Cybersecurity Central | Refining the Human Connection | 501c3 Nonprofit

BLOG BY SHAUN

Cybersecurity Central is excited to share Blog by CC.

Bookmark this page and check back to learn what Shaun Washington is discovering in his #cybergrowthandlearninggrind journey.


#cybersecuritycentral #diversityofthought #blogbycc

TABLE OF CONTENTS

NOV 1, 2023

Cyber Threat Hunting

by Shaun Washington

October 4, 2023

My time has been fully consumed with the transition from Day shift to night shift as a SOC Analyst, balancing time with the family, starting the CWCT program, attending CySA+ study group, and assisting with the Young Mogul Development Group. I have been contemplating on what it is I could talk about that isn’t going to make me sound like a broken record: Network, Study…. Rinse and repeat…. So I think that I will just touch on the things that anyone interested in becoming a Cybersecurity professional needs to know, based on my experience on my #CyberGrowthAndLearningGrind journey. 

OCT 4, 2023

Cyber Threat Hunting

by Shaun Washington

October 4, 2023

As you all know by now, my hunger to learn and immerse myself in all things cybersecurity has been a long and arduous journey. From multitasking doing my Application Support duties while also trying to learn and absorb as much in the security realm as possible was nigh impossible. So with my new position as a SOC Analyst, I am no longer having to split my time and attention, everything that I am, have been, and continue doing, is all working towards making me a more well-rounded cybersecurity professional. I still don’t know what my final form will be, but I will keep going down the rabbit hole and see where I come out.


One initiative that I am working on is becoming more familiar and comfortable with the idea of Threat Hunting. I had previously completed a Cyber Threat Intelligence course from arcX and now as a part of work I was able to attend and fully focus on Cyber Threat Hunting, presented by Chris Benton from Active Countermeasures

Let’s define Cyber Threat Hunting. It is the proactive process of searching for and identifying malicious activity within a network or system. It is a continuous process that involves using a variety of techniques to detect and respond to threats that may not be known or detected by traditional security solutions. Traditional security solutions are firewalls, SIEMS, Anti-Virus, etc. In this training, we were introduced to the AC Hunter platform and shown its uses in threat hunting and how to go about changing the mindset that seems to be ingrained in security.  If you attend the Simply Cyber Daily Threat Briefs or have conversations around GRC you have probably heard the phrase: “Left and Right of Boom”, meaning before and after and incident, the Boom. Typically, the mindset of security is focused on taking some precautions and preventive steps to secure assets but then that’s where it stops. Threat hunting takes the sensibilities of a Blue Teamer and marries it with the inquisitiveness of a Red Teamer. That means in order to protect something from harm you have to take an active stance and seek out what could/would do you (your data) harm.

Cyber threat hunting is important because it can help organizations to identify and respond to threats before they cause damage. It can also help organizations to improve their overall security posture by identifying vulnerabilities and weaknesses in their systems and networks. There are a variety of different cyber threat hunting techniques that can be used. Some common techniques include:



Here are some examples of cyber threats that cyber threat hunting can help to detect: 


I’m going to give you a summary of what the AC-Hunter platform is and what it can do, the training is very much worth your time so I will not be giving away too much of the information from within the training but if you are interested in finding out more I will include links to find/sign up for the next training on December 1st 2023 (https://www.activecountermeasures.com/hunt-training/).


AC-Hunter is a network threat hunting platform from Active Countermeasures. It is designed to help organizations identify and respond to threats that may not be detected by traditional security solutions. AC-Hunter works by continuously analyzing network traffic to identify patterns and anomalies that may be indicative of malicious activity.


AC-Hunter uses a variety of techniques to detect threats, including:

AC-Hunter is a powerful tool that can help organizations to improve their security posture and reduce the risk of cyber-attacks. It is easy to use and can be deployed on a variety of platforms, including on-premises, cloud, and hybrid environments. The team at AC has put in a lot of work to make this product pretty easy to use, and remove some of the initial barriers of threat hunting. I will say that through the training I did learn something in Linux that I hadn’t know about before, I didn’t know you could highlight results while using the less command to make searching through results easier, also I knew that you could “pipe” results of commands to each other but hadn’t done so with more than 2 commands ex. <command> | <command> | <command> |


If you are interested in checking out the VM’s, labs, or previous training recordings visit https://www.activecountermeasures.com/hunt-training and also build up your threat hunting skills with the Malware of the Day Blog (https://www.activecountermeasures.com/?s=malware+of+the+day) to continue sharpening your threat hunting skills, I know that I will be taking on that challenge.

As always, I want to continue to encourage everyone to continue seeking growth and improvement in whatever they desire. I am still striving for that 1% improvement everyday so if you need inspiration, advice, or a sounding board to bounce ideas off, start the conversation on LinkedIn (https://www.linkedin.com/in/shaun-washington-8a428240/) or Discord (cybershinigami81) 

SEP 20, 2023

Maintaining My Hunger: Putting Things in Order

by Shaun Washington

September 20, 2023

My first full month is now in the books as a SOC Analyst and I am starting to establish my routine which includes:


As the date for registration for my CWCT classes approaches swiftly, I now am tasked with maintaining my motivation/hunger. With all the things I need and want to do start to pile up I need to manage my time better and also cut back where necessary.

 

With my work schedule getting ready to rotate into 3rd shifts and classes beginning soon after, I have to maintain a productive mindset as to not burn myself out, lessen my desire, and also keep myself accountable.  I will be using my “downtime” during my wake & working hours to read/study and complete assignments. This is a balancing act that I have had to do before when I was going to school fulltime, working fulltime plus overtime, and trying to be there with my family.


It is also imperative that I start/restart an exercise regimen. My job covers cost of membership for me to join a gym but knowing myself and how I’ve become more and more sedentary, I don’t see that as the best option for me to start out with. I think since I still have my Beachbody workouts P90X and T25 that will be the start to my physical health journey.  I truly miss having a team to workout with and keep me motivated and to push me during my workouts, but I will have to find alternative ways to keep myself moving toward my health goals without a gym buddy. Also choosing the best time to do the workouts will also need to be considered.


I am still working on my 2nd brain or Obsidian Vault, and I want to focus on more of my CySA+ related notes as well as notes for the upcoming classes I will be taking based on digital forensics. My plan is to finish my first play through of the Certify Breakfast playlist and on the second go round start incorporating the information in the videos into my Obsidian Vault to help with me preparation and absorption of the materials.

 

I have noticed that I haven’t been posting to my LinkedIn as much due to my shifting focus. I have the career that I set out on this #CyberGrowthAndLearningGrind and now I need to maintain and expand on what I have started to build. The TLDR is that I will continue to network and make posts (I probably need to just go ahead and schedule some posts ahead of time). That part of my grind is going to be put on the back burner while I am cooking up the main meal of gaining more cybersecurity knowledge, making meaningful connections, and contributing where I can in my sphere of influence.


Lastly, I want to continue to encourage everyone to continue seeking growth and improvement in whatever they desire. I am still striving for that 1% improvement everyday so if you need inspiration, advice, or a sounding board to bounce ideas off of start the conversation on LinkedIn (https://www.linkedin.com/in/shaun-washington-8a428240/) or Discord (cybershinigami81).

