Security Testing Journal Entry | w/e Friday May 3, 2024 - "May the 4th Be With You .. Always!" Ed.

Highlights for the week

Mildly uneventful week. Managed to complete another pen test, completed the refactor of API security tests, and kicked off a campaign to automate some manual pen tests. Overall, a pretty good week.

What We’re Grateful For

1. Happy that I got to add another pod/live stream to my menu, this one deals with Cybersecurity news!
2. Grateful for good health and well-being
3. Grateful to have a full refrigerator (despite the absence of income)
4. Grateful for another month with a roof over my head
5. Thankful that a recruiter reached out to me and forwarded my application (finger's crossed)

What We Loved

1. Mom's birthday - we're talking. She still has yet to acknowledge what she's done, but I'm not one to hold grudges.
2. May is great for "Star Wars Nerds" (5/4) and Cinco De Mayo! As well as Mother's Day!

What We Learned

1. Automation - Learned to refactor API tests using Clients and improved syntax
2. Automation - Learned to write automation tests for DOM-Based XSS and Stored XSS .. more to come
3. Security - completed OrangeHRM Pen Test. Really happy with how the report looks and the progress made. Next week - mobiles!
4. "Husb..." - another week gone and no writing done. Gotta fix that and finish this.

What We Longed For

1. Need a job

What We Loathed

1. The lack of a job

Security Testing Journal Entry | w/e Friday April 26, 2024 - "Spring Cleaning & Healing Ed."

Highlights for the week

Stepping out of my comfy zone to post about a project, warts & all (lesson - have your ducks in a row); tested IOT devices - awesome!; learned iOS Mobile (lesson - need to improve lab); Part of my personal spring cleaning (see "What we learned)

What We’re Grateful For

1. Gratful the moon woke me up early, which meant I got a good night's sleep and feel awesome! Was also productive
2. Grateful for having a roof over my head, a full fridge, and good health
3. Grateful to be humbled by learning new things and making rookie mistakes
4. Grateful for meeting my personal, professional, and fitness goals this past month!

What We Loved

1. New opportunities testing IOT devices

What We Learned

1. Learning to take action, especially when its difficult or challenging .. may result in a win or not!
2. Learning to get rid of limiting beliefs & pick up affirmations
3. Working on getting rid of old habits & pick up new "good" ones
4. Tough week for getting anything done. Pen testing is behind schedule.
5. Finally got Azure working. Learned there was a request that needed to be made, probably to prevent bit mining.
6. Posted API security automation test and was met with some great (humbling) feedback. Note to self - make sure to be 100% perfect before going live!
7. Spent last weekend with iOS DIVA. Need to set up my framework to test better.
8. "Husb ..." {paused} -- been a hectic, productive week for QA testing

What We Longed For

1. I said it last week, and I'll probably keep saying it ... a good job, with great pay and benefits, working with cool people, doing cool sh**

What We Loathed

1. Unemployment sucks!
2. Ghost jobs suck!
3. Feeling like I'm never going to get a job ... definitely sucks!

Security Testing Journal Entry | w/e Friday April 19, 2024 - "Connections, Old & New Ed."

Highlights for the week

Made a new connection, have similar career paths; helped an old connection w. work; mentee is frustrated; gratitdue section to template

What We’re Grateful For

1. Happy that my wife & child are in good health
2. Grateful to have stamina and good health to work out
3. Happy that I get to have a great pair of mentees
4. Thrilled that, while I'm not working, I get to work on what I want to do with my career

What We Loved

1. Finally got Android and iOS DVA working. Successfully finished Android, on to iOS!
2. Also getting around to API Security Testing

What We Learned

1. Blogging - building an audience is goign to take time, but I'm proud of the work
2. Android Pen Testing
3. iOS Pen Testing (in progress)
4. API Pen Testing - managed to successfully complete 9 of 10 tests. The 10th didn't apply.
5. Web App Pen Testing (in progress) ... pushed to next week, maybe longer!
6. Azure DevOps - blocked! Sent request for parallelized testing
7. U-Test - Voice Assistant Testing; PII; Capture Crash logs on iOS/Android devices
8. "Husb..." - need to wrap this sucker up and get back to the real book

What We Longed For

1. As always: a proper job, pay, benefits, cool people, great location

What We Loathed

1. Nothing much to be angry about. Keeping it positive!

Security Testing Journal Entry | w/e Friday April 12, 2024 - "Eclipse Ed."

