Honestly I wasn’t ready to say “You’re a security professional” at the time. I still have issues saying “Splunk Architect” and my name. It’s a huge ego to say these things about yourself and with the experiences I’ve had with fakers I just don’t want to be one of them.
Almost a year ago under advisement from my manager at the time I interviewed around. Some formal, some informal. I had no intention of leaving StubHub! It’s a great place and I love it’s brand of chaos. But what my boss was asking me to do was to see how I stack against the industry, and not just the bubble I’ve lived in for the 5+ years.
How can I grow without knowing what I was up against?
The big take away was Python. Sure – I’ve written a few automation tasks in Python. Troubleshoot some internally developed tools and used Flask to build a few API’s to make my life easier. So when I went to the interviews and was asked if I knew Python, I would instead redirect the conversation to my Visual Basic and Shell experience but it didn’t hack it.
I am happy to announce today I passed my Microsoft Technology Associate in Python!
Sure I didn’t just get magic power for passing a multiple choice exams, but I can tell you last year I could not have passed this. It had tough spots and you can’t pass this without understanding of the concepts in there.
Why did I do this? I needed a check point, to know I was growing as a scripter and a security professional. Certifications and trophy culture in general in IT security really appeal to me.. and honestly the market demands it!
What materials did I use? - Microsoft Virtual Academy’s Python series which maps really well - Safaribooks MTA Python series, which was “meh” and I don’t recommend - SANS Automating Security with Python bootcamp - Automate the Boring Stuff with Python
Experience - I have been programming since I was a kid on my VIC20 - I have been using Python for simple tasks since 2014 - for 2 months I’ve been doing daily Python challenges from codewars.com
Do I think this exam or even Python should be on the average Splunk Admin’s task list? - The short answer is no, I really don’t see most Splunk administrators needing Python skills.
Do I see Security folks needing these skills? - Yes! The SANS course was pretty eye opening to the proliferation of badly written Python programs and API and how they are exploited. Even as a Splunk ES admin you’re going to need these skills.
What’s your thoughts of the exam? - I am a bit of an apologist of the MTA series from Microsoft, they're milestones, they are not supposed to be hard, just quick check points in your growth. For $120 it is what it is and might give you the 1% advantage over another guy and interview, it’s certainly not something you can build a career on.
What do you recommend to another Splunk admin coming up on the Python roadblock? - Seriously read Automate the Boring Stuff and DO the labs. Reading isn't enough,the code needs to FLOW, the reality is there is a gap in Python education as it pertains to Splunk. Maybe a book idea? Python with Splunk in 30 days? Maybe I'll be an author!
- So my next step is to close some gaps on my CISSP and PenTesting basics and then start the OSCP with a friend early next year. If my company will pay for it I was also looking at the Splunk Developer certification. Thoughts?
In closing, the cert isn't something I'd recommend to everyone. But it's helped me close some gaps in becoming being a security professional.