One of the phrases my early boss in pentesting taught me and adopted was failing upwards in a career.
This leads to hard decisions between hanging up part of your subject matter expertise and focusing on managing and leading teams or do you continue down the route of honing your skills.
The cliche phrasing around a good manager vs. a good leader has never stuck with me, but the sentiment of looking at leading and helping your team excel in every way you can is something I have learned from having good bosses and managers in the past.
Being able to tell the difference and learn from both to better yourself is equally important.
I started working in offensive security as an intern focused on learning the ropes in penetration testing; I then moved to a junior penetration tester position with a short stint in-between in technology and information risk at a bank, the stark contrast between working in a bank vs. consultancy was apparent in my first few interactions within pentesting.
I began pen-testing on my first day working for SecureWorks; I was given two laptops, a Nessus license, a burp license, and the task of building me a 'go to war' laptop, which SecureWorks called their pentester laptops.
Luckily, before this job, I had spent years working at a computer shop building and breaking systems, so I had extensive experience building laptops and installing stuff, configuring things in a manner that was usable and expandable; it was the first time I had given the independence to go build my own laptop for a work setting.
Still, I would go away and learn; I'd never done one, nor had I been to Norway, so it was a fun experience and pretty representative of winging it.
I learned from my second week on the job that thinking on your feet, learning new technologies, and solving problems was where I wanted to be in that moment.
I learned many things from that particular engagement and client many years on.
The skills we learn from difficult situations shape a lot of what we end up doing day to day.
I followed a manager whom I learned a lot from and saw as a leader.
From the initial team at SWX, we built a team in Scotland; what started as just him and I quickly grew into a ten-strong team.
Outside of security, while I was learning the basics and building upon them, I was honing other crafts; martial arts are very prevalent among security professionals as an escape to exercise creativity and physical excursion.
Teaching karate to kids aged 6-11 was an interesting experience, particularly in developing effective teaching methods and learning the importance of leading by example.
A significant part of this teaching role involved helping these young learners distinguish their left from right.
Back in 2016, there was an opportunity to take over a team and build it out even further; his words to me back then were you are going to do great things, but this is not what you want right now, do not hang your tools up, go forth and hone that creativity.
As I learned a lot of different paths in pentesting with a primary focus on web apps, I moved into learning infrastructure and leveraging both skill sets, which you will see in my historical blog posts.
I built out a personal brand and learnt about the go giver, so I focused my efforts on passing on as much as possible; my learning style is to teach so you can learn better, which has helped me a ton.
You can lead a horse to water but can't force it to drink; sometimes, you just need to waterboard that horse to make it understand.
This Cyber News was published on blog.zsec.uk. Publication date: Sun, 28 Jan 2024 17:13:04 +0000