- Navigating Security
- Posts
- Do more certifications, bro
Do more certifications, bro
Certifications, yay or nay?
Tadi
March 08, 2024
Yoo Welcome to Issue #07 of Navigating Security.
🍃Quote of the week:
Certifications are silent proclamations of progress, signaling the bearer's journey of knowledge and the pursuit of excellence
What To Expect 🫡
Why I always do certifications 📖
API security mindmaps and cheatsheets 📃
Forging your own path into cybersecurity 🛣️
⏱️Incase you missed the previous issue, here you go:
This Week’s YouTube Video:
Everyone hates the OSCP, but they still want it…
I’m doing another certification 🤦🏾♂️
After I did the OSWE, I promised myself I wasn’t going to be doing any more certifications for a while. I wanted to focus on applying the skills I had learned on either bug bounty or CVE hunting, which I did for a while. Not many programs have source code as an option on BB platforms and open-source applications are pretty difficult to install so I found myself making little progress on both fronts. Anyways, shortly after the OSWE, I took CloudBreach’s Breaching AWS course cause why the hell not? 😂 I like cloud security. That didn't take too long so it wasn't too much of a bother.
However, due to some changes (life update soon), I have found myself enrolled in another certification course. This is something I have been wanting to explore for a while now and the opportunity has finally presented itself.
What's the moral of the story? Certifications offer a structured learning path and I am a sucker for that. If someone is an expert at something and they put it behind a paywall, I’m probably going to want to take a peak. I’m still early on in my career so I would like to explore as many areas of security as I can and eventually specialize in the areas I find most interesting. Plus I always make empty promises to myself so I’m taking the CRTP 😊
API security cheatsheet 📃
I found a repository with mindmaps for tackling APIs and the reason I bookmarked it was because it has a mindmap specifically for attacking GraphQL. I always forget what to do with GraphQL after running the introspection query so this is pretty useful. Here is a quick breakdown of what the project does:
In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!
Forge your own path into security 🛣️
I often see people like Heath Adams stress the importance of creating your own path into cybersecurity and I agree.
I initially did the most random certification combination at first because those are the areas I found most interesting: eJPT -> PNPT -> OSCP. Turns out this certification pathway has become a lot more popular; am I claiming to be the pioneer? Maybe 😂, but I digress.
Your journey shouldn't be a carbon copy of someone else's, but rather a reflection of your interests and strengths. The tech industry, and cybersecurity in particular, is diverse and complex, offering endless avenues for exploration and growth. And while it's important to learn from those who have blazed trails before us, remember that the path you carve is uniquely yours.
My advice? Don't be afraid to forge your own path. Pursue the areas that fascinate you, invest in the certifications that will bolster your unique skill set, and never lose sight of your personal goals and aspirations. The cybersecurity landscape is vast and constantly evolving, and there's room for all sorts of professionals with a wide range of talents and perspectives.
Your path to cybersecurity is your own. Embrace it. Own it. And most importantly, enjoy the journey 🫡
Suggestions
Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.
⚠️ The newsletter is currently not sponsored