Monday, October 30, 2023

Security Testing Journal Entry | w/e Friday October 27, 2023 - CTF Experience, pt. 1 - "Small Wins"

Highlights for the week

An interesting thing happened this week that I want to share, but rather than blather on about it, I'll just leave this link here: CAPTURE THE FLAG CAPTURED MY HEART!!

What We Loved

  1. Meeting new people and becoming part of a capture-the-flag event

What We Learned

  1. CTF - Malware Analysis, Extracting Binary Files, Using Snyk, Using an Audio file to perform an exploit, and Discord "Snowflakes" to name a few...
  2. Security+ - Continued GRC .. home stretch. Signed up for ISC2 and Coursera
  3. Automation BDD - paused, but started the learning process
  4. Burp Suite - lots of tests surrounding reflected XSS
  5. Cult.ure - Chapter 26 is moving along at a snails pace because .. story keeps evolving!

What We Longed For

  1. As always, a job! Will I ever land one

What We Loathed

  1. Rejection letters w/o a chance to get an in-person interview
  2. Recruiters that fail to follow through on their word

Friday, October 20, 2023

Security Testing Journal Entry | w/e Friday October 20, 2023 - "The Apocalypse Is Neigh"

Highlights for the week

On a current event tip, an Islamist terrorist group attacked an Israeli party killing thousands and wounding several more. Lot's of saber-rattling going on and there's no sign of a cease fire. It has the perfect concoction of a world war. And we're giving away $100M ... money the US could use.

On a personal tip, I'm ending the week on a high. A recruiter reached out and I'm in the throes of an interview process with NBC - Peacock. I've also had the fun privilege of joining a CTF team for Huntress.

What We Loved

  1. Member of a cool CTF Team
  2. Interviewing for a cool job
  3. Sat through an awesome webinar for Secure Ideas .. met some great people

What We Learned

  1. Security+ - I'm in the final lap of the Cert. Going through GRC .. learning a ton!
  2. Participated in a Snyk CTF challenge. It was the same as the last time I did it, but met cool people.
  3. Pen Testing - Managed to pull in some Burp Suite labs for the week.
  4. Automation - Started BDD ... came to find out the job doesn't use Cucumber. The decision now is whether to keep going or pause. My time is finite; WebdriverIO is still paused.
  5. Cult.ure - Chapter 26 is in full swing. It's a slog considering the characters I've introduced and the direction the story is going.

What We Longed For

  1. Appium isn't working anymore. Not concerned but also not happy about that.
  2. Hoping the job works out .. it's 13 months, no pay. The finances have me covered for another month. Not going through the holidays broke!

What We Loathed

  1. The whole job search process is the literal worst.

Friday, October 13, 2023

Security Testing Journal Entry | w/e Friday October 13, 2023 - "Dank Week, Pt.2"

Highlights for the week

Not many highlights this week. Sleep quality has been trash. Haven't been in a proper headspace. Job prospects are dismal.

It's not all bad. I did finish the 4th module for Sec+, met with my mentor and discussed remediation, and learned something new with Burp Suite. I should get back into automation with WebdriverIO but my heart just isn't in it anymore.

The irony of looking for a job you no longer want to do is that it may help reinforce what you need to know. In the meantime, the pen testing grind and the job search grind continues.

Monday, October 9, 2023

Security Testing Journal Entry | w/e Friday October 6, 2023 - "Dank Week, pt. 1"

Highlights for the week

Short, late post. Not a lot to cover since the priority for the second week in a row was the job search. Once again, there seems to be a valley between recruiters who feel everything is fine, and candidates who know the recruitment process is broken. One can meet 100% of the basic qualifications and still never get a call. Candidates have resorted to games and "hacks" to circumvent the resume scanners and reach the Applicant Tracking System (ATS).

Then there's the endless streams of conflicting recruiter advice. Some say "x", others say "y". The "x" people think the "y" people are spreading misinformation, and vice-versa. Its super-confusing. The weeks are ticking away and quickly becoming months. I have 1 month left of financial reprieve before I'm in the absolute shits again and no closer to landing anything. Not even so much as a blip on the radar.

It has been a hard week. I've been unmotivated, frustrated, and anxious. Sleep has been decent, but inconsistent in terms of waking up. Workouts have been great. I have to do better in terms of time management and quality output. I'm spending good time learning a bunch of different things, but an hour or two sprinkled to on many tasks isn't working. The bulk of my time is the job search, so everything that comes after is inconsequential. That being said, I need to just realign my time and focus on 1 thing rather than a bunch of little things spread across the week.

Which brings me to my second pen testing effort. I learned to run the scan and realized it doesn't pick up much of what was proposed should have been caught. I've spent the time researching the issues found hoping to recreate them manually to no avail. I've recorded the findings and will declare that site "tested". On the next one. I've researched new certifications but it all comes back to money I don't have and time better spent "doing" rather than "learning".

A dank week to say the least. I can't say I hit all the goals I set out to hit. But I did have some small wins as it relates to rebuilding the webdriverIO test framework.