Information Security Manager: A Year in Review

It’s been one year since I officially transitioned from systems administration to information security. What a wild ride. This career change didn’t come with a how-to manual, that’s for sure. But armed with years of experience and a lot of determination I feel that I’ve made dramatic progress in both my own professional development and in the organization I support.

I successfully pursued  CCSP certification. This was driven by both personal ambition and a genuine need to bring in some additional expertise to support cloud initiatives at my employer.  The process took me about 3 months of daily study but it wasn’t particularly bad. The overlap between CISSP and CCSP is significant, so that likely helped quite a bit. I definitely feel it was a worthwhile endeavor and I learned a decent amount from it. You can see more about that here, here, and here.

I levelled up to Pro Hacker on HackTheBox. That also took a while and proved VERY challenging. Hacking is a unique thing to learn since every hack is unique. I’ve found it taps every facet of my IT skillset and forces me to look at things in new ways.  Learning to hack and beginning to see things as an attacker has absolutely made me better at defending my organization.

I dove deeply into numerous policy frameworks. While compliance is not security, it is a requirement. To that end I’ve studied up on several regulatory and internal policy frameworks and developed the supporting programs to enforce them.

I’ve run digital red team exercises. Hacking into the systems at my employer. Running physical penetration tests. Recording what I find, then working to ensure no on else can do those things.

I’ve scanned for and mitigated vulnerabilities. Repeatedly *sigh*

Didn’t get to go to Black Hat this year because of The Rona. Boo. I really wanted to. I consider the first time I went to be a pivotal point in career. It was the moment where I 100% committed to making this change. This year I plan to do summer camp to its fullest. BSides, Def Con and Black Hat.

What do I want to accomplish this year?

Personally, I want to move up another level or two on HackTheBox and obtain OSCP certification.  Those goals should more than keep me busy.