Skip to content

Planning Ahead by Looking Back

The arbitrary end of the calendar year approaches. This is always a good time for review.

The purpose of a review is to take stock of what you accomplished compared to what you planned to accomplish. If you've accomplished everything you've planned, then odds are you didn't press yourself enough. If you didn't accomplish everything you planned, then you need to refine your expectations or your prep work. From a work // employment standpoint, this is a chance to burnish your CV // Resume combo, even if you have no plans to switch jobs. You may consider a switch, or have one forced on you, at some point. In this case it is easier to hit the ground running if you keep your resume and CV accomplishments current. I use the accomplishments of the year to plan for my goals for the following year, and build a long term plan, so I have a focus.

As James Spader said in Stargate, the last point needed to get to a destination is a point of origin. To consistently track your journey, you need to keep looking at that point of origin to stay on course. As you hit different waypoints, that changes the point of origin for the current leg of the journey, but keep the original one in mind to maintain awareness of where you started.

My journey started when I went to school. I got my first IT job, then I got my first InfoSec job. Then I got my associates, then a better job with a pay and responsibility increase, then my bachelors. It took me time to get some certs and work my way into a top flight institutional defender position. Once there, I worked to build out professional 500 level InfoSec certs, learned new technologies, demonstrated excellence, built out a mentoring program, started speaking at Cons, started writing a blog, and started building an e-commerce website.

That is a lot of accomplishments. And it seems daunting to people new to the industry (or even veterans). Take a look at that list, and realize that began in July 2006. I see a list of accomplishments over 12 years, and I feel I have not done enough. It takes time to build momentum. Success builds on success. And the more wind beneath your wings, the better you are at charting a course going forward.

I have three SANS certs: GCIH (504 Incident Handler), GCFE (500 Windows Forensics), and GCTI (578 Threat Intel). Planning ahead, I am taking the class and exam for the 572 Threat Hunter course in Q1 2019. Beyond that I know I need the 401 GSEC and two gold papers to press for the GSE. That will press into 2020. The past has helped inform my direction as an institutional defender, and I need to shore up my certifications to be able to demonstrate that. This is good from a job standpoint, and to have a skillset that lets me press for more training and leadership // directional decision for my institution.

I need to get the website fully secured and both Android and iOS apps built for the site by end of summer 2019. Site is almost done, and infrastructure yet needs to be built. I've done most of the legwork, and Humble Bundle and No Starch have helped provide resources. The ultimate goal is to build as near passive income as possible, as a resource to eliminate debt, build more of a nest egg, provide a safety net, and build independence.

I need to get the CISSP, for reasons both obvious and personal. I need to slot time in to do that, and the study should start in 2019, even if the exam is in 2020. Whatever direction I go, it both shows an excellence HR departments understand, and it provides flexibility to be on either the policy or technical side of the house.

I need to press for my Masters. To do that I need to take the GMAT in summer 2019, expecting school won't start until January 2020 at the earliest. And I need to decide between a MBA, a Masters in IT, or a combination program. Once again, the credential matters, as there may be opportunities for leadership at my institution, and I need to further separate myself from my cohorts, though I expect taking on the role would come with their support.

I need to start outlining both of my books. I plan to write a fiction book and a non-fiction book on Infosec. Sometimes all you have to do is sit down and write. But it will collapse without structure. My desire is to put something out there that will help future institutional defenders start and build a career.

I think of where I started, and how the successes built on each other to maintain a progression closer to exponential than linear. All things take time. What's important is to compound the successes over time. This won't make accomplishments easier, it will make the burden of success easier to carry.

"Progress not Perfection." Denzel Washington in The Equalizer.


1 thought on “Planning Ahead by Looking Back

  1. H Carvey

    > ...sit down and write...

    Very true. I started that way with most of the writing I did in the military, but that always had a structure already associated with it. For books, it's more about developing the outline and writing from there. As a chapter is written, the outline may develop, as is/can be an iterative process.

    Looking back and taking stock of how far you've come is something I've always done on IR engagements, even going back to when I was running teams to conduct vulnerability assessments. It keeps everyone (even if "everyone" is just one) on track and focused on the goal(s) at hand.

    Good luck with your goals.


Leave a Reply

Your email address will not be published. Required fields are marked *