I made a post back in November about some future learning plans. Of that list, I’ve “finished” building my lab for the moment which allows me to put time into vulnhub boxes and other lab work. I successfully finished the PWK/OSCP course (whew!). I’ve started getting back to attending local meet-ups and events (SecDSM, BSidesIowa, ISSA). I also have a PluralSight subscription where I fill some free time with courses hosted there; they proved very helpful in preparing for the PWK/OSCP.
Moving forward over the next 6 months…
I’ve added and also started to pursue other online labs/CTF styled efforts such as hackthebox.gr. I hope to make HTB my larger time spend for geek stuff over the summer months. Add this to Vulnhub lab efforts and I should have my puzzle-solving itch taken care of for at least the summer. Also, doing these hits some sub-goals of organization and learning a few new tools.
Work is footing access to the LinuxAcademy course site for 6 months with the goal that I will be completing one of a few 20-ish hour tracks in Linux. Obviously, I’ll take advantage of more courses than just that. My own goal is to shore up some of my Linux exposure. I’m comfortable in Linux day-to-day and command line operation, but I still have lots to learn and I do plenty of administration-by-Google. I’d love to eventually just add in a RedHat or LinuxFoundation or Linux+/LPIC certification under my belt. Probably one of the former two by end of 2017 or early 2018.
I am also impatiently waiting for the online release of the Offensive Security web application course, AWAE/OSWE. This isn’t live yet, but once it opens, I plan to get in on this to further my web application security assessment skills as a priority. I could also pursue self study on the syllabus or using books like the Web Application Hacker’s Handbook in the meantime. Failing that one coming out any time soon, I’m also open to looking at other web app security/assessment courses or certifications. Examples include eLearnSecurity’s eWAPT course, or maybe the CSSLP from ISC2.
For possible other directions later this year, the next Offensive Security offering CTP/OSCE is an experience I’d like to have finished by the end of 2018. But having done OSCP, I know this will be another time suck. I’d like to look into the SLAE from SecurityTube as a pre-cursor.
Also, the CompTia CASP has appeared on my radar of something to pursue, and seems to be getting good exposure and reviews. Other possibilities are the CCNA as a way to get into the deeper Cisco security stuff or doing some other vendor-specific stuff like Palo Alto, Fortinet, VMWare, AWS Cloud Security, and so on.
My lab does still need to have a plan implemented for standing up (and re-standing up efficiently) an AD environment that I can use for testing. I’d like to package some additional PowerShell and maybe even Ansible/DevOps concepts into this effort, but that might be too big of a scope.
And a bit further down the priority list would be something like the ISACA CISA/CISM or much deeper study into Python.
There’s an endless amount of learning to do!