This is my fifth year tracking my learning, training, and certification goals like this. I am approaching my 20th year in infosec and IT, and through many of those years I sort of idled or just did my job without a ton of real planning. So, now I do that sort of planning to keep me growing and progressing and owning the direction of my skills and career.
This year is already starting out slightly differently. It’s clear now that the world is a changing place with COVID-19 still impacting socialization and work. Also, even if good times, it does not look like my current Director at work has any interest in extensive training options that I’d brag about on here. Also, I’ve reached a level where there are not as many certifications for me to shoot for. All of this means my choices this year are more informal and geared around learning certain things, rather than specific exams to study for. Also, with all of the uncertainty floating around, this year is also looking to be a cheaper year for me personally as well.
AWAE (WEB-300)/OSWE from Offensive Security – It’s been a while since I’ve done a formal course with OffSec, and I think it’s time to get back on one now that they’re revamping and expanding their offerings. What I’ll likely do is spend some time looking at reviews and other testimonials to get an idea of some pre-course topics to brush up on, and then clear a few months of personal time to dive hard. I’d actually expect to do this exam as well.
Applied Purple Teaming (WWHF/BHIS) – I almost took this course last year, but backed out of it. I enjoyed the value of the course I took from this group last year, so figured I’d check in again this year on it.
Pentester Academy – I still have this subscription, and I’d like to get back onto some of these courses again. I still have SLAE on my list… I also would really like to commit to their red team labs, but don’t want to quite hold myself to it yet.
PentesterLab – I still have this subscription as well, and I’ll carve out some time at some point to progress further on badges.
Zero 2 Automated malware analysis course – I meant to start this late 2020, but life got in the way. I’m adding it to this list to make sure I get it going again.
Azure and M365 courses (900, 500 levels) – Furthering my Azure and cloud knowledge, I plan to take some courses on Azure and Microsoft 365, focusing on the fundamental and security tracks. I don’t have plans to sit for these exams, but I could always decide to do so.
Other one-off courses – I have a bunch of free and acquired courses in my possession that I need to get through at some point. It’s really about sitting down for a weekend or a series of nights and just going through them. No real intense time-spend, but enough to gain some knowledge. Courses like those from Port Swigger or Mudge or Autopsy or other topics.
Books – I continue to have a backlog of books to go over or skim through.
Python, .NET – I’d like to get some introductory exposure to .NET/C#, but this might be asking a lot of me without actual projects on tap to perform.
Certs to renew
CISSP – I’ll renew this again.
CCNA Cyber Ops – This lapses this year, and I have no plans to renew it.