You: What the hell happened to you?
You see, i typically say i am lazy, even though i am not (too much…don’t judge me). I keep doing my stuff, working out and learning as much as i can about security (stopping depresses me, not stopping drains me, decisions decisions). However, i have two major problems: lack of time management capabilities and an everlasting need to try/learn new stuff.
I like to write and teach, which explains why i started this blog. Yet, i like to know what i am talking about before i teach anything and i am never satisfied with the depth of my knowledge (call it low self-esteem). Since i have had nothing meaningful to write about, this blog has been quite empty. Also, a lot has happened since my last post:
- I finished my thesis (it was about protecting PaaS services against malicious administrators). I can finally call myself an engineer (bow before me minions!).
- I am working for
as an Information Security Analyst (at Dublin’s SOC)
- I moved from Portugal to Dublin
The first point is cool and stuff but, unfortunately (for me), not really valued by good IT companies. I may post about it later but, for now, let us focus on the FireEye thing.
If a fellow Portuguese is reading this post, he/she will probably relate when i say that Portugal (at time of writing) is ruled (in terms of IT employment) by consulting companies and security-related jobs are pretty bad. So, i would be basically working in boring projects, being exploited by consulting companies and complaining about all of this every single day. I searched a lot and sent my CV to many companies: FireEye, Facebook, Google, Amazon, PaloAlto, Fortinet, RSA, BT. In my country, i spammed every single telecommunications provider, bank and supermarket chain. Truth is: hardly any of these entities hire directly (they typically hire consulting companies which, in turn, hire people).
FireEye got me first and I was super excited when i got my first email from them. The whole recruiting process was smooth and handled by extremely nice and professional people (expectations met). At that time, i was a bit slightly sad because i wanted to go to the US (cliché, i know). Calisthenics gives me the freedom to workout outside but I knew Dublin’s weather was bad (confirmed!), which would probably mess up my mood and my willingness to workout. Still, i knew that Portugal was not the way to go for someone passionate about information security. So i did what i never thought i could do: accept the job offer and move to Dublin.
If you live in a country where the economy is plain bad, you are encouraged (pretty early) to leave it and go abroad, to look for companies and people that actually care about you, and can provide you with new and meaningful challenges. However, as an IT expat i must warn you:
“Leaving alone abroad is no easy task.”
This is my first experience (6 months on 15th August) abroad, which may explain some misconceptions i have and some mistakes i am making but, depending on the type of life you had back at home and your objectives, leaving your country may be worthwhile or a plain waste of time. If you want to leave your home land just for the experience, and you want comfort and fun, then do not leave it with the objective of saving money, you will be disappointed. If you are on a tight budget and you left your country for money and CV purposes, then be prepared for restrictions: small house, cooking a lot and if you get a studio (as i did) be ready for some dish-washing madness. Leaving your home country require a lot of will power and sacrifice. Hope for the best but be prepared for the worst.
But, advice and complaints aside:
What am i up to now?
I have been through lots of phases in terms of learning: pentesting, networks, programming, forensics, etc. Without going into further detail, i can tell you my job requires heavy forensics. Finding evil baby!!!
I like lots of areas and i get bored easily. I used to jump from subject to subject and never got anything done. I have been reading Practical Malware Analysis for a few months and i have to tell you, i am quite happy with what i am learning so far. I have been encouraged by a fellow Portuguese friend to dive into reverse engineering, assembly and malware analysis. I have had experience with assembly in the past. However, i was very afraid that i needed to know lots of low level stuff. Bear in mind that i am just a grasshopper and i may be simplifying stuff. However, i find the book quite easy to follow (both theory and labs) and i have managed to stay focused on this subject so far: no more drifting away, and i am not even bored.
With this i conclude my post. I intend to address malware analysis and reverse engineering on future posts. Until then
Stay safe 😉