SEP 6, 2023

Target Acquired

by Shaun Washington

September 6, 2023

Almost a full month into my new Cybersecurity role as a SOC Analyst and I feel its time to do some slight refocusing and reaffirming of what it is that I am working towards. Previously, the #CyberGrowthAndLearningGrind was 110% focused on gaining the requisite knowledge, experience, certifications, and networking to “break” into cybersecurity. Now that I have arrived what is my new overall goal. Come along with me and check out what’s cooking…. 

First, let me give an update on my current study and training regimen/routine:

 

That list is constantly shifting, and I am working on maintaining my consistency hitting all of them either daily or weekly. I know that I will be using THM a lot more since adding my premium subscription and supplementing my downtime with exposure to information and tools from rooms such as the RedLine and Phishing Email analysis rooms.

Second, I want to bring my “calendar” up to date:

All Things Open 2023 October 15th -17th (hoping to be able to attend) https://2023.allthingsopen.org.

Last, but definitely not least, volunteering making myself available to others.  Time is always at a premium but I have made some wonderful connections through my journey and desire to give back as much as possible. What this will look like is unclear at this moment but I do know that I will be making every effort to:


That sums up the work side of life and I even with this on my plate I will be available to my Friends and Family (Lord Willin and the creek don’t rise.) Keep the conversation going by sending me a message and/or sharing with your network your #CyberGrowthAndLearningGrind journey, just make improvements everyday even if it’s only by 1.

AUG 26, 2023

New Frontier, Same Training Grind

by Shaun Washington

August 23, 2023

My first week of being in my new role as a SOC Analyst is officially in the books! What are my takeaways and areas I want to improve upon for the upcoming week? Let's start with the takeaways I am able to share with the community. There are a number of tools that are used within cybersecurity roles that are available to learn on or about. The broad picture is that as a SOC Analyst you need to familiarize yourself with:


First, SIEM which stands for Security Information and Event Management, can be used to aggregate logs from various endpoints and systems, this give you a Macro view or "Big Picture" of the cybersecurity threat landscape. They are customizable and can be tailored to the needs of your business. There are several tools with varying features to select from, here is a list of some in the market:

Second XQL, where the “X” can be filled in by any specific language model, the query languages all are used to work in databases. The majority of the syntax in the QL’s are the same as SQL (Structured Query Language) but are further built upon to suite the needs of the database so that could mean read & write capabilities or just read capabilities (SQL vs KQL). Each of the security platforms has their own flavor of QL, learn the fundamentals of how to build your query and just remember white papers and Google are your friend.

Third EDR, Endpoint Detection and Response, are used to detect anomalous behavior and can also include Antivirus & Ransomware solutions. There are a plethora of options from various vendors, but finding the right one for you is going to depend on your “Stack” or compilation of security devices, or the offerings of the platform. Security in depth is a key concept to consider in building your infrastructure but here are a few of the EDR options:

Fourth, I will combine the last 3 bullet points from my introduction into my #CyberGrowthAndLearingGrind mentality and procedures. Studying for my overall knowledge and learning the aspects of my new job. The basics or fundamentals are the best place to start in any endeavor you pursue, knowing basic networking is a prerequisite for Security Operations, that is all tied into the analysis of traffic, emails, and network appliances. During my CySA+ study group I was shown a program that I felt would help me organize, build a knowledge repository, and also teach me about markdown languages, it is called Obsidian. Since then I have been sharing this program with my colleagues and building my 2nd Brain to reference what I am taking notes of. I have also been shown and/or shared with several browser plug-ins that can make my role easier. These plugins are new to me and if you are interested in what they do give them a try or ask me a question:

Last but not least is staying up-to-date on the latest stories/vulnerabilities in the industry. You should all know by now about the wonders of the Cybersecurity Central and Simply Cyber communities, these are my favorite spaces to network, learn, and share with others. I know that there are numerous other places/groups/communities, and we can and do learn from one another, so start the conversation in the DM’s, join the community in Discord, and get your fix for actionable intel with the Daily Cyber Threat Brief

Come and make yourself better each day and pay it forward to those around you.

AUG 9, 2023

Mental Recalibration

by Shaun Washington

August 9, 2023

Where to begin? This is my first time ever having time off when moving between jobs, and this time has afforded me some insight and an opportunity to do some mental recalibration. How do I identify or define this concept?


I first need to establish a baseline reading, as I have shared before in previous posts and blogs. My journey before IT and Cybersecurity was one fraught with long hours, no true stable shift, and a constant stream of stressors piling up. I never considered myself a workaholic, but looking back I can definitely see that I was leaning more towards that side of the spectrum. I have experienced a hard time separating that side of life from my growing family and the subsequent duties associated with it.  I never “take a vacation”- especially without something planned and an obligation to show up and/or participate. This was made evident whenever I switched jobs. I would always lose “Sick Time,” and not just a little bit, months of it.

My time at the JDC began to accrue so fast that I couldn’t take enough time off (at least I thought I couldn’t) to not end up over the max vacation hours at the end of the year which would then roll over into Sick time. Rinse and repeat that for 12 years with compounding interest. I wish I could save money the way I saved PTO... Anyway, the major factor in me going back to school pursing IT and Cybersecurity was my work / life balance or lack thereof. I missed way too many holidays, weekend trips, family functions, you name it all due to my mindset on work and being a good employee. My track record as an employee was impeccable but my record as a family man was suffering to say the least.


Fast forward to my transition to multiple firsts:

The toll that was being exacted on my physical and mental health couldn’t truly be quantified, without me being introspective (never really had time to do that) and finding new ways to be accountable for my wellbeing.  I know how to keep my eye on the prize and power through to my goals, but it has been a long time since I have achieved a big milestone and had the opportunity to reflect and refocus. So to make myself accountable to the others on this #cybergrowthandlearninggrind I will lay it all out before you:



In closing, don’t take your life for granted, work is necessary but it isn’t the only thing that matters. I missed out on so many events and times to make memories that I have a huge amount of regret or FOWIHM (Fear Of What I Have Missed). I can’t let myself do that again, this doesn’t mean that I will be any less of a committed employee, I will just make sure to use all of what is provided to me to make sure that my family thrives as much as my career. I look forward to family trips and vacations, also to conventions and conferences. If any of you are in the same boat as me, please let me know how you made the change or how you plan to change. 


Connect with me on LinkedIn: https://www.linkedin.com/in/shaun-washington-8a428240 

JUL 26, 2023

Celebrating Wins

by Shaun Washington

July 26, 2023

This is a cathartic moment for me as I announce that the long journey to breaking into Cybersecurity has finally come to an end. I officially have accepted a job offer to be a SOC Analyst for One Source Communications. I just want to give them a shout out for taking the chance on me and also giving me the opportunity to start my cybersecurity career and continue blogging for Team CC and potentially them as well. This is a momentous occasion and I appreciate all the support I have received from the community.

