Most people overestimate what they can do in one year
"Most people overestimate what they can do in one year and underestimate what they can do in ten.” - Bill Gates
When it comes to working in tech and Cybersecurity, you are faced with a plethora of different subjects. Many that take time. Many that change rapidly.
When learning something new, we can find ourselves jumping around the subject matter or going down rabbit holes. The curiosity is good, however we want to stay focused.
Take Diffused learning vs Focused learning.
As explained here, focused learning involves intense concentration on a specific problem or task, while diffused learning is when the mind wanders and makes connections to previously learned material. They both can be used when learning something new.
Think working on a puzzle vs brainstorming.
A lot of people are constantly trying to keep up with the new thing, the “cutting edge”. This all can be a bit overwhelming as things in technology change constantly.
After being in the field of Cybersecurity for over 8 years I have learned that “the only thing that is constant is change”.
What I would recommend people do is develop a long term approach to their goals. This includes learning goals.
This is something I have worked on recently. As I look back at every milestone, I realize this has happened only when I step back and have a longer term goal I set out, getting into this field included.
When you think in the long term, your framing of how you approach problems changes. You don’t feel like “time is running out” and you missed the boat.
You have a larger goal you set out to accomplish. Then from here, milestones are reached that serve as stepping stones for that longer term goal.
For example, for this year you could have a 1 year plan on learning AWS, from here the milestones leading up to it might be
1 month - Narrow down your interests (Security)
3 months - Have a self-study plan or enroll in a course that matches with job roles of interest
6 months - Have built meaningful relationships with 5 people in the area you’re aiming for
9 months - Have checked off X % of skills do job roles of interest, earned 2 certs
12 months - A deep understanding of Cloudtrail, IAM, S3, etc. and interviews in the pipeline for the role above
In this approach, you have a larger goal you’re aiming for, getting a certain job role with a specific skill set. You outline a plan tailored to it, and you then work backwards towards it. This takes into account second order thinking and outcomes.
It’s best to focus on creating goals a couple years out or less and then milestones from within these goals.
Have flexible goals when it comes to timelines longer than this. Interests could change over the course of a few years.
For example, work on creating a 6 month plan. Be flexible on the timeline should your circumstances change, but be tough on yourself.
Brutally prioritizing, is how you can look at it. You'll want to track your progress, as the time will go fast. Google Docs or Notion ftw (don’t overcomplicate it)
Reflecting is something I try to be intentional about, as life can get in the way sometimes of taking state of things and planning your next move. Taking this time to actually see your progress will be very beneficial.
If you’re attempting to pivot into Cybersecurity as your career path (you’re in the right place), here’s another post that can help you in your journey
Cybersecurity Career Path: Detection and Response
In this series, we’re going to go over different career paths in Cybersecurity.
It goes over the ins and outs of Detection and Response as a career path.
What I Read This Week
Asana Fixes Security Flaw in MCP
As part of the remediation, they reset all connections to the MCP server
This will not be the last vulnerability of its kind. Look for more of these in the next year
Detection Engineering Field Manual #1 - What is a Detection Engineer?
A spin-off from Detection Engineering Weekly, dives into the Why of Detection Engineering
Trezor’s support platform abused in crypto theft phishing attacks
In this campaign, users get a “reply” from legitimate help@trezor.io email address from the attacker
To be clear, this was not a breach, but an abuse of the support system contact form
Iran's Internet: A Censys Perspective
Censys increases visibility provides good insight here as to what happened
Found this interesting as this is how information is controlled, cut off the supply
Breaches
Aflac discloses breach amidst Scatter Spider Insurance attacks
“This was part of a cybercrime campaign against the insurance industry."
Wrapping Up
Remember, think in the long term and your framing will change
“we consistently overestimate the rate of diffusion and the impacts of technology in the short run but underestimate diffusion and impact in the long run” - Roy Amara
In the end, we have time to go after what we want. We just have to do it.
See you in the next one.