As of August 2022, I’ve been working in Information Security for six years. Along the way, I’ve had some successes, some struggles, and some stuff in the middle. The title is definitely click-bait as I have been notoriously bad at following that guidance. In fact the volunteering I’ve done has largely attributed to my successes.
Ok, so let’s start off with what’s working
Things constantly change in Information Security or any of the other adjacent tech roles. I’m remembering what home labs were like in the late 90’s and early 2000’s when I started off in tech. Shortly after finishing my time in the Navy and starting out in my first private sector gig, I’m remembering helping a friend out with their home lab, which consisted of a few desktops and a laptop. It wasn’t much in terms of labs but much in terms of power, physical space etc. Fast forward to today and I could rebuild that same lab on my laptop using VMWare Fusion or Virtualbox.
To be honest that could’ve been done a few years before, and nowadays can be done on Azure for much cheaper. My friend’s lab was nowhere this powerful and the gateway hours assume spending 5hr/day day over the course of 30 days, which is pretty high.
That’s not bad for $100 right? Based on the specs, its much bigger of a lab than the 6 computers in that lab from a couple decades ago. In my case I’d likely do more things over hackthebox or other platforms if I’m tinkering with offensive stuff, but I digress. You came here for a different story.
Despite a very long time working a bunch of different IT roles, getting my foot in the door was an uphill battle. Coming from an IT background, I had to do some additional massaging on my resume to even get interviews because I didn’t have enough security experience. I managed to get around that by doing a bunch of stuff in the community ranging from attending many conferences (out of pocket) to even starting this blog and setting up an online presence to create breadcrumbs of some sort. Doing so gave me more than what was on my resume to talk about, which I advise people getting their foot in the door in tech. It’s the less boring version of document your work. Now when asked about my background I usually direct people here along with my resume and it does keep me on top of things.
Now I run into what’s not working
Going back to the IT days, I definitely made a name for myself through hard work, grit and all the marks of what society at large would consider being a productive citizen. I’m recalling working a lot of long nights, long weeks or even weekends…and a lot of those weren’t even on-call. I will harp this point forward with people coming into any tech role that this is not abnormal. There will be long nights, there will be on-call. For a lot of younger folks in this field, there will be a lot of Friday, Saturday nights, or even holidays you will miss with your friends because you are dealing with one problem or another, or just doing routine maintenance.
In my case, work was also an escape from dealing with personal stuff. I’ve been cognizant of that for awhile and do talk to a therapist, but I guess in between being isolated during pandemic lockdowns and being in my 40’s (and maybe even a midlife existential crisis) I really started to take notice of things neglecting in my personal life. The stresses of day to day challenges at work, the needing to keep up with all the new stuff to learn, giving myself permission to ask for help, and giving myself permission to take a step back every now and then.
It definitely gets challenging when hard work and getting shit done is praised. That said, I also notice a lot of that extra work tends to be less effective or another way of putting it is a diminishing return.
I’m remembering previous OSCP attempts, particularly the second one where I tried working all the way through the duration of the 24 hr exam. Sure I’d take short breaks, but I noticed how after about 17 hours, I was not much more productive while I was working through boxes and in fact became less productive as a result of exhaustion.
You’d think this would sink in for me as was literally at a bar starting this article on a weekend and barely interacting with people while the game was on in the background. Hesitating to go out later in the evening and wanting to do some more work. I eventually went out, but definitely had that “I should be doing something more productive”.
*Full disclosure, my dog passed away within the last month and the loss of my best friend has definitely taken a toll in ways I wouldn’t expect. He’s been there with me the entire way as I went from “wanting to work in InfoSec” to “working in InfoSec for years. He was there for me for a lot of ups and downs a lot of the way and kept me company on a lot of those long nights of building up my skills.
With all this stuff going on I had also experienced struggles with work, which would shock most people. After doing some soul searching, I’ve realized that while my job can be challenging, the issues I’m having have been related to how I balance (or don’t balance) my life. You know that whole work/life balance thing that gets thrown around in various slogans, company job descriptions, or some random article on LinkedIn? Well, its one thing to say it, but doing it in practice and sticking with it is a whole other challenge.
And here’s my solution..or at least one in progress
Taking the guidance of a former boss of mine, it’s one thing to express frustration about something, but doing so AND having a solution is much more productive. I had been noticing some struggles lately with staying organized and while I gave this a lot of thought, I also remembered that it’s not that I didn’t have this skill or could keep up with the pace, but I had in fewer words, an imbalance. Aside from that I’ve definitely had a penchant for not asking for help or at least knowing when. I was thinking back to when I first started on the OSCP struggle bus and how I had made myself much more organized in note taking and how I approached a box and kept old notes to the point of teaching myself how to make a tool to automate the process.
I’m remembering giving Trello a go for a few months, but noticed frequent use of it (with a huge backlog, and checklists, and tasks I was moving daily, I had spent a significant amount of time in it, sometimes almost as much as I spent actually doing the things in the checklists. I’m taking a step back, still using it but keeping one or two lists, with checklists for weekly and monthly stuff.
That aside, I started to notice something I hadn’t done deliberately until losing my best friend and that’s asking for help. I’ve had quite a few people reach out to me and in turn I talked to friends just to vent about things or express missing Ralph. It will take time, but I will move forward as Ralph wouldn’t want me to be sad forever, and would insist I acquire a new friend to walk and clean up after.
As for the title, the running joke is NAVY is an acronym meaning Never Again Volunteer Yourself. So about that, this is one of those things I had acknowledged is an issue with this field as there’s this feeling of needing to volunteer to do so much more outside of work. Granted, I don’t mind the community stuff as it more importantly gets me away from my desk and keyboard for the most part, and I’ve met some awesome people. That said, reserving my right to say no to certain types of volunteering is helpful for keeping my sanity and giving some time to myself to rest, or in some cases take care of my meat suit, as you are only given one.