Three weeks into learning cybersecurity from zero. This covers Week 3.
Applying before feeling ready
I sent 35 job applications this week. I do not have the Security+ certificate yet. I applied anyway.
Here is what made that reasonable: Security+ exam booked for June 9, four Python tools on GitHub, Splunk Fundamentals 1 certificate earned this week, and 21 days of daily public documentation.
The pipeline from application to offer in cybersecurity averages 4-6 weeks. Applications sent now become interviews in Weeks 5-7. Those interviews happen right around when the Security+ arrives. Waiting until the cert was in hand would mean starting the pipeline at Week 8 — a 4-6 week delay with no benefit.
Security+ — all 5 domains covered for the first time
Domain 4 Security Operations is the most directly relevant to a SOC analyst role.
Incident response process — 6 phases that Security+ tests in strict order: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
Order of volatility in digital forensics: Collect RAM before hard drives. Evidence that exists only in memory is lost on power is off. Some malware exploits this deliberately — existing only in RAM with no disk artifacts.
Domain 5 covered risk management and compliance. The five frameworks (HIPAA, PCI-DSS, GDPR, SOC 2, NIST CSF) make more sense when you understand the category of damage that created each one.
Second practice test: 90/100. Improvement from Week 2: 95/100. On track for the June exam.
The hash cracker
Core logic in about 15 lines:
import hashlib
with open(wordlist, "r", errors="ignore") as f:
for word in f:
word = word.strip()
if hashlib.md5(word.encode()).hexdigest() == target_hash:
print(f"Found: {word}")
break
Tested against the MD5 hash of "password123" using rockyou.txt — 14 million real passwords. Found in [your actual time].
MD5: approximately 10 billion attempts per second on consumer hardware. bcrypt at cost factor 12: approximately 100 attempts per second. That difference — 100 million times slower — is the entire argument for modern password hashing.
Writing the tool made this concrete. Reading about it does not.
Splunk Fundamentals 1 — certified
Free course. All modules complete. Certificate earned and added to LinkedIn.
Key insight: The SPL search that finds top attacking IPs is the same operation as my Python log analyzer — same logic, different syntax, different scale:
index=main "Failed password" | stats count by src_ip | sort -count | head 10
Understanding the small Python version made the enterprise SIEM tool immediately intuitive.
Bandit level 24 — cron job exploitation
The most realistic technique from this week: finding a directory that a privileged cron job reads from and that a lower-privilege user can write to. Placing a script there. The cron job executes it with elevated permissions.
This is a real misconfiguration on production servers. The fix is simple — correct the write permissions on the cron input directory. Without that fix, any user who can write there can escalate their privileges.
Week 4
Full Security+ review. Third practice test. Interview preparation — because applications sent this week will generate responses this week and next. Five applications per day continue.
Code and notes on GitHub — link on profile.
Top comments (0)