I have mentioned my job on this blog a couple of times. I don’t want to get into that much detail about it - This has very little to do with any rules and regulations on my job itself, it is more related to I have found it to be best practice not to discuss these things online. That being said my continuous professional development and my job itself exist in different domains.

Despite my degree in economics, I work in the IT field. If I am being perfectly honest a career in this field was never really on the docket for me. I planned to go to university, get a degree in economics, make a lot of money being an investment banker, and burn out by 40 with a big house, pending divorce, and several kids that only pretend to like me. This plan was perfect other than the fact that I just don’t care that much about economics anymore. I fell in love with the subject in sixth form, but the unfortunate fact is sixth was the last time I felt like the education system added to my career capital. I will one day write a post on my disdain for the meat grinder that is the university system, but it killed my love for economics. I learnt a lot from university, but my subject does not encompass a single one of those lessons.

Toward the end of my tenure as a student lockdown hit, and I had ample time to figure out who the hell I was. Lo and behold I found a youtube channel called Network Chuck and he kickstarted my love of technology. I would be lying if I said that I didn’t always love technology, however, I was always told “there is no money in it” and therefore never saw it as a viable career. That advice was not only factually incorrect, it was also wrong. I learnt Python, Linux, and database management, with the eventual goal of getting a job as a software engineer.

At this point in my life, I was working as a forklift (or PPT if you want me to be exact) driver in a warehouse. I had a long-term goal of working my way up inside this company, and when the opportunity to apply for the OSS position came up I pounced on it. I spent months preparing for this job interview, and all that prep paid off when I eventually got the job. I am now six months in, and for the first time in my life, I have a clear idea of who I am and where I am going.

That being said I am also a very ambitious person - This job is not “it” for me, and I have no intention of staying here forever. I told myself, my boss, and anyone who would listen that this is just a stepping stone for me. Many would say that saying that is a mistake, but I fundamentally believe that being honest about these things is the best way to go about it. One basic form of market failure in economics is asymmetric information, where one party knows more than the other. This market failure starts as being advantageous for one part, but once the information leaks the level of trust is gone, and consumers go to a competitor. Now I am settled into my job, I have started to work on getting my certifications, and this post is my timeline.

Certs I want

I set myself a goal of two years, and that is somewhat ambitious - However, as that famous quote goes

Aim for the stars, then even if you fail you will find yourself in the clouds

My ultimate goal has changed away from software developer at this point. While I do enjoy coding, I don’t want to do it as a career. I enjoy writing well documents, well-structured, and concise code (despite what my GitHub might show). From what I have been told about working inside these environments, the code is expected to be written and it is expected to work… I don’t want to work in an environment that does not demand my best, and so I don’t want to set that as my end goal. My current heading is that I wasn’t to work as a Red Teamer. This came about because about six months ago my friend said to me “You are already the annoying privacy and security guy, so why don’t you pursue that as a career”. With that established the certification I want to get before I leave this job are

• Security +: I want this predominately because it will give me a solid foundation on security principles. As well as this it is often a prerequisite for many of the jobs that I want to move into eventually.
• Network +: While networks are not the only attack vector, they typically are the most accessible and contain the most low-hanging fruit. To attack something you need to know about it from first principles, and Network + will give me that background understanding of the basics of networking
• Linux +: Most server environments nowadays use Linux, and this is understandable given its nature. Taking this aside I use Linux as my main operating system (I will not call it GNU-Linux) and I want to learn more about it. All of this aside, the fact I know how to use Linux is a major part of why I got this job, so I want to try and capitalise on this as much as possible.
• CCNA / JCNA: I want to get some vendor-specific certifications to boost my knowledge on Networking once I get my N+. This doesn’t necessarily teach much more information than the N+ will, but it will increase my employability in this area. I am choosing CCNA because it is a gold standard, but also JCNA because I know that my company uses Juniper switches which will allow me to better do my job and possibly apply for an internal job when I eventually leave
• LPIC 1 & 2: To be perfectly honest with you I have only recently found out about LPIC, but I think these will be worthwhile certifications for me to get as they will increase my knowledge of Linux beyond what L+ can provide. That being said it also allows me to highlight Linux as a domain I have extensive knowledge in on my CV

Two other certifications I do not want but working on getting anyway, because they will allow me to get a promotion, are CompTIA A+ and the AZ-900.

Timeline

So now we move on to the timelines. I am going to allocate 1 month for smaller certifications, and 2 months for the longer ones. Given I managed to get my A+ core 1 exam within 1 month of starting to study, I think this is somewhat achievable. That being said these timeframes are subject to change, and likely will as I get to know and understand more about what sort of effort is required for some of these more advanced certifications. This being said this is the current timeline

APRIL: Comptia A+ core 2 MAY: AZ-900 JULY Security + SEPTEMBER: Network + OCTOBER: CCNA NOVEMBER: JCNA JANURARY: Linux + MARCH: LPIC 1 MAY: LPIC 2

These give me about an additional 6 months of leeway to meet my goal of 2 years (based on that I have already been 6 months in this role). I expect the timeline will change, but this gives me a good pacemaker, to tell me if I’m behind or in front of my schedule.

I chose this order based on various factors. The A+ and AZ-900 I am prioritising in an attempt to get promoted. To be perfectly honest with you, I think I can achieve my A+ Core 2 in the first week of April, and based on what I have been told I could potentially get AZ-900 in the week following. Security + comes after as I have been told it gives a decent background on networking, and this will allow me to hit the ground running when I move onto N+. This also means that by September, when I would have been in my current department by about 1 year I would have all of the certifications my job recommends. After my N+ I start working on JCNA and CCNA because networking knowledge will still be fresh and I can capitalise on this. This is also the reason that when I finished my L+ after, I am going to do the LPIC exams.

But wait there is more

Of course, this is not as simple as just getting certifications - If I eventually want to move into red teaming I need to get experience with hacking. The best way for me to do this is CTFs. I have started making headway on this already, having started using TryHackMe again and working my way across their beginner courses. I eventually plan to move into Hack The Box when I get more comfortable with the basics and get a few CTFs under my belt (unassisted).

The other key thing I want to do is pick up another programming language. I am fairly adept at Python at this point and can write a basic JavaScript program. These two languages can achieve almost anything, but I also want to try and round out my GitHub with some other languages. I attempted to learn Java a few months ago but ended up not having enough time to dedicate to it. The current plan is to do a Java course, and then move on to PHP. I am learning Java predominately because it will force me to improve in OOP. The reason why I want to learn PHP is that it is a popular backend language, and knowing the basics of it will help me with CTFs - It also has the added benefit of I already have a project lined up for it (an API for an addiction stream database I manage), and I get to annoy a friend who hates it.