A General Update

An update! I'm busy with AWAE and job-hunting, but soon will write about logging techniques and other productivity tools like Kanboard.

1. Learning

Security-wise, the first month and a half of 2018 was primarily mdsec's online labs, BulletProof SSL and TLS, and a smidge of id0-rsa.

Working as a Vulnerability Research Engineer unexpectedly slowed pure-security-learning. More plugin-pumping than security research. Mostly local version checks (think SSH/SMBing in and checking local files/registry keys/plists for version numbers - it can get surprisingly complex, but still isn't too fulfilling); Rarely getting the time to investigate the actual vulnerabilities the scripts checked for. It was still fun to design and upgrade internal libraries and detection modules, but that's software development - not security.

Thankfully, we had frequent-enough monotony-breaking incidents including a 24 hour pen-test for PCI ASV accreditation, multiple rapid-responses to important/trending security issues, and a two-week-long zero-day research rotation. These allowed real research (finally learned shodan) and the latter was definitely the highlight of my time there. I almost got to do CoreLan's Advanced training, but it was unfortunately downgraded to the Bootcamp version due to less experience of some team members in that area; Bootcamp is less valuable than OSCE and while it would've been fun to get anyway, it also would've tied me to the company for an additional year. By that time, I was already planning on leaving Ireland.

On the less technical side, it was fun to follow how the domino effect of clickbait-media warps modestly-stated advisories for minor vulnerabilities in obscure software into hyperbolic geopolitical fear-mongering.  Plus, GDPR, PCI, IPOs, research/publication lifecycles, interviewing and designing the questioning for 3 candidates of differing roles, studying 4 different managers to store good ideas for the future, and blah, blah, blah.

I also did IELTS in August. Questionable if that's "learning," though.

After leaving, it was mostly coding, web application development, service automation, system administration, security hardening, and enumerating where I want to live. Now it's all about ringzer0 and AWAE. I want RCEH by 2021 through the power of robot peer-pressure:

Offensive Security are moving AWAE from an in-person to an online course. It seems those with both OSCP and OSCE were given the opportunity to test it early. It costs 1k+ EUR, but they're always fun and it's a unique opportunity. As is tradition, I'm already spamming out odd-shoops and will pollute the internet with them once I'm OSWE.

2. Plan (2018)

  1. Save money
  2. Buy apartment

I made the first goal and could've gotten an apartment in Dublin, but is it worth it?

3. Housing Crisis

  • In Ireland, since 2017, every quarter both rent and buying prices were increasing by about 10%.
  • Prices are higher than the pre-recession bubble.
  • This time it's a supply-demand problem.
  • Nothing is being built.
  • The homes we have aren't great. Take a look at the average BER.
  • People literally camp outside new apartment buildings in tents to bid first.
  • People have paid €500/month to rent hallways.
  • Dublin rent is more expensive than anywhere in both Norway and Switzerland.
  • At one point last year, in a town of 30k people, 3 apartments were available to rent.
  • Government hasn't ignored the issues, but their attempts to help only increased demand.
  • As a single person on a salary 1.6 times Dublin's average you might be able to get a €300k mortgage. That'll land you a non-terrible apartment.

4. Work

Some excellent co-workers with an awesome work-ethic. Great company overall. Excellent learning experience. It became a challenging job, but not in a good way. There were many criteria I logged, discussed and weighed for months prior to making my decision to leave. I suppose the bottom line is I can earn more and do more valuable work elsewhere. They offered me a raise, and I probably should've taken it and stuck around until I found another job. Moving country appears to increase the job-hunting time more than anticipated. Nnnnnnot gonna repeat that mistake!

PROTIP: If your US-based boss messages asking you why you're still online at 2 am UTC, this is a solid response.

5. Countries

Ireland is nice, but Irish income tax is 20% below ~€35k and 40% above. "But wait; there's more!" Due to additional taxes like USC, the higher range is effectively 52%. Our economy is doing better. Salaries are increasing. However, not at the same rate housing costs are. Our woefully-spent taxes cripple our local purchasing power and return nothing compared to, say, Denmark's social services.

Ireland is nice. The government is incompetent. If we had nukes, nuclear winter would've already happened. By accident. I don't want their hands on my future.

From June I was planning on Canada. After enumerating the process, I got IELTS in August because apparently Irish people don't speak English.  However,

Looking at available Canadian salaries, one would end up earning about the same as in Ireland. Canada has its housing crises, too, but there are places like Calgary where one could earn 120k CAD and live quite happily. I also love their culture.

Moving to work in Eastern Europe for 5 years and coming back to the West would mean your savings are worth 50%. I want the ability, in 10 years, to move to western countries and have my savings stay the same. That requires a strong and stable economy.

After a ton of research, Switzerland and Norway are my primary targets. With more infosec jobs in Switzerland, it's the likely candidate. Of course, the US was a candidate, but Taoiseach Seán Lemass, in the 1960s, asked President John F Kennedy not to give Ireland an allotment of US visas in an attempt to stop the brain drain in Ireland. This was the last time the US immigration system got a complete overhaul. Things are not easy. Source.

6. Plan (2019)

  1. Move country
  2. Rent, Save, Hack

 

↑ Top  ⌂ Home