Last time I wrote about my struggles to kick off my AskAppSec challenge. Allowing myself to go tiny steps and considering any small thing as progress, I was able to make just that - progress. Well, I've had to learn this lesson multiple times already on different topics, this is just another example. Still works all the time.
So here's what happened since my last post. The following actions helped me get out of the scary zone, slowly and steadily.
Ask More People
I reached out to more security folks like Jay Harris and Dan Billing and asked them for recommendations on online communities out there. This way, I learned about new options I had not considered yet. Even when they confirmed communities I already had on my list, it provided validation that I wasn't too far off. I also got inspired by a podcast episode where Tanya Janca emphasized the importance of joining communities and named further ones. Last but not least, I finally asked publicly for recommendations and yet again could add more to my list.
Join Further Communities
Now that I knew about more communities, I indeed joined more of them. Initially, I felt adding too many would be overwhelming, yet as my initial attempts were going slow, I changed strategy. So I joined as many communities as possible to try them out and see which ones would end up as the best suited for me. Once I started, entering new ones wasn't as scary anymore as in the very beginning. If it's scary, do it more often, right? So now I've added the following ones to the those I had joined already.
- BSides, respectively the MUC:SEC Discord as the related folks are organizing BSides Munich, which is definitely on my list to go to this year
- DEF CON Discord
- DevSecCon's DevSecOps Community Discord
- HackTheBox Discord
- Laptop Hacking Coffee Discord
- TCM Security Discord
- Threat Hunter Community Discord
- TryHackMe Discord
- TechYeet Slack
- Women of Security (WoSEC)
- Women's Society of Cyberjutsu
- Cyversity
- Any InfoSec or AppSec meetup I could find that either was local to me or offered virtual events, like the OWASP-DevSlop-Project
There are a few options on my list I haven't tried yet as they didn't feel like a good fit right now. Nonetheless, I'm still on the lookout for more online communities, so anyone having recommendations please reach out.
Collect Security Resources
I've come across quite some interesting stuff in the past years, so why not finally start a page of recommended resources dedicated to security. I felt this would be an easy quick win to make progress, it would be great to have a foundation to build on and extend with anything I'm learning now, and nice to be able to share a page with folks interested to learn more about security as well.
Feel free to check out my recommended security resources, maybe this collection already offers something of value for you.
Start AppSec Courses
I'm still reading Tanya Janca's awesome book "Alice and Bob Learn Application Security". I'm a slow reader of non-fiction books, especially if I'm not traveling. So, I thought why not also try out the courses she offers at the We Hack Purple Academy. There are a few free mini-courses available. The paid ones seem very reasonably priced, especially considering the fact that they represent exactly what I'm looking for. There's even a bundle of the four most interesting courses to me, which I'm currently on: AppSec Foundations Bundle + Secure Coding.
Prepare First Challenge
I do have a whole list of potential mobile AppSec challenge options. I still need to pick the first to tackle, write about and ask feedback for. While I have a hunch which topic it's going to be be about, I'm fine with not having made the final decision yet. Again, tiny steps, and that particular one is on my radar of things to do next - besides consuming resources and engaging with the communities I've joined.
It'll come, at the right time and pace. As long as I can build on the gained momentum, I'll be fine.
No comments:
Post a Comment