惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
量子位
博客园 - 叶小钗
Apple Machine Learning Research
Apple Machine Learning Research
U
Unit 42
IT之家
IT之家
F
Fortinet All Blogs
GbyAI
GbyAI
MongoDB | Blog
MongoDB | Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The Register - Security
The Register - Security
NISL@THU
NISL@THU
Webroot Blog
Webroot Blog
A
Arctic Wolf
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
V
Visual Studio Blog
Recent Announcements
Recent Announcements
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
L
LangChain Blog
P
Palo Alto Networks Blog
Y
Y Combinator Blog
WordPress大学
WordPress大学
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
AWS News Blog
AWS News Blog
有赞技术团队
有赞技术团队
Engineering at Meta
Engineering at Meta
C
Cybersecurity and Infrastructure Security Agency CISA
aimingoo的专栏
aimingoo的专栏
Know Your Adversary
Know Your Adversary
Cyberwarzone
Cyberwarzone
Martin Fowler
Martin Fowler
The Hacker News
The Hacker News
P
Privacy International News Feed
T
Threat Research - Cisco Blogs
G
GRAHAM CLULEY
宝玉的分享
宝玉的分享
博客园 - 聂微东
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The GitHub Blog
The GitHub Blog
S
Securelist
T
The Exploit Database - CXSecurity.com
T
Threatpost
Microsoft Azure Blog
Microsoft Azure Blog
The Cloudflare Blog
F
Full Disclosure

Black Hills Information Security, Inc.

Bad Habits: An ANTISOC Operation Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other How to Identify and Exploit New Vulnerabilities Swapper – A Pure Regex Match/Replace Burp Extension A Practical Guide to BloodHound Data Collection Network Engineering Basics Signed, Trusted, and Abused: Proxy Execution via WebView2 Getting Started In Pentesting – Advice From The BHIS Pentest Lead Cloud Security: Tips and Resources for Securing the Cloud Lessons From A Chatbot Incident How to Lead Effective Tabletops Understanding GRC: How to Navigate Risks and Compliance Standards The “P” in PAM is for Persistence: Linux Persistence Technique Malware Analysis: How to Analyze and Understand Malware OSINT: How to Find, Use, and Control Open-Source Intelligence What to Do with Your First Home Lab When the SOC Goes to Deadwood: A Night to Remember Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions Common Cyber Threats Finding the Right Penetration Testing Company Deceptive-Auditing: An Active Directory Honeypots Tool The Curious Case of the Comburglar Inside the BHIS SOC: A Conversation with Hayden Covington Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation Why You Got Hacked – 2025 Super Edition Abusing Delegation with Impacket (Part 2): Constrained Delegation Abusing Delegation with Impacket (Part 1): Unconstrained Delegation GoSpoof – Turning Attacks into Intel Model Context Protocol (MCP) Bypassing WAFs Using Oversized Requests Getting Started with AI Hacking Part 2: Prompt Injection Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) DomCat: A Domain Categorization Tool Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1) Microsoft Store and WinGet: Security Risks for Corporate Environments Default Web Content MailFail Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security Stop Spoofing Yourself! Disabling M365 Direct Send Bypassing CSP with JSONP: Introducing JSONPeek and CSP B Gone Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource DNS Triage Cheatsheet GraphRunner Cheatsheet Burp Suite Cheatsheet Impacket Cheatsheet Wireshark Cheatsheet Hashcat Cheatsheet EyeWitness Cheatsheet Nmap Cheatsheet Netcat (nc) Cheatsheet Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite Detecting ADCS Privilege Escalation Vulnerability Scanning with Nmap Getting Started with NetExec: Streamlining Network Discovery and Access How to Use Dirsearch Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot How to Design and Execute Effective Social Engineering Attacks by Phone Abusing S4U2Self for Active Directory Pivoting Why Use a Macro Pad? Espanso: Text Replacement, the Easy Way Caging Copilot: Lessons Learned in LLM Security Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference Intercepting Traffic for Mobile Applications that Bypass the System Proxy How to Root Android Phones Communicating Security to the C-Suite: A Strategic Approach Offline Memory Forensics With Volatility Getting Started with AI Hacking: Part 1 Go-Spoof: A Tool for Cyber Deception How to Test Adversary-in-the-Middle Without Hacking Tools Canary in the Code: Alert()-ing on XSS Exploits How to Hack Wi-Fi with No Wi-Fi Why Your Org Needs a Penetration Test Program Burp Suite Extension: Copy For Light at the End of the Dark Web Wi-Fi Forge: Practice Wi-Fi Security Without Hardware Avoiding Dirty RAGs: Retrieval-Augmented Generation with Ollama and LangChain Gone Phishing: Installing GoPhish and Creating a Campaign 5 Things We Are Going to Continue to Ignore in 2025 John Strand’s 5 Phase Plan For Starting in Computer Security Questions From a Beginner Threat Hunter GRC for Security Managers: From Checklists to Influence AI Large Language Models and Supervised Fine Tuning Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan One Active Directory Account Can Be Your Best Early Warning Introduction to Zeek Log Analysis Indecent Exposure: Your Secrets are Showing Creating Burp Extensions: A Beginner’s Guide Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs) The Top Ten List of Why You Got Hacked This Year (2023/2024) ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches Intro to Data Analytics Using SQL Finding Access Control Vulnerabilities with Autorize The Detection Engineering Process Cyber Risk Lessons We Can Learn From Hurricane Preparedness Intro to Desktop Application Testing Methodology What Is Penetration Testing? Adversary in the Middle (AitM): Post-Exploitation Pentesting, Threat Hunting, and SOC: An Overview QEMU, MSYS2, and Emacs: Open-Source Solutions to Run Virtual Machines on Windows
How to Set Smart Goals (That Actually Work For You)
BHIS · 2025-12-10 · via Black Hills Information Security, Inc.