Highlights for the week

This week was a mixed bag of highs and lows. A couple of notable highs include a solar eclipse that happened at the top of the week, and a 4.8 earthquake that shook my desk for a few seconds.

Some lows include having to turn down a TesterWork job. Not sure how long I'm keeping them, but until I land a job, I'll have to play the game. Another low was the struggle to get my ios app pen testing environment up. That took up most of my Thursday, and ate into my other tasks.

What We Loved

1. A big win! Finished another pen test. Sent that draft to my mentor for review, waiting on feedback.
2. Another win! Got my environment set up to do mobile app testing.
3. Loving the results of my workout. Need to eat better, but seeing some progress.

What We Learned

1. Automation - Finished Cypress and jumped back into playwright with python, finished automation for that form.
2. U-test - finished modules regarding testing, tickets, and capturing the evidence.
3. Azure DevOps - tried to deploy my project but got blocked by the need for a subscription. Will revisit again next week.

What We Longed For

1. As always, patiently wating for that job. ZERO - jobs applied to this week.
2. "Husb ..." - didn't get much writing done this week! Longing for more time. Priorities took up most of the week.

What We Loathed

1. Need to get more disciplined. Been procrastinating a teenie bit.

Security Testing Journal Entry | w/e Friday April 5, 2024 - "Pr-Eclipse Ed."

Highlights for the week

So yeah! We are having an eclipse on 4/8. There was also a 4.8 earthquake on Friday (the day of this journal entry). Thankfully, no one in the family is hurt and there was no damage to anything anywhere. Other than that, a fairly quiet week. Not a lot to report.

What We Loved

1. Another successful week of learnings.

What We Learned

1. Linked In Learning: Completed OWASP-Top 10.
2. Linked In Learning: Completed Threat Modeling fundamentals
3. U-Test: Signed up and started some of their tutorials. I feel like there's an issue with their "Bug Report" practice module.
4. RemoWork: Deleted that account. Nothing came out of it.
5. Azure DevOps: Finished the modules. Need to deploy my practice site.
6. Cypress: Need to finish some front-end tests. Need to play with the API tests
7. "Husb...": New chapter around D's origins.

What We Longed For

1. As always: a good job, a good paycheck, working with great people

What We Loathed

1. Phoniness on social media, namely linked in. You go and help people, no kind of a "thank you!"

Security Testing Journal Entry | w/e Friday March 29, 2024 - "Easter Week Ed."

Highlights for the week

This past 40 days of Lent commemorates the end days of our savior Jesus Christ. We honor his life, death, and resurrection. More importantly, we honor his mission on earth. The message was simple, "love each other as I love you." That is to say, unconditional, forgiving, and without pretext. Cheers!

In other news, had a brilliant study session with my mentee. Achievement Unlocked! Another pen test completed.

Oh! Let me not forget, my mentor forwarded my resume to someone within his company. Same one I interviewed last time .. and lost. Stay tuned! Hoping my luck changes.

What We Loved

1. Mentee-1 - As always, worked with one mentee to improve her resume.
2. Mentee-2 - Worked with my other mentee to get her better prepared with her studies.

