About the Author

My name is Aaron and I am a Security Analyst working for a University in the US Midwest.
I decided to finally throw a blog together in the hopes of giving myself an excuse to better document and dig into the various things I'm working on learning and messing around with at any given time in the hopes that it will not only help me, but might serve as a useful assistant to anyone who happens to stumble on whichever random article of mine while searching for a solution to their problem. 

I am relatively new to security, having only been in the field for a little over a year now, but it's something that has definitely been an interest of mine for a long time now. I just finally got around to pulling the trigger on learning more about it and getting into the field.

While I'm new to Security, I am at least able to build on a foundation of almost 10 years in IT. I have worked everywhere from restaurant kitchens to warehouses before finally stumbling headfirst into an IT position at a small Medical Billing company, before moving on to work for the University that I'm with now. In that time I've worked with everything from printers (never volunteer to replace the broken part in a printer because it will be "A pretty quick fix". It is never a quick fix...never) to installing and managing around 2,000 security cameras of varying quality and reliability. 

Security became an interest back when I was working in medical billing. The nature of the job was very much a lot of "this isn't written down anywhere so figure it out" work, and while frustrating, it was a great way to learn and develop my skills. In the course of looking into things like PCI and HIPAA compliance, things I had never heard of previously, I stumbled onto a video that I'm sure sucked so many people into the field of security. A company talking about their pen test gig, which involved a physical and digital pen test. It looked incredible. These people were basically being paid to be James Bond. I thought the job sounded so fun, but being new to the IT field in general, everything I looked at just felt like an overwhelming amount of information. It felt like trying to fill a Solo cup with a fire hose. My Associates in Graphic Design hadn't prepared me for that moment...hell, I feel like it barely prepared my for Graphic Design (as I'm sure will be plainly apparent from this blog, I took one class that covered HTML/CSS and this was a while ago). 

After years of feeling like I wasn't smart enough to make the jump, and feeling like I had pigeonholed myself in the Administrator field by working in a relatively niche field with security cameras, while not doing enough actual server administration to feel comfortable, I finally decided to bite the bullet and try to get into security. My first task was to get something that I could hopefully use as a foothold to a job. I studied for months and finally got my Security+ cert, which felt like a massive accomplishment. I've never been a great test taker (as my two failed attempts at my MCSA can attest to...) and I was incredibly nervous. All of the security terminology was daunting and I was worried I was wasting another day and more money. But I managed to pass. And after 50 or so applications sent out over the span of a month or two to any job posting that seemed even remotely open to taking on a new employee, I got a job in security and soon after I got my GIAC GSEC certification. 

Beyond that I'm currently working on hopefully refining my security career and moving towards the Pen Testing roles that looked to interesting and tempting all of those years ago. It's what I end up doing with a lot of my nights, just trying to learn little things here or there, and fill the numerous gaps in my experience. 

So, congrats. You've made it to the end of this "About Me" that somehow went on much longer than expected. Feel free to contact me via the email address linked from this blog should you want to know more!

Popular posts from this blog

Hacking Windows Domains: Introduction

Image
Part 1 of the Active Directory series. Wilkommen, everyone! After a few hurdles with my homelab server throwing a fit and forcing me to frantically recover my VM's so I could get all of my files off of my file server and temporarily into the cloud, I'm back with a new setup. I've moved from Hyper-V to ESXi, which I always liked for the ease of the web interface, and I've finally been able to recreate my hacking lab as well as my Kali machine that I use to learn on. As I work towards a pen test certification, I've been using a handful of resources to learn and get hands-on time. First up has been the great Active Directory rooms at Try Hack Me . The other has been the great Complete Practical Ethical Hacking course from TCM. This lab will be setup similar to the lab in the PEH course, as it makes it a bit easier to follow along with Heath's videos. There's always Hack the Box to get some hands on time as well, but that's something better saved for anot
Read more

What Would Life Be Without a Few Roadblocks?

Image
Enjoy a sunrise photo instead of hacking content. Naturally, once I got the lab built back up and everything would be when my server would die again. So for the past few days I've torn the server down to check everything, run all 8 drives through Hard Disk Sentinel to check the status and make sure the disks themselves weren't bad (all 8 disks scored 100%, despite all being used drives I picked up with the server years ago. I think they're from ~2014?) and then wiped all 8 drives just to be safe. I re-assembled everything, powered it back up and initialized the new Virtual Disk...annnnnnd another drive vanished.  At this point, I'm thinking the SAS Backplane that the drives actually directly plug into that sits directly behind the drive bays may be bad, but for the time being, I just popped out drive 3 which was throwing the error and made the extra 7th drive a hot-swappable drive. This means I'm down to roughly 2TB of space instead of the 3+ I had previously, which
Read more

Status Update: Still Alive

In what seems to be a common refrain in my life, my dreams and aspirations for this blog may have been a bit loftier than I was capable of executing. That said, I do definitely still want to revisit this idea of the "Windows Pen Test" that was part of my learning experience. I think what I realized as I was studying was that my desire to work through the material and keep learning eventually getting to the point of sitting for a test was overwhelming my want to sit on the Windows topic for weeks to make the in-depth blog that I envisioned making. So what have I been up to since the summer where I last updated? I've been working at grinding away at my study resources since then, and hopefully  there will soon be a payoff for the work. As usual, there's a fair share of headaches in between. When I kicked this blog off, I had been plugging away at the  Practical Ethical Hacking  course from TCM. The course was great, as all of them have been so far, and I was really enjo
Read more