Man, 2024 was a wild year of highs and lows, both personally and professionally. It looks like 2025 is likely to be similar, but hopefully more of an upswing. January kicked off by moving off Notion.so and Super.so and into Ghost.org for this blog based on a recommendation from Molly White. Fortunately, the move wasn't too painful and allowed a much more stable (and cheaper) platform for me to use for the year. Shortly afterwards, I was given lifetime access to the entire Antisyphon Training On-Demand catalog from Black Hills Information Security (BHIS) for helping folks out on their Discord server. Since obtaining access, I finished 5 of their courses, with 2 more in progress as I have some time here and there.

Next up was helping out with Minnesota CCDC and being offered to helm it's Red Team for 2025. Running CCDC, coming up with ideas and writing about it has taken a significant amount of my brain power this year, which has mostly manifested in my How to Win CCDC series of posts and the accompanying Discord server I launched with it. I definitely have some room for improvement on the Discord server front, as I have not been able to dedicate as much time to it as I would like to. I am happy that it's managed to get 82 other people in there so quickly though. Including folks from out of state, which was a pleasant surprise.

Speaking of community engagement, I managed to hit up 3 cons this year. I volunteered for PancakesCon, which was awesome. I attended DEF CON again and also attended Wild West Hackin' Fest (WWHF) which may be my new favorite con. I had asked Velda (the lead con organizer) and John Strand (BHIS Owner) if I could volunteer next year and it sounds like I should be able to, which I'm excited for. I hope to volunteer again for the next PancakesCon. Since Lesley Carhart is currently in the middle of emigrating, who knows when that'll be. I wish them the best of luck for their move. Lesley is Good People and I hope they get the break they deserve. DEF CON moved to the Las Vegas Convention Center this year, which is a much better venue than Ceaser's Forum. I ended up making some new friends while out at DEF CON and met some people I have looked up to for some time now. Bumping into folks that I met last year was awesome too.

WWHF was incredible. I bumped into my new DEF CON friends again, made some more new friends, got to put some faces to names, confused a guy from Google with 4 of us having similar names and had some awesome conversations about the industry. Deadwood is a great town in a gorgeous valley with a ton of charm. I'll try not to sprain my ankle right before going out there next year so I can experience some hiking. Honestly the worst thing about it was the drive out there. I got so tired of seeing HAVE YOU DUG? WALL DRUG on the way out west it was driving me insane. Coming home from WWHF had solidified me as a big time BHIS fan. They are an incredible group of people. I think next year I want to bring a noob to a con. Not sure who, or what con, but I think it would be a rewarding experience.

Work continues to be, uh, work. I don't want to say too much, but let's just say my cadence of a new manager every quarter (on average) is still ongoing. I am still quite unhappy there. Manager number 8 in 2 years now... Woo...

On the job front, I almost got hired at 7(!) places this year. One in particular was a company that would have been a dream place to work. I didn't expect them to even consider me, nonetheless that I'd go through their entire interview process. I'll try again in the future though, they haven't seen the end of me. By almost getting hired I mean that I finished all interviews up the interview rounds, but getting beat out by another candidate at the end. This is the core of the rollercoaster this year, at least professionally. My flubbing of an interview for an IoT pentester position at a global manufacturing company was the catalyst of some professional growth at least.

This year I spent a good amount of time learning how to do Web Application Security Assessments. I had been futzing with Port Swigger Security Academy off and on for a while now, but I moved over to Hack The Box Academy's Bug Bounty Path instead and I think that was a good call. The Port Swigger Security Academy seems to expect you to have a solid understanding of Web Assessments that I just didn't have at the time. If I were to work it now though, I think I would be able to make a lot more progress on it. Outside of learning web (mostly), as mentioned earlier, I took 5 Antisyphon courses this year.

1. Regular Expressions, Your New Lifestyle
2. Intro To Pentesting
3. Foundational Application Security Training
4. Attack Emulation Tools
5. Reporting for Pentesters

Reporting for Pentesters was probably the most impactful course I took this year, however all of them were quite well made. Intro to Pentesting was probably my second favorite course, as John Strand explains how pentesters operate within a business environment and not just technically, which is surprisingly hard information to find if you aren't already working as a tester. While at WWHF I also attended Tim Fowler's Bring Your Own Satellite workshop, which was an interesting experience. It would be cool to dive more into RF and space security at some point in the future. I also learned how to solder, albeit not super well.

I also moved over to a new handle and domain this year. Partially to aid on the job hunting front, but more because I had someone tell me they didn't want to share my CCDC resources with their classes and professors due to the old handle. Frankly, this bothered me more than losing out on job offers did. Shooting myself in the foot is one thing, but the old handle getting in the way of someone else's willingness to share resources to help others learn and grow is unacceptable to me. I want to help people first and foremost. If a silly handle gets in the way of that, then it needs to die and I need to move over to a new one. Also, because I know that person is likely to read this: you didn't do anything wrong. I'm grateful that you told me straight up why and didn't lead me on. It allowed me to take action and hopefully get good information in front of more people.

On a personal note, I didn't get nearly as many minis completed as I had hoped as this year was a struggle for me mentally. Especially in November and December. Last winter was warm, so I didn't even end up skiing or playing hockey. I bought a smoker and seriously leveled up my BBQ and chili game, which my mouth appreciates but my waistline does not. In positive news, I got engaged this year! Getting engaged is without question the highlight of the year for me. I also went on a cruise and left the US for the first time. (Even if it was in the most touristy way possible. Baby steps.) Not sure I'd do another cruise, as the lack of privacy anywhere on the ship or in ports was driving me insane. That and I think my room was right above the sewage holding tank, because our hallway was super rank, but regardless, it was an experience I'm glad to have.

I intended to join a trap shooting league this year, but the transmission on my car decided it needed to die on me right at the beginning of summer, so the money I had intended to spend on the league went to monthly payments on a new car instead. Unfortunately, that new car was just involved in a fender bender this past weekend, so it gets to continue to be a black hole for money while I deal with insurance and get it repaired.

Next Year

I am cautiously optimistic that 2025 will suck less than 2024 and 2023. Not that 2024 was awful, but some stability would be nice. I have plenty going on already to keep myself busy too. CCDC is right around the corner, which means I need to get some project work running for it. I have a secondary, smaller project for another company that I need to work on, which I will share when it's completed. I have a DEF CON project that needs to be done that I am calling Project Shepherd, which I will begin working on again in the spring. I have a domain migration planned for my lab and maybe some hardware and VM refreshes too (And significant efforts towards reworking documentation for my lab because wow is it bad right now). The lab stuff is in flux currently due to some external factors.

Maybe next year I will finish painting my copy of Scythe. Or maybe this will be the perpetual meme. Scythe and Mechs vs Minions have both been halfway done seemingly forever. I have 5 factions to go for Scythe including the 4 factions from Invaders from Afar and Rise of Fenris. I should be getting the Gloomhaven set of minis delivered early next year, which will have 603 of them. That'll take me years to get finished. Of course there will be wedding planning, which I am honestly excited about. I also need to double down on the Discord server and try to make it more valuable to the students who are in there. I feel as though I am letting them down with how sparse it's been. Not that it's completely empty or anything, but I feel it's not as helpful as I want it to be. Maybe I just need some help running things there or something. I'm not sure. It's something to chew on.

Changelog

2025-1-9: Fixed some grammar and capitalized some stuff that should have been initially.