What We Learned

1. Automation (Web) - learned that Cypress discontinued support for xpath. That being said, somehow, things are working again.
2. Automation (iOS) - Finished XCUI iOS tests. Refactor .. tbd!
3. QA - Completed a ton of QA related activities, like test plan, test scenarios, risk analysis, requirements traceability, testing, and reporting.
4. Pen Test - completed the security audit and wrote up the report. On to the next one ... love this :)
5. Linked In Learning - Learned how to use Azure DevOps and deploy a project to that CI. Next week, I'm going to try deployment with the project.
6. Cult.ure - "paused"; "Husb..." - in the final chapters of the story that ballooned over the past two months. Love it :)
7. UTest - Signed up for remote work with new site. Next week - onboarding
8. TesterWork - Opted out of one campaign that required being "ON" for seven days; Signed up for another .. who knows how much longer I will keep this one

What We Longed For

1. It was a bummer that I didn't land the job. Every rejection is a redirection!

What We Loathed

1. UNEMPLOYMENT - 545 days since my last paycheck! Rejections galore. It's possible most of these jobs listed are not even real!
2. RemoTask - not sure how much longer I'm going to keep this profile active. I haven't completed the onboarding because they want a profile pic to verify id .. sketchy!

Security Testing Journal Entry | w/e Friday March 22, 2024

Highlights for the week

Lots of good stuff this week! Ran some personal errands which impacted some goals, but otherwise had a great week where I got to meet a new Pen Testing Professional. We talked a bit about the craft and what it takes, as well as how to get started. The answer - personal branding.

On the automation front, getting "ok" with XCode. It only took 14 years to finally get around to it. Coupled with knowing Espresso, I feel really proud of how that's come along.

Another site to practice pen testing is selected. Been grinding along.

What We Loved

1. Meeting with a new Cybersecurity professional. Nothing new learned, but it was still fun.
2. Made a new contact with a CISSP Security Professional. She seems like great people.
3. As always, meeting with my mentees is always the highlight of my week. Got to iron out some important things regarding her job prospects and career choice.
4. Lovin' my new PPL workout.

What We Learned

1. Automation - Learned about using POM w. XCode. Need to put that in place next week. Also learning about Azure DevOps (finally!)
2. Burp Suite - Closing in on completion of the labs. I won't get to all of them because I need BS Pro!
3. Security - New pen testing underway. Nothing new this week.
4. Security 2 - Learned a couple of things about threat modeling.
5. Cult.ure - "paused"; "Husb..." - exciting chapter and interesting character revelation.
6. Personally - improving the negative self talk. Learning to accept the consequences of my actions and the "why" behind them. Hoping I'm living to my true purpose.

What We Longed For

1. Another week, no new updates regarding a new job. This is getting really bad!

What We Loathed

1. Rejection for jobs that keep getting reposted.
2. Technical interviews that involve a Leetcode/Hackerrank code challenge with zero relevance to the job you'd actually be doing.

Security Testing Journal Entry | w/e Friday March 15, 2024 - "Luck o' the Irish Ed."

Highlights for the week

St. Patrick's day is fast approaching, commemorating 7 years since the passing of my grandma (RIP!). The time is flying by. Lots of decent news to report, starting with landing another freelancing gig testing AI, interviewing with an agency for a new role, and finally finishing both the pen test and linked in learning.

What We Loved

1. Finally got to start that new PPL workout. So far, so good. The love is in the grind!
2. Confronted my tech interview fears and did not feel like a failure. I didn't succeed, but not because I didn't try. I studied wrong .. sort of.

What We Learned

1. Automation - Big key win taking a crash course in XCUI Automation. Things are working and moving steadily.
2. AI - Got under the hood by preparing for a hackerrank interview (that I bombed) and had fun along the way. Will be blogging about it.
3. Pen Testing - Completed the report for the practice site. My mentor provided some insight and new scripts. He says I'm doing the right things
4. Linked In Learning - Completed the module for Security Fundamentals. Nothing too revealing to learn, but there were some OSINT tips that came in handy.
5. Cult.ure - paused; "Husb.." - made a little progress. Paused on the writing due to other priorities.
6. Burp Suite - Completed the module for Server-side Request Forgery. Will complete the Race condition one a.s.a.p.

