Previously on Adrianjfletcher.com…
Well it has been a while since I last wrote about my journey into cyber security. Last time I was teaching myself about security configuration on Microsoft Azure’s cloud platform.
Previously I worked through a great deal of the study material I discovered on the Microsoft learning and docs pages, as well as blitzing through Pluralsight videos. I had even managed to apply some of that knowledge to my work, particularly when implementing Privileged Identity Management (PIM).
Since my last post I have now changed roles. No longer am I the dual system administrator and information security analyst. Now I am in the purely security focused role of endpoint security.
Exploring my options
So what does this mean in regards to my development? Well unfortunately it means I won’t be working on Azure cloud resources, nor do I get to lead on overseeing the continuing hardening of the estate in order to get the business through its usual ISO 27001 audits and Cyber Essentials Plus recertifications. But I am now for the first time working in a large, international corporation. Their estate is as large as it is varied. Security considerations and resources although similar, have very different considerations to smaller businesses.
I’ve come to realise that my foray into Azure security, although educational, wasn’t bringing me closer to my goal of becoming a penetration tester. Seeing the hubbub of activity on LinkedIn, I noticed that more and more aspiring pentesters and security professionals were undertaking the eLearing Junior Penetration Tester certification. Looking at it, it seems to be like a beginner version of the Offensive Security Certified Penetration Tester (OSCP) certification. By this, I mean you have to undergo a practical assessment with an ‘open book’ style of multiple choice questions in order to pass the exam. This is markedly different to the memory recall exercise that is representative of certifications such as CEH.
Doing my due diligence, I discovered that you can get access to training courses for the eJPT through INE for free using the starter pass. My aim is to work through this material a few times and look for complimentary material outside of it enhance my knowledge, perhaps even attempt the exam. The rest of INE’s offerings appear to be available with a paid subscription.
On another note there seems to be a lot of noise around the TryHackMe beginner courses. The subscription for TryHackMe in general appears to be very affordable compared to offerings from other learning sites such as INE or Pluralsight. They have some free content as well, which I am still in the process of exploring.
On a final note, it’s occurred to me that I am still reluctant to share my shortcomings and hurdles. In my personal life I allow myself to be distracted by many things. I fear that if I create too rigid a routine, then I will grow bored with what I am doing and lose the passion that drives me.
But then there is something to be said about good habits and self-discipline. When achieving a goal that requires consistent effort, it requires focus and the willingness to sacrifice comforts and conveniences. As much as I wax lyrical about being determined, the fact is I’m still not quite there yet with my focus. Being able to work from home has given me more free time, yet somehow, I still don’t feel like I have enough. But this is an illusion. I have the free time; I just need to stop making excuses and get on with it.