Previously on My Journey into Cyber Security
Welcome to this instalment of My Journey into Cyber Security. I’ll be honest in that I was kind of putting off writing this particular update. Namely because I haven’t really been able to show much for my efforts since my last update.
In fact, it’s been pretty poor in regards to progressing my studying and skill development. I could blame this on the fact that I have just recently bought my new flat. But truth be told, I still had enough free time to study.
Assessing the Situation
The main thing that has gone by the wayside for me is my focus. I spent three months trying to teach myself about Azure security. I had setup a trial subscription, as well as using my work Visual Studio subscription credits to create lab environment. But after going through the material and then trying some practice exams, I went from 30% initially to coming in under 50%. It seemed like things weren’t sinking in as fast as I’d like to.
I felt like my time commitment was also difficult to sustain. Originally, I was putting in sixteen hours of study time a week. This had to work around my full time job, which sometimes required me to work six to seven days a week. Eventually this then tapered down to ten, then five hours. During the peak of the commitment, I wasn’t really making time to do things like chores or cook proper meals.
I also knew that some tasks in my test subscriptions couldn’t really be reproduced without either cramming heavily during a short period or were too costly. For example Azure Sentinel is featured as a module itself, yet you can only use it for free for about a month. After that it could grow to be quite expensive. It was for me, also awkward to figure out a way to set it up in a way I could use it in a real world situation and produce useful results.
Rekindling the Flame
So does this mean I give up studying for Azure security?
What it means is I need to get myself inspired again and be a little more realistic about my goals. I know I am not going to get this cert in three months. There are disruptive factors in my life that make a study program difficult to adhere to at times. These include the flat move and being on out of hours call. These are obstacles to work around, rather than justification to give up.
I have also not progressed much beyond the Linux Essentials in Hackersploit. I knew this was partly due to the above mentioned circumstances. However to try and get myself motivated to go back to this I have now opted to collaborate with some friends and co-workers on Discord to try and tackle hacker challenges or labs collaboratively. My hope is that working with others will help better motivate me to commit to this. Perhaps they in turn will gain the same.
I guess the thing about documenting a journey like this, is to talk about the lows as well as the highs. I am fortunate in that my current employer has bought in Pluralsight subscriptions for its staff. I’ve been spending many of my evenings after moving in, just watching through them. They aren’t a substitute for practical experience, but it doesn’t cost me anything to watch them.
Right now I am trying to ensure I can setup a dedicated workspace in my new accommodation. Currently I have been working from a small desk in a living room. In this new place, I now have a dedicated room complete with all the equipment and kit I need. This will mean I can shut off to the rest of the world when needed.
Time to Code
Still this entry isn’t without some kind of progression. I have recently begun teaching myself basic coding. Having started reading The Web Application Hacker′s Handbook: Finding and Exploiting Security Flaws, it became very clear in the first few pages that if I want to get involved in anything like this, I have to be able to code. This book is intended predominantly be to a reference guide by the bug bounty community, however I came to realize that’s only the case if you already have a foundation set of skills in this area.
To stay motivated, I have opted to approach some people I know who like me, are at the start of their journey. The aim would be to run through these courses and follow up on Discord to compare notes/progress, helping each other out in a buddy like system.
I will also be taking a lightweight look at Python using training videos provided by Pluralsight. I suspect Python may become more useful to me for automation tasks in my day job, as well as assist with any kind of future penetration testing tasks.
So to conclude, I will still be chasing the Azure studies. I will still be teaching myself the fundamentals of Linux and the use of security tools. But what I am going to do is blog about my coding journey under a different set of posts. If I want to work in cyber security, I really do need to have a holistic skillset. I have accepted that this journey is going to be slow and it may well take years to get where I want to be. But at the same time, this is as much about the journey as it is the destination.