Three weeks into a structured cybersecurity learning journey. Week 3 review.
What this week accomplished
All five Security+ domains are covered for the first time. Splunk certificate earned. Hash cracker built. 35 job applications sent. Four Python tools on GitHub. Bandit level 24.
Security+ — the full picture
Weeks 1-2 covered Domains 1-3 (50% of exam). Week 3 completed Domains 4 and 5 (48% of exam). All content has been seen at least once.
Domain 4 Security Operations — the domain most directly relevant to a SOC analyst role:
Incident response: 6 phases in exact order. Security+ tests whether you can identify which phase a given action belongs to. Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
Digital forensics order of volatility: RAM first, archived media last. Evidence in RAM disappears on power off. Some sophisticated malware is designed to exist only in RAM for exactly this reason — no disk artifacts, clean exit on reboot.
SIEM and Splunk: SOC analysts use SIEM to correlate events across thousands of systems simultaneously. Splunk's SPL queries do the same thing my Python log analyzer does — find patterns in log data — at enterprise scale.
IOCs and TTPs, MITRE ATT&CK: The framework that maps known attacker techniques across the full attack lifecycle. Defenders use it to build detection rules. Knowing it signals to employers that you think about security like a professional.
Domain 5 Security Program Management:
Risk responses (accept, transfer, avoid, mitigate) — every business security decision is one of these four.
Five compliance frameworks — each one created in response to a category of breach that caused enough damage to require mandated minimum standards. Understanding why each framework exists makes the requirements easier to remember than memorizing a list.
Second practice test: 90. Improvement: 5 points. June exam target: 83%+.
What I built
Hash cracker: dictionary attack against MD5, SHA1, and SHA256. The result of testing "password123" against 14 million real passwords communicates the entire argument for bcrypt better than any explanation. MD5 falls in seconds. bcrypt would take thousands of years on the same hardware with the same wordlist.
Splunk Fundamentals 1
Free. All modules. Certificate earned. Added to LinkedIn certifications.
Splunk appears in approximately 70% of SOC Analyst job postings. A verifiable Splunk certificate provides a concrete credential to discuss in interviews while Security+ is still pending.
OverTheWire Bandit
Levels 16-23 covered SSH SSL auditing, diff for file comparison, startup file persistence techniques, SUID exploitation, netcat C2 communication, and cron job privilege escalation.
The cron job levels were the most instructive — they demonstrate a real attack technique on a real server, which is a different experience than reading about it in a textbook.
Applying during training
35 applications are not a random activity. It is starting a pipeline that takes 4-6 weeks to produce interviews. Starting Week 3 means potential first interviews around Week 5-7. That timing overlaps with the Security+ exam arrival, creating the ideal scenario — interviews scheduled at the moment the certificate arrives.
Waiting until "fully ready" delays the pipeline without adding meaningful qualification. The resume already has verifiable evidence of skills. The exam date signals a concrete timeline.
Everything on GitHub. Two repositories. Linked on profile.
Top comments (0)