Skip to content
Graham Duthie CV+
Professional Background
IT Experience
Who am I?
Contact
Share
Explore

Cyber Security

Since learning how to make basic web applications I've been curious as to how safe they would actually be if taken to production. Would they survive in the wild? (Update: I passed my ISC2 Certified in Cybersecurity exam in May 2023).
I had a niggling concern that if they did, it would be more through luck than judgement. I was right, when I finally got the opportunity to learn more about Cyber-Security my mind was blown and my eyes opened to far more than concerns around safely deploying a practice web-app. I became suddenly accepting of the constant updates pushed on us by our software suppliers and I began to question privacy, and the asymmetry of the knowledge surrounding it, at an operating system level. Mostly though, I marvelled at the sheer ingenuity of the talented and motivated individuals who discover zero-day threats that can target a system at byte-level.
Most of the building blocks for my journey of discovery into Cyber-Security were already in place before I began investigating it in August 2022. I was concerned about the security of my own work and I’m always curious and hungry for new knowledge, so I really only lacked a real-world reason to switch from my Java oriented training program to Cyber-Security. The reason arrived when the possibility of a career in Cyber-Security was raised by my job-coach. I quickly did my research, found an online resource that I liked, and was well regarded, and began to learn as much as I could.

When did ‘The Swap’ happen?

Since completing my Java course I had consciously maintained a 35 hour training week, my activities since “graduating” are available here:
@Since learning to code
The swap from GitHub (mostly Java project activity) to the activity of learning Cyber-Security is perfectly illustrated in the image below from 07/02/23:
An image showing a GitHub activity calendar from 2022 and how it slowly stops and is replace by activity in a TryHackMe activity calendar.
The transfer from GitHub activity to activity on TryHackMe began in August 2022. The activity in GitHub refers to private commits of code to my personal coding projects. The activity in TryHackMe is linked to questions answered and test environments fired up.

So, What have I learned?

Firstly I concentrated on learning as much about Cyber-Security as quickly as I could, meaning that I was ripping through interesting new theory on the subject, answering numerous questions and ticking off rooms at breakneck speed. I learned the basics of both defensive and offensive Cyber Security, learned about networking at byte level (this was especially eye opening and helpful from a programming perspective). Then as the theoretical and challenge rooms inevitably became more specialised, I was at first frustrated as my progress slowed, but quickly adjusted my expectations to enjoy deep dives into many of the tools used within the Cyber-Security sphere. I instinctively knew that the extra time would be well spent, as Instead of ticking off rooms and questions to maintain a kind of false progress, I would actually be trying the tools in real scenarios and gaining a true understanding of them.
(For the record, you could just read or watch walk-throughs to answer questions on the TryHackMe site were you so inclined)*
So I dove into the Burp-Suite room, and quickly had my beliefs about the value of front end security blown out of the water. I wrote my first Yara rules, I got comfortable in Linux, I copied tickets in Active Directory, I escalated privileges, I served payloads, caught reverse shells, wrote SQL like queries in Splunk and after using Metasploit, vowed to always take security updates seriously. Once I saw and understood the immensity of the of Cyber-Security problem I couldn’t help but become more and more interested.
I am now a recent convert to SSDLC and am especially attracted to DevSecOps. I will never be able to look at another programming project without considering security.

What now?

Now that I have a broad understanding of Cyber-Security I plan to reintroduce coding projects into my training schedule. Although I enjoy the freedom of guiding my own learning, with the aim of maintaining as broad appeal as possible, I look forward to being able to follow a more focused learning pathway guided by the needs of my employer.

View my progress since this section was added to this CV on 07/02/2023:
https://tryhackme.com/p/conquerorselfco
https://github.com/gra-m?tab=overview&from=2023-02-01&to=2023-02-07
Update: I passed my Certified In Cybersecurity exam with ISC2 in May of 2023

* Also for the record, these walk-throughs are an absolutely necessary resource for newbies as you build up your experience.







Want to print your doc?
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.