It’s the start of Q3 and like many other people who have the obligatory “mid-year” review up-coming or just completed, a bit of reflection seemed in order. My plans at the start of Q1 were nothing earth shaking but included a couple goals that I felt would help move my current employer’s security posture forward and some professional development milestones. Like everyone else, those priorities all changed with quarantine measures. Unlike some, many of my employers over the last dozen years have been remote. I have a good home office set up and in previous “work from home jobs” there was still the ability to meet clients onsite when needed so isolation didn’t seem that daunting. Fast forward several months, collaboration via Teams, Zoom and such now seem almost normal and help ease the feeling of isolation from co-workers but one aspect I had not considered was certification exams. Since Pearson Vue was not open anywhere in Canada I had to setup an impromptu “exam room” in a spare bedroom for online proctoring of my SANS GCDA exam.
Online proctoring for something that is a solo activity anyway doesn’t seem like that much of an inconvenience, I anticipate the bigger unexpected impact to the continuing education requirements of infosec professionals has been the cancellation or postponing of information security conferences. Thanks to YouTube and numerous conferences that freely publish their presentations there is no shortage of online content but it lacks both the excitement of a live event and the networking opportunities. Over the years I have found myself in many casual conversations with some of the brightest minds in our business in a food & beverage line or waiting to get into a talk. Some of those chance encounters have fueled whole new areas of interest over the years. There certainly are conference organizers that are working on creating a different type of online experience to re-establish those spontaneous networking opportunities for people with similar interests but it appears we’ll all need to be taking more proactive measures to increase our security knowledge and skills.
In the music industry they call focused practice in isolation “woodshedding”, presumably because no one wanted wanted to hear the slow and painful progression of developing great tone and chops. Arguably skill improvement in infosec isn’t really that much different, quieter than the banjo or violin, but no less difficult to do well. Studying for the GCDA in isolation forced some improvements and revitalization to the home lab in order to go beyond the exercises in the text book in order to solidify my understanding since there was no instructor to fill in gaps if a question came up. Self-study for infosec isn’t easy, there were certainly times extra documentation research was needed as well as good old trial and error but that is what a lab is for. The lack of a formal classroom structure and the ability to hit the “pause button” also presented some focus temptation challenges from time to time but did allowed the ability to “go off road” and dive deeper into some areas when needed.
Rather than lament about what isn’t possible right now, is there an opportunity to get better at some aspect of infosec that is currently on the “want to get to that” list”? A number of companies are really struggling with budgets and training is usually the first casualty even in good fiscal years. Add in the issues with travel and suddenly home-study may not look that bad. If you are currently leveling up through self study leave a comment, others might feel inspired as well.