Some thoughts and links about some of the things I’m thinking about for professional development and education for the year

leadership and comms

$dayjob leader has some ideas about courses and seminars

• Do more writing/educating/presenting
  • apply to present (CFP)s
  • present & share (brown bags)
  • posts & articles, quick shares
• more / better mentoring

furthering knowledge & skills

arguably need to pick one or two of areas like:

• web & app sec / attack & defense
  • Portswigger labs, Secure Ideas courses
  • ∞ PG/TryHackMe/VulnHub boxes & CTFs
• malware & code analysis
  • replay FOR610/GREM, take new FOR710 code analysis
  • CTFs and tutorials,OST2 courses
• more better (fluffier?) DFIR
  • eg SANS new FOR509 (cloud) or FOR608 (enterprise) ?
  • AND Threat Hunting / ELK / Sigma courses
• purple team / offensive ops
  • MAD Adversary Emulation certification
  • something other than OSCP
    • TCM Academy Ethical Hacking
  • or even SEC699 (after replay SEC599/GDAT)
• deceptions and adv cyber defence
  • Honeypots course (AND) or SANS
  • ACD / Antisyphon courses / labs / webinars

Also, need to reserve time/brainpower for continued understanding of cloud ops/SRE and numerous project/technology specific trainings or familiarisation runs.

Probably not this year

• Python / data science , cryptography, ML
• finally get good with awk(1)
• KLCP (either :frowning_woman: )
• Linux or Mac forensics deep-dive

Somewhat inspired by last year’s plan and the carry bits I’m trying to finish up now.