Dear Offsec,
I’ve never quite felt such a magnitude of ph33r in any examination so far, but the thought of facing a L100 behemoth for 48 hours in a week’s time is frightening indeed. I was a L10 servant in infosec before the AWAE course, and now I’m barely a L30 archer.
Spending countless days dealing with extra miles was nothing short of outright discomfort initially. These range from days where I wondered why a Python script simply couldn’t run the way I wanted (sometimes it’s as silly as forgetting to feed it cookies) to how I had to understand nodeJS to appreciate how a subtle flaw in a function can lead to its unsafe furling in an otherwise apparently “safe” construction. And just when we thought we were spared with a seemingly light module, we were thrown back to a deep end of the jungle with C# to throw us off-balance!
It’s a little odd to describe a course beyond just its stated course objectives, but the course has also allowed me to meet all sorts of infosec professionals, who are now friends on our common road of becoming our very own Jedi masters in whatever we may choose to do. Some are hunters: a few archers pursue CVEs whereas some take out bugs from a distance. Others simply use the AWAE to pivot out of an otherwise hellish work environment, and for me, I found AWAE a refuge from the otherwise hostile environments infosec professionals find ourselves in, be it facing customers and meeting deadlines for penetration tests, or our self-doubt in our abilities when we find something right before our very eyes, yet we just can’t quite turn a promising lead into a shell.
Tough courses will always bring ph33r. But overcoming ph33r makes us not only a better penetration tester, but a more resilient person.
Offsec, I’ll never be ready. But I remembered to try harder. OSWE, here I come. 🙂
Regards
A humble penetration tester
P.S. I’ll probably have more time to write here after getting my OSWE (let’s pray for the best!). But… would I be distracted to take yet another dose of pain? 😉