2016 Audit: The Good The Bad and The Ugly

Since I don’t believe in resolutions, I do an audit at the end of the year.

At the end of the year, I like to do a good, bad and ugly audit to really prepare my focus for the following year. As I don’t get bent out of shape over celebrities and reality stars dying, the best way for me to see how 2016 was is to reflect by writing it all out. Once my ideas are down on paper, they come together. Furthermore, In the spirit of showing my work, here’s a breakdown of how it went for me in 2016.

GOOD - these are essentially achievement points in life or events I’m grateful for.

  1. Transitioning Information Security to a career instead of just a hobby. It’s really amazing to wake up and be surrounded with other like minded individuals and collaborate ideas/experiences with them. I have also learned more in the past eight months than I have the two years or so of doing it in my spare time.

  2. Moving back Stateside, While I enjoyed my time in Guam, it is nice to be home.

  3. I have read (or listened too) 29 books this year, some really great books and a few duds, but overall I am chalking this up as a win.

BAD - these are just events or plans that I set out to accomplish, but for one reason or another, it didn’t happen.

  1. Github contributions/ more coding in general. I really wanted to spend 2016 getting better at writing code like a developer would (a good one at least) , however that really didn’t happen. Instead, I did use Python quite a bit and developed some new uses, most of it is hacked together 10-40 line code to do one job. Not really something to be proud of, a little buggy, but got the job done when I needed it too.

  2. Run More. More commitments and “time-sucks” hampered my physical fitness a bit. I am still content with the level in which I have maintained but 2017 will be the return of at least one 13.1 and one trail run. This was seriously due to laziness and by signing up for races in the coming days, it should push me to correct it. Spending money to suck at an event is against my religion.

  3. Blog more. I didn’t really write crap despite this blog being an outlet to better my writing skills and express my stuff. Like running, I just didn’t write as much as I could. Too much Social Media/Netflix, not enough producing.

UGLY - These are habits or “time-sucks” I have decided to change in 2016 because they led to nothing productive.

  1. Batching Social Media - I have gotten rid of FB, and will only use Twitter to interact sparingly in my batched time frame for “interneting” (roughly 20 minutes a day on lunch). The 140 character limit is great and I like seeing what the infosec masterminds are working on. I got sucked into the Social Media wars of 2016 and decided in October to just quit it. Control the things in which I can and move on.

  2. Less Information, more execution. 2016 was full of reading books, podcast, blogs and every new article that popped up on how to be productive or successful, etc. While I did get value out of the information, I have decided to severely limit the amount coming in. I am not going to find a silver bullet or that one article that will change everything. That will only happen with dedicated work.

    “If information were the answer, we’d all be billionaires with perfect abs” - Derek Sivers

    Instead, I am going to focus on listening to five podcasts (Infosec related mostly, hint of personal enjoyment) and one or two books a month, only during commutes and reading before I go to bed. Other computer time will be spent learning through project production or contributing to help others through various mediums. Ultimately, I want more to show for my hard work.

  3. Create! 2016 was the least creative year for me in my entire 30 years of existence and I am even more disappointed that I didn’t realize this until I was drawing pictures on newsprint with my daughter. I was having a blast spending time with her while just being creative as an awful artist. Near the end of this year, I have started drawing a little on my own, but now we just have little sessions where we both just draw and see what comes out. I know this isn’t how it works, but 2017 will be a balance of “right brain” and “left brain” work. Hopefully I can get find ways to incorporate both, more to come.

Wrapping up, 2016 was productive on some fronts but some areas lacked. This is to be expected. Life is balance for me and sometimes I am pushing hard in one direction while maintaining in other aspects. It’s a lot like the guy spinning plates on top of poles, he is just running around spinning them just enough to so he can move on to the other, and continuing to keep it up. So therefore, 2017 is about refining and maximizing my “wattage” or output per hour, while minimizing outside resistance.

Be awesome, stay classy and cheers to 2017

Josh Stepp

ICS Primer

My attempt to give an executive view of the ICS environment
ICS infosec thoughts

Reverse Engineering Resources for 2019

Some RE resources for beginners
malware analysis infosec thoughts

Western Governors University: Master of Science Cybersecurity and Information Assurance (MSCSIA) - My Review

My thoughts on the WGU MSCSIA program
thoughts infosec