Current Trends in Cybersecurity, Week 10, lessons learned.
Looking back, this class seemed to fly by, yet was one of the most taxing classes I've taken so far. When the class first started and we were given the option to go at it without a textbook, I thought: "Well, this should be a pretty easy class if a book isn't even required," nothing could have been further from the truth. So, right off the bat if I had to revise my approach, I would have definitely ate the cost and purchased the book sooner than I had.
The biggest issue I had with this class was trying to narrow the scope of my work; I found myself jumping between NIST guidance, referencing CISSP material, and following guidance in my penetration test material, and basically found myself fighting self-inflicted scope creep and found myself spending way too many nights up at 3am just short of banging my head on my keyboard in frustration.
To do over again, I'm sure I could deliver a better final product, but to be quite honest, I'm not sure that I would do it any differently -- I am sure the amount of reading and research I've done over the last 10 weeks will pay off in spades in the long run.
Lesson learned, there may be a dozen ways to skin a cat, but in a project like this, pick ONE model and go with it; don't mix it up or it becomes hard to handle as the project grows. At work we follow NIST guidance exclusively, so it's easy to follow a blueprint and get from A-to-Z. I could have gone that route and saved myself a lot of headaches, but in the end, I think I've learned more by stepping out of my comfort zone and trying to recreate the wheel.
No comments:
Post a Comment