Life is weird
I have been thinking about writing a "professional" blog for several years. Every now and then this topic pops up when I'm discussing with one of my friends. But every time I have also said that I don't have time, or enough things to share. At least not yet.
I had also spoken with him about how Pohjanmaa is not very good location for a security professional. Every security related meeting and event is so far from here that you seldom have possibilities to attend them. And now we have the CitySec movement, and HelSec + TurkuSec events etc, which I can't attend because they are so far from here. *sigh* His reply was quite short "Why don't you start a local CitySec group there?" The idea was interesting, but I just hadn't enough time to do anything for that.
About month later my boss asked me to go to a local security related meeting because he couldn't. I met there two guys behind just shortly before launched #häjysec (part of the CitySec movement). So I didn't have to do anything, after all! :)
Things moved forward and I joined CitySec Mattermost-server to participate in discussion. One day we had discussion about certificates for security professionals: CISSP, OSCP, CEH, etc. Quite many commented that many of those certificates are too much about "hand waving" and not enough practical things. So if you really want to learn the craft, certification path is probably not the one you want to take. Naturally there are better and not so good certificates, so if you need to go through that path, it's better to select carefully. In some cases the certs are important and necessary, so that's also one thing to consider.
My point in that discussion was that especially because I'm living far from everything and don't have too many possibilities at work to learn from more knowledgeable peers, obtaining a suitable certificate would be a good way to learn new things.
One person replied to this with the following comment (freely translated by me as I recall it): "When I am recruiting a person, I don't care much whether (s)he has certs or not. But if the person has some GitHub or other repo, and can show through that his/her capabilities in the particular field, that's a really, really huge plus. And also a blog related to the particular field is a really positive thing."
"But what if you are not a developer?!" was my next counter argument.
"There are many sysadmin/secdevops-related things available via GitHub. Just create an automated way to deploy some security software to AWS/Azure and document it well, for example."
Aaaand that set things rolling in my head, but also in the reality. So, one meeting request (or in some cases even just one comment from one person) can cause weird things later on. Life's just a bit weird. Or not only a bit?
I'll tell much more about the GitHub-part in the later posts, but some words now about this blog thingy. After some days worth of head scratching and processing I decided that I should at least try to blog again. I've done it previously in totally different topics, but let's see how this goes.
So, I will concentrate on things I've learned and met during my daily professional activities, but every now and then may slip in something which I find otherwise interesting. Basically I am a security loving sysadmin, so you will find obscure things and information bits about almost everything ICT security related. And I'm also a geek, who is really interested in almost everything: rock/ice/indoor climbing, orienteering, reading, breeding rabbits for food, almost everything technology related, music, renovating house, history, etc.
You may have guessed already that I won't usually be able to share any exact details. And often I won't even share any dates when these happened. Just to keep everyone safe. ;) In most cases especially the most juicy stories have happened long in the past, that's all I will say about dates.
Let's rock on! And feel free to comment and share your thoughts!
I had also spoken with him about how Pohjanmaa is not very good location for a security professional. Every security related meeting and event is so far from here that you seldom have possibilities to attend them. And now we have the CitySec movement, and HelSec + TurkuSec events etc, which I can't attend because they are so far from here. *sigh* His reply was quite short "Why don't you start a local CitySec group there?" The idea was interesting, but I just hadn't enough time to do anything for that.
About month later my boss asked me to go to a local security related meeting because he couldn't. I met there two guys behind just shortly before launched #häjysec (part of the CitySec movement). So I didn't have to do anything, after all! :)
Things moved forward and I joined CitySec Mattermost-server to participate in discussion. One day we had discussion about certificates for security professionals: CISSP, OSCP, CEH, etc. Quite many commented that many of those certificates are too much about "hand waving" and not enough practical things. So if you really want to learn the craft, certification path is probably not the one you want to take. Naturally there are better and not so good certificates, so if you need to go through that path, it's better to select carefully. In some cases the certs are important and necessary, so that's also one thing to consider.
My point in that discussion was that especially because I'm living far from everything and don't have too many possibilities at work to learn from more knowledgeable peers, obtaining a suitable certificate would be a good way to learn new things.
One person replied to this with the following comment (freely translated by me as I recall it): "When I am recruiting a person, I don't care much whether (s)he has certs or not. But if the person has some GitHub or other repo, and can show through that his/her capabilities in the particular field, that's a really, really huge plus. And also a blog related to the particular field is a really positive thing."
"But what if you are not a developer?!" was my next counter argument.
"There are many sysadmin/secdevops-related things available via GitHub. Just create an automated way to deploy some security software to AWS/Azure and document it well, for example."
Aaaand that set things rolling in my head, but also in the reality. So, one meeting request (or in some cases even just one comment from one person) can cause weird things later on. Life's just a bit weird. Or not only a bit?
I'll tell much more about the GitHub-part in the later posts, but some words now about this blog thingy. After some days worth of head scratching and processing I decided that I should at least try to blog again. I've done it previously in totally different topics, but let's see how this goes.
So, I will concentrate on things I've learned and met during my daily professional activities, but every now and then may slip in something which I find otherwise interesting. Basically I am a security loving sysadmin, so you will find obscure things and information bits about almost everything ICT security related. And I'm also a geek, who is really interested in almost everything: rock/ice/indoor climbing, orienteering, reading, breeding rabbits for food, almost everything technology related, music, renovating house, history, etc.
You may have guessed already that I won't usually be able to share any exact details. And often I won't even share any dates when these happened. Just to keep everyone safe. ;) In most cases especially the most juicy stories have happened long in the past, that's all I will say about dates.
Let's rock on! And feel free to comment and share your thoughts!
Comments
Post a Comment