Security Testing Journal Entry | w/e Friday August 15, 2025 - "Vacation" Ed.

Highlights for the week

It has been another quiet uneventful week. Some jobs applied to. Some jobs rejected. The circle keeps turning. I don't quite feel the fire like I once did. I'm trying really really hard to reignite the passion, but I've never been more disillusioned, disheartened, and disappointed in myself. I working on healing and silencing the negative talk, but every-so-often I'm haunted by the failures and the mistakes. Every week that goes by is a week that I kick myself for doing all the dumb sh*** that brought me back to the dark place ... the place I fought so hard for the last two years to get out of.

On a personal level, I've been listening to a lot of Jim Rohn and his videos have helped me get into a better headspace. Some of the quotes include:

1. Failure is part of the process. YOU'RE NOT A FAILURE - YOU ARE FORMING!!
2. Falling short is learning.
3. Keep showing up. Some days will feel like nothing is working. Keep going. Keep showing up for yourself. 1000 imperfect steps

Two main things I want to focus on for this trip: PUROPOSE and REBUILDING TRUST

1. Purpose: is living in alignment with your values, your standard, not someone else's expectations.
2. Rebuilding Trust: Rebuild trust by aligning your actions with your values.
3. Character is built by your habits, repetition, and daily decisions.

Conclusion: Quit doing the dumb shit!! Stay disciplined. Discipline is the highest form of self-love. It rebuilds compassion. It rebuilds confidence and trust .. one small action at a time. One win every day. Stay consistent. Repeatedly.

Non-sequitor: I really need to get myself checked out. Feeling all the symptoms of low-t and possibly enlarged prostate.

What We’re Grateful For

1. Grateeful that I get to wake up and enjoy another week.
2. Looking forward to the upcoming cruise and much needed escape from the dark cloud.
3. Grateful that I have the energy and

What We Loved

1. Love that vacation is next week. Going to rest, relax, reset, and reprioritize. Another cruise w/o a job is icky, but these are not fun times!!

What We Learned

1. Started a new pen test project given its football season, it only made sense to test NFL.com
2. Learned about Portswigger's SQL Lab - Visible error-based SQL injection to finish WAHH Chapter 9. Without PRO version, this was a daunting suite of labs.
3. Completed week 4 of the Network Pen Testing videos. I'll probably double up on the lessons when I come back from break.
4. WAHH - Chapter 11, just started and learned about some scenarios involving exploiting flaws in business logic

What We Longed For

1. As always, longing for a paychcek

What We Loathed

1. The fact AI is becoming the excuse for laying off so many people.
2. Hating the job hunting process. Getting rejected from a job only to see it reposted is enfuriating
3. Registered for DOL Cybersecurity training only to find out it was not as advertised

Security Testing Journal Entry | w/e Friday August 8, 2025 - "Weak Week" Ed.

Highlights for the week

Another week where emails and phone calls were silent with job prospects. It has been exactly 3 months since my time and SI and as I've written before, I'm not handling it well. I should have been happily employed, celebrating ONE YEAR in my new role as a security consultant. Instead, I'm back in the gulag of my own ineptitude. I haven't been sleeping well. My workouts have been steady, but not seeing the progress. And I'm gaining weight .. thinking its a low-t thing. The lonliness of not having anyone reaching out, or the fear that I may never land another job is really weighing on me. The motivation to even get up and keep moving forward has been tough. Discipline is how I operate.

The phrase, YOU FALL TO THE LEVEL OF YOUR TRAINING keeps bouncing around in my mind. As I meditate, I'm beginning to see just how true it is to everything I do and who I am.

Accepted another QA test cycle on U-Test (yay!)

Struck out on yet another HackerOne Pen Test (boo!)

