Intern

Started a new job.  I'm slightly afraid to be talking about it because my boss my read this.  It's exciting.  I'm an intern.

I'm not exactly sure where I expected to start, but it wasn't like this.  My friends told me that they started internships that were fairly easy-just the daily work of IT people-installing software, deleting software, moving equipment around, some troubleshooting...

I don't know how much I can say about what I do.  I can say capture the flags and challenges do not make someone proficient in a task.  They show that a person is willing to work hard and learn; not what they know, now.

Also, red team is not blue team.  Red team is easier.  If I find one vulnerability, that's all I need to start.  Sure, finding others is nice, but one gets me in.  Then I can establish persistence, and use the tools already there to move further into the network.

Blue team has to think of everything, and they have to balance the organizarion's needs with Security.  Sometimes software can't run with fully patched systems-sometimes the budget doesn't allow for an upgrade of equipment, sometimes executives want x software, yesterday without thinking about how it affects the overall security posture...  which isn't necessarily a bad thing.  We're supposed to give them the best advice we can and let them choose.  Sometimes blue team has to do "good enough" Security, not best Security.  And that makes things a little tougher.

I feel like I did when I first started doing challenges, it was frustrating at times, but I really wanted to do well and learn as much as I can.  I hope that I rise to that challenge.  Right now, I'm not feeling so great, though.  I still have a lot to learn.