2023 Reflections and Direction Towards 2024

Well, 2023 has certainly been something. A year that seems to be yet another extension of 2020 for most. Although 2020 was a better year for me personally. It’s had ups and downs and I, like almost everyone else at this time of year am reflecting on what happened and reprocessing it while I prepare for the new year. Personally, I think 2023 was the most “meh” of meh years for me. Maybe even a bad year? I am not totally sure.

Reflections

Work Life

A year ago my second manager had just left after putting his notice in. I was solo running a Tenable environment for the company I work for - One of the most complicated Tenable environments that exists (At least according to my sales rep, account manager, and local Engineer who works there ¯\_(ツ)_/¯ ). Once that manager left, I knew right away I needed to leave the company, and started a job search while I revolving doored 2 more managers in the span of a month. I was stretched insanely thin, again solo running multiple Tenable.sc and Tenable.io systems, plus a ton of scanners and their OS components. Eventually, I got a job offer from a local MSP that I ended up rejecting due to a misalignment with long term goals, but not before getting a counter offer from my current employer for a promotion and my OSCP paid for, and considering the complete desert of offerings for Offensive folks without an OSCP, I needed to get back on the grind.

I then had OSCP take over my entire personal life for 4 months. I am incredibly glad my SO was supportive and patient with it. I think next time I do an OffSec cert, I will opt for Learn One instead, so I don’t have the nonsense 90 days of coursework and lab time again. After failing attempt 1, I hit Hack The Box a little bit to cover some gaps, and looked through the 2023 course material PDF because of course when I took the course a massive wrench would be thrown into it via big course update that makes the “easy” path of taking the course that much more complicated. Regardless, I got the cert on the second go around and can put it behind me.

By the time this was wrapped that up I had a 5th manager within a year, and was told that I would have some downtime. While I was working on my OSCP on my personal time, I still had my day job of Tenable Monkey, and was maintaining those systems, writing documentation and had just started transferring services to some contractors and exiting that team, plus I was on the hiring committee for manager 5. So I had a new manager, who I was told from the outset that they were temporary. I was told I would have 6 weeks of downtime, which I welcomed. Having JUST come off a cert, the last thing I wanted to do was start another one. I finished transitioning the Tenable systems to contractors, and took on managing relations for some security vendors, which I am still doing. I also went to my first DEF CON, which was an incredible experience. I will absolutely be returning next year.

Well 6 weeks of idle time has turned into (at least) 7 months with a few 6 week extensions and promises. While I have made attempts to continue professional growth in that time, picking up MalDev academy and making some progress on HTB, and Port Swigger Security academy. It’s not been super effective because I havent wanted to get neck deep into something before being told I had to drop it halfway through. I messed around in my lab a little bit, and I also migrated all my notes out of Notion and into Obsidian. It was a ton more work than I expected because I re-structured them to be more easily referenceable. At work I also tried to pick up some additional responsibilities because I am bored out of my skull, the only thing I was offered to work on was picking back up Tenable, which I declined since it provided limited growth opportunities. So these days I have been mostly screwing around with different learning opportunities, while once again trying to job hunt.

Job hunting hasn’t been fruitful, yet again. I did manage to go through 6 interviews with a boutique consulting company, before being rejected due to the results personality quiz I took after interview 1. Otherwise while there are postings, Q4 hiring is hard due to people being out of office for the holidays and taking PTO to prevent it from being lost. These efforts will continue into Q1.

Personal Life

I will speak more briefly here, as I try to keep many of the elements of my personal life private. I ended up picking up steam on mini painting in a big way, doing the player minis from Gloomhaven: Jaws of the Lion, 15 Minions from Mechs vs Minions (The total is now at 35 or 45 completed, I think), the Nordic faction from Scythe, and finally the rover and chairman’s seat for Terraforming Mars. I also backed the Terraforming Mars and Gloomhaven Big-Ass Kickstarters, so when those deliver in like, 2 years I will have 603 more minis to paint (Why do I do this to myself?).

