The Roadmap for the Future of This Blog

Things have been moving pretty quickly in my career and life since the last blog post this time one year ago. First off, I got accepted to the SANS Technology Institute’s Master of Science in Information Security Engineering (MSISE) program with a (currently intended) specialization in Penetration Testing.

After my employer paid for me to take the course and exam for the GIAC Certified Enterprise Defender (GCED) and GIAC Certified Intrusion Analyst (GCIA) in 2023 and I managed to pass both pretty comfortably, I decided to move forward with pursuing a Master’s degree at the accredited university side of SANS. They allow you to make monthly payments and provide a 50% discount on course costs if you get accepted, which I managed to do earlier this year. My employer’s surprisingly willing to cover SANS courses, and I was paying a similar amount to the Master’s program cost monthly in student loan payments (which are now paused due to going back to school) so it was kind of a no-brainer.

GCED Course Books

This course was like a more involved (and practical) version of the CISSP in my opinion.

GCIA Course Books

LOTS of detail about in-depth packet capture and analysis, hence the additional books over the GCED.

Second, I had the incredible fortune of being able to attend “Hacker Summer Camp (HSC)” which consists of BSides Las Vegas (and The Diana Initiative, which I wasn’t able to make), Black Hat USA, and DEF CON 32. Even with the absurd Las Vegas heat (113 degrees Fahrenheit at its peak!) I had a phenomenal time, favoring BSides and DEF CON over Black Hat with its flood of corporate and vendor pitches and follow up correspondence (my work e-mail inbox was flooded for weeks). I was also blessed with the opportunity to attend ShmooCon and BSides NOVA this year as well. I’ll make a post about all those experiences soon.

And lastly, I was promoted into a more technical Blue Team role working with SIEM tools for an enterprise cloud network. This was huge for me since I’ve been aiming for a “hands on keyboard” role (hence the name of this blog) ever since getting my CISSP and CCSP and being disappointed with the world of Cybersecurity Policy and Compliance. Work like this and my intended Master’s specialization is more difficult but will pay dividends in terms of my future career opportunities and understanding of the field as a whole. It’s intimidating looking at the increasingly difficult educational material I have coming up, but I’d be lying if I said I wasn’t excited too.

So, you may be thinking “Good for you, but I don’t see what all this bragging has to do with the site.” My answer to that would be 1. I’m not nearly as great as all of the above makes me seem, and 2. This is the part where I’ll get into the future of this blog.

Initially I thought I would be posting walkthroughs for HTB machines and Academy modules until receiving a very polite but firm cease and desist e-mail from them. Now I’m thinking my posts will cover my NDA-friendly thoughts on the courses and trainings I’ve taken, books I’ve read, personal projects I’ve undertaken, and content creators I follow all within the information security ecosystem.

Here’s the current list I’m looking at of things I intend to cover:

1. My experience taking the SEC501 course and GCED exam (broken down per book but not giving more detail of the contents than what’s on their public page)
2. The same for SEC503 and the GCIA exam (again using their public page as my guide)
3. Also covering SEC504 and the GCIH in a similar fashion (with this page as my guide)
4. My review and thoughts on the book Countdown to Zero Day (and before you ask, no that’s not an affiliate link so I get no money if you use it to buy the book)
5. Reading through the book Hands-On Hacking (from what I’ve read so far, it seems pretty legit)
6. My experience taking the PEN-200 course from OffSec and the OSCP exam (being careful not to upset their legal department by saying too much)
7. My thoughts and experiences with HTB Academy materials from the CJCA, CWES, CPTS, and CDSA curriculums (let’s see if I can get it right this time, lol)

As far as 2025 goes juggling this with my career, school, relationship, professional development goals, staying active, and hobbies seems like a full plate. Hopefully I’ll be able to finish the first 4 or 5 of those and complete a good amount of the latter 3 without taking too much time away from the other parts of my life.

If all goes well I’ll eventually be able to put my MalDev Academy lifetime subscription (as well as my CodeCademy subscription, which I’ve already completed a good chunk of) to good use by working through that material too. That level of knowledge and experience with computing and information security is the goal!

Additionally, my course plan for future semesters shows that I’ll be taking the GDSA, GPEN, GRTP, and GXPN courses so if you’re interested in reading what I have to say about those stay tuned!