Just like I did since 2017, I've committed to a personal challenge for this year as well: telling #SecurityStories. A few months into it, it was starting to take shape. I had completed four different experiments in the area of security and was working on the fifth one:
I believe that working on Juice Shop challenges, alone or with a pair, will result in increased confidence in my own skills.
I know I'll have succeeded when I've solved all challenges below 5 stars.
So I started from scratch again with the latest version of OWASP Juice Shop, solved challenge after challenge, finished all the ones marked with one or two stars. I paired with Gil Zilberfeld and Simon Berner. I realized some of the three star challenges were trickier than expected. Many times I thought I had found the solution yet my approach didn't work. Frustration kicked in, yet also the eagerness to figure out this challenge, gain the required knowledge to do so. I had managed to solve 10 of the 22 three star challenges, completed overall 33% of all challenges - and then life happened. Priorities changed.
The killing of George Floyd and so many other Black people left a big impact on me. I decided to pause my personal challenge and focus instead on learning about systems of oppression, and racism in specifics. Also this time, I shared what I learned within three months in my post I Am white. This is a lifelong learning journey, however, and I'm continuing the work.
Coming back to the #SecurityStories, I'm now closing this personal challenge with this post. This is an experiment for which I couldn't evaluate the underlying hypothesis as the exit criteria I had defined kicked in first: I faced a more important challenge, and my timebox until October 31st expired as well. Personally, I did learn a lot from working on this challenge. Four persons confirmed with me they learned from it as well; if I reached any more people with it is unclear.
Looking back, I realized a few things about this specific challenge and how I framed it.
- I find it hard to tell real stories, not just write mere reports.
- No one confirmed they learned something from me unless I asked them directly; and of course they said yes then.
- It's hard to explain complicated terms in simple ways.
The base challenge which made me come up with the #SecurityStories remains: raising my awareness and skills around security and sharing my insights while always taking care of myself. I've not finished learning more in the area of security, by far not! I will just do this on the side given I have the energy and capacity for it. It's still a super important topic for me, and I still have so many ideas on my list of things to try and learn more about, so it'll be easy to be picked up again any time. Also, I'm still having monthly pairing sessions on security with Peter Kofler anyways.
What I did a lot better than the last years, was taking care of myself. Once again I had integrated self-care into my personal challenge, forcing myself to prioritize health. I only failed two times, just before and after DDD Europe, and noted that as being okay. The rest of the year I did make time to do things that are good for my body and soul.
For now, I'm de-cluttering my life. I'm finishing off a few things I started some time ago, finally getting a few things done that were overdue. Eventually, I'm trying not commit to a lot of things at the same time anymore, whether at work, in private life, or for my personal development. Next year will come, a new challenge will come (already have one in mind), there will be more things I'd like to work on. I want to grant myself the freedom to say no or not now, and to stay more flexible in my commitments. In the end it boils down to regaining focus and keeping balance.