Stop Procrastinating and Get Things Done!
From Senior Security Analyst/Malware Reverser to WebDev/SecDevOps
The Beginning
My name is Marco Figueroa and I’ve been in the Hacking/Security Community for… Shit, I just realized it’s been 14 years. I started going to hacker conferences where I fell in love with the game and community. This is an industry where there isn’t a ceiling, as a security professional you become a lifelong learner of different security domains! The security industry over the last few years has been riding high on a tsunami! For example, my first Defcon Conference (The Mecca of Security Conferences) there were only 300 attendees, last year there were 20k from what I was told by an insider. My journey along the years has lead me to writing this article which is the process I take to tackle a domain because I’m tired of asking other people to help develop my idea, now I’m looking at my own two hands and getting my hands dirty. I hope you enjoy this write-up and take a nugget that will help you take action in the future on a domain that you the reader would like to tackle.
5–4–3–2–1 Go
In 2014, I was working on an amazing small group within a large company. The team was comprised of Rock Stars, smart young researchers and developers with the creative freedom that teams always wish for when working for large companies, we were Rottweilers without leashes. The growth in my career soared under these conditions, it felt like everything thing that we created turned to gold. At the time my job consisted of reverse engineering malware and tracking APT Groups {APT 28, Deep Panda} while creating wicked cool projects internally with the team. I would come up with an idea, and I would write-up a proposal and pitch it to the team. It would either get a thumbs up or thumbs down. We would then begin planning to develop the project. But this is where it got interesting, I would hand the project development over to our internal Dev Ops team to begin the creation of the idea. We would kick off the project, and I wouldn’t hear anything from them for about a week or two, and then they would let me see the rough alpha version for direction. I don’t know if they cared about my opinion or not, but they would show the development to the team and what they thought was cool about what they developed was the foundation of the project. I have to say almost everything they developed was impressive and sleek. Most of the time they got it right, but when they didn’t get it right, it was like pulling teeth to get them to change the design. After the initial design was ready, I would work with them to get the project to where we were thinking the project needed to go. This was when I began to learn how developers think and how they would tackle complex problems. The stereotype of most developers is that they lack communication skills but that is horse shit, the person communicating with the developer must understand how to communicate with different personalities. I’m lucky because growing up in NYC you get to learn the ebb and flow when communicating with people. The two developers that I worked with were really good developers, and as communicators (Pro Tip: When communicating with developers find a common ground where you bond over, our thing was sports and gaming), if you gave them a problem they would knock it out, and the best thing about them is the level of communication and explanations behind the devolvement. They would go into the thoughts behind the development and the problems they would need to tackle. We would then go back and forth on how to improve it and we would get to 90% completed and that was just good enough for the project to be completed. But what I noticed was that at the 50% mark of the project I would lose power and the design of the project. It started to become clear in my mind that I was being too meticulous and they would begin getting annoyed with my requests. This was the beginning of me thinking I needed to learn how to code in JavaScript and the frameworks they were using so I could do this myself.
The thing that I noticed was that the developers I worked with wouldn’t just stick with one framework they were so flexible and agile with different frameworks. This young hotshot developer I worked with wouldn’t give a damn what framework he used, he would just code the hell out of anything and any language. As I started to look into different frameworks, the young kid would tell me the pros and cons of them. This impressed the hell out of me because I would say to myself how does this f*$ker have the time to look into these frameworks. Last month I asked the young rockstar about a new framework that I wanted to learn, and he had already tested and played around with the framework. He’s my consigliere when it comes to any Web Dev questions I may have, and I recommend that you find your consigliere. You may be asking how do I find that person that I can bounce ideas off of nowadays, it’s very simple if you work in a company that has developers look for where the developers are located and reach out to them or go to meetups.com or search for groups on Facebook. People by default like helping people, I’m serious people feel good when they get to answer your thoughtful question, I just said thoughtful do not ask a question you could google the answer in 1 minute. Be thoughtful and thankful they’re willing to spend the time explaining things to you.