What We’re Grateful For

1. I am absolutely grateful that I still have air in my lungs, food in the 'fridge, and money in the bank. God is not done with me.
2. Grateful that I get to watch my son coming to his own with new opportunities.
3. Grateful that my partner hasn't left. I've given her plenty of reasons.
4. New workout - alternating days off. Days Off = active rest days, so no real laziness

What We Loved

1. Not a lot to love this week.

What We Learned

1. Learned to test localization on native android app for Red Cross
2. Network Pen Test week 3 in the bag - bult a crappy network scanner

What We Longed For

1. Longing for a proper job.

What We Loathed

1. Nothing to really loathe except for the situation I am in of my own doing.

Security Testing Journal Entry | 90 Day Evaluation

Evaluating the past 90 days since my separation of employment from Secure Ideas

What We’re Grateful For

1. First and foremost, I am beyond grateful that I get to wake up, have food in the 'fridge, and clothes on my back.
2. I am grateful to the Lord (and grandma watching above) for answering my prayers. All outcomes were self-inflicted.
3. Grateful to have the opportunity to continue with my security testing journey, having all my faculties in place.
4. Grateful that I have a wonderful family and that we are getting through this as a united front.

First 30 Days: 1 - 30

Post firing, I was a mess. I was a combination of self-doubt, frustration, anger, depression, anxiety, and rage. Above all, I was disappointed. I let my friends, family, co-workers, mentor, and everyone else down. I was ashamed at failing ... yet again ... through my own negligence. At the end of the day, I had no one to blame but myself. I wrote up several red flags I uncovered as I reflected on my 9-months at SI, but this all on me.

The job search in the first 30 days was abysmal. I was frustrated to be back under the dark clouds that had plagued me for the past 2 years. Embarassed to have to file for Unemployment Insurance .. again. Humiliated at the thought of having to return to Welfare / SNAP.

Spiritually, I was a mess. Full of doubts, hopelessness, and lack of motivation. I was in a downward spiral of self-induced chaos.

By the last week of that first month, I had a breakdown and cried a bit. I motivated myself to reflect on what went well and where I failed, and just wrote about it.

Next 30 Days: 31 - 60

The job search is still a shit-show. No real progress. Not even so much as one interview.

Finding time to revisit and re-learn new skills. HackerOne has been a small blessing. Haven't made much progress as I keep finding crappy projects, but it its all about the grind at this point.

Made some new connections. Tried to reach out to recruiters .. no answer.

Recent 30 Days: 61 - 90

Professionally, things are not any better. To date: 62 jobs applied, 21 declined. Just as many have not responded at all.

Personally, in a much better place. I've been getting back into the spirit of things. Working out has helped. Sleeping better too. Set a routine of consistent workouts, steady work, job hunting, and making time for education.

Vacation in 16 days!!

*** RETROSPECTIVE QUESTIONNAIRE | EXTREME OWNERSHIP ***

Q1. What were the problems that lead up to your termination at SI?

• Issue-01: Performance - I was not performing to the level of my role and fell way behind the matrix to level up.
• Issue-02: Reporting - I was under performing when it came to reporting, making it unecessarily burdensome when collaborating with others. This was proven in the last two reports prior to my dismissal in May. Although feedback was positive and encouraging, too little .. too late.
• Issue-03: Testing - I was irresponsible testing file upload component and stupidly pulled in a link I had recently downloaded from a zoom invite, hoping the component was going to reject it.
• Issue-04: Technical Accumen - Still had some demonstrable concerns as it related working with burp suite pro!
• Issue-05: Communications - Subpar quality as it related to blog posts which revealed communication issues and inexperience.
• Issue-06: Social Engagement - There was a lack of community engagement. I was not getting the right opportunities nor was I actively taking the initiative to make this happen.

Q2. What were the consequences?

• Issue-01: Performance - The consequnce of not being level-set properly was failing to meet expectations set for the current level I was working towards.
• Issue-02: Reporting - As stated, I was improving. I did well on reports that had contributors with solid notes. I struggled bad when context was missing. The consequence, especially in the last two reports was extensive re-writes, editing, and delays. Up to that point, I never ever had a report go out late.
• Issue-03: Testing - This was a complete aberration. I should have known better. The consequence was a potential violation of some policy as well as introducing unnecessary risk to the client.
• Issue-04: Technical Accumen - Needed a lot of help from superiors to get me to a good point.
• Issue-05: Communications - Blogging required work.
• Issue-06: Social Engagement - N/A

Q3. How did this hurt the team?