My #CyberGrowthAndLearningGrind is still in full effect, the job is secured but the hunt and pursuit of knowledge will never stop. I will take the time and savor this win, there is a huge weight lifted from my shoulders, however this is just the beginning of my cyber story. My goals are constantly being updated

·         Upon receiving my voucher I will set my exam date for the CySA+ exam

·         Get CySA+ certified before the end of the year

·         Start the CWCT Program in October

·         Prepre for the CHFI

I’ve been participating in study groups and mentorship meetings with other members of the Simply Cyber community, and I am making a concerted effort to invite and introduce others to the people and resources that helped me get to where I am currently. The next win to celebrate will be when I can help the next person take their first or next steps in the industry.

Come join me and the community as we keep learning and growing together.

Connect with me on LinkedIn: https://www.linkedin.com/in/shaun-washington-8a428240 

JUL 13, 2023

Checking My Loadout

by Shaun Washington

July 12, 2023

It is time for a little videogame reference here, If you are familiar with FPS (First Person Shooters) or RPG’s (Role Playing Games) you have probably heard the term/phrase, “checking/changing my loadout.” As I am getting more experience with the interview process and the job market in general, I find this to be true IRL (In Real Life). Whether we are preparing for a quiz, test, interview, or a presentation we need to take stock of what we are equipped with or carrying in our inventories, we will call it our “bag”. The hill that seems to be my biggest obstacle is specific knowledge based on… you guessed it experience. I have always tried to make sure I am equipped to deal with most situations that I come across whether that is dealing with personal matters, preparing for school, or preparing for interviews but like many things in life, "Jack-of-all-trades but master of none" might only get us so far.

I have previously talked about my decision to “niche” down and focus on IAM currently due to the crossover between that area of cybersecurity and my current work duties. I have been exposed to quite a few things due to my hunger for knowledge and volunteering but without the practical on the job experience I felt as though I came up short when trying to get a System Administrator position. The final decision hasn’t been made yet, but after the research I did on Sys Admin Interview questions was not as successful as the research I had done on SOC Analyst questions, I saw and experienced the gap in my knowledge due to lack of exposure and opportunities. I truly hate not being prepared but at the same time there was such a wide variety of topics covered that it would have been impossible to know what was going to be asked unless I had done a similar interview.

My only suggestion for myself and anyone who is reading this is to specialize, niche down, and focus on your specific areas. My CySA+ studies introduced me to Rumsfeld’s matrix of Knowns and Unknowns:

The Known Knowns are the cybersecurity principles I have been studying and the IAM and duties of my job, the Known Unknowns are the specifics of what hardware/software that are in use and that I would be responsible for, Unknown Knowns are the basic duties and processes of troubleshooting and maintain a network, and lastly the Unknown Unknowns the questions and topics that would be brought up during the interview/conversations.  We cannot prepare for the Unknown Unknowns but through proper “loadout” preparation I can make sure that the tools and skills I have can be used with the utmost effectiveness until new skills, experiences, and job duties are acquired and put into rotation.

It feels like a loss and a win at the same time, I will use this experience to make myself more prepared for whatever comes in the future. As always, let's continue the conversation on my LinkedIn and I will see you all on the #cybergrowthandlearninggrind.

JUL 5, 2023

Maintaining Transparancy, Accountability, and Transferable Skills

by Shaun Washington

July 5, 2023

This has been a whirlwind of a past week or so and it all started from a setback that I shared about my “CAARRRLLL” moment getting scammed through Instacart. Just as a recap and not a downward spiral that I can sometimes find myself in:


·         Still applying (getting rejected) to positions in Cybersecurity

·         Had me account compromised in Instacart

·         Trying to make ends meet, working in the gig economy while offsetting cost to participate in these apps (Uber, Instacart)

·         Had to sell my videogame collection (my stress outlet for many years) to make some ends meet

·         Take responsibility for the actions that led to this point, whether they were in my control or not

I had quite a slump, not completely out of the hole but I’m not at the bottom of the pit of despair I was wallowing in. Again, I want to say thank you to all of those in my network that I have met through my participation with Simply Cyber and Cybersecurity Central. Without the constant encouragement I have been receiving in open conversations and DM’s I am able to continue on this path. I make the pledge to myself and anyone reading this that I will remain transparent in my interactions and conversations in my blog posts and my LinkedIn profile. I have been reminded that other draw strength from my experience and sharing of this experience in a public forum.

I am currently trying to make enough time to get in my posts while working, taking the CySA+ course, trying to find work fulltime and/or part-time, and still be available to my family. I can say that the experience has made me cynical or more cautious in my interactions and passed on an opportunity for a parttime position that seemed just a little to good to be true after seeing the red flags of (no interview, asking for account information before having any real interaction, and a slight hint of desperation to get me to fill out the google form with that information). I almost let my desperation for income set me further back and I may never know if the position was truly legitimate, but I know that I can’t get ripped off if I don’t participate in the scam.

 

Last thing I want to talk about is the content that I see always being brought up in posts for people in my position that are trying to make the transition in a different field and don’t have “documented” experience. I would love to start a conversation up about how to convey that on your resume as I am still trying to figure this out myself. I know the skills that I can translate from my previous experience but I don’t know how to bring this across without embellishment or creating metrics that I don’t have or know. I can explain/show my experience managing people and tough/difficult situations from dealing with parents, juvenile, and staff in crisis situations ranging from suicidal ideations/attempts to dealing with a riot. How do you quantify this and add it to a resume with the x, y, z format and also make it apply to cybersecurity/IT? Working in the justice system has made it evident that you can’t save everyone, you can only help those that want it, and you can only change things directly in your sphere of influence (especially with support from supervisors .

Let’s start the conversation so that this information can be shared to improve our community as a whole. Remember, try to improve everyday even if by just 1% on your #cybergrowthandlearninggrind.

Connect with me on LinkedIn: https://www.linkedin.com/in/shaun-washington-8a428240 

JUN 21, 2023

Am I Up For the Challenge of Mentorship?

by Shaun Washington

June 21, 2023

So, starting this week off was an opportunity for me to gain knowledge and a new certification upon completion with my acceptance of the GEER Scholarship, enrollment, and first day in the CompTIA CySA+ course being taught through Fayetteville Technical Community College. After finally getting access to my school email and eBooks, I participated in Alyson Van Stone’s Mentorship Monday group. Due to Monday being Juneteenth, and some other unforeseen circumstances, our numbers were quite cozy so just about everyone had a chance to speak, introduce themselves, and ask/answer questions. As part of the meeting there are several questions that are asked just so that participants can become familiar with each other and hopefully spark conversation. The question that I feel gives me the most problems is whether I am a mentor or mentee, depending on the moment I could be both, either, or none.


After making my post about starting class and updating my LinkedIn profile, there were the normal congratulatory messages but then I had a few that were asking for my insight, opinion, and guidance. My Imposter syndrome lizard brain automatically wanted  to say, “you got the wrong guy…. I don’t know that much on {fill in the blank}” and you know the rest of the self doubt conversation that is had by many. Then something made me stop typing and really think about what was happening and what I could and would be able to tell someone who reached out and saw me as a “mentor” or guide. I am usually introverted but being on LinkedIn and writing my blogs for Cybersecurity Central have given me lots of practice not just being the stoic quiet type. I cant even imagine less than a year ago that I would be having conversations with “strangers” about how the cybersecurity industry works, how to advance my knowledge, and a myriad of other conversations I have had.


