GrumpyVaderCat Security

2023 was an interesting year. I moved back to Baton Rouge to keep an eye on my mom. I got promoted (title bump) and got a pay bump. I continued to be the Subject Matter Expert (SME) on a good number of things. However, the last 6 months have been rough work-wise. Incident Response (IR) has been very busy and tough responding with a limited number of people, but finally got better in December. I’ve taken much needed time off. I was off for the last 9 days of the year and I’ve been taking a lot of Fridays off (had PTO to burn). The pay bump has allowed me to pay off some bills and buy some more toys. I bought a kayak a couple of months ago and I also took up fly fishing. Both have helped me decompress and not think about work at all. I significantly reduced the amount of video games I was playing (staring at a screen all day and night was not doing my health any favors). Fly fishing is my newest addiction (slamming it just like I did scuba diving). I even set up an Instagram for all the fish I’ve been catching. I’ll need to work on the website. 

I’ve continued to try to learn new things. I’ve been trying to learn as much cloud as possible (AWS specifically). I took an AWS Security accelerator with VetsInTech (got me AWS Certified Cloud Practitioner) and also took an AWS Solutions Architect Associate course from VetsInTech as well. I still try to do the weekly BHIS webinars/hour long trainings. Which leads me to the new year and new things.

I am looking forward to this new year. I’ll be taking an AI/ML course (another accelerator from VetsInTech). I think this may finally get me motivated to apply for my Masters and maybe go do something else other than IR in Cybersecurity. I’m also signed up for another Web App Pentesting course. There are also a number of events for the clubs I joined for fly fishing and kayak fishing. I’ll need to do some schedule deconfliction and make sure I’m not signing myself up for too much, but I’m looking forward to this year in general. I keep saying I need to get better about updating this site/blog, but I think once I get a rhythm going and have more content (AI/ML, cloud, web app pentesting), including for the outdoor site, it will be easier to more consistently update this. We shall see. For whoever else is reading this, I wish you a Happy New Year! 

I should really try to keep up with this site more. Maybe when I start the Masters, I’ll use it more. And I’m probably going to have to start using GitHub more since this is going to be a Comp Sci Masters…. More details when I get in.

I’m in Louisiana now. Oh, the saga of trying to get internet set up here….

A lot of changes coming. More to follow.

This related to a move to Louisiana.

I had originally meant to post this a few months ago. Life happened and I got distracted (that seems to happen a bit).

Training is very important to me. Looking back on the last couple of years at my current employer, I’ve always tried to regularly do some sort of training. I came into the field with no experience except a degree in Computer and Information Science with a minor in Cybersecurity and several certifications. I am sometimes amazed that I got the job I did. I have definitely noticed gaps in my knowledge (it’s impossible to know everything in this broad field) particularly on the forensics side of things (I mostly do the IR portion of DFIR). During the pandemic, I’ve had problems with staying motivated for training, but spending money on courses tends to help actually get some training done, even (maybe especially) when work isn’t paying for it.

I have a ton of stuff in the queue to be able to do for training (both red and blue team type of training), but lately I’ve been focusing more on the blue side (partly because one of my flex goals at work is to do a Blue team/Incident Response certification by the end of the year). I’ve mainly been working on the BTL1 training from Security Blue Team since that seemed to hit some of the gaps I have and be pretty hands-on. The phishing section has actually been directly applicable lately at work and knowing that Powershell could give us a hash helped on that investigation. Recently @HuskyHacksMK put out a Practical Malware Analysis and Triage course that has been meshing well with what I’m learning in the BTL1 training. That course is on TCM Academy‘s site. I also have nearly all of the courses there except for the Linux 101 course and I hope to eventually work through all of Heath‘s content so I can do the PNPT certification. Plus I have a free PTS course (right before they offered it for free as an enticement for trying out INE.com) and an eJPT certification attempt from VetSec and the WAPT course and eWPT certification attempt (luckily this doesn’t expire). As long as Joe @C_3PJoe doesn’t come out with any more OSINT courses this year, I should not have any more distractions from what I already have on my plate. Narrator: @C_3PJoe did come out with more courses at the beginning of the year (The OSINTION), so Grumpy was in fact distracted again….

I had planned to get my OSCP by the end of the year, but that doesn’t look like it’s going to happen, plus with their new pricing model I may wait until I can get an employer to pay for it. I have found new motivation during the new year and hope I can keep this motivation throughout the year and get my Red Team side more love. Meanwhile, I’ll still distract myself with TryHackMe’s various paths….