I have made it somewhat of a tradition to look back at the previous 12 months in a blog post on the last day of the year or last week of the year. Both from a professional perspective and personal life. Acting as a timeline, look back at my technical contributions to the community, personal achievements and general enjoyment.
Blog Posts and Progress/Plans
Starting off with the easy stuff, I wrote some cracking blog posts this year that got a lot of attention and helped a lot of folks; I wrote around 13(ish) posts in total, which averages one a month, not bad going given how busy a year it has been.
- The year started out with the first day of 2021; I passed CRTO by Zero Point Security. My review of the material can be found here, the course has changed a bit since I sat it, but the underlying core content remains relatively similar.
- I finished my Paving The Way to DA series with Part 3 and combined all three into one monster guide worth a read at 10k+ words!
I wrote two pretty in-depth guides on surrounding SSH and locking down usage/secure advice. The second guide was all around cobalt strike malleable profiles, which were read over 100k times on their own!
In addition, I also wrote up my research on HoneyPoC which was a lot of fun to write, research and will hopefully be helpful for folks moving forward.
Book Number 2...
For those who have followed my work for a long time, well, maybe not even that long. You might be aware I wrote a book in 2016 called; Breaking Into Information Security: Learning The Ropes 101. I have updated it over the years to add additional sections, but a lot of the content I wanted to add ended up spilling over into a second book.
I also started writing LTR102 properly in 2021; my aim is to publish it in March/April 2022. The book can be pre-ordered here: https://leanpub.com/LTR102-Expanding-Your-Security-Horizons/. LTR102 picks up where LTR101 left off and builds out an understanding of the broader industry as LTR101 was focused on offensive security, whereas LTR102 touches on all aspects from both a high level and diving in a little deeper.
While Covid-19 still impacts our lives today, it greatly influenced conferences in general. However, I did manage to attend BSides London in November and present the HoneyPoC research I have been working on for over 18 months. The link to that talk will be available at some point; I'll likely link this in the Future when uploaded.
The talk was exciting and well-received by those who attended in person.
All of the feedback I got about it was positive, and many folks were amazed I had managed to collate so much data in a relatively short period. It was a lot of fun to do, and it all started from a singular troll!
- EP18: Jo Dalton - Starting the year off with a bang, Jo gave us a great insight into the world of security from her perspective and what it is like to do stand up comedy!
- EP19: Chris Sutherland - Chris gave us an insight we hadn't had before, through the eyes of what it is like to be a chief information security officer and how he made his way into the security industry.
- EP20: Chrissy - Chrissy gave us a unique insight into what it is like to work in close protection in an all-female team of bodyguards and a deeper insight into her path into industrial control system hacking and hardware hacking.
- EP21: Meadow - Meadow took us through the world of what she gets up to regarding car hacking and hardware hacking and followed her path through learning various dark arts of hardware hacks!
- EP22: Alex - Our second member of Cybar (a small group of my pals who came together over the 2020 lockdown) whom we've had on the podcast, he took us through his path and transition from blue to red, still early in his career but has a unique insight into both sides of the security coin.
- EP23: Netsecfocus - One of the biggest fans of the podcast, Netsecfocus, took us through some exciting things he has done over the years, including how airport security is meant to work!
- EP24: Andrew Tierney - We dove into what it's like to work in the IoT sphere; we also took a massive tangent on privacy and IoT normality in the home. All the usual chaos ensued but with some other interesting discussions around Andrew's path into security and how it has changed over the years, the general adoption of IoT and some of the chaos that occurs when you shit-post on the internet.
⌨️ Professional Life
I started a new job this year, and it has been enjoyable working with the team at Lares. I have learned so much in the last almost 11 months working with some of the most talented individuals in the industry. I also managed to further my professional development by learning many skills, some of which are non-technical.
Currently, I head up the UK team, and it is shaping up to be a nice collective of intelligent individuals; 2022 and beyond are going to be exciting years. I have learned a lot about business processes and explaining situations to different groups of people that have helped me professionally and personally.
🏆 Achievements & Awards
This year I did a few pretty great things, I don't often shout about them but I should.
- To kick the year off, I passed Certified Red Team Operator, which was hellish but I really enjoyed it and learned a load from it.
- I was Awarded Best Cyber Writer at this year's Unsung Sec Heroes 2021 (picture says 2020, but it should be 2021!).
Not really an achievement but something pretty cool; I got verified on Twitter, spoiler there's not much difference to unverified, just that tweets get a bit more exposure.
I managed to get more AFK time; I took up drone photography and bought a new car(more on this later!).
📛 Personal Life
For the first time in ages this year, I spent more time away from the keyboard and the security that I live and breathe. I learned to switch off more, which, believe me, is incredibly hard!
I got into photography more this year and took many great pictures. Thanks to John Carroll for this great moody shot and the shot of my talk above! I also was photographed by a few of my pals pretty good too.
Much like in 2020, I listened to a lot of music(not as much as 2020 but still a load):
I took many photos of landscapes, got into drone photography and captured some cracking shots. I also managed to get out on some beautiful drives with my other half in conjunction with drone shots.
Scotland is truly beautiful, both from 100m up and the ground!
Towards the end of this year, I also sold my Ford Focus RS...
...and replaced it with my dream car:
An Audi R8 V10 plus
Photos and driving aside, I also managed to get on top of my mental health; for the first year in AGES, I didn't burn out, which is an outstanding achievement(not a healthy achievement to be burning out).
One of the best things that happened this year was probably me joining Lares, not only as I've learned a lot professionally, but I also have a great boss. Here's a thread from earlier in the year where he talks about significant steps to good leadership and management. Massive shoutout to NotMedic and his looking out for the team, encouraging time AFK and taking a holiday, which is really important.
I learned while working this year that you don't have to work at 100mph all the time, and when you've got a supportive team, you can take time out while the machine still continues to work. Thanks to my colleagues for being Rockstars!
Looking forward to 2022 and the Future!
I set out at the start of 2021 to get back into training karate, but unfortunately, Covid took a run and two-footed that into 2022; however, I did manage to get out and about, still managing to do evening walks now and again. Onto 2022 I plan to try and get out more, be it back on the mats hopefully and keep up some level of fitness as I made a solid try at it earlier in the year. Like last year, I am not going to make any new years resolutions, but I aim to publish my second book at a bare minimum and get more time away from the keyboard.
Cheers, folks and thanks for reading!