What We Longed For

1. As always, not having a proper job is frustrating. But I'm not so concerned about where I work. I want the right environment, with the right people, for the right pay. I pray for a little bit of Irish luck to find its way to our family.

What We Loathed

1. Interview process where there was no proper introduction, but rather jump right into the technical assessment. The Worst!!

Security Testing Journal Entry | w/e Friday March 8, 2024

Highlights for the week

A very exciting week. Had a couple of opportunities presented to me, one being a potential for a new job, and another learning LLM. I got to finish the Pen Testing course and started cleaning up my linked in learning modules from the last time. Hoping of hopes to land a new job a.s.a.p! The debt hole is getting deeper and deeper.

What We Loved

1. Having a network of friends, online or in real life, has been instrumental. It feels good to be surrounded by good vibes.

What We Learned

1. Automation - finished another round of tests with a practice site. There was a lot of problems with the site itself, so there was only so much to test.
2. Burp Suite - Started Server-Side Request Forgery module.
3. Coursersa - Finished the Pen Testing/Forensic Data learning. It was very high-level, but I learned a bunch regarding forensic data analysis.
4. Linked-In Learning - Huge learning module regarding API security testing. I leveraged LLM to create a suite of automation test scripts in python. SOOO COOL!!
5. Pen Testing - started a new security audit with a bank app. Work in progress!
6. Blog - Finally published another blog regarding LLM and how it might benefit QA.
7. Cult.ure - paused! "Husb" - got over the writing block and got to a good place. I should start to wrap up the story .. it's getting away from me a little!

What We Longed For

1. As always .. a job and pay

What We Loathed

1. Freelancing QA site TW is dicey when it comes to how they moderate bugs reported. It takes a fight to convince people your bug is right. So exhausting.

Security Testing Journal Entry | w/e Friday March 2, 2024 - "Leap Day Ed."

Highlights for the week

It was a unique year this year, as February brought with it the 29th - leap day - a rare date that occurs once every four years. A fairly quiet week with minimal goals hit due to personal obligations that needed to be tended to.

What We Loved

1. Pen Testing and consistently learning something new

What We Learned

1. Pen Testing - Finally got around to watching the video regarding
2. Coursera - Week 4 (Scripting) half-way done. Learned how to write a super-basic bash script
3. Playwright (Autom.) - - baby steps with automating the
4. Cult.ure - Paused; "Husb.." is nearing the final act

What We Longed For

1. Much like last week ... desperately need a job! I will be insolvent after the 20th.

What We Loathed

1. Unemployment - 500+ days since my last paycheck

Security Testing Journal Entry | w/e Friday February 24, 2023

Highlights for the week

Finally got around to completing the module for Digital Forensics. It took retaking the test a couple of times, but I was happy with the module overall. So looking forward to the scripting module next week. I've also chipped away at the Pen Test for a practice site. Son's birtday is tomorrow .. he's closer to adulthood. Where does the time go!

Things are going to get squirrly next month if I don't land a job. March finances are covered, but April will be problematic if I don't land something NOW!

What We Loved

1. See "highlights ..." pretty much sums it up

What We Learned

1. Playwright (Autom.) - Started on automating basic scenarios for "The Book Store", somethign about clicking the title isn't working (m'eh)
2. Coursera Security Basics - It's a wrap with Digital Forensics. On to the final module "Scripting"
3. Pen Testing - Near-complete with testing the site. Might leverage what's on the spreadsheet to finish next week
4. Cult.ure - Paused; "Husb.." is nearing the final act

What We Longed For

1. As always, another week w/o job leads

What We Loathed

1. TesterWork having to fight for obvious issues. The payout was trivial for the 1 bug they did accept.
2. Sometimes I forget to read the room and display a lack of empathy for others. I was raised to be tough and keep it moving, others want to rant w/o a fix
3. Feeling like a failure is really starting to weigh on me. This whole unemployment situation has got to change

Security Testing Journal Entry | w/e Friday February 16, 2024 - "Valentine's Week Ed."

