Yearly, I try to make an achievable plan for studying and career goals and ideas. I’m not getting any younger, but even now my eyes are wider than my free time when it comes to wanting to learn things. It’s a “problem” I’ve had forever, but I definitely want to make sure as I make these year-long plans that I at least maintain some sanity. I’d mapped out my previous 2 years, and I am super happy with the process and my results, so I’ll push myself again some more this year. I’ve added 4 certs (plus the learning!) to my belt over the past 2 years (OSCP, OSWP, CCNA Cyber Ops, GCFA), plus all of the learning and growth that come with them, and I have some more lined up this year.
My theme for 2019 is going back to the offense, and specifically web app testing with some binary exploitation thrown in. Every year, I’ve been striving to alternate between being defense-focused or offense-focused in my formal training. We’ll see how well I keep that plan up!
For some of the items below, I have more fleshed out maps and resources to pursue than what I list here.
Formal Certs and Courses
- SANS SEC542 (GWAPT) at SANS East – GWAPT has been at the top of my list for SANS certs for a while. I have a long history of working with web servers, sites, coding, and attacking, but I still feel somewhat of a neophyte when it comes to web app testing (and I probably am intermediate at worst). I really want to beef that up, or at least give me something tangible for reassurance. I also want to take care of this earlier in the year than I did last year’s SANS course in May, so I’m hoping to get signed up for SANS East somewhat soon. This will be a cert I pursue, too, so that will add a few months of studying. Specifically, I want to feel better wielding BurpSuite (and other tools), attacking SQLi issues, and doing some automated and manual web app scanning and testing.
- TBD Second major training: Black Hat USA Trainings or SANS SEC573 (GPYC) Python or SANS SEC545 Cloud – I want to see what I can push for out of my work budget, so I’ve requested a second major training opportunity, but have left it more open-ended. I’ve also tried to pick things where I wouldn’t necessarily exit the event with the commitment of lots of studying for a follow-up cert. SEC573 will give me some excellent Python experience and I could still optionally pick up the cert. SEC545 was added later as a sort of acknowledgment that my AWS/Cloud specifics are a little weak in practice yet, and if work wants to send me to that, I’d be ok with using my second slot for it. If Black Hat gets chosen, I’d probably look for some further web app or other red team course to take, and then stay for Defcon on my own. This is pretty aggressive for me, but I’ll be super excited if I can make this happen.
- Linux+ – I wanted to get this slotted in this year for reasons (a study-buddy or two). I consider this a slightly more informal certification to pursue, and I already have a Linux Academy subscription anyway. My goal here is just to get better with formal Linux knowledge and try out some peer support/mentoring. I’ve long had this cert on my distant radar as one of the few ways to demonstrate Linux comfort on a resume.
- SLAE (+ OSCE prep) – OSCE continues to be on my radar, but it might be too much this year to slot it in for a full commitment. However, I would like to pursue my roadmap prep list to get there, which starts with tackling the SLAE from Pentester Academy and maybe some other companion topics. SLAE is very open-ended and I expect to learn a lot of things I’ve just not been exposed to before (assembly, shellcoding, etc).
- CCSP (Cloud) – Another nod to being a work-influenced topic, but I wouldn’t mind spending some time studying up for the ISC2 CCSP (Certified Cloud Security Professional) cert. Definitely the lowest priority on my list. I could even replace this with the AWS Architect certification, which I can study for through Linux Academy.
- Pentester Academy tracks (+Red Team Lab?) – I just recently signed up a subscription for Pentester Academy and want to make further plans to slot regularly learning from it into my free time. They have a Red Team Lab that I want to keep in mind, but is a lower priority (and extra cost).
- Linux Academy – Just an acknowledgement that I have this subscription active. What’s great is this will support not only Linux studies, but also cloud-related things.
- Splunk Fundamentals & Power User – I want to get better with Splunk, and the first steps will be to pursue the free Fundamentals training and certification, and then look at Power User. This may get higher priority if work pushes it, or if I get sent to Splunk .conf again in 2019, where I can take a course or the exam on site. This one really depends on some external work influence to prioritize it higher.
