In 2019, I really focused on pursuing security. Between taking a tons of trainings and attending too many conferences to count, I was also flying around quiet a bit to interview for a new gig (both software engineering and security engineering positions). So there was a lot of interview-studying on top of all the flying. In the end, I made a really hard decision to switch career completely… to leave software engineering and step into security engineering. In this transition, I gave up pretty much everything I had (my house, car, stable life…) to join a new gig that will be more challenging, allowing me to learn, and do more!
I feel like I’ve grown a lot as a person during this year, both personally and professionally. Every day after work, I was reading and spending time at coffee shop to learn something new. I started to gym pretty regularly. I’ve purchased AND actually read 10+ security books. I’ve obtained my GCFA and GCISP. I started working with cloud, wrote 3 trainings on application security. Gave an internal presentation on K8 security. Got 2 formal mentee from my last gig, and still managed to keep in touch with them. And even got a few more informal mentee that I’ve met from conferences and what not that I’m providing resources to so they can get into the security field!
However, towards the end of the year, I was burning out. So for the first time ever, I even took an entire week of break to spend time with my family. This is my very first REAL vacation… Very first one in the entire 3.5+ years of working where a vacation didn’t consist of a training or conference… Not gonna lie, it felt a little weird at first not…having anything to do. I occasionally still checked Slack and had to try hard to make myself not to. But hey, my brain got a break and it was pretty satisfied! :)
I’ve learned that you really have to have a healthy balance of work and personal life. Even if you’re super passionate about your work, stepping away really help to rejuvenate your brain and prevent you from exhaustion. The moment I was back at work, I finished a pretty difficult task that would’ve took me a full week in 2 days… just because my brain was so clear and I was able to focus so well! Everything started to make sense and it was a pretty amazing feeling!
- BSides SF
- LWT SF & NYC
- Black Hat
- Blue Hat Seattle
- BSides Augusta
I’ve learned a lot. Met a lot of great people. Mentored a few more with all the knowledge I had. And gave back to the community by working on some open source projects. I also get to take these trainings.
A lot more about building a security program from scratch. At my past gig, I joined towards the end of a fresh security program build-out and learned to operate with information in a mature environment with focus on hunting, proactive defenses…etc. However, for the new gig, I’ve classified it as more of a rebuild from scratch. The environment isn’t as mature as what I’m used to but I’ve learned a lot about how to consolidate and standardize everything to ease the management process. I’ve learned the importance of automation. Importance of planning, communications, and working with team early on to build a good foundation of working relationship for the future. I’ve started to be able to correlate a lot based on logs and events to tie together a story of what happened. I learned to bypass and evade AV and Windows Defender. I bypassed 4 different popular EDR tools on the market, and (legally) hacked into a real organization to demonstrate weaknesses and offered different approaches to improve overall detections and response capabilities. I also got to reverse engineer about ~50 different malware specimens in the month of December alone…It was a really fun year!
Anyways, it is getting late. And my brain is starting to not make sense anymore. If I keep writing, I’ll be rambling about nonsense so I’m gonna stop here!
…So, what’s next in 2020? I have a few goals for this upcoming year. Another blog will come soon! :]
Thanks for reading, and happy new year!