It’s January, it’s cold, and I have a day off, so that makes for a great time to get introspective and look at my plans and goals for learning and training this year! Sometimes I look to make themes out of my years, and this year I’m probably due to stretch my red team/offensive legs again. I also had a shorter list last year, and this year seems like I’m swinging back into things. Hopefully not too heavily that I get burnt out, but I do have some pressure valves built in that I can pump. On the plus side, I don’t really have any intense things to renew all year.
Formal Training & Certifications
CISSP – It’s barely worth mentioning, but I do need to note to myself that my CISSP expires in April 2024, so I should renew that early on. That’s mostly about getting my CPEs entered.
CSA CCZT – A few years ago I took the CSA CCSK and passed. I saw last year they now have similar material and certificate centered on Zero Trust topics. I’m sketchy, but serviceable on the topic, and I’d like to just properly prove and improve that. This is fairly low pressure, too.
ISACA CISM – I’m not sure how or why this got on my list, but it’s on my official list for work, so I’m including it here until I decide to not do it. Or just do it. This isn’t a cheap exam, but is relatively inexpensive to study for other than the time. We’ll see where I can fit this in. Part of that equation is evaluating the benefits of this cert and its maintenance.
Informal Learning
I have access to a year of Antisyphon On-Demand courses that started very last in 2023. This means I have 25+ courses to consume. Low pressure, and I don’t intend to do all the labs, so this can be something I tackle in pieces.
I also have access to a year of HTB Academy. I mostly got this to gain eventual access to the tier 3 and tier 4 topics, but the rest of the modules can act as refreshers. There is a cert that is slightly intriguing in the Pen Tester path, but I’m not in the mood to entertain that right now.
…and access to MITRE ATT&CK Defender for a year. I’m not entirely sure what this will be, but I had some work budget to spend at the close of 2023, so signed up here. This is partly to see what this service is about and whether I suggest it to others on my team.
…and access to BlueTeamLabs. I’ve been doing this for several years now, and will have another year of access. This is mostly maintenance mode, which means doing new releases every few weeks and helping others.
OffSec Learning Unlimited has been a thing I’ve been eyeballing since it was first offered, and this year I’m putting it on this list. The above things I’ve already gotten access to, but this one is a heavier purchase and if work is willing to provide part of the cost, I’ll cover the rest, including the time commit. And a commit it will be, which is another reason I’ve not yet opened up this subscription. I want to make sure I’m in a place where I can spend a good portion of time for the price. I don’t have any plans to take another OffSec exam, but if I did I’d target the OSWE.
It’s hard to plan a red team year without some HTB time commit thrown in. I hope to dabble on this site again some more. I’m unsure if I’ll spring for VIP yet, but it’s possible, especially if it helps reinforce and practice HTB Academy modules using retired boxes. (On the downside here, HTB is a lot different in its user base than it was years ago. It’s very perturbing to do innocent searches for error messages or exploits against a technology only to find spoilers for live boxes quite readily available. This never happened years ago unless you knew the right people…)
It’s hard to commit to Defcon as it tends to be a big expense, plus risk of sickness. But, I’m putting it on here to figure out this plan before too late. I’d like to go, but it’s also OK to not go. And if I do go, it’s not just about planning hotel, flight, and budgets, but also activities such as any competitions I may want to prepare for.
Other & Parting Thoughts
Last year right around Defcon, I started taking up running for the second time in my life. I loved it, but got away from it late in the year as I was trying to figure out some mysterious ankle pain (on my right Achilles area). During my time, I lost about 35 pounds, and more than the raw number, I could tell the difference. So, I want to get back to exercising properly again, in however fashion I can, even if running ends up being too much impact. This has always just been about being lazy; I love the burn, I love the (good) soreness, and it’s never boring to me.
Lastly, work has a decent influence on what I do, since, well, they pay me and often I’m using budget for the above learning opportunities. I’m hoping to bring some gentle purple team sensibilities and practices to our team in 2024, which aligns with my own personal time focus. Not everyone has an interest in doing both attack and defense, and I consider that adaptability to be one of my strengths. One which I want to keep honing into the future. It’s really either that or continuing to build practice cloud experience in Azure and AWS! 🙂