Category: Uncategorized

I’ll start with my accomplishments over the last 24 hours. I actually finished my first read-thru of Bug Bounty Bootcamp by Vicki Li. Years ago, I read a book called How to Read a Book by Mortimer Adler. One of the things I remember the most about how to read and actually retain the knowledge of a book is by doing an initial read-thru, followed by an active read-thru. This was my non-active read-thru. While I’m sure I’m like most people and don’t fully pay attention when doing passive reading like this, I do feel it “tills the soil” somewhat. I will be doing passive read-thru’s of everything from here on out, while doing active read-thru’s of the current one I’m working on. I’ve decided my first steps are going to be to follow along through this book while hunting on a VDP (Vulnerability Disclosure Program) offering. I have not decided which one yet, but plan on starting in the next day or so.

One of my main issues is that I have been diagnosed with ADHD, but more importantly, severe depressive disorder. I have gotten the help I need, and while I’m in good shape most days, the downswings still happen. Today was one of those days. I had a hard time focusing or being productive whatsoever with work today, and did not study for my PMP at all. I really felt like I was going to end up sitting in the recliner staring at football the entire night.

Thankfully, I was able to motivate myself enough to get one thing done (besides this post). I currently have a Windows laptop for work, and an older gaming desktop that is my personal device. I was honestly thinking about getting a new personal laptop and loading Kali Linux on it directly, but I do happen to have a MacBook from a previous gig. I am not a Mac person, but being in the field as long as I have, I can at least navigate enough to work. I decided to get UTM installed, and then install a virtual instance of Kali directly onto it. It took some doing (Google UTM, Kali Install, Black Screen), but I finally got it installed and logged in. Although it’s not much, I feel good that I at least didn’t have a 0% day.

I realize people reading this might think “Wait. You have a full time job, are studying for your PMP, AND trying to learn Bug Bounty (eventually full Pentesting)?”. It is definitely a product of my ADHD. I have decided that I’ve done too much to not finish my PMP, and there’s no harm in getting it. After I finish that, I will not be adding any more to my plate, so I can focus on this more. Unfortunately, one of the other things I’m going to have to sacrifice is gaming. Or my family. I haven’t really decided which yet.

So, Bug Bounty Bootcamp has now moved into the “active reading” phase, and I’m now moving “Learn Python the Hard Way” into my passive reading phase. Although I know some basic Python, I’m going to work through that book specifically to get more acclimated.

This is the beginning. This blog will be my journey into becoming a red team cybersecurity professional.

I have been in IT for over 20 years. I have been help desk, sysadmin, manager, sr. manager….basically jack of all trades. This field has been good to me, but it’s starting to become a little stale. I have a great role currently, but I really enjoy the deep work more than the constant interruptions and business admin portion of my job. I’ve been searching non-stop for something that I can do mostly on my own, allows me to do more focused intellectual work, and allow me to continue growing to stay relevant into my later years.

I have tried several different avenues, from programming, game design, AI/ML work, etc. Nothing has really stuck. Red teaming is not something I really considered until a few years ago.

I was working as an IT Manager for a company that was needing to qualify for cybersecurity insurance. This company was in bad shape (I had just started in this role shorly before), so there were a lot of tasks I was needing to accomplish as quickly as possible. While researching, I came across CISA, and along with that, the opportunity for me to qualify this company as “critical infrastructure”. We qualified, which allowed CISA to do a free external and internal pentest of the company.

A few weeks later, CISA sent a few contractors on-site for a week to do internal testing. I spent most of my time in a conference room with them during the week. I was very intrigued by their process, and was informed of the possibility of not only getting into the field, but also that I would be able to make an easier transtion because of my previous experience with infrastructure. I will also add, the thought of being able to find things I could break, but not actually be responsible for fixing them, was extremely enticing.

I started studying for my PNPT from TCM-Security at the advice of one of the contractors. I also signed up for TryHackMe. I was fanatically motivated during that time, and was actually excited about my career future for the first time in a long time. Then, personal issues hit, which caused me to have to move, taking a new job, and focusing more on my family. While the changes were needed and utimately good, my “hacker dreams” went away because of this.

Life has become more stable, and my family responsibilities are becoming less (we’re almost empty nesters now). Long story short, I have caught the bug again, but am approaching it differently.

My current status is full-time employment as a Sr. Manager of IT Operations, and I’m currently on the back end of obtaining my PMP. I am going to finish that cert, then focus solely on red teaming, with an initial focus on bug bounty. This is not something I’m starting with to try and make a quick buck, but more to take smaller bites and have a specific focus.

This site will be the documentation of my journey, as well as my contribution to the community on my learning progress. My hope is that these posts will help anyone with their own personal journey as well as myself.