Highlights for the week

For all the lovie-dovie sentiment on Valentine's Day, I've never been good at being romantic. The few times I've tried, I've been burned. Sadly, I'm not that guy! I need to do better!

Lots of goals accomplished: published my first blog post, starting a new pen test, automation practice is solid, cleaned out the Mac finally (lots more to do), "Husb" book is coming along .. not going to publish it, but its fun.

What We Loved

1. Tester Work: Some light (remote) work. Finished my first test assignment and won a deliberation on tickets
2. Meeting with mentor was efficient and effective. I discussed the Pen Test check list. It was worth using
3. Mentee on Linked In lost 2 job prospects, but has a few others waiting. Been making sure she doesn't slip into depression
4. Loved being able to add a Windows 11 VM on my machine. I may be able to move forward with some other labs/side projects!

What We Learned

1. Playwright (Autom.) - Used faker to interact with date picker; learned to drag/drop an element on the grid
2. Coursera Security Basics - Learning a lot about Data Forensics. Tons of fun. Behind by a couple of days, but its been fun!
3. Pen Testing - Starting a new project with Client "OpenCart". The site is buggy, and checkout flow is N/A, but it's all about the reps!
4. Cult.ure - Paused; "Husb.." is nearing the final act

What We Longed For

1. Job market is an absolute sh** show, with more people getting laid off then getting hired.

What We Loathed

1. Unemployment - 17 months and counting

Security Testing Journal Entry | w/e Friday February 9, 2024

Highlights for the week

Not quite highlights, but I had a little crisis of confidence where I had signed up for a freelance testing site for extra income. I bombed the QA assessment for no other reason than I dismissed their notes on classifying severity. I took a better look yesterday and passed it. All other things are moving at a steady pace.

What We Loved

1. Getting things done and being productive for once!

What We Learned

1. Coursera Week-2 - Interesting module on Incident Response / SIEM. Need to finish the quiz
2. Burp Suite - Finished XML Entity Injection Labs
3. Automation - Simple tests for radio buttons and links, where I got to use 1 selector with f-strings to minimize code duplication
4. Cult.ure - Paused. "Husb" another chapter in the bag. It keeps growing!
5. Mentoring - fun

What We Longed For

1. As alway .. a job.

What We Loathed

1. Unemployment!! The job market is a sh** show

Security Testing Journal Entry | w/e Friday February 2, 2024 - "SO Birthday Ed."

Highlights for the week

The lateness of this post comes at a time when I was celebrating my wife's birthday (as pathetic as money can allow) and a lot was happening .. sort of. Here we go!

What We Loved

1. Good things happening with my mentees this week. More to come.
2. Spent a good amount of time playing with ChatGPT.

What We Learned

1. ChatGPT - built up a nice repository of test cases
2. Burp Suite - finally finished the web cache labs. Skipped a bunch.
3. Coursera - Week-1 in the bag. Very very high-level overview of Pen Testing. I mean lacking in so much information it was mind boggling.
4. ISC(2) - As stated before, I don't think I will be pursuing the certification.
5. Automation - finally fixed my pytest automation. Will make progress on what remains.
6. Cult.ure - paused! The work on "Husb.." is coming along nicely.

What We Longed For

1. As always, an income and a paycheck

What We Loathed

1. Self-doubt and low-vibration. Gave into temptation .. again!

Security Testing Journal Entry | w/e Friday January 26, 2024 - "Mentees Winning" Ed.

Highlights for the week

I am a proud "papa" this week. My mentees are thriving. Ony one from France is successfully advancing through her studies. My other mentee is being courted by two potential employers, each with promising paths to success. She and I spent the better part of last week rehearsing interview skills. She passed all the preliminary rounds and is now in the final stages.

As for me, job hunt remains a grind, but the learning goes on. Huge lesson learned regarding testing LLM and Salesforce.