What I did know was how to take advantage of teachable moments, coming from my background with substance use education and many (many) years working in the Juvenile Detention Center helped me hone my skills on what I used to tell the “kids” were come to Jesus meetings, or just choppin it up. I found that once I took myself out of the position of being an “expert” or “authority” I was able to have real and meaningful conversations with the juveniles, coworkers, or the occasional care givers who would bring their youngins to the door for me to scare straight. 

I have heard from many other professionals on LinkedIn like @Henri Davis and @Kristi Kennebrew about transferable skills. I found myself preaching that gospel, while still on the path myself. Like everything else in life, perfection is not attainable but we can constantly strive for it, so I gave my caveat that “Im not where I want to be yet but this is what has been taught to me” and then the conversation went from there. Being but a fledgling in cybersecurity, with no official title to call myself a “cybersecurity professional,” I gave the knowledge I did have and what I have learned from my experience so far. Does that make me a mentor, I feel that is debatable, but I know I am ahead of where some of my connections are and I have to remind myself that even a mentee can and will be a mentor to someone else at any given moment. I will continue to do my best to show a path forward on my #CyberGrowthAndLearningGrind and will do my best to help someone the way that I would want someone to help me.


Keep striving for improvement, 1% better is enough, don’t let yourself become stagnant in your victories or defeats. Feel free to shoot me a message on LinkedIn to continue the conversation or to start a new one 

JUN 14, 2023

Taking Time

by Shaun Washington

June 14, 2023

On my “accomplishments” for the day have taken their toll on my mental state. Normally, I can get the drive home to decompress some or just let my thoughts drift away andAs the days and weeks have been slipping by, I am reminded of how precious and fleeting time is.  We all understand on the most basic of levels that time is: Money, Fast & Slow moving, Precious, In Short Supply when you need it, and over abundant when you need something expedited. I have gotten some not so subtle reminders in my life recently about usage of time and then fitting work and life into an allotted time slot.

 

I made the decision to work from home the beginning of this week due to a plethora of “life” happenings:


Having to balance my work schedule with also making sure that my kids aren’t at each other’s throats, not on a screen all day, and having to keep my supervisor updated on my “accomplishments” for the day have taken their toll on my mental state. Normally, I can get the drive home to decompress some or just let my thoughts drift away and not bring any stressors from work home but removing that time was definitely felt the past few days  not bring any stressors from work home but removing that time was definitely felt the past few days. 

I try to maintain positivity, but I also know my limits and I wasn’t physically tired but mentally I was “DONE” and the spiral of agitation, aggravation, and irritation was making its way into my interactions with the family. I haven’t been this close to this level of “anger” and frustration since I was Supervisor at the Juvenile detention center, working overtime, still working as Youth Counselor Technician, giving up my holiday/vacation time, restraining juveniles on a near daily basis, all while putting on the face of strength for my coworkers and family. I had only been in a lower state once before and that was dealing with my mothers death and subsequent estate.


I say all of that to say this, we all need to learn to take time for ourselves on our #CyberGrowthAndLearningGrind. I found my energy reserves drained and it was hard to focus on my daily enrichment and studies. I have an undertaking of the CompTIA CySA+ course and exam coming up shortly and need to remember having moments of weakness is normal, what is not normal is ignoring our needs despite the signs and the writing on the wall.

We always have our responsibilities and obligations just remember you can’t do for anyone if you are not able to do for yourself. Listen to some of your favorite jams, watch a TV show or movie, play a game, just do something that will allow you to recharge your battery before you burn yourself out completely. This is a never-ending battle and we all could use some support, allow yourself the grace and time to get back to yourself.

MAY 31, 2023

Crossing the Ever-Moving Finish Line

by Shaun Washington

May 31, 2023

It feels like its been forever since I wrote my last blog post, I was inundated with studying, studying, worrying, posting for @Josh Mason’s #30daysjobchallenge, studying and passing my Security + exam. Just want to thank everyone for their support and positive energy that helped me push through.


Now that the Sec+ is under my belt, I am trying to plan out my next move(s). First was to get the certification to make myself more marketable for HR and the ATS, Im still fighting that battle as we speak. I did my comparison on the different A.I. platforms (ChatGPT, Bard) to see which one made better changes/updates to my resume. I have had some help previously trying to fine tune my resume, and so far 2 days into my poll the numbers look like this:

My pre A.I. resume is getting most of the votes, but I am unsure what the issue is with it that is keeping me from getting past ATS and making it to at least a 1st interview. I will keep seeking assistance with getting this formula right to try and make this transition into Cybersecurity. If you haven’t already voted there are a few days left and the comments/conversation has been nonexistent.

 

I have had quite a few new connections that have asked me for tips and ideas on making it into the field, my imposter syndrome is getting quite confused because I know that I haven’t “made it” yet but for some people I am ahead, and they want to catch up to where I am. I can only be authentic and real with them when I say that I have not arrived on the cybersecurity scene just yet but here is what I have done so far to get where I am right now. Insert courses/resources that I have posted/shared, push Networking, Networking, Networking, and building your LinkedIn presence/profile/brand. I am not an expert in Canva or design, but I know how to express “my” interests/personality in what I do. I implore everyone that is reading this to take an introspective look at what is unique about you, bring that and your experiences into how you display yourself. What I have learned about branding on LinkedIn was from 2 main sources that I have shared on multiple occasions: Gerald Auger’s Definitive GRC Masterclass and Ken Underhill’s Cybersecurity Personal Branding course. They are worth the money and time to complete and are available at SimplyCyber.io, TCM Security, and Udemy.com

 

As I look toward the future, I will be seeking advice and implementing advice that I have come across to move my career forward and I will share what I learn with you, either through this blog, my LinkedIn posts, or DM. Please tear my resume to shreds if you know what is missing or what I could be doing better, I am always looking to improve on my #CyberGrowthAndLearningGrind. Keeping my eyes on the prize and not stopping until I have crossed the line and passed the baton to the next person.


Lets continue the conversation on my LinkedIn or feel free to message me.

MAY 17, 2023

Mental Health Check

by Shaun Washington

May 17, 2023

This isn’t a very technical blog for this week, but some self-reflection based around the current job market and my journey into cybersecurity. So I have found myself being very pessimistic about the prospects of making the pivot into cybersecurity or a better paying job in general.

My #CyberGrowthAndLearningGrind has been on going and ramping up in intensity as I make the push to break into cybersecurity, I have been putting in a lot of work on myself to become well rounded and try to show that I am an asset worthy of the opportunity to potential employers. I have spoken on my situation in previous blog posts and it hasn’t gotten any better for me financially and of course that takes a mental toll not to mention the constant rejection emails from jobs that I have applied to. I have worked in and around the mental health field and know how I usually react to these types of situations and diagnosis aside imposter syndrome keeps rearing its ugly head.

I know what I am capable of and what I bring to every workplace, and it baffles me that:

I have to say that the communities on LinkedIn that I am a participant in (Simply Cyber, Cybersecurity Central) and the rest of the Cybersecurity professionals I have connected with have been more than supportive in helping me focus on the end goal, listening to my rants, showing me new viewpoints, and so much more. I am truly amazed and grateful, and I will try to make myself available to support others in the same way I have been supported (Pay it Forward).

