Monthly reviews are a collection of posts where I try to review the previous month and set the expectations for the upcoming month. Not only it helps me keep track of what I have on my plate, but also works a public record of things I have done and achieved, both on a personal level and in my profession.
December was heavily influenced by Log4J vulnerabilities ( CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) which have put lots of plans of hold. I did not play the CTFs I had planned to, failed the advent of code and did not have as much time as I would have liked to study. Nevertheless, not all was lost - being exposed to incident management was something I was looking for in a long time and it was the best, albeit brutal, way to get exposed to lots of teams and products we have at work.
- Service and product exposure due to incidents.
- Productive reflection time to start preparing next month and year.
Plans and Next Focuses
- At work, Log4Shell put our projects on hold - I assume January will be a month dedicated to picking this back up and move to with the necessary implementations.
- Slowly start preparing for OSCP. Not just I miss spending some time pwning some machines, it is time to get seasoned again testing applications, networks and machines.
- Continue using and working on
pmzto work on the new features.
- Write more on this blog about security and productivity.
- Finish “Serious Cryptography” by Jean-Philippe Aumasson, the infamous book on Cryptography
- Review and prepare the next year.