learning and training goals for 2021

This is my fifth year tracking my learning, training, and certification goals like this. I am approaching my 20th year in infosec and IT, and through many of those years I sort of idled or just did my job without a ton of real planning. So, now I do that sort of planning to keep me growing and progressing and owning the direction of my skills and career.

This year is already starting out slightly differently. It’s clear now that the world is a changing place with COVID-19 still impacting socialization and work. Also, even if good times, it does not look like my current Director at work has any interest in extensive training options that I’d brag about on here. Also, I’ve reached a level where there are not as many certifications for me to shoot for. All of this means my choices this year are more informal and geared around learning certain things, rather than specific exams to study for. Also, with all of the uncertainty floating around, this year is also looking to be a cheaper year for me personally as well.

Formal Training/Certifications

AWAE (WEB-300)/OSWE from Offensive Security – It’s been a while since I’ve done a formal course with OffSec, and I think it’s time to get back on one now that they’re revamping and expanding their offerings. What I’ll likely do is spend some time looking at reviews and other testimonials to get an idea of some pre-course topics to brush up on, and then clear a few months of personal time to dive hard. I’d actually expect to do this exam as well.

Applied Purple Teaming (WWHF/BHIS) – I almost took this course last year, but backed out of it. I enjoyed the value of the course I took from this group last year, so figured I’d check in again this year on it.

Informal Training

Pentester Academy – I still have this subscription, and I’d like to get back onto some of these courses again. I still have SLAE on my list… I also would really like to commit to their red team labs, but don’t want to quite hold myself to it yet.

PentesterLab – I still have this subscription as well, and I’ll carve out some time at some point to progress further on badges.

Zero 2 Automated malware analysis course – I meant to start this late 2020, but life got in the way. I’m adding it to this list to make sure I get it going again.

Azure and M365 courses (900, 500 levels) – Furthering my Azure and cloud knowledge, I plan to take some courses on Azure and Microsoft 365, focusing on the fundamental and security tracks. I don’t have plans to sit for these exams, but I could always decide to do so.

Other

Other one-off courses – I have a bunch of free and acquired courses in my possession that I need to get through at some point. It’s really about sitting down for a weekend or a series of nights and just going through them. No real intense time-spend, but enough to gain some knowledge. Courses like those from Port Swigger or Mudge or Autopsy or other topics.

Books – I continue to have a backlog of books to go over or skim through.

Python, .NET – I’d like to get some introductory exposure to .NET/C#, but this might be asking a lot of me without actual projects on tap to perform.

Certs to renew

CISSP – I’ll renew this again.

CCNA Cyber Ops – This lapses this year, and I have no plans to renew it.

reviewing my 2020 learning and career goals

The 2020 year was not one of the best years for a variety of reasons. My personal productivity was definitely a little lower than past years, but overall satisfying enough considering what a weird and crazy year this was for everyone. Here’s what I did or did not get accomplished.

Last year I started a cloud-focused learning journey by earning my AWS Cloud Practitioner and AWS Solutions Architect Associate certifications. I completed this push by earning my AWS Security Specialty certification in May. This was an interesting experience as I tested from home as COVID-19 restrictions changed how we work and live. This was an interesting journey as I feel like my certification is slightly ahead of my practical hands-on experience within AWS. But, we have to start and proceed somewhere!

That certification would prove to be the only one I would earn on the year. I opted not to pursue another “remote” certification, plus there appeared to be no interest in having a training budget at work any longer, which meant no SANS course for this year nor any real reason to give ISC2 more money.

In the later half of the year I did take a 16 hour course hosted by Wild West Hackin’ Fest: Breaching the Cloud led by Beau Bullock of BHIS. This was an excellent course over 4 days and my only regret was not taking full days off for these. Half days kept me pretty busy! This course flowed nicely into my recent forays into bolstering my cloud experience, particularly with Azure. And the focus on the offense side gave me a different perspective than my previous defense/builder studies. I would love to go through this material again for further reinforcement and practice in 2021.

I also spent a good amount of time in Pentester Lab this year, completing out quite a few of the badges: White, Yellow, Blue, Green, Orange, Serialize, Intercept, Android, PCAP, Essential, and Unix. This was a flurry of activity and learning this summer. I made progress into other badges, but have plenty of content to get back into as I get time. Still, this was a significant outlay of time and addition to my skills and exposure to make this a highlight of my year.

I also did some online playground activities as well. I solved most of the challenges through the summer on the BHIS Cyber Range. I participating with a work team in the Splunk Boss of the SOC competition as part of the Splunk.conf conference. And I also was invited into and poked around Offensive Security’s Proving Grounds beta, which gave me a chance to stretch off some rust on my penetration testing of boxes.

Overall, that was mostly my year. It didn’t feel as productive as other years, but I’ll give it a pass considering 2020 was quite a shift and change for many reasons.