I have not done the best for myself recently with selfcare, but I know my limits due to having hit just about rock bottom emotionally before, so fortunately and unfortunately, I know when I truly need to stop and step away. Jax Scott made a post about selfcare and consciously I felt guilty, because I know I should be doing better for myself, but at the same time I can’t afford to rest at this point until I get to the next step and put myself and my family in a better position.

The TLDR is make sure you take care of yourselves to the best of your ability and check on your friends and family as well. Everyone is struggling with something and could use a friendly ear or shoulder to lean on.

Lets continue the conversation on my LinkedIn or feel free to message me.

MAY 10, 2023

I Am Team CC i.e. Cryptographic Conundrum

by Shaun Washington

May 10, 2023

So, where to begin? As I have stated in recent LinkedIn posts and #BlogbyCC, I have been studying for the CompTIA Security + exam and scheduled to take it on May 25th. In general I feel prepared but to help quiet my imposter syndrome, I scheduled the exam far enough out to get in some good “cramming” and polishing of my knowledge. I then came to the realization that certain areas on the exam I had more difficulty recalling (general disdain) and the main culprit and focus of my ire is the topic of cryptography.


I understand the purpose and the need for cryptography but aligning it with experience is proving difficult and I need to drill in some situational awareness about this section of the exam. I don’t want to put too much emphasis on this section but maybe my struggle will help the next person coming along this path. Hence, I will try to put my spin on this to make it memorable for me and whomever stumbles upon this.


To protect a system against attacks and malicious penetration attempts cryptography has 2 factors:

1)      Strength of the keys and effectiveness of mechanisms and protocols associated with the keys

2)     Protection of the keys through key management (secure key generation, storage, distribution, use and destruction)


These 2 factors are interdependent and lose their effectiveness when not working in tandem. Based on NIST’s special publication 800-57 Part 1, Revision 4 – there are guidelines for key management and some best practices associated with them. The aforementioned cryptographic keys are used in the 3 general classes of cryptographic algorithms. Cryptographic algorithms are broken into 3 classes approved by NIST, further defined by amount or type of cryptographic keys used with them:


o   Source and integrity authentication through generating message authentication codes (MACs)

o   Compressing messages for generating and verifying digital signatures

o   Deriving keys in key-establishment algorithms

o   Generating deterministic random numbers


o   Providing data confidentiality by using the same key for encrypting and decrypting data

o   Providing MACs for source and integrity authentication services (keys used to create and validate the MAC)

o   Establishing keys

o   Generating deterministic random numbers


o   Computing digital signatures

o   Establishing cryptographic keying material

o   Identity management

 

For me, that is pretty easily understood and memorable, however here come the acronyms. Under symmetric-key algorithms we have:




The rabbit whole goes much deeper with those but I am going to let my brain rest from all the bits and bytes for a second.

Let’s not forget block and streaming cyphers, I am going to enlist everyone’s favorite AI chat bot to give a simplified explanation (its hard to make this lighthearted).

“Block ciphers are like chocolate bars that you want to keep safe from sneaky snack thieves. You break the chocolate into equal-sized blocks, and then you wrap each block in a special secret foil that only you and your trusted friends can unwrap. That way, if a thief gets their hands on the chocolate, they can only steal one block at a time, and they can't read the message on the foil because it's encrypted.

 

On the other hand, streaming ciphers are like squirting a water gun at your annoying little sibling. You keep squirting water at them until they're soaked, and they can't figure out where the water is coming from. In the same way, streaming ciphers encrypt data one "stream" at a time, making it difficult for anyone trying to intercept the data to figure out where the data is coming from."


SOOO, yeah, the explanation was pretty good but I’m just going to set this to the side for now. If you have some way to help you remember this information, please feel free to message me or make a post on LinkedIn and add me to it. Still on this #CyberGrowthAndLearningGrind 16 days 'til it’s go time.

MAY 3, 2023

#CyberGrowthAndLearningGrind

by Shaun Washington

May 3, 2023

This week has been a blur from dealing with procrastinating end users who waited till the last minute to get off of Zoom to the Telehealth platform being used by my company, to me getting my CompTIA Security+ exam scheduled.


I just want to put some emphasis on the challenge I have posed for myself and whoever is willing to join me. I originally made the post on this on LinkedIn:

I am challenging myself to improve every day, a 1% improvement on a consistent basis is all it takes. So far I have been sharing any new training/learning opportunities that I am partaking in such as the ATTACKIQ Academy trainings mentioned in my previous blog post, the apps, books, and websites that I am using to study for my Security+ exam. I am looking to expand my network and further the community that #CybersecurityCentral and #SimplyCyber have been fostering and nurturing. The push to break into cybersecurity is in full swing, I will also be participating in the #30dayjobchallenge that Alyson Van Stone mentioned, and I encourage my network and anyone else who is up for it to take the next step and turn up the intensity. Network with others by participating in Gerald Auger, PhD - Simply Cyber’s Daily Cyber Threat Brief and the #simplycybercommunitychallenge, apply for positions (even if imposter syndrome tells you not to), use the resources available to you (there are a plethora of free & cheap resources available on Cybersecurity Central, Simply Cyber and other spaces).

 

I am not qualified to mentor anyone in cybersecurity job hunting, but I do know how to motivate others around me and I will be the push to move forward and the cheering section for when you succeed. The only thing I ask in return is that you do the same for the next person.

APR 26, 2023

MITRE Attack

by Shaun Washington

April 26, 2023

The rabbit hole that I have gone done in my #CyberGrowthAndLearningGrind recently is partaking in the ATTACKIQ Academy and their learning paths. So far, I have completed about 75% of the Purple Team path. Before the end of this week I plan on having this learning path cleared, just have to finish Threat Alignment & Emulation Planning for Purple Teams.

I suggest you take a look at the offerings available in the ATTACKIQ Academy but I will give a brief overview of what I have gone through so far. Like any other new concept that we are learning, let’s start with some definitions:

MITRE – non-profit corporation based in cybersecurity, but also work in defense, intelligence, aviation, civil systems, homeland security, judiciary, and healthcare.

CVE – Common Vulnerabilities and Exposures

ATT&CK – Adversarial Tactics, Techniques, and Common Knowledge


MITRE is closely associated with the ATT&CK Framework and is known for encompassing a common vocabulary and creating flexible processes (frameworks) that assist in uniting the cybersecurity industry.  The ATT&CK Framework can be found at https://attack.mitre.org

Another concept that is covered within MITRE ATT&CK is the concept of Threat Informed Defense. This is an approach for cybersecurity that proactively uses three elements, that provide an evolving feedback loop for use by your security team. The three elements are:

·         Cyber threat intelligence analysis

·         Defensive engagement of the threat

·         Focused sharing and collaboration.

I have covered the basics of CTI in one of my previous blog posts but this formalizes it within the MITRE framework by using a tool called CRITS (Collaborative Research Into Threats). It is a free open source tool that can be found withing the training from ATTACKIQ. I highly recommend visiting the site and taking some of these trainings (P.S. they have some sweet looking badges, not that it should matter but you know…….).