, , , , ,

written by Graham Helton || Guest Author

This article was originally published in the InfoSec Survival Guide: Green Book. Find it free online HERE or order your $1 physical copy on the Spearphish General Store.

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards?

First Step

Identify what you’re trying to set out to achieve. Is it landing a job? Learning a programming language? Learning how to exit vim? The traditional litmus test for if a goal is high quality is to identify if it is S.M.A.R.T.: Specific, Measurable, Achievable, Relevant, and Time-Bound. This is a good starting place… but remember to tailor it to your circumstances! For example, I almost never make my goals “time-bound” because I generally have zero clue how long something new will take and I don’t want to rush (or limit) my learning. It simply doesn’t work for me, and that’s ok. Where SMART goals can help is when trying to work towards an ambiguous goal such as “learning to code,” which is probably too broad of a goal. When you sit down to work on it, where do you even begin?

I want to:

  1. Learn to code.
  2. Become a penetration tester.

so my SMART goal is:

  1. Finish 3 tools using Python.
  2. Spend 1 hour a day learning skills that are listed on job postings for a penetration tester.

Break It Down

Now that you’ve defined your main goal, break it down into smaller sub-goals that you can easily accomplish. If you have to do multiple things to accomplish a sub-goal, you probably need to break it down further.

My SMART goal is:

  1. Finish 3 tools using Python.

so the sub-goals are:

  1. Find a resource for learning Python.
  2. Work through 1 chapter per day of Automate the Boring Stuff with Python by Al Sweigart.
  3. Write a tool that automates a simple task you do frequently (x3).

My SMART goal is:

  1. Spend 1 hour a day learning skills that are listed on job postings for a penetration tester.

so the sub-goals are:

  1. Find 10 job postings for penetration testers.
  2. Make a list of each skill or technology they want experience in.
  3. Find learning resources for each skill or technology.
  4. Spend 1 hour per day going through the learning resources.

Helpful Tips

Now, for the fun part — working towards your goals. This is where 99% of the work comes in.

Can’t find the time (or energy) to work towards your goal?

Work on them early in the day if you can. The later in the day you start working on your goals, the more likely you are to be too consumed by other important daily life tasks which makes it easy to say, “Oh, I’ll get to it tomorrow.” You’re (probably) a human, though; some days you’ll just want to watch Netflix, don’t be too hard on yourself.

Keep a scratch pad.

If you’re easily distracted like I am, try keeping a notebook next to you in which you can write down any random thoughts that come to your mind. The second I attempt to start working towards my goals, my brain likes to flood me with reminders of other things I could be doing. Simply writing down those thoughts on a scratchpad allows me to get that thought out of my brain so that it doesn’t keep resurfacing while I’m trying to focus.

Find your own rhythm.

If you’re having a blast working towards something, keep going! Goals should be the minimum target, not the maximum. Having a blast studying a topic on your journey to become a penetration tester… but find yourself down a rabbit hole suddenly learning a different (cool) pentesting technique? As long as it’s at least somewhat related to your end goal, keep going! You learn the best when you are having fun.

Tell the world!

One of the best ways to keep things fun is to find people working on the same goals as you. The security community is vast and full of people working towards similar destinations. Connect and share your experiences; not only will it help others, but it will also help you stay accountable!

Explore the Infosec Survival Guide and more… for FREE!

Get instant access to all issues of the Infosec Survival Guide, as well as content like our self-published infosec zine, PROMPT#, and exclusive Darknet Diaries comics—all available at no cost.

You can check out all current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。