In outdoor activities, I finished picking up a set of hockey equipment so hopefully if/when it FINALLY gets cold enough to get some ice time, I can start shaking off the rust and start skating hard again (I have not played hockey since I was a little kid, but have continued to skate recreationally). I also took up shooting sports in a major way this year, and actually scored my first perfect game in Trap, which was awesome. I also brought my average up to 21/25, so notable improvements there for sure. I also went skiing in the mountains for the first time this year. It was way more fun than Minnesota skiing, and absolute murder on my legs. I want to make that a somewhat regular trip I think. Once every 2 years? We shall see.

I wrapped up a Baldur’s Gate: Descent into Avernus campaign a homebrew extension I wrote after 2 years, and we finished up a 2 year Curse of Strahd campaign. So 2 days a week Dungeons and Dragons is finally down to 1, leaving me time to do other stuff. Speaking of D&D, Baldur’s Gate 3 took over that time to do other stuff. Funny, how I have been wanting to play D&D 1 day a week for like a year to give me more time to do other things, which was immediately taken up by another D&D property. Either way, the game is incredible. 10/10 and I highly recommend.

What’s Next?

As for what I want in 2024, there are a few things I have in mind. First and foremost, I want it to be cold enough to put the new hockey gear to use. In a professional sense though, I need mentorship most. Quickly following that is a new organization to work for. Corporate life just is not for me, so ideally I would find a smaller, boutique security vendor to work for. Barring that, hopefully I can find a corporate security org as an alternative would be a good idea, as I already speak F500 and I think being in an org where security is the product should hopefully net me much better growth and development opportunities. I just can’t be in an org that lets me be idle for 7 months. I need constant growth and development to thrive. I can’t stand being bored, and it’s having a notable career impact, at least from my perspective.

To go along with that, I want to take a workshop this year at DEF CON. Specifically on Thursday. I have made it my goal to get my OSCE3 within the next few years, and I have a goal of having a DEF CON talk or tool showcase (Village would be okay too) within the next 3 years. So maybe the thinking is give OSED or OSEP an attempt this year? Currently unknown. As I said, I need mentorship. Given that WEB-300 is on that list though maybe I push Port Swigger Security Academy first. I don’t know, but I will get something figured out.

I am volunteering for Red Team at CCDC again this year, which I am excited for. I will continue speaking to schools, specifically my alma mater high school and college. I will also attend Wild West Hacking Fest this fall, and I may end up volunteering for PancakesCon if Lesley does it again. I want to continue my push for networking with folks. Having graduated mid-pandemic, meeting people has been especially challenging for me. Conventions are great for meeting new folks, and I think volunteering for one would be even better since its not just “Hey I’m WinterKnight” and people can go “Damn that guy works his ass off” as a response.

On a more personal note I got a soldering station for Christmas this year, so I will be finally learning how that works. In other personal growth and development, food. I really need to diversify the meals I make, and I want to dive deeper into BBQ in the summer. So the goal is to get a smoker here soon, and compile a large list of cookbooks I have into Obsidian so it’s easy to reference and search without having to onboard into Yet Another App. I want to be the guy who makes neighbors think “Man what smells so good?” when they walk past my house. I also want to focus on foods I am less familiar with, especially Asian cuisine. I also hope to finish up the Scythe minis this year. I don’t expect to finish the Mechs Vs Minions ones, just because they aren’t exactly that interesting to paint so I get bored working on them. Maybe I can aim for an additional 25 to be done?

I think that 2023 is a mixed bag, leaning on bust. However bearing in mind that I catch a pretty rough seasonal depression in November-December, so that is probably influencing my thinking a bit. I need to find my work-home, ideally an org that will let me grow and develop internally. Oddly enough, the actual home life is finally the thing that isn’t a dumpster fire (Well, at least its a smoldering one nowadays compared to even 3 years ago where it was raging. That discussion is reserved for a bar with a drink in hand). Anywho, I managed to kill more of a day in writing this than I expected. Time to prepare for a Paranoia session I am GMing. Ill be back.

-WinterKnight

Changelog

2024-09-17: Updated reference to handle, fixed a broken sentence.