Kilala.nl - Personal website of Tess Sluijter

Unimportant background
Login
  RSS feed

About me

Blog archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

> Weblog

> Sysadmin articles

> Maths teaching

Introspection: pitfalls which hamper my development

2024-07-22 11:15:00

A mindmap showing my strengths and weaknesses

Here's a bigger version of the mindmap shown above.

After last week's introspection about my career, I've been doing a lot more thinking. I've put a lot of thought into which technical and non-technical skills I need to develop, to stay current in today's market. I'll talk about that another day.

I also realized that I left out one important thing in my mindmap: my personal pitfalls.


kilala.nl tags: ,

View or add comments (curr. 0)

Introspection: rethinking my career

2024-07-18 21:52:00

A mind map where I think about my career.

The past few days I’ve felt a bit stuck in my work, feeling the need for some change although I’m not quite sure what yet. My weekly routine has been quite that: routine.

 

Every week, I spend four days with my primary consulting customer and the fifth day I teach classes at ITVitae. For over a year I’ve been thinking how I could change that up, especially now that I’m self-employed and “a businessperson”. I don’t just get to run my own career, I have to!

 

I’ve been juggling all kinds of options.

 

  • Can I maybe split my four days among more than one customer?
  • Could I maybe split weeks between teaching for another company and doing smaller contracting gigs?
  • Could I do three days of contracting, having one day for “management” work? Does that mean I could try and get an employee?
  • Am I really happy with the direction my consulting gigs have had, these past years?

 

After a rather big family event (one of our two cats passed away) I turned all the sourer and more introspective. I think I want something to change, but I’m not sure what.

 

So, I got to mind mapping and brainstorming. Thinking about things that give me energy and things that really eat energy from me. I put those into clouds of “things I like which help others”, “things I like which feed my ego”, “things I enjoy”, “things I dislike” and “things I’m not good at”.

 

Which resulted in the overview you see above (here’s a larger image). EDIT: Just to give more insight into my process, here's what the whiteboarding session ended up looking like

 

I then looked at where those things either feed upon another, or where they clash.

 

For example:

 

  • Ever since I took over as CEO of Unixerius, I’ve been thinking about helping juniors by employing them, getting them into IT. But after guiding five interns across four organizations I have learned two things: I’m not good at “bossing” someone if they underperform and between all my other work I don’t have/make/take enough time to manage them.

    So, if I really want to do this, then I really need to drop hands-on work. Which clashes with the fact that I really, really enjoy doing my own hands-on work. 

    Conclusion: it is not a good idea for me to hire a junior employee of my own. If I can help another senior who is self-reliant like I was when Dick was CEO, I’ll do it! But I can’t in good conscience hire a newcomer.

  • Some of the best fun I had while contracting, was four customers ago when I worked for a government subcontractor. At the time I speced, designed, built and documented three key infrastructures for a green fields IT environment. I built an HSM-backed PKI, a Graylog central logging system and a PAM solution as core infra for hundreds of servers. 

    That was a huge challenge and it let me run three whole projects by myself. I was hands-on with everything, and I loved it!

    Yes, I also had to deal with some of the formal architecture stuff which I loathed, but it was worth it. But I do know for a fact that I do not want to make architecture my main activity. Never ever. 

    Conclusion: I want to do more hands-on work again, building something real instead of telling people how to do it. 

  • There’s a big clash between my dislike of not understanding something I work with and me wanting to really learn in-depth about the tech I work with. This frequently leads to imposter syndrome because I keep learning how little I really know. 

    That’s not something easily fixed. That’s not something you take away. It’s something I need to learn how to cope with through introspection, mindfulness, and acceptance.

    Conclusion: I should find exercises to accept my limitations, while also investing time and money into learning what I want and need.

  • The last three of my assignments were all about DevSecOps. I very much enjoy the tech aspect of it, helping people by building pipelines and tools that make developers’ lives easier. I love teaching people how to improve their work, giving them new skills. And I don’t even mind working with architects to help clarify security and compliance requirements.

    But I have a hard time dealing with management BS and politics. And it grates on me when people willingly refuse to learn new things. Fighting against the momentum and drudgery of a slow turning ship wears me down. I really do want to help people, but from time to time I need a change of pace. 

