Saturday, July 6, 2024

Security Testing Journal Entry | w/e Friday July 5, 2024 - "Independence Day" Ed.


Highlights for the week

Welp! That happened ... Ghosted after two weeks.

It was 10 solid business days since my last interview for an awesome job. 336 hours since I last heard from the recruiter. The radio silence was too much. So it took me sending an e-mail asking about the status of my application to learn they went with someone else. What followed was a mix of emotions from sadness to frustration, even anger and disappointment. Had the news came sooner, I could have handled it better. Waiting two weeks was especially cruel. Hoping for a "yes" was the worst.

But I felt something in the pit of my stomach that let me know I didn't get it. The feeling was something similar to when you're standing in an elevator and the car suddenly drops.

Wife and I had been mapping out what the promise of that salary might bring after the first week. By the close of the second, the feeling of hope turned into despair. The opportunities are drying up. And the longer I'm out of work, the harder it is to get back in, making for a perpetual motion machine of insecurity. I have no plan-b! This job prospect was it. It pays to be a winner, and I've yet to win .. so what does that make me?

What We’re Grateful For

  1. Grateful that I get to sit here and write this, with a roof over my head and a full 'fridge.
  2. I get to enjoy working out and a nice shower afterwards.
  3. I get to sleep on a proper mattress, in my apartment, in a great neighborhood.
  4. Grateful that I have my smart wife providing some possible ideas for problem resolution. I need to do better; be better!

What We Loved

  1. Not a lot to love this week. It's been tough.

What We Learned

  1. Cybrary - finished modules 9 and 10; Onto 11: the reporting.
  2. GraphQL - playing with the queries for mutations.
  3. Pen Testing - started a new test for a banking app
  4. Medium - blogging about Threat Modeling
  5. "Husb .." - nearing the end; have come to the climactic show down amongst all the characters

What We Longed For

  1. As always, longing for a decent job with great pay/benefits, great people, doing awesome things.

What We Loathed

  1. Ghosting! By far, the most purile of behaviors exhibited by recruiters. They need to learn to put their feelings aside and let candidates know when the decision to move on occurs.
Posted by at No comments:

Sunday, June 30, 2024

Security Testing Journal Entry | w/e Friday June 28, 2024 - "The Waiting Game, pt 2" Ed.


Highlights for the week

1 week in the bag .. still waiting. No news is good news, I suppose! I hear the horror stories about people getting ghosted after final interviews and my anxiety level is through the roof. 22 long months now and this is the closest to the best situation I've come across. I keep hope alive, but the reality is after this week's round of bills, there's nothing left.

Big Oof! Pinged hiring mgr while he was on vacay, but I was never informed so ... We connected and he was ok with it.

Second Oof! angered the spouse by making a judgment call - lesson learned (don't leave the house w/o wallet & food card). Ffwd a few days and everything cooled down. Out of the dog house.

What We’re Grateful For

  1. Grateful for another week that I get to enjoy the comforts of food and shelter.
  2. Grateful that I'm physically able to make things happen and get things done!
  3. Can't express enough gratitude for having a wonderful family. I need to be a better son and brother.

What We Loved

  1. Loved getting done with the Burp Suite GraphQL module then finding a site that allows for extended practice.

What We Learned

  1. Burp Suite - Finished GraphQL labs. Def. Need more practice;
  2. Cybrary - Finished module 8 & moving through 9
  3. HackerRank gets an honorable mention as I learned about using textwrap to solve a problem (i got stuck and peeked at the answer, learned something new). https://www.geeksforgeeks.org/textwrap-text-wrapping-filling-python/
  4. "Husb .." tbd

What We Longed For

  1. As mentioned before, I'm longing to hear back from the job. At this point, I'm ready for the bad news. No news is good news, but no news is also nerve-wracking. At least rejection brings the matter to resolution.

What We Loathed

  1. Recruiter ghosting ... which I will declare as much after Wednesday.
Posted by at No comments:

Friday, June 21, 2024

Security Testing Journal Entry | w/e Friday June 21, 2024 - "The Waiting Game" Ed.


Highlights for the week

Big wins this week. Completed 5th round of interview and everything went well. Now, the wait begins!! Come what may, It was a fluid process and I met some cool people.

