Alright then

Well I guess I will be doing this then. Micah Hoffman gave a talk at BSides Charm about how to be more involved, at https://twitter.com/WebBreacher/status/724340389323395072 . It was like he was talking about me.I go to the conferences, I do the talks, I talk to a few people but mostly keep to myself, but that’s not helping me any.

So I have thought about doing a blog for a while and it always felt pretentious, but the way Micah described it made it seem like exactly what I need. It is a way to keep publicly available notes for myself and track my own progress. So this is it. I’ll commit to doing this once per week, hopefully mostly focused on infosec and what I’m doing, but maybe different stuff as well. It may not always be an epic post, but every week it will be at least one thing.

This week I am setting up the blog itself. Anyone who has ever set up WordPress knows that is not really any work at all. This iss a difficult time with school and family. School is winding down, which is of course when activity ramps up. I’m working on my MS at GMU and in the next couple of weeks I have 3 finals, a presentation to give on SCADA security (or lack thereof) and an enormous paper to deliver on PKI. Specifically on smartcards, which is kind of interesting and at least I understand them much better than I did before, which was not at all.

School is necessary and knowledge is always great, but I can’t wait to be done.I would much rather spend this time on other things. I have a list internally of what I need to do this year, might as well make it public here:

  1. Pass the C|EH exam, not hard but expensive so I need to study up (May)
  2. Actually participate in NOVAHackers rather than just read the list (June)
  3. Volunteer for BSides DC (October)
  4. Evolve our vulnerability management program at work (ongoing)
  5. Become stronger on security tools I work with (ongoing)
  6. Develop more specific goals (ongoing)
  7. Complete MS coursework (May 2017)

So bullets 4 and 5 are not very specific, thus bullet 6. Bullet 7, there’s nothing I can do to speed that up so I may as well use the time I have well. In the immediate future I am focused on what I need to do to finish this semester of school. Once that is complete, the plan is to knock out the certification (which I already payed for) and to refocus on the vulnerability management program implementation. It’s exciting to have so much ahead!