2021 December review

1 minute read

Monthly reviews are a collection of posts where I try to review the previous month and set the expectations for the upcoming month. Not only it helps me keep track of what I have on my plate, but also works a public record of things I have done and achieved, both on a personal level and in my profession.

December was heavily influenced by Log4J vulnerabilities ( CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) which have put lots of plans of hold. I did not play the CTFs I had planned to, failed the advent of code and did not have as much time as I would have liked to study. Nevertheless, not all was lost - being exposed to incident management was something I was looking for in a long time and it was the best, albeit brutal, way to get exposed to lots of teams and products we have at work.

Major achievements

  • Service and product exposure due to incidents.
  • Productive reflection time to start preparing next month and year.

Plans and Next Focuses

  • At work, Log4Shell put our projects on hold - I assume January will be a month dedicated to picking this back up and move to with the necessary implementations.
  • Slowly start preparing for OSCP. Not just I miss spending some time pwning some machines, it is time to get seasoned again testing applications, networks and machines.
  • Continue using and working on pmz to work on the new features.
  • Write more on this blog about security and productivity.
  • Finish “Serious Cryptography” by Jean-Philippe Aumasson, the infamous book on Cryptography
  • Review and prepare the next year.
comments powered by Disqus