Learning Update-Week 3

Coming out of the third week of this challenge, I’m a little surprised at just how often unplanned learning opportunities are showing up. I’m not sure if this is just a coincidence, a pattern I hadn’t noticed before, or a new pattern due to focusing more explicitly on tracking my learning week-to-week. Going to keep my eye on this as I go into Week 4.

Something that I’ve used on-and-off for years, to keep track of the various educational resources I’m interested in, is a Kanban board. I realized recently that I hadn’t updated it in a while, so I did a bit of cleanup. Going forward, I’ll be reviewing my board more regularly.

What learning did I do this week?

Security Blue Team-Intro to Network Analysis

Didn’t make any progress here this week. I had a couple of appointments that took longer than expected, which ate into my training time.

Planning and implementing a Security Incident Response

Finished off the first module of this course, as planned. The content is interesting, although I don’t find the presenter particularly engaging.

NahamCon CTF

I made it through the two challenges I had hoped for, focusing on web pentesting. They were certainly challenging, but very enjoyable.

PentesterLab-Essential Badge

Didn’t make any progress on this badge this week.

Learning about Pull Requests

This training wasn’t on my plan for this week originally. The opportunity arose at work to attend an all-day workshop, all about Pull Requests. Pretty much my entire career has been developer-adjacent, and while I generally understand the concept, I jumped at the chance to get a bit more in-depth knowledge of how they work, and what developers consider important when doing code reviews. I was pretty proud of myself – in one of the exercises, I even picked up on a potential issue in some practice code that no one else did!

Reading-Explore It!: Reduce Risk and Increase Confidence with Exploratory Testing

Made it through a couple of chapters, and it’s got some great guidance on how to work with Session-Based Testing, which is something I’m particularly keen on.

What Learning Is On The Agenda This Week?

This week is going to be a little lighter, since I’ve got some personal and professional obligations to take care of.

Security Blue Team-Intro to Network Analysis

As a carry-over, I’m planning on finishing this course this week. There’s only a couple of quizzes, and a capstone project.

Planning and implementing a Security Incident Response

The plan here is to finish off the section review questions for Threat Modelling, and finish off the Building a Computer Security Incident Response Team module.

PentesterLab-Essential Badge

As a carry-over, I’m going to take on a couple of the Essentials exercises on PentesterLab.

Training Backlog

Since I have a finite amount of time available with which to train, I have a couple of things I previously had put on hold. These include:

• Make-Your-Own Rubber Ducky
  • I’m going to look at some of the scripts that other folks have created for this, and pick something to try.
  • Tentatively planning to dive into some scripts in Week 8
• Digital Forensics From Beginner to Expert
  • This free course was started by Shannon Brazil, also known as 4n6lady on Twitter
  • I had previously worked through the first week, but haven’t made time for it in a while
  • Tentatively planning to work on the next module around Week 6 or 7