And, why take any advice from me?
This all started in 2014, I had just finished university with a Bachelors of Science in Mathematics where I studied cryptography and integrating mathematics with computer applications.
I knew technology and specifically security had a bright future, as it was a buzzing industry with ransomware attacks in the news. So, I picked a course and signed up for the Network Engineering & Security Analysis program at Mohawk College in Hamilton, Ontario, Canada, and worked at a various IT consulting firms while in school.
I spent the next couple years in the place I most enjoy, the trenches. Consulting for various companies where I responded to the most obscure tickets from end users, deployed servers, workstations, patched systems, managed end users, implemented antivirus, configured firewalls, routers, VPN’s – you name it, I did it.
I found myself drinking from a fire hose. When I started, there were many tasks I had no idea where to even start, but persistence prevails and after applying my logical thinking from my math training, I solved problem, after problem, after problem until I finally ‘got it’.
In 2018, I was hired to work in a Security Operation Center outside of Toronto as a SOC Security Analyst where I found a role as the lead threat hunter, curating threat lists, investigating malware samples, and developing alarm use cases to catch nefarious activity. In this time, I tracked Emotet malware, conducted phishing exercise campaigns, hardened servers, consolidated procedures, worked with vendors to test new solutions, and assisted in SOC2 audits.
At the closing of 2019, I moved to another SOC, finding myself in a more senior role more directly involved with managing clients entire SIEM environments, working on new detection mechanisms, & giving reports to key stakeholders and senior executives. This move has expanded my breadth of knowledge of security products by being exposed to whole new information security ecosystems, new vendor training, and diverse business-security challenges.
Currently, I am pursuing certifications. Just recently passed the CISSP exam and several other SIEM vendor certifications (Splunk/LogRhythm). However, my main goal for the remainder of 2020 and 2021 is mastering penetration testing by re-taking taking the Penetration Testing with Kali Linux (PWK) course from Offensive-Security, with plans to take the OSCP exam in the winter. Moreover, I have acquired some SANS training materials for SEC504 and SEC508 and will be pursing the GCIH exam when I am ready. My long terms goals for 2021/2022 are to learn Python for penetration testing as well, by acquiring and slowly learning from SEC573 materials.
I started this website to keep a track of my career, challenge myself, and to share the things I find with those that would find a use for it. I hope you find my journey helpful to your own.
Updated for accuracy: July 27, 2020.