• Issue-01: Performance - Showed I could not be relied on to get the job done.
• Issue-02: Reporting - Added unnecessary work to others on the team.
• Issue-03: Testing - Placed the team in a precarious position, even if it lead to a good vulnerability finding.
• Issue-04: Technical Accumen - Constantly needing help instead of being self reliant proved burdensome.
• Issue-05: Communications - Not really an impact to the team as my work never made it out of draft. It did waste people's time.
• Issue-06: Social Engagement - Nothing bad .. but no way for me to promote SI to the NYC family. Still felt too new!

Q4. How will you prevent a future occurrence?

• Issue-01: Performance - Keep practicing!! Will work twice as hard and keep practicing to improve. Will need certification(s) a.s.a.p!
• Issue-02: Reporting - Keep practicing!! Remember that not every team has the same process .. but follow it and get help when stuck. Use AI!!
• Issue-03: Testing - Keep practicing!! Ask questions when in doubt.
• Issue-04: Technical Accumen - Keep practicing!!
• Issue-05: Communications - Keep practicing!! Work at improving your writing skills to be more technical. Time and experience will play a large role.
• Issue-06: Social Engagement - Keep looking for new opportunities!!

TAKE ACTION - EXECUTE! PROVE THAT YOU CAN BE COUNTED ON .. FOR YOURSELF, YOUR FAMILY, AND YOUR FUTURE. DON'T QUIT!!

Security Testing Journal Entry | w/e Friday July 25, 2025 - "Chances Past, Present & Future" Ed.

Highlights for the week

CELEBRATING WINS:

A decent week of jobs applied to. Sadly, a few rejections. The market for 2025 is the worst that it has been in quite some time. I'm not about to be one of those who is going to bitch and moan about how bad things are. Although my energy this week has been somewhat low, I have to put out the good vibes. Positive Mindset and what-not!!

I haven't deposited my Secure Ideas retirement. Gotta wait until I actually have low enough funds to show a need for Medicaid/Snap (again!!). Another company had some money sitting in an account that was still available. Got that situation squared away and more money made its way to my bank (yay!).

I'm back on the HackerOne circuit, trying my luck at another pen test. I opted for a network pt, but I wasn't able to gain anything out of it. The new engagement has issues around logins and I'm blocked. Job search is still a grind!

What We’re Grateful For

1. I prayed, God answered in the form of another blue jay feather .. a good luck charm
2. Grateful as always that I get to wake up, work out, and live with food in the 'fridge, a roof over my head, and clothes on my back
3. Looking forward to the upcoming vacation for Lorenzo's graduation. I will NOT be bringing low-vibes to this vacation like I did on Royal Caribbean
4. I will forever be grateful for the support of wife (desipte wanting the divorce some time back), and support of mom

What We Loved

1. Prayed to God and feel like things are going to happen when they are meant to happen

What We Learned

1. Finally started the "Network" Pen Test video lecture series. First weeks was getting the environment set up
2. Moving through Portswigger stuff - tried my luck at "Mystery Labs" and found some were challenging
3. WAHH - Chapter 10 ... near complete. Bit of a grind, but all good stuff. A lot to learn
4. Made some new connections on LI

What We Longed For

1. Miss my security job more and more, but I'm humbled by how much I still have to learn

What We Loathed

1. More rejections this week
2. Reached out to a few recruiters and not one responded back

Security Testing Journal Entry | w/e Friday July 18, 2025 - "Downward Facing Slog Ed."

Highlights for the week

Not a lot of highlights for this week. Started the week off with a rejection. Feeling like I'm never going to land a new job in Security. Posted a mini-rant about it, and got somewhat skewered by the community. Maybe its me and I'm wrong. The consensus was that hiring folks will tend to favor CVEs (Common Vulnerabilities & Exploits) as proof-of-experience, over none. I want to keep going, but this week is a drag. Tuesday was a rough day. Over 40 jobs applied to, and still not one word in the positive. I've reached out to some recruiters expressing interest, nothing but silence.