    Heck, last year my WICCON presentation covered all this stuff!

    Conclusion: Next time, maybe less with the AppSec coaching stuff, no?

  • I really want to spend MORE time learning, spending time and money on my own education. To be open: I’m afraid of falling behind! I am afraid of losing relevance in the consulting market. 

    But I don’t have time enough! I already spend many of my evenings on learning, or on preparing classes for my students, so there’s no more room over there. 

    I could switch back to three days of consulting, one day of teaching and then have one day for learning. I could do that for a few months and then go back to four days consulting. That would work!

    Of course, the alternative to staying relevant as consultant would be to hire a few people and manage them while they bring in money. But we already covered that: I don’t know how to pivot into that successfully and I don’t know if I want to.

 

So… Decisions!

 

  • I have already started pitching lines to new potential consulting customers, so I can do a 2/2 split in my days and work on two different assignments. 

  • I have informed my current primary customer that I will be decreasing my hours a bit. This will either give me the room I need for that second customer, or it gives me temporary respite for some additional learning!

  • I have discussed my desire for more hands-on work with my coworkers at my current consulting customer. I had already set wheels in motion for a project to implement a new infra and app stack, so we decided that I would do the who shebang. 

    That means moving part of my DevSecOps coaching and managerial work to the new internal hire, which is a good thing. 

  • I have become a lot more “selfish” insofar that I’m outright decreasing my availability to my primary customer, to make room for teaching and learning. 

    I’m teaching my week-long DevSecOps intro class twice this fall and I’m doing SANS Amsterdam this October.

 

This introspection has been useful! 

 

I’m not done yet though. I need to rethink my planned learning path, to make sure I’m still investing time in the right things.


kilala.nl tags: ,

View or add comments (curr. 0)

Short review of the PT1-003 Pentest+ beta

2024-06-09 14:18:00

It's been a busy weekend! After spending yesterday at AnimeCon, today I focused on household and on another CompTIA beta exam. About a month ago I wrote about the betas for Pentest+ and SecurityX, today I did Pentest+ PT1-003.

The PT1-003 objectives are available here.

Here's my thoughts on the exam:

In short: I think it's good! At least as good as the SecurityX beta, maybe even better. And much better than the Cloud+ beta which was kinda bad. 


kilala.nl tags: , ,

View or add comments (curr. 0)

Short review of the CA1-005 CASP+ / SecurityX beta

2024-05-20 19:47:00

This morning I woke way too early to take CompTIA's CA1-005 SecurityX beta. 

118 questions and I used two hours (out of the three allotted). I thought the invite said four hours max, but okay, fine. I thought the MC questions were mostly pretty good, only a very small amount of stinkers. The PBQ weren't that exciting though, could've been more.

One thing that stands out: CAS-004 was the first CompTIA exam to introduce a PBQ in a real Linux virtual machine. CA1-005 has removed all of the Linux commands from the objectives, which suggests that CompTIA decided to kill that particular subject and the VM PBQ. I for one did not encounter the VM at all.

All in all, is the CASP+ / SecurityX a competent, more technical alternative to CISSP? I think it's not far off! Now the problem to tackle is brandname recognition.


kilala.nl tags: , ,

View or add comments (curr. 0)

CompTIA goes live with two new beta exams: SecurityX and Pentest+

2024-05-18 00:17:00

I guess most people know by now that I'm a sucker for beta-testing exams. CompTIA went live with not one, but two new betas!

They have published the exam objectives here.

I just spent five hours doing a comparison of the PT0-002 and PT1-003 objectives. The changes to Pentest+ are pretty extensive. Many small details are swapped out. Two big areas are swapped: there is much less focus on mobile (app) pentesting and there is much more focus on the SDLC and containers. 

Here's my comparison. It shows which objectives were carried over from 002 to 003, but also which were added (green) or removed (red).


kilala.nl tags: ,

View or add comments (curr. 0)

MCCT (Modern Classroom Certified Trainer) done

2024-05-13 08:58:00

This weekend I had a few spare hours to laze around in my hammock. What better way to spend them, than to do some quick brushing up on my training skillset?