APR 12, 2023

Using the Intelligence Lifecycle for Investigation (Part 2)

by Shaun Washington

April 12, 2023

It’s time to wrap this conversation on investigations, using intelligence, and how to address or triage incidents.


The first thing we need to do is define risk triage, I will enlist our ever so helpful friendly neighborhood AI ChatGPT. ChatGPT defines risk triage as” the process of evaluating and prioritizing potential threats or attacks based on their severity, likelihood, and potential impact on an organization's systems, data, or operations.”  The goal of risk triage is to help security teams focus their efforts and resources on the most critical threats, so that risks can be mitigated quickly and effectively.


The risk triage process typically involves analyzing threat intelligence data from various sources, such as network logs, endpoint detection and response (EDR) tools, and threat intelligence feeds, to identify potential threats. The threats are then categorized based on their risk level, with high-risk threats given top priority for further investigation and mitigation. These are all apart of the tool set and daily activities of a SOC/Cybersecurity Analyst.


From the perspective of a Fraud Analyst, risk triage refers to the process of prioritizing cases based on the potential for financial loss and the likelihood that the fraud will be successful. This process involves analyzing data from various sources, such as transaction logs, customer profiles, and fraud detection tools, to identify potential fraud cases. The cases are then categorized based on their risk level, with high-risk cases given top priority for investigation and prevention. The risk triage process helps fraud analysts focus their efforts and resources on the most critical fraud cases, so they can take proactive measures to prevent financial loss and protect their organization's reputation.


Fraudulent alerts are notifications similar to Indicators Of Compromise (IOC) that indicate suspicious or unauthorized activity in a financial institution's systems, accounts, or transactions. Here are some examples of fraudulent alerts in the context of ACH/wires/digital banking/account openings:

 

In each case, the financial institution's fraud detection systems would generate alerts based on predefined rules and thresholds designed to detect suspicious or unusual activity. The alerts would then be reviewed by Fraud Analysts or investigators who would determine whether the activity is legitimate or fraudulent and take appropriate action to prevent or mitigate losses.


Fraud analysts use various methods to document and track open cases related to fraud investigations. Here are some common practices / techniques:


Regardless of the method used, fraud analysts typically document and track open cases in a way that allows them to quickly access case information, track progress, and collaborate with other team members. This helps ensure that investigations are thorough and efficient, and that cases are resolved as quickly as possible.

ARR 5, 2023

Using the Intelligence Lifecycle for Investigation (Part 1)

by Shaun Washington

April 5, 2023

It’s time to put on our sleuth hats and delve into some investigations. After completing #arcX Foundation Level Threat Intelligence Analyst Training and stumbling across the Fraudology Masterclass I am deciding to dive into using Threat Intelligence in investigations. There is a lot of cross-over between Cybersecurity work and Fraud Analysis, so let’s take the investigation life cycle into consideration which includes: Direction, Collection, Analysis, Dissemination. 


I hope Gerry likes the flowcharts:

The Intelligence lifecycle has four main areas but can be broken into six, if you want to separate steps 1 and 3 into individual steps. The first step is planning and direction which is what gives the investigation purpose and a starting point. As part of this we would start by identifying what Risk/Vulnerability/information we want to find. The stakeholders give the prompt to begin the investigation and sets the scope of the cycle through the Feedback given.


The next step is the collection of evidence/data based on your target or alert. This is also when an investigator would have identified risk and start their assessments. Typically, an investigations risk assessment would begin with employees , also finding the risk-tolerance limit (appetite) for the situation. That helps with prioritization of alerts or events.


This funnels into fraud risk governance, Fraud risk prevention, Fraud risk detection, and Monitoring & reporting. Fraud risk governance is the structure of rules, practices, and processes for fraud risk management in a company. A strong and transparent fraud risk governance policy discourages fraudsters because it emphasizes C-level commitment to reducing and controlling fraud risk. Having a good framework to follow will lead to prevention, detection, and eventually monitoring & reporting on evidence found.


Processing and analysis of the collected data is the next step in the process, how the intelligence is refined and turned into actionable intel. This is very important because this is the fruits of the labor that was put into the investigation and that product is what fuels the second half of the cycle. Knowledge without action is wasted, and for action to be taken you must disseminate that intel back to the stakeholders that initiated the intelligence process to begin with. And in turn this starts the next planning and direction phase based on what insights are gained.


Tune in next week for part 2 where I will take a look at what SOC or Fraud Analysts would look at in terms of Alerts and how they would go about addressing them (triage).

MAR 29, 2023

Digging Deep, Ready for Battle

by Shaun Washington

March 29, 2023

The focus for this week is digging deep, and not letting the setback in life hold you back. Life comes at us in many ways, some more vicious and brutal than others (yes I’m talking about you tax paperwork). Like many of you out there, I put on my armor and mask before getting out of bed and heading out of the door. What armor and mask do I speak of?


The armor is your countless experiences that you draw upon to give you strength in the midst of troubling times. Whether you believe in karma or not this world revolves around energy exchange, what you put out into the world comes back to you. I make it a point to not be the stick in the mud that I may feel like whenever I get around others. Everyone is dealing with something but it could be the positive energy I give them that makes the difference in their day.


When I speak about masks, I mean hiding the emotions or compartmentalizing them. I have a bad habit of bottling up my emotions but this is not what I am referring to. Don’t let others see you sweat, stoicism can go a long way in how others perceive you in tough situations. Years in the juvenile detention center getting slapped, spit at/on, called every name but the one that was given to me, and having to deal with everything from riots to touching 💩 with my hands (gloved of course) has given me thicker skin and the ability to regulate my emotions in the hairiest of situations.


Whenever I changed careers to IT people would ask me if it is hard to deal with clients/customers. The slight annoyance of having to repeat myself (a lot) or using what seems like basic problem solving skills to realize that the webcams privacy screen (red dot slider-thingamajig) is on can in no way compare to having to physically restrain a juvenile who is trying to harm themselves.


Everything is not all doom and gloom, one of the major talking points for those looking to break into cybersecurity is finding transferable skills. If I have learned anything from my 12 years working for the Department of Public Safety it is how to be flexible in my thinking and planning, be aware of body language and other queues of heightened stress or anxiety, rapport building with juveniles and their families, and how to hit the reset button on my emotions or put on my mask.


I say all of that to say this, every trial and tribulation happened for a reason or purpose, and I learned and grew from each experience. There is a saying that people come into your life for a reason or a season, I can equate that to job history as well. I have always worked with children and usually ones that had behavioral issues, this lead me into working at the detention center. The detention center is where I gained my respect for safety and security, gained insight into the processes of law, and learned its better to be proactive than reactive.


I want to challenge any readers to take an introspective look at jobs/skills you have amassed and how they can translate into a cybersecurity role.


Please send me a message on LinkedIn to continue this conversation or brainstorm what transferable skills you possess and how to put them to work for your future.

