Starting a blog is something I see people asking about a lot. On top of that, people wondering how to get started. This will be a pretty quick post with my thoughts on the matter, as well as how to get started.
May come in handy during an interview.
When I was interviewing for my initial Penetration Testing job, I applied to roughly 40+ job postings. I maybe heard back from ~20 of those. Out of which, several people commented on how they enjoyed that I had my own blog. In fact, they complimented me on my writing abilities and how I explain various things well. As a Penetration Tester (but really any other professional position), being able to articulate your thoughts well through text is very important. This is a great way to show potential employers how well you can write.
On top of that, it shows the employer what you do in your “off-time” to learn and better yourself. This can set you ahead of your competition when interviewing for a job. In InfoSec, employers want to hire someone who is passionate about this line of work. They want to hire someone who is going to go home after a day of work and lab something out, work on certifications, take courses, etc.
Great way to organize your thoughts
It’s not uncommon where I find myself wanting to talk about something and just get it out there. For example, when I passed the eLearnSecurity Web App Penetration Tester cert, I really wanted to share my thoughts on it. I decided to write a review. Turns out a lot of people found that review to be helpful. I even had some folks message me and thank me for writing it because it was just the right nudge they needed to go ahead and purchase the course! (cough cough, maybe we can pick up a sponsorship from eLearnSecurity…).
Excellent way to reference your own notes
On my blog, I created an Active Directory Hacking series that I totally ripped off from Heath Adams (thecybermentor), but put it in text form. When I first started pentesting, I actually referred back to my own website where I wrote out tutorials so I could remember how to do something! I thought that was really cool, especially because it was written by me in a fashion that I would absolutely understand. You never know when your own notes will save you during an assessment or certification exam.
Giving back to others
One of my main focuses after establishing a career in InfoSec was to give back as best as I could. Everyone has their own way of doing it, but writing some quick blog posts, tutorials, reviews, etc. was one of the ways I thought I could potentially help others. Since starting it, I have had strangers message me saying they really enjoyed certain parts of it and various articles they’ve read. The coolest part to me is when someone quotes a passage from a post I’ve made, because then I actually know they read it. It’s always nice to help others when you know others have helped you along your journey!
Resources to get started
With DigitalOcean, you can quickly deploy a “droplet” that will come configured with WordPress for you. There are other alternatives as well, such as Joomla and Ghost:
Super quick and easy blog solution with very low maintenance.
With Amazon Web Services, you can quickly spin up an EC2 Instance with Ubuntu Server or something similar and build your own WordPress website from the ground up.
With many of these options, it’s important to make sure you harden the website and implement proper security controls. That includes, MFA, WAF’s, strong passwords, etc. In addition, you’ll want to make sure you’re visiting the website often to ensure that you are installing the latest updates.
Below are some examples of what I believe are good personal websites / blogs:
- https://veteransec.com/ (not a personal site, but good example of a blog).
- https://mattschmidt.net (I’m biased here).