惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Troy Hunt's Blog
Latest news
Latest news
Vercel News
Vercel News
S
SegmentFault 最新的问题
V
Vulnerabilities – Threatpost
博客园 - Franky
P
Privacy International News Feed
A
Arctic Wolf
T
The Blog of Author Tim Ferriss
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
T
Tor Project blog
Jina AI
Jina AI
GbyAI
GbyAI
The Hacker News
The Hacker News
博客园 - 叶小钗
Google DeepMind News
Google DeepMind News
T
Threatpost
C
CERT Recently Published Vulnerability Notes
P
Proofpoint News Feed
Scott Helme
Scott Helme
WordPress大学
WordPress大学
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Microsoft Azure Blog
Microsoft Azure Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园 - 司徒正美
A
About on SuperTechFans
Recorded Future
Recorded Future
爱范儿
爱范儿
L
LangChain Blog
V
V2EX
C
Cybersecurity and Infrastructure Security Agency CISA
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
K
Kaspersky official blog
Webroot Blog
Webroot Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
D
DataBreaches.Net
宝玉的分享
宝玉的分享
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
L
Lohrmann on Cybersecurity
Help Net Security
Help Net Security
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY

Black Hills Information Security, Inc.

Bad Habits: An ANTISOC Operation Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other How to Identify and Exploit New Vulnerabilities Swapper – A Pure Regex Match/Replace Burp Extension A Practical Guide to BloodHound Data Collection Network Engineering Basics Signed, Trusted, and Abused: Proxy Execution via WebView2 Getting Started In Pentesting – Advice From The BHIS Pentest Lead Cloud Security: Tips and Resources for Securing the Cloud Lessons From A Chatbot Incident How to Lead Effective Tabletops Understanding GRC: How to Navigate Risks and Compliance Standards The “P” in PAM is for Persistence: Linux Persistence Technique Malware Analysis: How to Analyze and Understand Malware OSINT: How to Find, Use, and Control Open-Source Intelligence What to Do with Your First Home Lab When the SOC Goes to Deadwood: A Night to Remember Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions Common Cyber Threats Finding the Right Penetration Testing Company Deceptive-Auditing: An Active Directory Honeypots Tool The Curious Case of the Comburglar Inside the BHIS SOC: A Conversation with Hayden Covington Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation Why You Got Hacked – 2025 Super Edition Abusing Delegation with Impacket (Part 2): Constrained Delegation Abusing Delegation with Impacket (Part 1): Unconstrained Delegation GoSpoof – Turning Attacks into Intel Model Context Protocol (MCP) Bypassing WAFs Using Oversized Requests Getting Started with AI Hacking Part 2: Prompt Injection Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) DomCat: A Domain Categorization Tool Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1) Microsoft Store and WinGet: Security Risks for Corporate Environments Default Web Content MailFail Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security Stop Spoofing Yourself! Disabling M365 Direct Send Bypassing CSP with JSONP: Introducing JSONPeek and CSP B Gone Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource DNS Triage Cheatsheet GraphRunner Cheatsheet Burp Suite Cheatsheet Impacket Cheatsheet Wireshark Cheatsheet Hashcat Cheatsheet EyeWitness Cheatsheet Nmap Cheatsheet Netcat (nc) Cheatsheet Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite Detecting ADCS Privilege Escalation Vulnerability Scanning with Nmap Getting Started with NetExec: Streamlining Network Discovery and Access How to Use Dirsearch Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot How to Design and Execute Effective Social Engineering Attacks by Phone Abusing S4U2Self for Active Directory Pivoting Why Use a Macro Pad? Espanso: Text Replacement, the Easy Way Caging Copilot: Lessons Learned in LLM Security Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference Intercepting Traffic for Mobile Applications that Bypass the System Proxy How to Root Android Phones Communicating Security to the C-Suite: A Strategic Approach Offline Memory Forensics With Volatility Getting Started with AI Hacking: Part 1 Go-Spoof: A Tool for Cyber Deception How to Test Adversary-in-the-Middle Without Hacking Tools Canary in the Code: Alert()-ing on XSS Exploits How to Hack Wi-Fi with No Wi-Fi Why Your Org Needs a Penetration Test Program Burp Suite Extension: Copy For Light at the End of the Dark Web Wi-Fi Forge: Practice Wi-Fi Security Without Hardware Avoiding Dirty RAGs: Retrieval-Augmented Generation with Ollama and LangChain Gone Phishing: Installing GoPhish and Creating a Campaign 5 Things We Are Going to Continue to Ignore in 2025 John Strand’s 5 Phase Plan For Starting in Computer Security Questions From a Beginner Threat Hunter GRC for Security Managers: From Checklists to Influence AI Large Language Models and Supervised Fine Tuning Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan One Active Directory Account Can Be Your Best Early Warning Introduction to Zeek Log Analysis Indecent Exposure: Your Secrets are Showing Creating Burp Extensions: A Beginner’s Guide Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs) The Top Ten List of Why You Got Hacked This Year (2023/2024) ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches Intro to Data Analytics Using SQL Finding Access Control Vulnerabilities with Autorize The Detection Engineering Process Cyber Risk Lessons We Can Learn From Hurricane Preparedness Intro to Desktop Application Testing Methodology What Is Penetration Testing? Adversary in the Middle (AitM): Post-Exploitation Pentesting, Threat Hunting, and SOC: An Overview QEMU, MSYS2, and Emacs: Open-Source Solutions to Run Virtual Machines on Windows
How to Set Smart Goals (That Actually Work For You)
BHIS · 2025-12-10 · via Black Hills Information Security, Inc.