MAR 22, 2023

ATM’s, APT’s, TTP’s, BSA/AML PSA 

by Shaun Washington

March 22, 2023

Simply Cyber Daily Cyber Threat Report for March 21, 2023 had a plethora of incidents involving banking and made me do some thinking, what can/would I say to someone in the banking industry (ATM) about cyber crime, TTP (Tactic, Techniques, and Procedures), and APT (Advance Persistant Threats). Cybersecurity as a whole has a lot of acronyms that we need to familiarize ourselves with including, GDPR, PCI-DSS, HIPAA, SOX, SOC, APT, TTP, and many more. There are several that are applicable to the financial sector but one that I ran across recently is BSA (Bank Secrecy Act).

 

The Currency and Foreign Transactions Reporting Act of 1970—which legislative framework is commonly referred to as the "Bank Secrecy Act" (BSA)—requires U.S. financial institutions to assist U.S. government agencies to detect and prevent money laundering. AML (Anti Money Laundering) is the second piece of the banks infrastructure to deal with fraudulent activities and transactions. When I look at this through a cybersecurity lense I immediately equate it to GRC (Governance, Risk, and Compliance) auditing. The similarities begin with the internal controls that are associated the compliance program in BSA/AML are right in line with the frameworks that are used in GRC such as ISO 27001 or the NIST Cybersecurity Framework. NIST Cybersecurity Framework covers reducing risk, vendor monitoring, compliance, and vendor assessments. The cybersecurity risk is considered as part of the organization's risk and all must be taken into account for the wholistic health and safety of the organizations assets ($$$).


A Cybersecurity Analyst / GRC Analyst / SOC Analyst all have some cross over with the position that handles BSA/AML in the bank, the Fraud Analyst. For example, a Fraud Analyst is responsible for reviewing system-generated alerts to identify fraudulent activity, they then determine action required to protect the banks assets, work with management on handling complex cases as required. That role is almost identical to the duties of a SOC Analyst, both roles are “watching glass” aka checking log/alerts and making determinations of steps to triage or escalate the alert/ticket as required. Cross training in cybersecurity almost seems that it would be necessary to stay abreast of current trends the APT’s are using to compromise end users, their accounts, or third party suppliers.


There are specific TTP’s that TA’s (Threat Actors) are using to take advantage of vulnerabilities found in all assets that are internet facing as well as social engineering to manipulate the users.  The banking trojan “Mispandu” made the news for targeting banks in Latin America. The tactics that they are using to accomplish this involve compromising WordPress sites to act as C2 (Command and Control) servers. They are also using phishing emails and invoice scam attachments at there Technique to use on this acttack vector.  Ransomeware incidents are widespread and affect any and everyone from bank to hospital to school. It is no holds bar and cybersecurity professionals, fraud analysts, and law enforcement all work together sometimes unknowingly to remediate and correct these crimes.


The grind of staying up to date through training, networking, research and collaboration are daunting tasks for anyone in any anti crime job. My take away from this is to use all the resources available and share intel whenever possible for the advancement of the field. I am going to list but a few sources for any cybersecurity professional or fraud analyst to use:

 

They say bad things come in 3’s, death and Cybersecurity acronyms, study up to learn and grow with the community members.


Glossary of 3’s:


MAR 15, 2023

Staying Focused

by Shaun Washington

March 15, 2023

As many of you know from either interacting with me or from living the grind that is being a cybersecurity professional, the need to stay up to date and learn new skills is paramount. I have shared my Not So Secret Recipe for prepping for a SOC Analyst interview and since then I have continued to add more “Protein” and “Seasoning.” Since then, I have applied for scholarships, grants, and other free trainings, the universe seems to be on my side because I was accepted into the March cohort of VTFoundation Security Analyst Bootcamp (Splunk), GRC Professional Certification training, and Cybersecurity Workforce Certification Training through Ivy Tech Community College.


I am almost overwhelmed at my luck in this regard but on the other hand I am looking forward to the challenge. I am trying to be a sponge and become as well rounded as I can, then I should find my niche (if I can ever narrow it down: IAM, GRC, DFIR, SOC,……… )

 

My daily grind is going to have to be revamped with all that is currently on my plate. My current responsibilities with Project Management seemed to be growing exponentially with my regular duties not going anywhere. I have 3 App/program integrations that I am “leading” or running point on. I continue to be #TeamLive on the Simply Cyber Daily Cyber Threat Brief, studying for CompTIA Security+, and putting in some time on World of Haiku (I will pick up ZTM Ethical Hacking Bootcamp in the future).

 

This is a shorter blog than my previous ones but I am burning the candle at both ends and now that I have finished the GRC Analyst Master Class I believe I will start my write up/review shortly.


Stay tuned...

MAR 8, 2023

Practical experience 

by Shaun Washington

March 8, 2023

This week I had a reply on a comment from completing a Udemy course on Crowdstrike Falcon that has made me think. Employers want us to have experience but in the situation of Crowdstrike, Henri Davis reminded me that getting access to the platform for any hands on was going to be extremely difficult if my current company didn’t already have access to it.

 

I may not be able to practice on Crowdstrike but it was suggested that I look into Windows Defender. This brought me back to thinking about what trainings/platforms are available for someone that is interested in learning could have access to without the need of an enterprise account.

 

The first platform that I use to enrich myself is Security Blue Team's eLearning site, I am currently working through the Blue Team Junior Analyst pathway. The pathway consists of courses on Network Analysis, OSINT, Digital Forensics, Dark Web Operations, Threat Hunting, and Vulnerability Management. Each section shows you several tools that are open source or not locked behind a pay wall for personal usage.

 

The second platform that I am using is a new purchase that I made and that is World of Haiku. This is a gamified learning platform that introduces and lets you practice Linux and other tools used in cybersecurity such as nmap and john the ripper. There is a free demo but I decided to invest the money to allow myself the access and use my time in the “game” as downtime from the constant barrage of video and text that I have been ingesting during this grind to enter the cybersecurity field. There are plenty of other platforms that are similar such as HTB (Hack The Box), Lets Defend, and TryHackMe, but I feel like using gaming to learn will help drill information and some situational awareness into me while also being a break from the norm.

 

There are several certifications that are less about the memorization of the material and are about using the knowledge you have in practical/real life situations. I have not taken any of them but I may delve deeper into them in a future blog. The top ones that come to mind are TCM's PNPT and  Blue Team Level 1. I know that for myself I like to read something and then see it done and lastly do it myself. Everyone's learning style is different and you should make it a point to know so that you can excel at your future endeavors.


I can't stress enough the importance of networking, building up your brand, and trying to skill up. Looking at my LinkedIn metrics I can see the exact time that I got involved with the cybersecurity community on LinkedIn which then introduced me to the team at Cybersecurity Central and Simply Cyber. Continue grinding, make new connections, try to learn something new each day, and try to help those around you. You will be surprised at what you have to offer, even if its just encouragement, it is all  beneficial.

MAR 1, 2023

Adding Fuel To The Fire

by Shaun Washington

March 1, 2023

I don’t want to jump the gun, but I will be transparent on the blog the same way that I am with anyone that I choose to deal with. I am currently working in IT at a company that I can say cares about me/staff’s wellbeing and have long standing relationships with C-Level staff from my first employment there working on the ropes course, doing experiential education, and teaching substance abuse prevention classes for all ages groups. The first time that I left this company was due to opportunities for stable employment that was not going to be affected by Grant funding (Non-Profit problems), now I am back full circle after doing a 12-year stint working at the local Juvenile Detention Center. Fast forward not even a year into my first IT role and I have had to seek alternate revenue methods, which includes driving for Uber, and job searching.


