Progress Report In Early November
Continuing from last month’s progress report. Ever since lowering the writing pace and reconsidering my approach to the cybersecurity blog, I feel a sort of calm (for now at least).
On cybersecurity
It’s still strange to read news or insights, then take a step back. Instead of reporting everything, focusing solely on one related topic, or something completely unrelated. This is something that many bloggers struggle with, the self imposing deadlines and the constant need to write ‘I need to post something today’. And I am no different.
Looking back and reflecting on the cybersecurity journey so far.
It was, at times, draining, though I am still considering it as a long-term step in my career. Even if I am still a long way to go with the amount of information needed to be learned.
In the last year, if we don’t count the hundreds of hours spent in courses on Udemy, or the time spent learning for a certification (csslp), and counting out the endless articles to shape up and cover gaps on fundamentals, lastly but not least browsing cybersecurity news articles and various sites to learn more about black hat hackers, and how they operate.
With the little time left, I’ve read a few books and marked them on GoodReads:
- The Cybersecurity Bible: [5 in 1] The All-In-One Guide – Good read, nice focus on the fundamentals. Even if you are familiar with the domain, you can still cover a few knowledge gaps.
- Tor and the Dark Art of Anonymity – Maybe I was a bit too familiar with the topic, because I felt it lacked structure. It went deep into fundamental at times, felt lacking in some areas or rushed at others. Not really recommending it.
- The Ethical Hacking Book for Beginners: A Step by Step Guide – Good Book, nice structure. But it’s actually for beginners in the field as well. This and the familiarity with web development, made it a let’s say almost a useless read. Recommended because it was greatly written, not the author’s fault, I went with a different expectation from what he mentioned in the title.
- Real-World Bug Hunting: A Field Guide to Web Hacking – (not finished yet) Now this is the best book in the field, for people focusing on the offensive security. The book deserves a 10/10 rating for its insightful coverage of various hacking vectors. And overall a nice and easy read. Like fiction.
So with all the humbleness in mind, I acknowledge so far it was a long trip full of information on the road.
Still reflecting
I also, however, did catch a glimpse of myself, a sense of natural confidence when expressing on cybersecurity topics. Something that took a lot of time in the web area.
While a giant leap from web development and programming, somehow I did not feel like an unexperienced newbie all the time. Like I did when first took a side-step in web design for a few years. And also as soon as things started to connect and make sense, it was a matter of time since I felt I could express freely in the domain without feeling like an imposter 9 times out of 10. Let’s say now it was 2 times out of 10.
Overall, various transferable concepts likely contributed to this. The network courses in college appeared to be paying off at last, and web design experience is becoming more and more beneficial. At first, I’ve noticed when I’ve learned about penetration testing, but now, when my focus is holistic on application security, I feel that more and more concepts and familiar topics are helping when navigating the uncertain waters of cybersecurity landscape.
I have adjusted my writing calendar to avoid putting pressure on publishing while keeping a writing schedule.
- Mon-Fri at around 07:00. Write. This includes researching for subjects, reading articles, creating drafts, shaping up drafts.
- Mon-Fri after 19:00. Publish when possible.
- Weekend: Nothing mandatory.
This schedule enabled a writing pace that I’m happy with while finally leaving a bit of time for other hobbies. And to note, this schedule is nothing strict, however I noticed I write more just by having a draft of a calendar in mind. I can also attribute this to the snowballing effects of constantly saving ideas and transforming them into rough drafts, always ready for when ‘writer’s block’ kicks in for the day.
With this in mind, I see myself devote less to cybersecurity as time goes on.
Recommended reads
Other than what I’ve recommend on this blog so far:
- Basic Security Oversights: How a Public API Token Led to Internet Archive’s 7TB Data Breach
- Enhance web app security with HTTP security headers: Content Security Policy
- OWASP Top 10: A Sign of Progress in Web Security
Speaking of other hobbies.
(to be continued)
Photo by Jan Kahánek on Unsplash.