Quick Update: February 2024
Where have I been? What have I been doing? None of this is your business, but I’m about to make it your business.
It’s been a few weeks since my last post, so here’s a quick rundown of what’s been happening for the two or three people reading this that care.
The home lab is still… in pieces
I promised to continue to update the masses on my home lab progress. That’s still the plan, but life has an odd way of throwing curve balls while you sit comfortably watching Maury. Recent family events have left me without an office space, as my sister-in-law currently occupies it. Add to this a busy work schedule that has me traveling quite a bit (I’m writing this from a hotel in Hawaii), which means that I’ve not had time or space to dig into building out my virtual lab environment. Well, technically, I am updating and iterating on my lab environment; the baseline is there. I just need to expand upon what I have and delve into the technical details of running SIEM software.
Security+ is next on the list
My last post delved into how I passed my CompTIA Network+ exam (read it here). The next goal is to hunt down and eliminate the Security+ certification for its crimes against humanity (you know what you did…). I’m giving myself a few months to study before attempting the exam. The goal is not just to pass the exam but to comprehend the material. It is a challenging task considering I am not actively working in a cybersecurity job, hence why you, dear reader, have come along with me on this journey. I'm pretty sure some may just be reading this to witness my downfall (I’m onto you, KYLE!).
Willingly volunteered for more work
I recently applied for a board member position with the Leader Transition Institute. The organization supports active-duty U.S. service members transitioning to the civilian sector by assisting them with finding their purpose, living intentionally, communication, and other skills through the Changing Focus program. The program helped me find my purpose and is part of the reason this website exists today. They’ve recently opened up a position on their board, which would allow me to pay it forward and assist others with their transition. Their selection process is on par with the Navy SEALs; the final interview involves facing other applicants “Thunderdome” style. It should be fun.
Quick Tip: Everyone is vulnerable to social engineering, so don’t be a dick.
For no particular reason other than it’s a good reminder: we’re all vulnerable to social engineering. In the past, I, like many others, would bash someone for having fallen for a scam. “There’s no way I would fall for that. How could ANYONE believe this was true?” It’s effortless for us to imagine that if we switched roles with the scam victim, the same result would not happen. However, the reality is that we’re all vulnerable because we’re human. Humans have emotions, values, and needs, all things that an adversary with a suitable pretext can exploit. In cybersecurity, we strive to teach people ways to mitigate the threat of social engineering. Still, it can happen to anyone, even someone whose profession is to teach others how to spot these attacks (check out Smashing Security Episode 353 for a perfect example), which is why we ought to empathize with social engineering victims instead of deriding them. It’s embarrassing enough to have fallen into a scam; we shouldn’t be doing things that worsen that experience. In fact, we need people to feel comfortable sharing their stories because it enables us to learn from their mistakes and expose adversarial campaigns (thank you to Carole Theriault for sharing her experience). Consider the reactions you’d want to hear if you fell victim to a social engineer attack before tossing out snarky remarks.