Action
Action is the key word; many people ponder on what they want to do instead of taking action and just doing. I feel that the skills that I’ve gained over the years (Reverse Engineering Malware) have helped me break down problems or tasks into smaller pieces which results into me taking the actions needed to accomplish the end goal. You might be asking how exactly do I take the actions to accomplish these goals, Reverse Engineers look at the end product and decompile the code. Think of it as counting backward from 10 all the way to 1. The other thing that is super important on taking action is the environment you work in, yes this might sound simple but it’s the difference between completing your goal and failing to achieve it.
For instance, staying focused at the task at hand was difficult for me so I decided to buy a small desk to setup a distraction-free zone and place it in my bedroom with sunlight lamp, timer, monitor, headphones(Brain.fm music) and a stool that I couldn’t relax in. I use this study space daily with three 25 minute sessions on working on specific tasks. All distractions like my phone, tablet and anything that might affect my concentration are left in another room. This has been a game changer for me, I’ve seen my productivity go up 100%, I found that the notifications from my browser and phone would take me out of the zone and the completion of the task at hand. When I implemented this small change I knew it was time to get serious about learning web development. The next thing that I had to do was ask a few friends the best approaches to tackle this mountain of Web Development. You can google search learning Web Development but what I believe is that you want people with experience to give you how they would approach learning things that they are an expert in and google won’t have those answers. Below is a diagram of how I address problems and set goals to accomplish them.
For example, my end goal is to create a web application that takes Malware Binaries and extracts indicator and enriches all information through open source Threat Intelligence. This task is very simple but very useful for daily tasks and this project will give me the foundations I need to learn Web Development. This would help an analyst do the initial triage of an incident they’re working. The diagram on the left (Tackling Goals) is how I’m currently tackling this project, it’s a three-month goal, and in the first month I will need to learn Javascript, easier said than done but a friend recommended me to start with FreeCodeCamp.com. The first month will look like this, week 1 I will begin by starting with the CSS module which takes 5hrs. I know CSS, so I won’t be frustrated as much (On FreeCodeCamp.com it has the module, and the time it would take to complete it). Then I will move to the Basic Javascript module 10hrs (BTW I know that each module will take me double or triple the time that they have listed). Total hours of week one will be 30 hours this is my guesstimation. Week 2 and three will be Basic Algorithm Scripting module 50hrs. Week 4 will be JSON APIs and Ajax which is 2 hours. Now on to month 2, I will be learning the React Framework to create the web application. For this I will be learning React from Udacity (React Nanodegree Program), I figured why not get a certificate for learning React while building the skills. Week 5 will be the Introduction; Week 6 will be React Fundamentals, Week 7 and Week 8 will be React & Redux. The last module React Native I won’t need that to complete the web application (It’s all about the end goal), but I will finish the last module when I’m done with my future goal. One month away from my goal Week 9 I will start on the look/feel and user interaction of the web application, Week 10 will be the upload and extraction of indicators, Week 11 will be the feature enrichment and Week 12 will be for testing and delivery of my end goal! Now the next step and I won’t go into detail because it’s way too long, but it’s to break it down into days. The example below will demonstrate how you would do it.
Day 1 Module 1–1,2,3 -> Start freecodecamp.com CSS Module
Day 2 Module 1–4,5,6,7,8
Day 3 Module 1–9 -> My busy day at work I know I could only can do one
Day 4 Module 1–10,11,12,13,14,15,16
Day 89 — Finish testing the module
Day 90 — Complete tell my friend to use it.
Summary
This article was written to help the 1 individual that doubts himself thinking that he or she can’t do something, There’s no talent here. This is hard work and an obsession to push myself to be better. The skill of web development is something new that I’m tackling but I take the same approach to any problem I face. It could be cleaning my apartment, hitting the gym, learning something new. I’m going to be writing a post about my journey on writing this web application that I mentioned above. I’m thinking that this will help someone in the pursuit of learning something new but also help them get over the fear of tackling new domains. One of my favorite quotes is “How do you eat an elephant? Eat the elephant one bit at a time” but what I like to add to that is that you need to slice the elephant piece by piece store it in the refrigerator and take a piece out every day and eat it until it’s completely gone. I know in the next 3 months the road will be difficult but this is my goal that I really want to accomplish so I’m going to put my feet to the fire and put it out there. I will be releasing articles the next 3 months with updates on this goal that I have. Please reach out and interact with me on this journey.
- Twitter: @marcofigueroa
- Join our Slack channel
