Security

Back in August of 2020, I earned an OSCP (Offensive Security Certified Professionl) certification. This means I completed a course to learn that I can (in some cases) hack1 other servers in a controlled environment. Offensive Security is the company that offers certifications for various level of difficulty, but OSCP is the golden standard for getting your foot in the door to the cyber security field. The certification process is pretty vigorous, at a super high level:

  1. Pay money to a company, Offensive Security
  2. They give you study materials, access to the private practice labs, and 1 exam
  3. Study, Study, Study and bonus points for actually completing all the materials2
  4. Take 24 hour long, proctored exam where you have to exploit 5 vulnerable servers
  5. The following 24 hours are for completing the report, complete with screenshots
  6. Submit the exam and wait for the results

I got it mostly for fun, as cyber security (and lack thereof) has always been a passion of mine. In fact, I had big dreams of one day doing it for a living. But first let’s go back..

The year was 1998, I was in the US Navy and was living in San Diego, CA. My friend, who was also in the Navy (and later went to [Captian’s Mast]https://en.wikipedia.org/wiki/Non-judicial_punishment#Mast) for intercepting his Commanding Officer’s email), got me hooked. We spent every chance we had to geek out. Whether it was learning Linux, looking for hardware for “the next big thing", or attending 2600 meetings and DEFCON.

Fast forward to when security was just becoming a thing.3 There were exactly two other people in the large company I worked for that were responsible for security. One of whom I knew fairly well. He often explained how security was “boring” and what his day-to-day work was like. That guy is a CISO somewhere now.

Despite what I knew and coming from another company where I was almost solely responsible for their security, I feel like this was pivotal to my moving away from the unknown(?) InfoSec path to the more comfortable path of making a sysadmin my career, especially at a time of having a family to support.

About 15 years later, my teenage son and his friends were taking high school and college-level computer science classes and they gave me the bug again. It's almost unbelievable how the wealth of information and tools had come such a LONG way in the last 15 years!

[TODO]: Something in here should explain why I care about putting all this info out here on the Internet. After all, it's not very good OPSEC. Who knows? One day it might make me take everything down completely again. Maybe it just stays annonymous?

This pretty much sums up my security background.

  1. TODO: What is "hacking" exactly? 

  2. A series of TERRIBLE videos, and 1000'ish page book 

  3. Somewhat relevant history of the internet