2024-12-07 16:54:00
I like to hang out on Discord. As we know, I like it a little bit too much.
This month, I was asked two questions which got me reminiscing about my career. About when I decided to quit IT, about when I almost lost my CISSP. And about how I've been doing things the past ten years.
First off, someone asked me:
"What was the worst job you had?"
The worst job I've had in IT was not a problem with the job, it was a problem with me.
The time I was at my lowest, was after my first five to seven years, around 2006. I was in contracting (as in I was employed by an agency who rented me out to customers), in a job where I was tape jockey and only did minor systems administration. I wasn't motivated to learn or expand, because my employer had a very strict development path where they demanded I first do a few certs that I really didn't want.
So I gave up. I hated that job, slacked off a lot, spent a lot of my time exploring the building instead of working.
And while I did that, I did night classes and one day a week at college to become a maths teacher. This I loved! Mostly because I was challenging myself and because I was working on getting out of IT.
In 2008 I finished my first year with full marks. I even finished a class from second year as well! And I had an internship lined up, so I could go into fulltime teaching. Then we learned we were having a kid and I had to go back to IT, because of money.
A good friend of mine helped me out. I started working with/for him, and really started challenging myself again... Lots of learning, lots of studying, doing difficult jobs again.
So... My worst job? It was when I gave up.
Today, after I told a little bit about my freelancing, someone else asked me:
"I know you've got a LOT of certs, would you say that made the biggest difference getting you to the position you're in now or was there another factor?"
I have 25 years of experience in IT, but somewhere around 2007 I decided to actually get out of IT. That didn't go as planned, but in 2008 I did get a nice "reset" of my career. I took what experience I had to get a solid job in contracting (not yet freelance) and from there on out started applying myself.
In 2009 I slowly started getting a few certifications, most importantly CISSP. That's what got me "qualified" for a few other security positions. After that though, I stupidly started slacking again. I even blogged about it then.
I managed to retain my CISSP, but I was still not really applying myself in "continuous improvement". I did some trainings here and there, listenend to podcasts, read books. In 2013 I'd had enough of that, kicked my own ass with the help of a good friend and made a plan.
Only 11 years ago did I start my "continuous improvement" journey. Every year, I make a list of goals to achieve by the end of the year. A list which grows and fills and shifts throughout the year, with things I feel I need to learn or research...
In 2013 I made sure to keep my CISSP and get my RHCSA. After that, it's been cycles of three years to renew CISSP, renew RHCE (the followup to RHCSA) and also renew other certifications. Plus do other trainings and certifications, which feed into the renewal cycles, but are also actually helpful.
As Auti says: it's the journey. I make a plan for every year, I do 2-3 courses and/or certifications every year. I make sure to keep learning new things.
On the one hand I do this, because I'm honestly afraid of becoming too "old and outdated" for the IT market. But I also do it because my customers value this attitude: I keep improving my value on the market, but staying in touch with tech and skills that are relevant and recent.
Plus I diversify: pentesting, Linux sysadmin, auditing, teaching/didactics, cloud. There are risks in generalizing as I do, but specialism isn't my thing.
kilala.nl tags: mentor,
View or add comments (curr. 0)
2024-12-06 23:11:00
In my Linux and DevSecOps classes, my students run a handful of virtual machines for their labs. We see all kinds of host OS configurations: Windows, MacOS, all kinds of Linuxen. And then there's both Intel, AMD and Apple CPUs. It makes for an interesting mish-mash.
In most cases we build a NAT network, which has the VMs in it. This shields the VMs from the rest of the network (keeping them safer), while still giving them Internet access.
Every hypervisor (virtualisation software) has its own approach for this. In VMWare it's almost by default that VMs end up in the same, shared NAT network. In VirtualBox you have to change the adapter connection from "NAT" to "NAT Network".
UTM on MacOS on aarch64 (Apple Silicon ARM) confounded me for quite a while. Unfortunately their documentation isn't perfectly clear on the subject. But, this week we got it to work!
To setup more than one VM, in UTM, in a shared NAT network, you do the following. For each virtual machine, go into the Networking configuration. Make these settings:
The networking configuration screen suggests that DHCP works out of the box, without configuration, but it doesn't. I have had to manually enter the information which was already in the boxes (but greyed out), to make it work.
