About

Welcome to my blog!

This is just a place where I break down my Vulnerability Research experiences and share them. I will tend towards avoiding more fundamental topics, such as how stack cookies or buffer overflows work. Instead, content will be centered around training, tools, and techniques for finding bug and vulnerabilities, as well as writing exploits.

These topics can range from reverse engineering, to program analysis, to writing secure C, and everything in between. Really, the content will be composed of anything I consider relevant.

The spark

When I was a kid, we didn’t have iPads or touch screens. My dad had a Palm Pilot and our family had a Dell XPS T500, which I played RuneScape on as frequently as I could. This is really where it all started. I wanted to learn to make computers do things, like how someone had made the family computer connect me to a fantasy medieval world.

My first-cousin once-removed worked as a mobile app developer at the time. My father helped me link up with him, and he dropped me right into the official Java documentation, which is where my journey truly began.

I carefully read and followed the instructionals, querying my cousin for help every so often until one day, I got it. Around 11PM one fateful night, “Hello, world!” appeared into the console of the Eclipse IDE. I immediately woke my parents on a school night to let them know I’d finally done it, and my journey began.

A good start

Between my first line of code and my first job, I continued to learn through assisting my father in managing the technology within his physical therapy business. I learned not only about basic networking and computational concepts, but also all about HIPAA and PCI compliance.

Soon thereafter, I began working for my local municipality. Finally, the rubber met the road and I got to truly put the culmination of everything I’d learned in my youth to the test. My supervisor at the time saw my enthusiasm to learn, and he allowed that to thrive. In this position, I learned Python and used it to automate tasks, imaged workstations, connected copiers, crimped countless RJ45 ends, ran cable between telephone poles and buildngs, beamed signal across town with ubiquity bridges, applied networking concepts in Fortinet Firewall ACLs, configured email spam filters, and even got to help with a little Incident Response here and there.

This was about the time when I discovered what Cybersecurity really was, and where it fit in the age of information I was growing up in. I had a passion for helping people, and I fell in love with the idea that I could help people with my favorite hobby as a career, through working in Cybersecurity.

Taking off

Eventually I went off to University to study, graduating with a Bachelor’s in Computer Science. During my education, I applied and was accepted to a program for an agency under the Department of Defense, which allowed me to alternate between attending classes for a semester or two, and going to work.

During my rotations with the DoD, I jumped on the opportunity to engage with a variety of related sub-fields. I helped with software development and quality assurance, intelligence collection and analysis, and also with the very topic of this blog, Vulnerability Research.

After completing my degree path and the program with the DoD, I chose to seek work in the private sector. I moved back home and found a great position locally, where I believed I felt I was poised to finally apply my skills in Cybersecurity. I began working for a Managed Service Provider, where I got hands-on with enterprise cloud services.

Here I am

At this point, I felt ready. I started hunting for Cybersecurity jobs in my area, and one day I finally found it. An Information Security Analyst position that I checked the “Requirements” boxes for, and even several of the “Preferred Qualifications”. I applied and not a week later I had my first interview scheduled, and a month later I started the position.

I’ve always felt Cybersecurity was not an entry-level field, and today I stand by that. These few paragraphs which describe the events leading up to this position represent a half decade of invaluable real-world experience and knowledge covering a variety of topics, which I could not do my job without. Good things take time, time carefully planned and executed upon. Not to mention the endless hours I spent learning at home, during and before my career.

So now here I am. I’ve been in the InfoSec Analyst role for several years and I’m spending my time continuing to learn, preparing for the next adventure life takes me on. This is where I will document the steps I take to get there.

Thank you for reading.

Good luck out there, and never stop learning!