I still have a few months left for 2018, but I feel like I’ve been pretty successful already with my goals on the year. This is really year 2 of me specifically tracking my career growth and learning. In 2017, I earned two offense/red team certifications, and this year I earned one defensive and one forensics certification, amongst other learning accomplishments. So, largely for my own benefit, here’s my summary on the year of the important stuff.
training and career goals for 2018
- keep doors of learning open for both blue (defense) and red (offense) sides of the field – This isn’t a goal so much as a lifestyle statement, but I feel like I’m on track here. Even as I plan to alternate learning year over year, I’m keeping both sides in mind every year. I ultimately want to make sure my offense, defense, and forensics can all test and improve the others.
- balance career growth opportunities along with actual learning – Going well on this! My enthusiasm has gone up quite a bit, and with the exception of the CCNA CyperOps cert, everything has been chosen for learning opportunities and not marketability. I think this pendulum will continue to swing permanently over towards learning as I get older and need certs and letters less.
- balance of work-driven and self-led growth learning opportunities. – Even without leaning on corporate support financially, I feel like I’m achieving this. Like other items, this is less an item to satisfy and more of a theme or lifestyle statement to keep at the top of my yearly goals. I also try to keep a balance of formal and informal learning tasks.
- Cisco CCNA Cyber Ops course/certification (2 exams: 210-250/210-255) – completed in March and lasts 3 years. Keeping this depends entirely on what Cisco wants to do with this line. Did I learn much from this? I actually did, but it was also all pretty basic to me and easy to approach, consume, and test on. I honestly would not have done this had it not been free. The biggest benefit is now knowing where this fits into my recommendations for other students and newbies, and it’s a pretty good cert for someone looking at an analyst/SOC role.
- SANS FOR508 (May 11-16 San Diego) + NetWars – completed in May. Absolutely loved my time on site in the course and studying later for my first SANS/GIAC endeavor. I purposely aimed at something challenging that was going to put me into some deeper waters (memory analysis), and I couldn’t be happier for it. Participating in NetWars was amazing, and set up my only remaining engagement yet this year: SANS CDI.
- GIAC GCFA certification exam passed – completed in September and lasts 4 years. I likely won’t need to sweat renewals for this for a while, as I have a backlog of SANS courses I want to take, and certs I’ll opt into testing for. Overall, loved this process, and having an exam as an excuse to study more really made the material sink in and click for me. This is also an example of me stepping a little bit outside my comfort zone, as I’ve never done forensics like this before. I have a deep Windows administration and security background, but much of these methods and materials was a new approach for me.
- Maintain CISSP – Completed, of course.
- spunk .conf 2018 – Completed in October. Not only my first time at a Splunk event, but honestly, I think this is my first vendor-specific conference in my career. I really enjoyed this con, even if I didn’t actually learn a ton. But, I think I’ve learned how one should approach such a con like this, i.e. come with questions to start a discussion with vendors and subject matter experts or fellow attendees as needed.
- BSidesIowa, SecureIowa, SecDSM – Kept up with the annual cons and the monthly SecDSM meetings this year so far. A bit of a softball in terms of goals, but I find it is important to keep a ling item for cons, local and remote, to stay current on.
- SANS CDI Netwars ToC – Decided to opt into doing this as I may not get the chance again. Occurs in mid-December and I’m all set up to attend.
- Metasploit Unleashed Course (OffSec) – incomplete. I admit, this isn’t a big deal, and I’m just being stubborn at this point in keeping it on my TO-DO list. But it’s here, and some weekend I’ll just knock it away. (It’s not like this is updated and current anyway…)
- finish LinuxAcademy RHCSA/LFCSA courses – All of the completed items stole time away from this and reduced its priority. Even if I still don’t get to this in 2018, it’s going to be a thing in 2019 for me as well.
- SLAE-> CTP/OSCE (tentative, or just prep) – I knew it would be super aggressive and difficult to maintain sanity and also prep for this path, and I’m not surprised I have not even started it. It’s still on the list for possible late 2018 inclusion, or another lower priority in 2019.
- HTB VIP Progress/Habit – Completed. I got back into HTB with a vengeance after realizing my offense skills were rusty during the SANS NetWars event this past spring. My goal was to hit 50% completion in HTB, shake off the attacker rust, and just build a small habit to keep with it. But, after getting going, I met some folks on the platform and got help when I needed it to achieve 50% completion by July, and 100% completion by August.
- Burp Suite improvement/growth – Doing HTB got me good practice and experience with Burp, but I want to consider this only about 25% done, and something to continue working on.
- Web Hacking 101 book – Haven’t started it yet.
- Python (+scapy) improvement/growth – on hold, I still need to figure out how I want to tackle this
- PowerShell improvement/refresher – on hold, I still need to figure out how I want to tackle this
- CTF participation (as it fits in) – This was definitely the lowest priority of the year, so I feel even my minor work here completes it.
- survive at work (work topics) – Completed!
- incorporate Feedly, Pocket, Discord, Slack in day-to-day habits – I feel mostly completed on this one, with the very notable exception of the things piling up in Pocket.
- expand OneNote use – Successful in moving from EverNote to OneNote.
- work on better anonymity online/VPN service for personal use – I don’t feel I really started this.