That’s serious aggressive for me. Even at my most conservative estimate, I should walk away from 2019 with GWAPT (2-4 months), Linux+ (month or two), SLAE certifications (2-4 months). With CCSP and Splunk and OSCE lurking around the corner. That’s some serious work I’d have cut out for me, and I totally know it. And I haven’t even gotten to informal topics I want to dive into over the next year! Thankfully, a few of them overlap…
- Web app topics and GWAPT prep – I have several books and topics that will go into my preparations for the SEC542 (GWAPT) course. This item really is just about making sure my web app work neither starts nor ends this year with just this course.
- Binary exploitation / buffer overflows / reversing – I also feel inadequate when it comes to reversing, fuzzing, binary exploitation, and handling buffer overflows. This goes into my preparation for OSCE as well. I have some HTB boxes/challenges, courses, books, and a few other topics listed out behind the scenes that slot into this bullet item. This overlaps with more Python work, too.
- Bloodhound (AD mapping) – A tool I want to not only try out, but incorporate at work.
- HTB some more! RastaLabs / Offshore and POO/Endgame – I nearly got HTB out of my system this summer by hitting Omniscient with challenges and boxes. However, beyond just catching up on new boxes, HTB still has some offerings (free and paid) that I have yet to take advantage of. I’d like to. I currently have VIP access, but I’ve not decided if I will renew that next year. So this does mean I want to set aside some time to go through all of the retired boxes (along with IppSec walkthrus as needed). This platform is great to jump in and out of in bursts to keep my attacker skills from getting too rusty.
- Books – I have a list of books/ebooks that I want to consume. It’s not large, but significant enough that I wanted to put onto my goals. I have a love-hate relationship with infosec/tech books. I used to collect these far more than I do today, but the number that never really got used outweighed those that I found useful to some degree or other. I’ve trimmed my collection down about 75% over the past 5 years, but I’m slowly picking out new ones to consume that I know will either be useful references or good actual reads/lessons.
- BurpSuite – I list this here because I still want to get better with BurpSuite. I have a course identified that will help, but I imagine SEC542 will help as well.
- Python and PowerShell – I continue to yearn to get back up to speed and beyond on PowerShell and Python again. If I can take SEC573, that will certainly bring my Python comfort way up. Grabbing onto some work projects can help with these as well.
- Scapy – Scapy is something I want to learn as I pick up Python. It’s long been on my list, and I admit it’s still waiting due to lack of me needing it day to day.
- PluralSight – I normally don’t just list a subscription I have, but I wanted a reminder that I have this subscription open, and if I don’t find uses for it in 2019, I should trim that cost off.
- Home lab / Blog / Github – I have a whole list of things to do on the home lab that I won’t list (and commit to!) here, but it’s a thing on my radar. One thing this does include is cleaning up this blog a bit and using my github for more things. The main immediate item will be moving all my links on the right pane over to a github page and maintaining it there for the future.
- Leadership – From the triple threat route, the one place I have no demonstrable experience is infosec leadership (vs offense and defense). So if I have chances, I should try to tackle and succeed with project management, vendor relation, team mentoring, and presentation opportunities. I’ve long been a team leader/mentor type, but have rarely translated that into something demonstrable, visible, or upward-facing, if that makes sense.
- SecDSM – Monthly meet-up that I always attend and will continue to do so.
- BSidesIowa – Local Bsides event that I’ve always liked. I may focus more on the CTF this year than talks, though.
- SecureIowa – This was only ok for me, but it helps that it takes place during the work week.
- Wild West Hackin’ Fest? – I’ve love to try and get to this next year. Slotting it in, but not sure yet.
- Splunk .conf 2019 – If work wants to send me to this, I’ll think about going. It’s in Las Vegas, so a little less exciting than before.
- ArcticCon? – This is a red team vetted-invite con in Minnesota. I doubt I “qualify” for an invite, since I don’t have a red team job, but I sure would love to go.
- Defcon – If I get a chance to be sent out to Black Hat USA, I’ll stay a little longer on my own dime to attend Defcon again. If not, it’s pretty unlikely I’ll go on my own.
- CISSP – This is just my yearly CPE maintenance. As long as this is easy to maintain, I’ll keep it up, since I have no real reasons why I shouldn’t.