Now when you boot the VMs, they will be in 10.0.2.0/24 and they'll get IPs starting at .15. They can ping each other, plus you can SSH to them directly from your MAC without needing any port forwards.
kilala.nl tags: studies, mentor,
View or add comments (curr. 0)
2024-11-28 17:34:00
Earlier this month I bought an additional Unifi Flex G3 camera, for our security setup.
Adoption of the camera into the network went perfectly fine and it started streaming across the site-to-site VPN immediately. The image quality was bad though and judging by the sticker on the box, the camera had been packages two years ago. It's an old model after all.
The Unifi Protect app quickly identified that the camera had very, very outdated firmware. I don't even remember what version it was, something like 4.17.x. And it offered to apply the latest update! Lovely!
Except that it didn't.
Not even after I brought the camera back on-site to where the Protect appliance is installed. The updates weren't happening. There were no error messages... Just, no updates applied.
I have mixed feelings about Ubiquiti. On the one hand they have great documentation and a decent forum. On the other hand, there's so much activity on those forums that finding answers becomes pretty hard.
Well, after digging and digging, I found a suggestion to just download the latest available update manually from the UVC-G3-Flex product page. You can then open a browser, and browse to web interface of your camera. Yes, the camera has its own web UI!
For example, go to https://10.0.30.210/camera/system
You will need to login! The username is "ubnt" and the password can be found in the Unifi Protect app. But not in the mobile app on your phone! You need the webapp! Go to https://unifi.ui.com/consoles then visit your Protect console and go into Protect > Settings > General. There you will find Recovery Code. That field has the password you need!
Wow, that's hidden away!
Once you login to the camera UI, you can go into the System tab, where you can upload a new firmware version. This finally took me from 4.17 to 4.30, which is the latest version available on the website.
From there on out, the theory is that Protect will do the next update automatically.
But it didn't. I still had the same symptoms! Updates were not being applied and no error messages appeared!
So I hopped back into the camera web interface, to download the support logs. That gave me hundreds of lines of application and Linux logging. :) Among those lines I found some key error messages!
{"anonymous_controller_id":"REDACTED","controller_version":"5.1.57","anonymous_device_id":"REDACTED","version":"4.30.0","model":"UVC-G3-Flex","board_rev":12,"is_default":false}1732818347 P6 360,598 ctl[669]: ubnt_ctlserver[669]: trace.put_trace(): https://REDACTED:7444/internal/device/traces1732818347 P6 360,882 ctl[669]: ubnt_ctlserver[669]: trace.put_trace(): http_code = 2021732818947 P4 960,847 ctl[669]: Firmware validation failed, uri=https://REDACTED:7444/internal/update?platform=s2l&product=uvc&updateType=firmware&version=4.73.71, status=/tmp/bin/precheck-mergeall: .: line 3: can't open '/tmp/hooks/ubnt_utils.sh': No such file or directory
This suggests a few things:
This suggests that firmware version 4.30.0 for the UVC-G3-Flex is too outdated to actually upgrade to 4.73! That's problematic!
The logs also gave me an idea!
What if I just download that update file using Curl or WGet, from the console onto my laptop? And what if I then go back into the camera's onboard web interface and just upload that file?
Well, that worked! :D
The G3 Flex is now happily running firmware 4.73.
kilala.nl tags: sysadmin,
View or add comments (curr. 0)
2024-11-26 15:02:00
Ever since LinkedIn introduced their Verifications, they've been constantly pushing all their members to get verified because (of course!) other members will be more likely to trust you. Since the verification process generally involves using Persona to read your passport, a lot of people are flat out refusing to do so. Be it for privacy, be it for deadnaming or for other reasons, there's plenty of discussion about red flags.
Reading through LinkedIn's verification options, I noticed there's an alternative: employment verification, where your employer will confirm that you are indeed in their service. Interesting!
Since I am self-employed and I own an actual company, does that mean I can verify myself? Why yes, yes it does.
I did some reading and pieced together some documentation:
The process I followed is as such:
*: If you do not have a photograph of yourself setup under My Account, Face Check will fail. It will give you an error message like "No face detected in Verified ID. Use a different Verified ID with a better photo and try again.".
