Skip to main content

Pay vs Passion: The Price of Risk

A little under a year ago I was sitting at GrrCON trying to decipher why I wasn’t enjoying myself. I didn’t want to go to the villages; I didn’t want to mingle, and I definitely didn’t want to listen to talks. It’s an understatement to say that I was weighed down by some anxiety, apprehension, and fear. The weekend eventually culminated in me having a panic attack in the parking lot. While crawling into the shower — hungover of course — the next morning I came to the realization that I was unhappy with where I was headed. I couldn’t enjoy the conference, because I was thinking about everything that laid in front of me after the conference.

 Flashback six months earlier and I was contemplating what I would do once I graduated from University. I was about to graduate with a BS in Network Engineering. A job offer was on the table at a respected managed service provider in Chicago. The pay was great, the benefits were outstanding, and it would be a move to the big city! A newfound interest in Infosec was leaving me grappling with whether or not I wanted to go the grad school though. I had just joined our universities cyber forensics club and was quickly falling deeper and deeper down the rabbit hole. Did I want to risk it to delve into this newly developed interest or did I want to go down the less haphazardous path and accept the job offer that was already on the table? This was something that I struggled over for most of that semester.

As you can probably guess I made the decision to work for the MSP in Chicago. It seemed like the absolute logical and rational decision at the time. Oh, how I was mistaken. It turned out that, Infosec, what I thought to be a momentary passion wasn’t something that was going away. I was working by day repairing Outlook profiles to come home at night and listen to conference talks and work on certifications. With each passing day, I realized I was more and more dissatisfied with installing monitors and was craving to do something that felt worthwhile. As a side note here I have to mention that the prejudice that all “hackers” are criminals definitely still exists outside of the Infosec circle. Me being me and the deviant I am all I heard was “Hey don’t do those things and don’t be that person.” so of course I leaned into it even more.

It’s difficult to decide between the safe road or going down the riskier path. I had made the decision to go down the safe path - to take the well paying job, in the big city, with the benefits. I decided to not pursue what I thought at the time was a temporary infatuation. Looking back in hindsight, I wish I would have taken the time to explore my new-found interest. To go to more conferences, spend more time in Discord servers, and talk to peers about their experiences and insights. I can’t imagine trying to make a decision like this after having been in a career for 30+ years or after having a family. It’s worth it to delve into new interests though. That might be Infosec, it might be music or even woodworking. It may turn out to in be a passing phase, but it might also be a new passion. If you have the chance to chase after “it” then go forth.

During the second day of GrrCON, I came to the realization that I wasn’t happy. All these feelings and hang-ups were because I knew this conference was nothing more than a vacation for me. I would eventually have to go back to stacking keyboards and moving desks. I decided on that day to go back to university and pursue my MS with a focus in Information Security. I decided to make the leap and explore information security and see if it was, in fact, more than just a passing fad for me. I can only recommend that if you have the chance that you do the same.

Welcome to Allow Some Deny All

Comments

Popular posts from this blog

Biohacking: Upgrading People

Biohacking: Upgrading People Last summer I was lucky enough to get one c00p3r's last chips installs before the end of DEFCON. This past weekend I spent over 20+ hours answering questions about biohacking, watching implant installs, and explaining the use cases for each type of chip. At this point, you could say that I rep the colors of the biohacking community. I wanted to create a short list of some of the questions I received, recommendations I gave, use cases, and thoughts I had.
FAQWhat about the mark of the beast? I actually only received this question once during the course of the weekend. It sparked some interesting conversation though. Looking at the specific scripture we find the following...

And he causes all, the small and the great, and the rich and the poor, and the free men and the slaves, to be given a mark on their right hand or on their forehead, 17  and he provides that no one will be able to buy or to sell, except the one who has the mark, either the name of the b…

Android 10/Q and WiFi Scan De-Throttling

Android 10/Q and WiFi Scan De-Throttling Some simple instructions on how to enable WiFi scan de-throttling in Android 10/Q. The phone in the following example was a Google Pixel running Android 10/Q. Open the Settings appScroll to the bottom and select About phone.Scroll to the bottom and tap Build Number 7 times.Return to the previous screen (Settings) to find System near the bottom.

Under System is Advanced Options

Scroll to the bottom and select Developer Options

Under Networking is the setting for Wi-Fi scan throttling

Untoggle the previous option and WiFi scanning should be de-throttled...Happy WiGLE'ing!

CompTIA Pentest+: A Retrospec.

CompTIA Pentest+: A RetrospectiveI get asked by students often enough what certifications they should be aiming at. Usually, it's a few freshmen that heard that the OSCP was industry standard for penetration testing and have now set their every so green sights upon that. It's always an interesting conversation correcting that piece of misinformation. There's also an occasional couple of soon to be graduating seniors who would like to bolster their resume with a cert. There are also the students who heard that the CEH was the way to go if you want to become a "real hacker". Bleh. I think this is where the Pentest+ comes in.
Recently, I sat for and passed the CompTIA Pentest+. This will be the certification that I now recommend to my students....along with the Security+ of course. While the argument can be made that this certification is not comprehensive enough with it being completely theoretical and not at all practical there's still value to be found in it.…