstone (Proof of Mastery) and truly earn that cert.
  3. Cult.ure - Book is coming along, but I need to be more disciplined in my writing. One or two days aint cutting it.

What We Longed For

  1. Job & Paycheck .. nothing more complicated than that
  2. Need read more. So far, my reading has been off web pages and Flip board

What We Loathed

  1. No negativity this week
Posted by at No comments:
Subscribe to: Posts (Atom)