A year in review, first year back in CyberSecurity

First off, this quote by Colin Powell is appropriate to the start of a new year. I started my CyberSecurity journey about a year ago, it's been busy. If I look back, a few funny things happen.

1) About one month into my journey. I had a meeting with a particular vendor, during the phone call, they used so many TLA's and other jargon I didn't know off hand without googling, it was too much and I stopped the meeting 20 minutes in.

2) I was introduced to DevSecOps, Friction-less security and Shift-left terminology. Little did I know for the next few months, almost every activity revolved around these buzz words.

3) In previous roles, I usually worked with one primary vendor and maybe a secondary or supporting vendor. In the security space, almost every process has different vendors. Let's say 7 or 8 I've interacted with.

I give credit to my mom wholeheartedly for giving me the passion to be a life-long learner. My dad was 'task' based and always had some project happening. Each project or business its own adventure. In his own way, he modeled being a life-long learner. This is a good trait to have entering the CyberSecurity space.

Over the last year. I've taken classes at https://www.tryhackme.com, BurpSuite Web Academy (over 200 lessons, still going through these!) Several from Rapid7 among others.

I started primarily scripting using Python. In previous roles I've used wscript, cscript and later powershell. Over the last couple years before focusing on security. My role mainly had me focused on mobile development as well as Lamba. These technologies were C# and JavaScript based. I'm still warming up to Python, but catching on. String handling is different than other scripting languages, but I'm getting there.

I've spent most of my career scripting, which has been a good skill to have for various automation activities, and in the security space, Python seems to be the dominate scripting language. One of my more favorite capabilities in Python is calling API's, retrieving data. In my line of work, querying various data sources, creating work-lists or CSV files is a common activity. The Requests modules makes it easy to retrieve JSON formatted output.

I attended my first GrrCon conference. GrrCon is a local conference within 15 - 20 minutes of work. Covid all but stopped me from attending a conference for a couple years. Having a local (and mature) conference locally was a benefit. I enjoyed the conference and laid back atmosphere, yes even the sessions might have had a "f" word dropped here and there. There is an edginess to the conference and content is great, excellent vendor support.

As the year progress, acronyms and TLA's caused me to pause, open a browser and search the web. My primary focus is AppSecDev. How did I learn about this acronym? I was attending another local conference at the Grand Rapids, MI local minor league ballpark (CloudCon by West MI chapter), great conference btw! Aaron Bregg and Matt Nelson were a couple people I know among many others did a great job!

I asked a fellow co-worker while at a vendor booth, what is my role? His response, of course steve you are an "AppSecDev". I wondered around the rest of the vendor area, they would ask. What do you do?? I'm an AppSecDev?!. The vendor's and rep's faces would light up with joy and start to share their product.

Little did they know, that term I had heard briefly, but didn't know until a few months in my role was implementing SCA, SAST, MAST, DAST (and yes, these are left to right, my OCD needed them to be in correct order). These are common terms in my frequent meetings discussing strategy, direction. And yes, I even know what they are used for, a year no so much!

In conclusion, there is so much within a year a person can cover. Products have been evaluated, recommendations for change across many project teams, learning to coordinate, communicate with all levels of IT and areas of the business. My primary focus is learning the many tools, how they work and integrate into keeping code secure, raising exceptions and making a journey more real to a "Shift-left" approach. People, Process and 'then' technology is a main phrase used throughout my entire career. CyberSecurity involves people and process a lot.

If you have made it this far, be curious, don't expect to know everything. CyberSecurity has been a journey and is exciting. I've tried to stay "an inch wide and a mile deep", meaning not learning too much and what I focus on, becoming an expert. It's been interesting watching various individuals on Linkedin (one was a truck driver, now is a SecOps person I believe - Yes Dustin, this is you!). The fact remains someone who WANTS to learn and SHOWS the desire will eventually make it.

I started in IT a few years ago as a help desk person, no CIS degree or computer experience. Through many positions, failures (try to learn from them), practice makes you better (not perfect). I'm enjoying my journey and the "never" ending task to know what each TLA represents. GRC (governance, risk and compliance), SEIM (pronounced SIM) - I need to google this from time to time to remember what it is, I know what it does. SOC (security operations center) and many others. If you have a favorite acronym and definition, pass it along! If you have a favorite podcast, youtube channel, training resource pass along. It never ends!

Until next time and keep looking forward!

Steve