Wednesday through Friday were productive, and it's been a drag to get to the gym, but I got it done. Sitting here on a Saturday and I'm tired .. mentally and physically. No Leg day for me. I realized I had worked out from last Saturday through Thursday straight.

What We’re Grateful For

1. Still have my health.
2. Upcoming trip for son's graduation.
3. Wife is still around, amazing as ever. This 'quiet divorce' has been weighing on me and it's all my fault! Another thing I need to fix.

What We Loved

1. Not a lot to love this week.

What We Learned

1. Sat through an amazing walk-thru on attacking LLMs
2. CVEs are the way to go for recruitment and landing a job as a Pen Tester.
3. Working through another HackerOne job. Not a lot happening .. just going through the motions.
4. Finished Chapter-9 of WAHH. It's about attacking Data Stores, SQL injection and what-not.

What We Longed For

1. A great job and a great paycheck. I had it then lost it.

What We Loathed

1. Getting rejected from a good job.
2. Failing the assessment, yet not getting word on what was missed. Definitely gotta try harder!

Security Testing Journal Entry | w/e Friday July 12, 2025 - "My Nine Months at Secure Ideas" Ed.

Highlights from a career pivot

What we learn from failure, and what we do with that knowledge, is what matters — M. Bloomberg

So here's a quick recap of how it went with my time at Secure Ideas since my last post:

1. JANUARY

• THE GOOD:
• Had just come back from holiday break. Lots of report writing and CISSP. Lot's of constructive feedback and learning.
• THE BAD:
• Attempted my first blog and received some feedback regarding the subject. Completely missed the assignment.
• THE UGLY:
• My inexperience was showing.

2. FEBRURARY

• THE GOOD:
• Awesome client-facing experience (funny guy!).
• Documentation for mobile is on-point!
• First network PT went well.
• CISSP studying going well.
• THE BAD:
• End of month - the project was severly underscoped, had to do way more as a junior; no help from partner (who was a principle).
• Needed to pull in extra resources to get API test to done
• THE UGLY:
• The report for the project was late because we ran into issues early in the project.

3. MARCH

• THE GOOD:
• Learned a lot about passive recon.

  VHosts - 1 server, multiple hosts (IPS / websites).

  PTR Records (reverse DNS look up) A PTR record is a "pointer record" query the name for a given IP address;

• Be quiet; no actively interacting with the host; recon - learn as much about the external footprint looking for host name, CIDR subnets, and domains

  Following any kind of a scan, be sure you save it and upload the data to Engagements

  Access-Control-Allow-Origin is missing - that its missing is intentional; it keeps the security tight, blocking AJAX calls

• THE BAD:
• CISSP Studies - need more practice. Struggling a little bit to keep up.
• THE UGLY:

• rookie-mistake no. 1 - Had a report go out where I forgot to update the TOC until late.

  Whenever there are any kind of structural changes to the report, where headers are renamed, always always always update the TOC right before pushing it up for review How it happened? We got hung up in the details of the bigger finding and made sure all pertinent details that mattered were in, and I forgot to update the TOC

4. APRIL

• THE GOOD:
• Holy Week .. lots of reflecting and gratitude for the good job
• Spent a lot of time with are home-grown Vulnerability labs ... good practice with API testing, CORS, etc.
• Moving through API training with great succeess; Active Directory home lab completed; Finally got a blog post published.
• Lots of compliments on the documentation revamp.
• THE BAD:

• rookie mistake no. 2 - as mentioned .. not updating the TOC;

  rookie mistake no. 3 - During the meeting with the client a JS vulnerability was recorded with no corresponding CVE.

  It was found during the call (a proper search). How did it happen? not searching diligently enough;

  rookie mistake no. 4 - I reviewed a report I had helped write.

  The feedback was for the new content. Per the process, anyone who collaborates on a report, or helps to write it, cannot be a reviewer

• Another quiet week not on a billable project.

  Feeling a bit worried / vulnerable / insecure about my work. And with taking off on 6/25, it moved me off a project making me on the bench from the end of May through June and beyond. I've been assured things are going to pick up, but I've heard that before ... it didn't end well.