After setting myself up with a Verified ID, I used Microsoft's Woodgrove public test app. Here, I clicked the option that I have a Verified ID, which now gives me a QR to scan. I do so with the Azure MFA app, which prompts me if I indeed want to share my identity.
The Azure MFA app then starts the front-facing camera, makes a whole bunch of photographs and then uses Microsoft's AI to compare it to the photograph that's setup in my Verified ID. This is why I earlier ran into the "No face detected" error message: my account avatar was the Unixerius logo instead of my actual face.
And it works!
Next up: I have submitted a request to LinkedIn / Microsoft, as per the instructions detailed here. I hope that they will in fact enable Workplace Verification for Unixerius.
This has been an educational day!
kilala.nl tags: work, sysadmin,
View or add comments (curr. 0)
2024-11-08 14:39:00
Almost a year ago I had my first frustrating experience with the OnVue checkin process on my mobile phone. Today I learned a new aspect to this: the OnVue checkin process does not work on Apple iOS devices that have Lockdown Mode enabled.
Aside from that OnVue was great to work with, as always. The proctor was polite and efficient, I got my remote testing setup approved really quickly. The software worked fine, the checkin went well, we went over the rules quickly and I was allowed to start testing within 15 minutes.
I don't know what's up with people on Reddit, who complain about OnVue and proctoring. I have a head cold and I coughed and sneezed and snorted a lot during my exam. I had zero complaints from anyone!
As to the XK1-006 Linux+ beta exam: I'm not as enthused as I was about XK1-005.
I had 115 questions, 4 of which were PBQ. I needed a bit more than two of the three hours I'd been given. A lot of my time went into filling out comments, giving feedback to CompTIA. I just really hope they actually get and read all those comments, so that wasn't wasted time.
One thought struck me earlier today: I get the feeling that CompTIA are trying to shoehorn Linux+ into DevOps+ or something. They're adding on all kinds of stuff that doesn't belong on a junior Linux sysadmin exam and instead should be on an exam for more experienced people with a more diverse job role.
I think that, if CompTIA don't change the objectives to go more on-focus back to Linux, I'll suggest we switch to LFCS (or even LPIC) with my students.
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2024-11-07 13:12:00
Next year the Linux+ certification exams from CompTIA are due for their new version. 003 was the first one I ever did and we're now moving to 006!
As is tradition, I've made a comparison of the exam objectives:
Nov 8th'24 disclaimer: these comparisons were made using information available at the time. This information is subject to change, as CompTIA can and will tweak exam objectives. Always grab the latest objectives doc.
Disclaimer 2: My comparison does not go into details! It takes the high-level objectives and matches them. There will be a lot of small changes, most notably in commands that are, or are not, covered. Always study using the full objectives document!
The comparison also includes comparisons to LPI Linux Essentials, to LPIC1 and to RHCSA for good measure. All of this is very rough and not detail oriented; it just gives a broad overview of the differences.
The changes I've noticed, going from 005 to 006:
If anything I feel that this exam is trying to do too much.
When 005 introduced basic conceptual understanding of Kubernetes, Ansible and so on, next to in-depth container operations, I was happy. Just a glossing-over of the concepts, so students would understand what we use Linux for.
But now, the fact that those things have been given objectives of their own with extensive lists of terminology? I feel it's too much.
The addition of AI also just feels like CompTIA have a 2023-2025 mission to update every single exam to include AI/LLM.
So, either the curriculum for 006 trieds to do too much, or CompTIA say these are exam objectives while in reality just glossing over these topics anyway.
EDIT:
For those looking for learning resources, as always you're going to have to work with the current version's materials and then fill in the blanks. As per my comparison, the blanks are pretty considerable, so prepare to learn a lot.
In my class we use the Sybex book, which is decent and comes with practice questions and exams. But use whicever you like! McGraw-Hill and Pearson also have good books.
There are commercial video courses (though I've heard bad reviews of Dion's) and Shawn Powers has a free series on YouTube.
I share all my labs and practice exams here -> https://github.com/Unixerius/XK0-005/
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2024-10-12 22:09:00
I volunteer for Wiccon, a cybersecurity conference here in the Netherlands. Last year I gophered on-site and did a presentation on stage. This year I'm gophering again, I helped in the CFP (call for papers) and I'm in charge of the gopher-planning. I'd also submitted an abstract, which was ultimately not chosen.