, , , , ,

written by Graham Helton || Guest Author

This article was originally published in the InfoSec Survival Guide: Green Book. Find it free online HERE or order your $1 physical copy on the Spearphish General Store.

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards?

First Step

Identify what you’re trying to set out to achieve. Is it landing a job? Learning a programming language? Learning how to exit vim? The traditional litmus test for if a goal is high quality is to identify if it is S.M.A.R.T.: Specific, Measurable, Achievable, Relevant, and Time-Bound. This is a good starting place… but remember to tailor it to your circumstances! For example, I almost never make my goals “time-bound” because I generally have zero clue how long something new will take and I don’t want to rush (or limit) my learning. It simply doesn’t work for me, and that’s ok. Where SMART goals can help is when trying to work towards an ambiguous goal such as “learning to code,” which is probably too broad of a goal. When you sit down to work on it, where do you even begin?

I want to:

  1. Learn to code.
  2. Become a penetration tester.

so my SMART goal is:

  1. Finish 3 tools using Python.
  2. Spend 1 hour a day learning skills that are listed on job postings for a penetration tester.

Break It Down

Now that you’ve defined your main goal, break it down into smaller sub-goals that you can easily accomplish. If you have to do multiple things to accomplish a sub-goal, you probably need to break it down further.

My SMART goal is:

  1. Finish 3 tools using Python.

so the sub-goals are:

  1. Find a resource for learning Python.
  2. Work through 1 chapter per day of Automate the Boring Stuff with Python by Al Sweigart.
  3. Write a tool that automates a simple task you do frequently (x3).

My SMART goal is:

  1. Spend 1 hour a day learning skills that are listed on job postings for a penetration tester.

so the sub-goals are:

  1. Find 10 job postings for penetration testers.
  2. Make a list of each skill or technology they want experience in.
  3. Find learning resources for each skill or technology.
  4. Spend 1 hour per day going through the learning resources.

Helpful Tips

Now, for the fun part — working towards your goals. This is where 99% of the work comes in.

Can’t find the time (or energy) to work towards your goal?

Work on them early in the day if you can. The later in the day you start working on your goals, the more likely you are to be too consumed by other important daily life tasks which makes it easy to say, “Oh, I’ll get to it tomorrow.” You’re (probably) a human, though; some days you’ll just want to watch Netflix, don’t be too hard on yourself.

Keep a scratch pad.

If you’re easily distracted like I am, try keeping a notebook next to you in which you can write down any random thoughts that come to your mind. The second I attempt to start working towards my goals, my brain likes to flood me with reminders of other things I could be doing. Simply writing down those thoughts on a scratchpad allows me to get that thought out of my brain so that it doesn’t keep resurfacing while I’m trying to focus.

Find your own rhythm.

If you’re having a blast working towards something, keep going! Goals should be the minimum target, not the maximum. Having a blast studying a topic on your journey to become a penetration tester… but find yourself down a rabbit hole suddenly learning a different (cool) pentesting technique? As long as it’s at least somewhat related to your end goal, keep going! You learn the best when you are having fun.

Tell the world!

One of the best ways to keep things fun is to find people working on the same goals as you. The security community is vast and full of people working towards similar destinations. Connect and share your experiences; not only will it help others, but it will also help you stay accountable!



Explore the Infosec Survival Guide and more… for FREE!

Get instant access to all issues of the Infosec Survival Guide, as well as content like our self-published infosec zine, PROMPT#, and exclusive Darknet Diaries comics—all available at no cost.

You can check out all current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/