I had originally meant to post this a few months ago. Life happened and I got distracted (that seems to happen a bit).
Training is very important to me. Looking back on the last couple of years at my current employer, I’ve always tried to regularly do some sort of training. I came into the field with no experience except a degree in Computer and Information Science with a minor in Cybersecurity and several certifications. I am sometimes amazed that I got the job I did. I have definitely noticed gaps in my knowledge (it’s impossible to know everything in this broad field) particularly on the forensics side of things (I mostly do the IR portion of DFIR). During the pandemic, I’ve had problems with staying motivated for training, but spending money on courses tends to help actually get some training done, even (maybe especially) when work isn’t paying for it.
I have a ton of stuff in the queue to be able to do for training (both red and blue team type of training), but lately I’ve been focusing more on the blue side (partly because one of my flex goals at work is to do a Blue team/Incident Response certification by the end of the year). I’ve mainly been working on the BTL1 training from Security Blue Team since that seemed to hit some of the gaps I have and be pretty hands-on. The phishing section has actually been directly applicable lately at work and knowing that Powershell could give us a hash helped on that investigation. Recently @HuskyHacksMK put out a Practical Malware Analysis and Triage course that has been meshing well with what I’m learning in the BTL1 training. That course is on TCM Academy‘s site. I also have nearly all of the courses there except for the Linux 101 course and I hope to eventually work through all of Heath‘s content so I can do the PNPT certification. Plus I have a free PTS course (right before they offered it for free as an enticement for trying out INE.com) and an eJPT certification attempt from VetSec and the WAPT course and eWPT certification attempt (luckily this doesn’t expire). As long as Joe @C_3PJoe doesn’t come out with any more OSINT courses this year, I should not have any more distractions from what I already have on my plate. Narrator: @C_3PJoe did come out with more courses at the beginning of the year (The OSINTION), so Grumpy was in fact distracted again….
I had planned to get my OSCP by the end of the year, but that doesn’t look like it’s going to happen, plus with their new pricing model I may wait until I can get an employer to pay for it. I have found new motivation during the new year and hope I can keep this motivation throughout the year and get my Red Team side more love. Meanwhile, I’ll still distract myself with TryHackMe’s various paths….
GrumpyVaderCat Security 