A few days ago Chantal reached out to me, if I could maybe do my proposed presentation after all because another presenter became unavailable. After some thinking and puzzling I thought I could make it work. I had nothing but my abstract, but with 2.5 weeks remaining I could maybe make it work. Right?!
Well, it's caused me a lot of anxiety, to be honest! As I said, I had only the concept of what I wanted to present about, but not even a skeleton or a set of research. I'd not worked on that since my CFP submission was rejected.
This morning I reached out to Chantal and Dani to tell them I couldn't do it.
I'm preparing to teach four classes (DevSecOps in October, Linux+ in November and Linux Essentials and LPIC1 in December), I've got family matters and my primary customer. Shuffling priorities would free up some time, but going from zero-to-complete is simply not possible. I can't do it.
It's ironic that I would fall for this trap, even after telling Roald not a month ago that "I want too much, I'm too greedy".
It felt like I was letting down valued colleagues, friends even. I'd promised to help them, but I can't. If I did, my health and sanity would suffer, to the detriment of all other commitments I have. So I won't do it.
And it's okay. I'm telling myself that and so are they. It's okay if you can't do something. If I can't do it.
View or add comments (curr. 0)
2024-10-12 20:00:00
In 2019 I took a class with Russell Eubanks, SEC566 - Implementing the Critical Security Controls.
Lots of people associate SANS with "super-duper-technical" trainings, which SEC566 was not. It was more about understanding the many, many layers of security controls which an enterprise can (should?) apply to properly secure its assets. I learned a lot back then and the group discussions with fellow students were the biggest value-add.
Last week I participated in Russell's LDR521 - Security Culture for Leaders.
If you'd asked my if I'd see myself as a leader, even until a few months ago, I would've said "no". That's crazy, right? I'm just this gal, you know?
I always associated "leadership" with "management". Or even "higher management". But while I've been waxing introspective the past months, I realized that the past three to four years I have in fact been acting in a leadership role. As in: leading by example.
I've helped start two brand new DevSecOps teams, both having common goals:
Heck, a few years ago my team at the time got an in-house award, for leading security culture! So yeah. I guess I am in a leadership role now!
Which is why I applied for a SANS Facilitator role for LDR521, a security culture training developed by Russell and the famous Lance Spitzner.
There's literally no technological learning to this class, it's all about understanding business, management, finance, "selling" to your audience, training and more. All the things you need to understand, to pick apart existing culture, so you can affect change.
The two taglines for the class are on their challenge coin:
As is expected of SANS, it's "drinking from the firehose". There's an incredible amount of information to take in during the four days of class. While LDR521 doesn't have an exam of its own, you could say the fifth day itself acts somewhat as an examination! The capstone project has our teams tackle six challenges in improving security culture at the fictional family-owned Linden Insurance. It's hard work! Every challenge needs you to dig deep and remember the lessons you were taught in class. If not? Culture at Linden remains suboptimal or even suffers!
Coming from a highly technological background, the LDR-series of trainings requires that you drop your preconceptions about "what is right".
I for one hold strong opinions about the Right Course to sail and I have on multiple occassions been frustrated with management not understanding why my team was Right. I have an ingrained allergy to "the suits" and have had a disconnect between "mission, vision, strategy" and what we were doing in tech.
Well. This class helped break down walls which were already cracking.
Thanks to this class I have formalized things I have been doing the past five years. My teams were somewhat successful at guiding security culture, now I know there's actual words for and theory behind what we were doing. And yes, I am now starting to understand why aligining with "mission, vision, strategy" plays such a big role in culture. Heck, now I even know what this "culture" actually is! It's that iceberg-under-the-water, the "perceptions, attitudes and beliefs" that LDR521 so heavily features in its slides, them and challenge coin.
I very much would like to also do the other two classes in this leadership triad, LDR512 (security management essentials) and LDR514 (security planning and strategy). And once 521 gets an exam, I'll jump on it!
For now? My brain is mush. I need to deflate, reconnect with my loved ones after a week of absence and then I'll go over all the materials a second time. I need to solidify my understanding!
kilala.nl tags: work, studies,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.