What's up, everyone. Since I have been quiet for a little over a week, I wanted to put out an update on what's going with TheCU and me.
I am working on an SMB blog to help entry-level pen testers get a grasp of the service, how to test it, and how to use it to their advantage. Unfortunately, the writing is taking longer than anticipated because I keep going into the lab VM and trying things out to ensure I am putting out accurate information. Hopefully, it will be super helpful to the community. I haven't seen anything this in-depth on SMB yet.
Additionally, you should see a range in updated content across the site under the lists and penetration testing track. Conferences, books, etc. As I get ideas, I put them up.
I recently received a really nice message on the YouTube channel, wondering when I would get back to work on some video content. I am trying to get back there :(. Unfortunately, my business is taking me away from producing as much content as I would like as I revamp everything. As this effort levels out, you should see me adding more. I would say one to two months.
Due to my recent move and the addition of a girlfriend, life, budgeting, free time, and everything else have been all over the place. And you know what? It happens. Life doesn't always go as planned, and awesomeness comes in tiny packages(that’s a joke about my GF). Now that I have settled into the new apartment and have a schedule that works for my new lifestyle as an entrepreneur, I am back to meal planning and budgeting. It also helps that the GF is up for talking about these things.
I saw in a few blogs where people do blogs similar to these and assess themselves financially on the blog in quarterly and annual reviews. I think I might start doing this in the future. The idea sounds great, and I think it would be helpful to see what someone in the industry is doing with their money. I haven't seen a cybersecurity personality do this yet. Let me know in the comments what you think of the idea.
Health and Fitness
So this is one of the areas I am most excited to talk about. Over the past couple of years, I have tried to get ready to run a marathon. I know what you are thinking: why would anyone want to do this? Because it's a challenge that would push me to my limits both physically and mentally. And I like those kinds of challenges.
In past attempts, I would have to hold off training frequently due to injuries to my feet, which would cause me to lose steam; Never really getting above 4 miles. This is a long way away from a 26.2 mile (42.195 km) marathon. This time I have had much better results with my training plan. I have been at it for a couple of months now, and I am up to 2 hours straight of running. Just thinking about running for 2 hours is insane to me!
Although my run time is super slow (about 17-minute miles) I think I will be at a half marathon distance in the next couple of months. I am honestly just happy I am not in pain anymore, and I feel the best I have felt in 10 years. I definitely encourage you to get out to the gym or outside for some exercise if you can. It makes a world of difference. Just find something you enjoy and set a goal.
For those of you with flat feet who would like to run, I suggest looking at some feet strengthening exercises and implementing cross-training. You can find my foot routine here.
I can't forget to mention my YouTube yoga favorite, "Yoga with Adriane" for stretching. She has relaxing but effective yoga videos that I have been using for years. I am currently doing her 30-day challenge, "Home - A 30 Day Yoga Journey." Feel free to join in on the relaxation.
In the end, I am chalking my success up to stretching, feet exercises, and a new running form. Wish me continued success in running like crazy in the South Carolina heat.
I am currently working on CompTIA's CASP+ certification. You may be saying, why do you even care silverbits. I just want to see what CompTIA has to offer. I am always suggesting them as an entry-level certification. I need to ensure the quality (although I have two other certs). Also, I feel like it would be good preparation for the CISSP.
That cert is also super not necessary for pen testing. Still, I feel like by learning to think like infosec executives, I can convey the results of my assessments in a way more suited for them. As a pen tester we are not just technical sme's; we are professional consultants. Part of that role is to convey your message in a way that is easily received and acted upon. Anything I can do to hone my craft is a win.
Also, I may check them both out to blog about them and give my audience the inside scoop :).
My game plan is to knock out CASP+ this month, the CISSP next month, and then focus solely on technical certifications. For those, I am looking at Rasta Mouse's Red Team Ops, eLearnSecurity's Web Application Penetration Testing, and Offensive Security's Pen-300. I am more than likely going to do Rasta's first since I have access to the course and focus on internal network pen testing tradecraft. I may then knock out the two web courses with elearn because I have access to the training until the end of the year. Either way, I go, expect review blogs, tips for the certifications, and technical blogs on areas I dug into.