What We’re Grateful For ...

  1. Grateful to have another week full of hope
  2. Much appreciation to wife for all she's done
  3. Proud of us as couple NOT fighting over finances, but coming together, budgeting, and collaborating with funds
  4. Getting the opportunity meet n' greet a company that fits everything I've been looking for

What We Loved

  1. As stated earlier, the fact I was even presented with the ideal opportunity is a win. I interviewed and advanced quickly to the final stages. All appendages crossed!

What We Learned

  1. Burp Suite - Learning about graphQL this week. Amazing things so far. Can't wait to hit their Labs
  2. Cybrary - Finally finished Module 5 and 6, and midway through 7. I may want to revisit metasploit soon.
  3. Pen Test - Finished "Royal Security Services" Pen Test. I compeleted the report, but more importantly, actively built out the automation suite. Works like a charm!
  4. "Husb..." - moving through Chapter 27. I really need to wrap this baby up and get back to my real book.

What We Longed For

  1. Feedback from the interview is the thing I'm waiting for at the moment. I give myself a strong B+. I could have been better with the technical/coding portion.

What We Loathed

  1. Waiting! I'm just really bad at not having an ETA or plain silence after a successful process. It's more of a "me" problem than them.
Posted by at No comments:

Saturday, June 15, 2024

Security Testing Journal Entry | w/e Friday June 14, 2024 - "Big Gemini Energy" Ed.


Highlights for the week

HUGE NEWS! This week as I've been moving along through the interview process for a QA Specialist role at a Consultancy. Great pay, with seemingly cool people, working on an awesome product. No word on acceptance yet as I have to make 1 more interview. Overall, dare I say: Prayers answered!

Big gemini energy this week as the birthday/father's day falls on the same day. Enjoying both as I've decided to take the weekend off from the gym.

What We’re Grateful For

  1. Grateful for a loving wife. We managed to get through these dark times without being at each other's throat. On the same page regarding finances.
  2. Gratful for a wonderful mom who gave me a lot more $$ for my birthday than I was expecting.
  3. Grateful for fatherhood, both being a dad and understanding what it takes to be a dad (we don't always get it right, but we try).

What We Loved

  1. The promise of a new job is truly what I've been loving most this past week.
  2. The Cybrary course has been really eye-opening. Learning something new every day.

What We Learned

  1. Cybrary - Learned some invaluable lessons with LFI/RFI and File upload vulnerabilities that I hadn't known before.
  2. Burp Suite - pivoting off of the Race conditions and onto GraphQL. That seems more relevant.
  3. Automation - some light work with mobile; finally getting around to learning JAVA with Playwright; Security suite is coming along nicely.
  4. "Husb..." - exciting chapter as we get to learn about the founder of the Order. The story ballooned.
  5. Medium Blogging - I'm going to start ramping up the "Security 4 N0obs series" and catalog my journey better.

What We Longed For

  1. Really truly hoping to hear something soon. I'm in the red with finances.

What We Loathed

  1. Nothing this week. Rejection letters don't phase me any more.
Posted by at No comments:

Friday, June 7, 2024

Security Testing Journal Entry | w/e Friday June 7th, 2024 - "Tech Interview Fears Conquored" Ed.


Highlights for the week

So this week was the tech interview and boy-howdie! how I prepared. I got on the code path and just went at it daily. As much as I prepared, I was still nervous the night before. On the day of, I was a little anxious, more so because of how much it mattered and not for how I was going to do. Interviewers were pleasant and cool people.

How I think I did on the tech interview:

  1. Overall: B+
  2. Attitude: A
  3. Aptitude: B

What I did right:

  1. Overall, I was proud of myself for overcoming my fears and ineptitude and doing well with the coding exercises
  2. I demonstrated understanding of some core concepts
  3. I spoke at length of tech. arch., and testing principles
  4. I was asked about security and did the best I could not to ramble

Where I should have done better:

