5 Year Plan & Information Security Career Goals

This recent talk by John Strand got me thinking a lot about how I can more strategically put together a plan toward my own career goals.  I’m a SOC analyst now but would ultimately like to gain a good base of experience and skills required to either move on to more advanced blue team roles or become a pen-tester.  Even though some of the advice given in the talk is more focused on those that are completely new to security or are recent graduates the advice is still very pertinent to those of us already in the field.

If nothing else it’s a good reminder of how much I have to learn, and that without having clear goals in mind along with a solid plan to work toward them you’re going to end up spinning your wheels.  A large part of the reason for starting this blog was so that I could publicly track and hold myself accountable for my progress.  I also wanted a record so I could look back and see how much I’ve progressed as time goes on.

An interview a few years back with Eve Adams (HackerHuntress) on Paul’s Security Weekly was also incredibly invaluable for me when I eventually got my first “real” security job.  I had always worked on security projects, home labs, listened to talks/podcasts, and lot of other activities without ever really considering bringing this stuff up in job interviews or posting that experience on my resume.  I did, based on her advice, and demonstrating the enthusiasm and passion expressed in my off hours has proved to be invaluable in generating interest from potential employers.  It’s always something they bring up in the course of interviews and it absolutely serves as a good way to differentiate yourself from other candidates.

It also may sound silly, but Habitica (the gamified to-do list) has also been a great tool for me to stay on track.  I can set specific small daily or weekly goals attain: goals for OSCP studying, keeping up with security talks, vulnhub activity, projects, and whatever else.  Maybe other To-Do tracking methods work for you, google reminders, or just marking Xs on a calendar, but forcing yourself to mark some progress toward your goals on a regular basis is very beneficial.

That said, these are my main personal goals for 2017 as they stand:

  • Finish studying for and take the OSCP exam by the end of of the year.
  • Regular vulnhub activity to sharpen my skills (aim for 1 writeup per week)
  • Learn more bash scripting (I have an OK background in Python, PowerShell, Java, but have never taken the time to really learn bash)