As an early riser who typically starts his day around 4:45 am, it was way past my bedtime. My computer clock says 1:09 am and my eyes were still wide open with my brain exploring various paths available to me as my next step towards hacking the target box. Then I recalled how it all started and why this moment re-emphasized why I have always been the disinclined or reluctant hacker.
How did I get to this point? Sometime last year after my annual review at work, precisely April of 2018 I decided to fully focus on clearly defined personal career goals that align with the corporate goals of my company. Using various online materials I found CompTIA's IT certification roadmap very useful in articulating most of the career paths that I've been directly exposed to over the years across multiple industry verticals. These include but not limited to information security; network and cloud technologies; hardware, services, and infrastructure; IT management and strategy; storage and data; web and mobile; software development; data management and analytics/business intelligence; and training. I opted for at least 80% focus on information security and network and cloud technologies. It was an easy choice for me, my company was small when I joined and now much bigger due to mergers and acquisitions and my role which covered administering almost everything in IT operations, infrastructure and security on-prem and on AWS has gravitated heavily towards IT governance, risk management, and compliance. Prior to that, I worked with a nationwide commercial property management company for years where my network security engineer role includes traveling across the United States to configure and install Cisco ASA firewalls.
My next challenge was to validate my skills and expertise in my chosen areas of specialization. Due to my years of career experience, I knew I had to go for advanced or expert level certifications and at that point, I have already been certified in various areas across multiple vendors. Some of my previous certifications at that point, some current and some now inactive, include CompTIA A+/Network+/Cloud Essentials, Cisco CCENT/CCNA, VMware VCP, Microsoft MCP/MCSA/MCSE, and numerous certification training courses in different skill areas that I did not get to validate with a certification exam. With that background, I decided to go for the dreaded CISSP, the top expert-level certification for information assurance management professionals followed by the ISACA array of IT audit, security and risk management certifications done concurrently with Cloud certifications as AWS architect associate and then go for AWS security and ISC2's CCSP. I toyed with the idea of adding penetration testing to the fray by going for OSCP cert but ditched the idea.
Good plan, but how do I get there? My research led me to Cybrary.it where I had a previous free enrollment. I started with the CISSP module by Kelly Handerhan which was available for free subscribers and later upgraded to Cybrary Insider Pro account on the Security Engineer track. The selling points for me were the career paths approach; the hands-on labs and exam prep in partnership with Kaplan, CyberSCORE, RangeForce, Cydefe and PracticeLabs; live training; and Mentorship. I made use of the available tools but was too busy with projects at work to be fully committed to my study schedule however I assimilated enough with Kelly Handerhan's videos and exams tips and a few other resources to pass my CISSP on the first attempt in November 2018. It was after that huge milestone that my real journey with Cybrary.it began. I became an assistant mentor helping provide hands-on assistance to a huge number of students around the globe and helping them to figure out career goals, certification paths and more to positively influence the new generation of cybersecurity professionals.
This undertaking forced me to start randomly going through the resources available on Cybrary platform. Early February 2019, a free course titled Advanced Penetration Testing by Georgia Weidman caught my attention which fired up my age long curiosity on hacking and penetration testing all over again. I have always had the hacker in me, if a simple definition of hacking is adopted, as I love exploiting non-conventional ways of doing things on the computer and could practically spend the whole day on it but never wanted a career out of ethical hacking as I believe that means I won't have a life anymore. This curiosity led me to enroll at hackthebox.eu, an online platform which allows you to test your penetration testing skills. Unlike most sites where you just sign up and start using the resources, with this platform you have to 'hack' and obtain a login access code. I got in and it was fun. Next, you log in to your hacking box (Kali Linux, in my case) then access hackthebox.eu to download your custom VPN information and use OpenVPN to access the platform where you can choose a target active machine to exploit.
On Cybrary.it platform, there are a bunch of Cydefe's capture the flag (CTF) style assessments involving practical Metasploit usage, John the Ripper, Nmap, and common vulnerability exploitation. Some of the assessments include EC-Council Ethical Hacking assessment, Linux systems admin basics, Windows basics, Vulnerability Scan, Steganography, Reverse Engineering, Registry Analysis, and Recon.
For me, this is just a hobby that strengthens my cybersecurity consulting credentials but in your case, this could be your exact calling. They say ambition is the first step to success and the second step is action, so who knows what a decision to improve yourself via a platform like Cybrary.it has in stock for you. As a famous quote attributed to Steve Jobs goes, "Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven't found it yet, keep looking. Don't settle. As with all matters of the heart, you'll know when you find it."