What I'm reading this week
I've been working more and more on finding my "thing." InfoSec is hard like that. There is so much to dive into that everything seems interesting at all times, and at different times.
For instance, digging into coding seems fun one week, then learning about web applications is fun another week, then you're fascinated by containers. It's hard to focus fully on one thing, because you're interested in all the concepts and feeling like you're falling behind on whatever the things are that you're not looking at.
One of my friends called it the "hacker ADD." You just keep becoming fascinated by every new topic that you become aware of.
While it's good to be interested in things, it can also be kind of hard to work with. I often find myself asking: "Would I be a better coder if I focused fully on that?" or "Would I be better at pentesting if I focused solely on that?"
Unfortunately, I don't think there's a clear cut answer. A lot of these things kind of become little tools you add to your skillset toolbox. The same friend who mentioned the hacker ADD, compared it to having a toolbox that you keep adding to. Maybe you are working on a project and need a hammer. You buy a hammer and you learn how to use it. Then another project requires a screwdriver. You buy a screwdriver and learn how to use that. Over time, picking up more tools, different size screwdrivers, new tools you've never heard of before and so on, you become skilled at a wide variety of things and almost always have a tool for the job.
I've been trying to look at it like that lately. I think it was great advice that I wasn't quite sure how to follow yet, because I always felt like I was playing catchup. Heck, I still do. It's all good. I'm still learning.
Anyway, these past several weeks, it's all been these two books:
- The Web Application Hacker's Handbook 2nd Edition - Amazon Link
- Hacking APIs - No Starch Press Link