  1. I got asked to sketch out a web architecture and mapped out an e-commerce app. It could have been better
  2. I have no bkgd in FinTech so that might be points against
  3. I needed to have spent more time understanding the "why" of feature to code tests better (missed the copy that showed a formula that was part of the output
  4. Page objects were not declared properly - I use POM and there were errors thrown with how I declared them in the test
  5. I jumped right into the code without really understanding the scope of the feature .. but it worked to my advantage since the tech issues impacted time
  6. I was asked about using Cucumber and expressed my opinion on it as "cumbersome" which might be a strike since its what is used for the backend

What We’re Grateful For

  1. Grateful that I am healthy and capable
  2. Grateful that I get to have a roof over my head, a full 'fridge, and a loving home
  3. Grateful for a wonderful wife, son, and family
  4. Grateful for the opportunity to make it to the tech interview of a potential great employer

What We Loved

  1. Preparation for the tech interview. Did as well as I could

What We Learned

  1. Cybrary - learned a few new techniques with Pen Testing for SQL Injection; On to LFI
  2. Royal Security Pen Test - "paused" .. the priority was the job interview!
  3. Automation w. Appium - coded a few tests for android
  4. Automation w. Playwright/JS - several tests for different components to help practice for interview
  5. "Husb ..." - new chapter leading up to a major conflict; 2 new 'sisters' and origins .. fun!
  6. Burp Suite - Race Condition: paused! Shall resume this weekend, or next week
  7. Been practicing hackerrank for fun .. and as a way of overcoming my incompetence {GET SOME!}

What We Longed For

  1. As always, a good job, with good pay and benefits, working with cool people, doing cool things [Consultancy feels like the right move!]

What We Loathed

  1. Anxiety and overlooking the obvious because of nerves
Posted by at No comments:

Friday, May 31, 2024

Security Testing Journal Entry | w/e Friday May 31, 2024 - "Prayers Answered (somewhat)" Ed.


Highlights for the week

Big time highlight of the week: Landed 3rd round for a consulting company in lower NYC. Finance industry, great pay, great people, doing something awesome! Let's not f** this up!

What We’re Grateful For

  1. Grateful for a wonderful family .. as always.
  2. Grateful to have the means to make it another month with the bills paid.
  3. Grateful for Slack and network connections. This lead to a new job opportunity {all appendages crossed!}.

What We Loved

  1. Mentee (France) has strong PM/BA experience; amazing culture regarding Indian marital customs.
  2. Mentee (US) has reached A+ status; progressing with GRC.

What We Learned

  1. Cybrary - SQL injection w/o using SQLMap - enumerating site with union select.
  2. Playwright w. Python security framework is progressing nicely.
  3. Playwright w. Javascript -- must practice.
  4. Burp Suite - Race Conditions: paused.
  5. "Husb ..." back on with another exciting chapter.

What We Longed For

  1. As always ... a decent paycheck. 17 months of unemployment is no way to live life.

What We Loathed

  1. Ghost jobs! Literally the worst thing ever is seeing a job you know you can do and not hear back from recruiters.
Posted by at No comments:

Friday, May 24, 2024

Security Testing Journal Entry | w/e Friday May 24, 2024 - "So Many Ideas, So Little Time" Ed.


Highlights for the week

Quick note this week to express the excitement and enthusiasm for work done. Going to keep it short & sweet, but there's alot to be rejoicing in.

What We’re Grateful For

  1. Another week that I'm grateful for new connections on slack - potential job lead!
  2. Grateful for another on-site opportunity - easy money!
  3. Super-excited for the experience of mentorship - watching them shine is all the joy one could ask for!

What We Loved

  1. Progress on the security framework - I mean, wow!

What We Learned

  1. Appium Automation - got the iOS tests purring!
  2. Security Automation - the clean up has started. Leveraging Allure for results ... looks amazing!
  3. Cybrary WAPT - Finally finished the enumeration module for distinct protocols. I really need to get back to Metasploit and learn Hydra!
  4. Burp Suite - Race Condition module. It's coming along, but finding it a bit tedious. Will grind through it.
  5. "Husb ..." - baby step forward. Gotta wrap up this story soon. It ballooned in an amazing manner.

What We Longed For

  1. I'll keep saying it .. a good job, with great people, doing cool sh**, for great pay and benefits

What We Loathed

  1. It's been a positive week ... nothing really worth writing about
Posted by at No comments:
Subscribe to: Posts (Atom)