What We Loved

1. As noted above, being a mentor and watching others thrive is a super I've unlocked.

What We Learned

1. Pen Test for "Cartlane" - 75% complete. Goal this week is to be 100% done
2. Burp Suite - LLM tests ... this was fun and relevant!; Will revist web cache poisoning
3. QA Day - Learned Saleforce testing. Good stuff. Goal this week -- python practice, all week (autom., scripts)
4. Cult.ure - paused! "Husband" - new chapter "Illumina" started

What We Longed For

1. As always, looking forward to getting hired soon. Happily, I applied to a Jr. Pen Test role (fingers crossed)

What We Loathed

1. Unemployment!!
2. Seeing far too many tech workers getting laid off for silly reasons, when clearly its to rerout the budget from payroll to R&D

Security Testing Journal Entry | w/e Friday January 19, 2024

Highlights for the week

Huge wins for my mentees. One is doing well getting back to her work and learning. The other is interviewing for a highly sought-after job that could propel her into a new light. We've been practicing her interviewing. As such she succeeded past the recruiter call. There was also a great module dropped on Burp Suite regarding LLM and ChatGPT security testing. Waiting for the steps and bug fixes to play with it. Also, started a new pen test applying an involved checklist.

What We Loved

1. Watching others succeed!

What We Learned

1. ISC(2) - Finished! Need to take the exam (if free)
2. Pen Testing - started with Cartlane
3. Automation - Playwright with Typescript: Finished! Need to get back to PW/Python
4. SQL Fundamentals: Done! Learned some basic SQL for data validation .. some test scenarios
5. Cult.ure - paused! "Husband .. Hipocrate": In progress
6. Burp Suite: LLM Module: In progress

What We Longed For

1. As always, longing for a job. I really need to ramp up the search.

What We Loathed

1. Tech Layoffs. The're starting to pick up pace.

Security Testing Journal Entry | w/e Friday January 12, 2024

Highlights for the week

The week came and went and there's a lot I don't feel got done. I'm at the tail-end of the ISC(2) modules, not sure I'm going to pay for the exam. Grinding through burp suite. Lot's of fun stuff. Been writing more too.

What actionable steps have I take so far?

1. Practiciing Burp Suite consistentl. But I need to start practicing more web app pen testing. I should also start with mobile.
2. Writing is helping me communicate a lot better.
3. I need to really start working. Task Rabbit or consulting.
4. I have to start my blog .. like seriously! I've been wasting my powers on reddit.

What tasks both home, and work are priorities?

1. Job Hunting takes precedence.
2. Pen Test practice is the no. 2 - lately, its ISC(2)
3. Burp Suite, no. 3
4. Writing as the no. 4

What small goal will I accomplish this week?

1. Start another Pen Test for a practice site

Am I setting time aside to prioritize my health?

1. YES

Security Testing Journal Entry | w/e Friday January 5, 2024 - "The first week of the New Year"

Highlights for the week

Trying to recouperate from a week off. Getting my sleep back in order. The great news is I lost some weight since I last recorded the value. Something on the order of 20lbs. The goal was for 165lbs, but to even be at 175lbs for all the work put in is worth celebrating. I'm liking what I see when I look at naked self in the mirror.

Goals for 2024

1. Let it all go, no matter what it is. All the hurts, traumas, and failures. LET IT GO!!
2. Land a new job!
3. Hopefully make the $$ to get certified
4. Start the blog "Expected Results"

What We Learned in 2023

1. For Security - Tons of Security-related things, most importantly being Burp Suite and Metasploit
2. For QA - Automation frameworks in Cypress, Playwright (using Python and Javascript)
3. For QA - Performance Testing w. JMeter; DB Test w. SQL;
4. Getting my writing mojo back
5. Also learned posting on Linked in is the worst!

What We Longed For

1. Money and benefits

What We Loathed

1. The lack of employment was the frustrating part of 2023. I hope thigns turn around this year