@sroberts advanced persistent incident responder

2017 Goals

Time Square Source: Flickr

Ahh January 4th. It’s that time of year to review 2016 and think about what’s coming in 2017. Let’s start by looking at what I kicked off 2016 with:

A Year Later - 2016 Goals

Did I get it all done or fail miserably?

Little A, Little B Source: Pinterest

Here is the breakdown:

  • Chess: I play a lot of chess on Chess.com. My rating has hovered around 1000–1100. I could do a lot better if I took the time to review my games better, but I haven’t gotten there yet.
  • Code: My coding, both in Python and Golang (even a bit of JavaScript) has improved. I’m a decent enough coder, but would love to be a developer (better architecture, writing tests, etc).
  • Cook: Well I got over that Blue Apron thing and cook 3–4 times a week. I’d like to get better at it, and plan to review some cook books, but it’s coming along. It also does feel healthier.
  • Exercise: I was on track for 1200 miles as of June but eventually a combination of travel and 95F+ degree days just sapped my will.
  • Read: One of my better wins. I read a lot this year. A combination of regular Kindle and Audible audiobooks. Some favorites were Dark Territory, Incident Response & Computer Forensics 3rd Ed, & The Cuckoo’s Egg (Yeah I know, I was late to the party). For pleasure I can’t recommend The Blue Ant Trilogy (Pattern Recognition, Spook Country, & Zero History) by William Gibson enough.
  • Write: I’ve blogged a bit, I think I did better than last year (as well as moving over to Medium, which has it’s pros and cons). The real coup however will be in 2017 with the release of Intelligence Driven Incident Response, the book I’ve been working on with Rebekah Brown.

So so but overall I was pleased. So what about 2017? I’m trying to streamline my goals even more and make them more concrete. Here’s my initial four goals:

Learn Reverse Engineering

Reversing (specifically to understand malware (vs trying to develop exploits)) is one of the most fundamental DFIR investigative skills. I’m a capable malware triage analyst, using basic static (Yara, hashes, metadata, etc) and dynamic (mostly sandboxes) techniques to understand malware. I’d like to get much deeper and capable. I’m planning to start with Practical Malware Analysis and probably a reread of the Malware Analyst’s Cookbook. I might approach this in the style of 100 Days of Code and do my own 100 Days of Reversing.

Lose At Least 30lbs.

Yeah I know, that’s what everyone says on New Years, but this is really what my cooking & bike riding have been leading to. I don’t believe it’s a one factor fix, so a combination sleeping better, cutting calories in the kitchen, and burning them on the bike should do the trick. I might also look into giving rucking a try, in part just because of my odd obsession with the GoRuck products (seriously, as a bag fiend this is the best bag I’ve ever had, full stop).

Read & Write Daily

Again a combination/merging of previous goals. Reading more improves my writing, writing makes me want to read more. Both improve my thought process, understanding, and expand my worldview.

Automate more of my Life

This is the last one added and honestly just sort of thrown in. I’m not 100% sure what it means though. I’ve had great success with automating a lot of small things using IFTTT and a few other small tools. I’d like to continue to improve that especially around organization. Life is short and there’s a lot to do. I can use all the help I can get.

2017

2016 was a crazy year for a lot of folks. If 2016 was a battle for many I tend to think 2017 will be a slog. It’ll take patience and understanding, but I think there is tremendous opportunity. Have a very happy New Year.