Image for post
Image for post

Many of us are familiar with a concept called Moore’s Law, in which chip performance is expected to double every 18 months or so. This “law” is now more scripture than fact as improvements in chip performance have reached diminishing returns. A new problem that now surfaces is how the sheer volume of data that is produced, along with heavy processing of said data (for things like deep learning), puts tremendous strain on our finite resources.

You might argue that one could buy more cloud computing resources or on-site hardware (like graphics cards for mining rigs), but ultimately those are expensive resources. …

Image for post
Image for post
Michael Keaton as Ray Kroc in ‘The Founder’

I sometimes participate in an alumni Discord server, where we recently had a bit of heated debate regarding the value of our bootcamp program and what we wish could have been different. Two major themes were:

  1. The training on its own was not sufficient/rigorous enough to make us “job-ready” relative to the inflated expectations of the hiring market.
  2. The career paths laid out, “penetration tester” and “SOC analyst” and “Red Team” vs “Blue Team” felt binary in an industry that is filled with niches.

I would like to take some time to exercise some empathy on behalf of our instructors who have been taking a lot of flak as well as suggest an alternative that might be a compromise between student and shareholder value. …

Image for post
Image for post

Most days I’m glad to have gotten out of my line cook position long before COVID-19 hit, but at moments I still look back in regret for leaving too soon. The bitter-sweetness of that time lingers in my mind, for better or worse.

Salaryman to Shokunin

Tired of the ad agency and startup environments where politics seemed to rule above competence, I decided to start looking at restaurant classifieds after nights of bingeing on Chef’s Table and Jiro Dreams of Sushi on Netflix. I was interested in traditional Japanese restaurants particularly because:

Work Ethos

Even as a lowly assistant, Japanese chefs at a place like Jiro’s aspire to to be artisans and take pride in getting really good at their respective skills. As someone who was more gratified by accomplishing technical tasks rather than attending meetings, the idea of producing good work for its own sake and not the bottom line (which, in modern corporate culture, discourages quality) was incredibly attractive. As someone maladjusted for jockeying the career ladder, this path felt like it would be a meaningful and gratifying fit. …

Image for post
Image for post
Be prepared to spend a lot of time inside your thoughts.

One Size Doesn’t Fit All

After nearly 7 months of bootcamp, self-study, and job hunting, I’ve finally made it — I recently accepted a full-time role as a SOC (security operations center) analyst. The story I’d like to share though, is not one that you would expect to see on the brochure of a bootcamp program like the one I attended.

I went through hell obtaining certifications it has taken others years to acquire, spent thousands on top of bootcamp tuition for additional training/exam fees, all to land a gig paying $35k less than my previous role as a data analyst. …

Image for post
Image for post

Button Mashing

If you’ve ever participated in a CTF or have tried web application penetration testing, you might have come across a situation where a response must be made to the server in a limited amount of time. The more complex the exploitation process gets, the more unlikely it is that you’ll be able to send off the correct values within the expiry time.

Rather than simply attempting to copy paste faster, we can see this as an opportunity to use scripting to automate the process, which will, on top of speeding it up, make it scalable and less error-prone.

Example: JWT Token Exploitation

TryHackMe has a room called ZthObscureWebvulns which showcases miscellaneous web app exploits, one of which is JWT token manipulation. JWT tokens are used as a secure authentication method and this lab in particular ups the challenge by imposing an expiration time for each token. …

Image for post
Image for post

As they say, necessity is the mother of invention.

In my case, I was tasked with attempting to brute-force a 4-digit multi factor authentication code for a lab from Portswigger Academy. This amounts to 10k possibilities (10 digits ^ 4) ranging from 0000 to 9999. On the surface this doesn’t look terribly hard, if it were not for the fact that:

  • Burp Suite’s Intruder tool is speed-throttled for the Community Edition, which makes fuzzing through all those values very slow. The lab will likely time out before you can actually find the right code.
  • I am currently too broke to shell out $400 for the Professional license. …

Image for post
Image for post

Try Harder.”

That’s the advice that Offensive Security will give you when you’re attempting their lab environments and certification exams. It sounds condescending and unhelpful, but it’s actually crucial for developing your critical thinking skills and possibly more importantly, your grit. That “productive struggle” challenges you to push past your current limits, and trains you to keep digging deep as you progress in your journey.

But sometimes, you’re just really at a dead end. And that’s OK.

It’s good to have pride in ourselves and our abilities, but that pride can also be a stumbling block for our progress. The desire to feel like we’re the best and brightest can get in the way of actually growing, which should be the primary objective for someone starting out in cybersecurity. …

Image for post
Image for post
Mackenzie Davis as Cameron Howe in “Halt and Catch Fire”. I aspire to be as 1337 as her.

My decision to attend a bootcamp for cybersecurity was a surprise for many around me.

My parents didn’t get why I’d give up on a steady high-paying job, especially with the quarantine recession looming around the corner.

My boss and the head of people were caught off-guard as I seemed to be hitting my stride in maturing my side of the business.

My peers were surprised that I’d choose cybersecurity rather software engineering or data science, which were much more popular routes.

It’s a bit of a long story, but I hope my meandering 20s can be of some help to other folks trying to find their way. …

Image for post
Image for post

Anyone who grew up in an American high school would likely agree that it was not cool to be smart. The bookish are valuable for copying homework, but at the end of the day it’s the beautiful, charismatic, and athletic who end up at the top of the totem pole. Even the band and theater geeks sit above the pure bookworms, though the margin could be disputed. Of course, there were the unicorns who had it all, but for the time being let’s focus on the plain nerd (the tribe I belonged to).

As we approached college and then employment age, many of us looked to tech heroes like Larry, Sergei and Mark as validation — the world was changing, and our time would come. The nerds would have their revenge. …

As if waking from a night’s slumber, my youth passes like the hours gone by. I reach for memories, but they slip away like hazy dreams that cannot be rewound. With each day that I grow older, that which is inevitable looms uncomfortably closer.

The body which seemed emaciated in high school now struggles to keep weight off. Friendships which seemed would last forever fade without much struggle. And each year, my parents will ask that dreaded question: “When will you get married?

It is, as they say, a rite of passage. Each season in life contains milestones for normal people to achieve, like owning a house or raising children. I understand their concern — it sometimes does pain me to see those younger than me getting married, as if I had missed the boarding of a train. …


Kevin Huang

Words I Never Said

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store