Logical Operations, have a training and certification they call MCCT: Modern Classroom Certified Trainer. It is currently discounted to $95, including the exam and cert. 

MCCT is very clearly targeted at trainers who need to migrate from classroom to digital teaching. The training and certification do not go into didactics and curriculum creation, it is purely about achieving success in digital / remote / asynchronous training.

MCCT is by no means a replacement for CompTIA's now-retired CTT+. 

Training materials consist of 2.5h of video, a PDF book and slide decks. The exam are 48 multiplechoice questions, 36/48 needed to pass. The exam is untimed, unproctored and open book. 

My opinions on the matter:

Jon's training impressed upon me once again the importance of community-building, especially in an async class. Yet again that makes me amazed that Practical DevSecOps appear to actively discourage community-building in their trainings. 


kilala.nl tags: ,

View or add comments (curr. 0)

Rescuing my homelab

2024-05-10 17:12:00

It's been almost a year since I last fired up my homelab. I haven't had a need for the 20+ VMs since I did my Ansible and CDP exams as just about all the other exams I prepared on a smaller, local env. 

A few weeks back I decided to fire up my R710 again, to see if everything still works. It's antiquated and it runs a version of VMWare ESXi 6.5.x. Since its boot drive is a USB flash drive, I was a bit worried.

Lo and behold, I am greeted by a pink/purple screen that says:

failed to mount boot tardisk

Whelp... I have some inclination what that means and I don't like it. Unfortunately the Internet also wasn't of much help, as that exact error appeared once on a German forum. 

After some messing about, I'm happy to learn that my USB boot drive still had a recovery option! Pressing <shift><r> when told to, pops me into recovery mode. It tells me I can restore a previous install (which curiously had the exact same OS version), which I did.

By the sounds of it, all my VMs are booting again. :)

Now to make a backup of that flash drive!


kilala.nl tags: , ,

View or add comments (curr. 0)

Trying out two certification exams: CASA and Cloud+

2024-02-02 07:28:00

In 2020 I took the CV1-003 CompTIA Cloud+ beta. Back then I wasn't really impressed with the quality of the exam. Well, it's time for the next version!

A few weeks ago I took CV1-004 for $50, to see if it's better than last time. Yes, but no. 

The questions on the new beta were more diverse than last time. And I still like the exam objectives / curriculum. But in general, I wasn't a fan of the exam questions. I know CompTIA often has questions where you're not supposed to think from real-life experience, but this time around it's really pretty bad. Know that meme of grandma yelling "that's not how any of this works!". Well that was me. 

Especially the PBQs felt like CompTIA were struggling to come up with something that works. And if I have to see one more white-clouds-on-blue-sky stock photo I'll scream. 

Jill West, an instructor on CIN, wrote it pretty eloquently:

"That was a bizarre exam. Only one of the PBQs really seemed appropriate to the test [...] Some other questions seemed like someone was looking at the objectives to write their questions but didn't really understand the concepts; they just used several items from the objectives as "wrong" answers when those options really weren't congruent with each other [...]"

So yeah. If there's a student interested in learning about cloud computing, I would suggest the read the materials, but I wouldn't suggest they'd take the exam.

===

After passing PDSO's CASP API security exam, I thought I'd look at some of their competition. I'm still going through APISec University's courses (which seem good), but I also gave their CASA exam a quick shot. 

In short: I will definitely recommend their training materials to students, but not the CASA. CASA is:

  1. 100 questions
  2. Open book
  3. Unproctored
  4. Untimed
  5. ... and it rings in at $125

Points 2, 3 and 4 unfortunately mean that, from an employer's point of view, the certification isn't worth much because there's no guarantee that whomever has it didn't cheat in some way. Basically my biggest critique of PDSO's exams as well (which has points 2 and 3, but not 4).

The questions on the test were well written, so that's something. They are a decent way for someone who's taken the APISecU classes to test themselves. And the potential employers will simply need to do better BS-testing in interviews. :) 


kilala.nl tags: ,

View or add comments (curr. 0)

Older blog posts