In a perfect world I would keep doing this position for a few more years because I am truly grateful to have coworkers that I get along with and support each other in learning and everything else. I have had to “turn it up to 11” in terms of my networking and job searching to try and pivot to another IT position or break into cybersecurity because the little bit of cushion I had built up has long been eaten away from gas prices being ridiculous and me loosing around 15k in income making the career change (looking to play the long game). I know that I just need an opportunity to prove myself and learn and grow in cybersecurity.


Well, thanks to all the resources and knowledge I have gained from Cybersecurity Central, numerous cybersecurity professionals in my LinkedIn network (Henri Davis, Kevin Apolinario, Gerald Auger just to name a few), free resources and training and countless inspiring posts and conversations, I have gotten to interview for a SOC Analyst 1 position. I feel confident in my preparation due to the grind I have been on studying for Security +, GRC Analyst Masterclass, and ZTM Ethical Hacking Bootcamp. I am currently waiting to see if I am offered the position (fingers crossed).


I just want to share the resources that I used to get myself to this point, even if I don’t get the position I have definitely grown, and I will be ready for the next interview when/if that comes to fruition.


Here is my not so Secret Sauce (in no particular order):

·         Security Blue Team – Blue Team Junior Analyst Pathway Bundle – elearning.securityblue.team

·         Dr. Gerald Auger’s GRC Analyst Masterclass, SOC Analyst Interview Questions - YT

·         Zero To Mastery Ethical Hacking Bootcamp 2023 on Udemy

·         Let’s Defend SOC Analyst Interview Questions

·         Henri Davis - TechTual Chatter Podcast and SOC Analyst Interview Questions - YT

·         Day “Cyberwox” Johnson – Cybersecurity & Detection Lab Playlist – YT

·         Mike Chapple, Jason Dion, Ian Neil, and Professor Messer - Security + Book, Videos, and Practice exams


This is not an exhaustive list, but this was my bread-and-butter combo to gaining confidence, knowledge, and skills. Please share with others in your network. Knowledge without action is wasted.


Disclaimer: Results may vary. What energy and effort you put in will be returned to you.

FEB 22, 2023

Finding My Space

by Shaun Washington

February 22, 2023

I have been doing research on how to improve my chances of landing a role in cybersecurity, there has been a constantly reoccurring point. You must focus on an area of Cybersecurity, niche down, not be too broad due to it making you harder to find by recruiters. At first due to exposure and experience I received from CFCC’s Cyber Crime Technology program, I was heavily leaning towards Ethical Hacking and Red Team, also DFIR those were the most interesting subjects that I had the opportunity to learn.


My LinkedIn journey has broadened my horizons and exposed me to even more positions such as SOC Analyst, GRC Analyst, and IAM (Identity Access Management). After making connections with Henri Davis, Gerald Auger, and quite a few others in the IT and Cybersecurity field, I am trying to leverage my transferable skills and trainings to focus primarily on IAM, DFIR, and GRC.


My current role as an Application Support Specialist has given me experience working with Active Directory, Office365, Athena Practice, and several other platforms that have different Access Controls such as RBAC (Role Based Access Control), and DAC (Discretionary Access Control). This experience has given me the basic premise of what an IAM Analyst would do.


My degree has given me experience with doing DFIR (Digital Forensics and Incident Response). In several of my classes and my Capstone, I had to leverage tools such as FTK Imager, Sleuth Kit, Autopsy, and SANS Sift to create forensic images of drives, and find artifacts and evidence on those drives and slack space. After the investigations I had to create reports that documented my process and findings.


Last but not least my interactions on LinkedIn helped me cross paths with Cybersecurity Central and the GRC Analyst Master Class by Gerald Auger. I am about 50% through the training and have been presented with the opportunity to put this knowledge to use by helping a friend with becoming compliant with DD-2345 and NIST 800-171. So far I have gathered the documentation and created an Audit guideline that I will use to get some practice auditing and help me friend with his SSP (System Security Plan).


All 3 of those areas are battling for my attention and it is hard for me to narrow down to just one area I want to  pursue. I have posed the question to my network on LinkedIn as to whether or not there is a role in the Cybersecurity world that encompasses all those areas but I think the consensus is in the words of the late DMX, “Stop being greedy.” At this point I will continue the grind to skill up and gain practical experience and “patiently” wait for the opportunity to get into Cybersecurity. As always, until that time presents itself, I will do my best to support those around me and to learn from those that are where I want to be.


Follow Shaun on LinkedIn at: https://www.linkedin.com/in/shaun-washington-8a428240

"Which one?"

 

FEB 15, 2023

Time for Reflection

by Shaun Washington

February 15, 2023

What is entry-level? Oxford defines entry-level as “at the lowest level in an employment hierarchy.” That doesn’t sound quite right, Hey ChatGPT define entry-level, “Entry-level refers to a job, position, or task that is designed for individuals who are new to a particular field or industry, typically requiring little or no previous experience. It is often the starting point for a person's career in a particular profession or job category. Entry-level roles may have lower pay and fewer responsibilities compared to higher-level roles within the same organization.” Hmm, let me see what that job description said again, “minimum of 7+ years exp.......”

 

Does this look familiar? I am greeted by similar, if not more outrageous, “qualifications” for entry-level positions in IT and Cybersecurity. I fully understand the need for experience when dealing with the safety and security of people and information. My background before making the transition to IT was in Substance Abuse Prevention and then I did 12 years working for the Department of Public Safety as a Juvenile Justice Officer. On the job training was expected, I shadowed coworkers who had experience and then was given projects and tasks with varying difficulties and responsibilities. There was even a “bootcamp” to learn policy and procedure and the necessary skills for people in my position.

 

That doesn’t seem like it’s a lot to ask, look at a potential candidate in a wholistic manner.


I could go on ad nauseum, I’m preaching to the choir. Why must we “Break” into IT / cybersecurity? Those that came before all didn’t have to break in, someone took the chance or gave them an opportunity to prove themselves. The job market has a lot of parallels to the school system, what was taught in years past as what you strive to become is now expected of those that haven’t even begun. Things I learned in late middle school and early high school children are learning in elementary school. The focus is on metrics and achieving but at the cost of the development of the one coming up through the system.


We live in a flawed world with flawed people, we have to change the system; but for that to happen, we have to BE the change that we want to see. I am on my daily grind trying to learn as much as possible to make my move from IT to Cybersecurity. I used my network and former coworkers to help me pivot my career from being a Supervisor at a Juvenile Detention Center to Application Support Specialist.


I will be that bridge for those behind me, I will celebrate the victories of my peers and coworkers because when the time comes I want others to celebrate my victories and to be the help that I need to grow. Okay I’m jumping off my soapbox, Rant done.

“Helping other people is the best way to make up for your mistakes.” - Kenshin Himura



References:


 

SUPPORT OUR MISSION

CONNECT WITH US & SUPPORT CC

LinkedInYouTubeTwitterDonate