You may have noticed I slowed down on talking about security. It wasn't on purpose at all I just had things going on and needed to just do work to get to where I wanted. That being said I'm getting settled again so I want to pick up security talk. Let me reintroduce you to the things I'm into in this area. I'm a mobile developer by "trade" so I'm interested in mobile secuirity. This interest is more for bounty
programs/my spare time. I want to really use my knowledge and skill to get into medical device security. The field is picking up and I want a seat at that table.
Plan to get my seat
3 simple steps: Plan, Execute, and Thrive.
JK Here is the real Plan
I spent a lot of time building apps to put myself in a great position for a dev job. For security I'm going to do things a little differently. Starting Nov. 1, 2019 I'm going to actually study for my security+ test. I have all the material needed* but I was so in "get a job" mode that I didn't really retain whatever I read. I've learned I really like listening to things while I'm on lunch or driving so I'm going to use that to my advantage. I think if I am studying and practice consistantly in my free time then I can't do anything but pass.
So let's fast forward to me having my security+ and some decent experience in my home lab. Well I hope (still on the fence) that I'm back in school. There is really 1 reason I see myself needed my MS in Cybersecurity and that's because I think the credential get's me in the door. I won't be at the table just yet but I will be in the room. Whether I'm in school or not I want to also do more with mobile security. I have a few books I'll be reading but ultimately I want to be SUPER solid with Android security practices. iOS will be important too but if you didn't know the medical industry leans more into Android than iOS as it's easier to customize for what you need.
Let's say we have hit summer and I have my security+, I'm doing good with mobile security bounties, I've given/will be giving a few talks (stares at DEFCON app sec village), and I'm feeling pretty comfortable in my skills. It is at this point I want to plan to get my CISSP. Like I said before, the CISSP is the holy grail of security certs. When prepping for CISSP I'll probably be heavy into hardware hacking on the side. Hardware hacking will help with understanding of devices on a deeper level and the CISSP will show that I'm "about this security life". Also when you pair the CISSP with some career choice I want to make I can have my pick of jobs.
Last fast forward!!! I have my CISSP, I'm giving atleast 3 talks a year or frequent streaming/videos of things I'm doing, and I have hardware and mobile skills to back up my talk. It is at this point I think my custom chair will be glued to a spot at the table. This is what I want. This is the long game that I'm playing and this blog will be there every step of the way. I'm excited to get back into security and do more cool things so I hope you enjoy the ride with me.
TLDR - Plan Breakdown
- Mobile Security skills
- Maybe my Masters
- Entry Hardware Security skills
- Seat at the table for being a BOSS
*shout out to Beez for helping me know what I needed to pass the test. Go book a call with her!
P.S. I started a newsletter about tech and backpacks. Sign up for it here