ex nihilo nilhil fit


Infosec Learning in May

Part of the purpose of this blog is to hold myself accountable for my learning trajectory. I hoped to focus on infosec as a major part of my personal learning path this year. I've spent many years dancing around it but never formalized any serious roadmap. While I've spent a lot of time tooting about all this on Mastodon, I hope to occasionally post my learning progress here. Since this blog is newer than my existing studies, I figured I'd recap some of what I've already read and done.

My career trajectory has been all over the place but it's always been technical. Ignoring the techno-tinkering/general-hackery of my youth and focusing only on my professional persuits, I've been an electronics repair bench-tech, a helpdesk drone, a network admin, a systems admin, a pen tester, a researcher, a CTO, a programmer in various realms, and an educator. In the beginning I hoped that the focus would be infosec but I spent a ton of time trying to stay afloat and feed my family. I'm in an awesome spot now where I can take my foundation and drive it toward infosec as a general professional path.

Given where I am now, I hope to locate mentors in my day job and online. I'm working for a great organization and I've closed out all but one of my side-hustle contracts in order to focus on learning (and some personal things). I have a loose personal career learning plan and a fully mapped 2020 learning plan for work.

As part of my 2020 learning plan for my day job (a post in and of itself... someday), I have completed or started:

There's a lot more there to learn but I'm definitely getting my legs back under me. I'm in an interesting spot professionally and, as you can see, I wield a ton of different hammers.

For my personal focus on infosec this year, I've basically laid out a loose path with a ton of books in O'Reilly Safari. At the moment, I'm still reading "Mastering Python for Networking and Security" for both work and my own personal edification. I'm also reading "Applied Network Security Monitoring" so I can set up SEIMs at both my home and The Manor to get deeper insights into my networks.

From the application side of things, I've built a new rig and I'm looking into various VM configurations for a good (virtual) homelab. I have some code bases I'd like to try to exploit and some techniques I'd like to learn. I've studied both Scapy and Shodan independently and hope to add them to my toolbox. I've also spent a lot of time investigating infosec certs, trying to decide if papering up is worthwhile.

I've also jumped on Mastodon but I am reluctant to join Twitter. Infosec Twitter seems like a shit show at the moment. I try to keep my posts on Mastodon infosec-centric but I've fallen into friendly banter with some of the nicer folks there. Social media gives me severe anxiety and I have political issues with Mastodon itself but things have gone well enough.

I've reached out to personal friends in the infosec industry, trying to find my footing. I'm still searching for a couple of mentors in the field but I'm sure that'll come with time. I'm going to put effort into maintaining my momentum. I hope the next update is just as packed full of education as this one is.

ascia technologies
[ mstdn, gthb, mrrr 0 || 1 ]