• THE UGLY:

• rookie mistake no. 5 - As I had completed several blog posts, one of them set off alarms.

  The repositories I was referencing were NOT for public use.
• Mentor has been MIA for quite some time. Without his help/guidance, been feeling like I'm drowning. Truism: No one is coming to save you!
• Some steps in the client-provided documentation were missed. Somethng to do with sign-up .. can't remember

5. MAY

• THE GOOD:
• Got to see Mom for her birthday!
• Had a productive week where I got to help
• New project with my "AWOL mentor" and favorite API wizard
• THE BAD:
• Things started to come unglued after the ZERO report.

  rookie mistake no. 6 - I tested the file upload component on the website like QA, not HACKER. In so doing, I uploaded a link from an app that should absolutely NOT have happened. It lead to finding a vulnerability, but becaues of the way this was tested, I presented the likelihood of introducing risk to the client and putting SI in a bind. As it were, the component was inadequately tested. I've corrected this mistake, but this was bad!!

• rookie mistake no. 7 - failing to follow process.

  . I thought the report was good-to-go, and in my hubris, put it up for review. The report feedback was scathing and the CEO torched it. Although it was collaborative, and it could have been done better, the authorship fell on me as the primary agent responsible for it. NO BUENO!
• New project the following week, and everything went well until the report. It took several rewrites and a lot of late nights to get it to done. Another situation where I was the author and bore the full responsibility, but it was collaborative and others had issues as well. Can you see the pattern .. things were getting worse for me
• THE UGLY:
• Bad became worse as my two blog posts were shredded beyond hope. I completely missed the assignment.
• Concerns were raised regarding my performance. I was not excellent and had failed on many levels.
• Beginning of the end for me ...
• KEY TAKE-AWAYS FROM A BAD MONTH:
• The client comes first.
• The report is a reciept of services rendered along with being a statement of competence in the service provider. You cannot fail them.
• Always follow the process and be transparent about when things are being done; report readiness.
• Be Humble. You're not as good as you think you are. There's always room for growth.
• Do better.
• Ask lots of question; clarifying questions that help you do your job better.
• Get better with the tools (ie, Burp Suite Pro) and technology (Windows, AD, Networking, etc.).
• Time is money. Don't waste them.
• Revisit the Portswigger labs and re-learn.
• Learn from this and move on. Don't dwell in the failure of the past.

6. JUNE

• THE GOOD:
• Last week in may -- Trip to Jacksonville to meet the CEO, and co-workers.
• Progressively getting better with report writing, but more work still needed. Manager sees significant improvement. Good job!!
• THE BAD:
• The trip was a PIP in disguise. Fell way beind on career progression to the next level.
• Failed to meet expectations - performance was subpar.
• First Friday of June - 86d.
• THE UGLY:
• I hated having to go to work to hear that I have cultural issues that need attention; my work is in jeopardy ... again!
• I hated the hotel I was at.
• Lost the best job I've had in a long while and have only myself to blame. The first two weeks were a nightmare.
• It's taken me a solid month to process the loss, and from it I finally got to confront the final element of what has been holding me back.

7. JULY

• THE GOOD:
• Nothing good so far.
• THE BAD:
• Four weeks and no Unemployment Money yet.
• 25 jobs applied to so far, 8 rejections, not one phone call.
• THE UGLY:
• Job Market for 2025 is without a doubt the worst ever!!

No question this was a longer recap than I anticipated. I am eternally grateful for the chance at getting to work in pen testing for as long as I did. I learned a metric ton and made some invaluable connections. Met amazing people and I have nothing but the utmost regards for the opportunity. I am strong, smarter, and wiser as a result. Yes, there were a lot of mistakes. The kind of mistakes that could have been avoided with the proper guidance. Sadly, that's been the story of my life: figure it out or fail forward and learn the hard way.

Wife has been super-supportive, despite calls for divorce, which I half expected. Having a steady paycheck and benefits was awesome. Getting fired from a "prayer's answered" job hurt like hell. Still does. But the experience was immeasurable .. and despite the mistakes, I am better for it.