Context Setting

Welcome to Cardboard Iguana Security and the inaugural entry of “A Hacker’s Journal”. Which you’re probably reading retrospectively, because I’m starting this journal before I’ve actually finished putting together the Cardboard Iguana Security website.

I think it’s worth context setting a bit with this first post, both for the benefit of folks reading this retrospectively (you), and for myself (to set my own expectations).

Who Am I?

My name’s Nathan Acks. At the time of this writing I’m the IT Director for a large, US-based network of non-profits. Before that I worked in the online organizing team of the same network doing various database and website development things with a pinch of data analysis on the side. Before that I was studying for a Ph.D. in operations research, but I eventually decided to leave after earning my Masters.

While my current title is “IT Director”, I’m actually the head of the IT & Security team. And while I spend most of my time on the “IT” side of things, it’s the “security” side that’s come to interest me more and more over the last 5 years. Eventually I decided that I wanted to focus more on that aspect of things and began making plans to move on from my current job.

But there’s a problem… I’ve never taken a computer science course or studied any of the aspects of IT security. Everything I know about both security and IT I’ve picked up on my own as needed. This makes my knowledge “spiky”: Sometimes I know a lot about a particular topic. And sometimes my knowledge of the basics is woefully inadequate.

So it’s time to remedy that.

What’s Cardboard Iguana Security?

One day I want to strike out on my own as a indy. Maybe that will be when my current job ends. Maybe that will be in three or four or five years once I build up some industry experience.

Maybe it will be never, and “Cardboard Iguana Security” will just be the label I give to my side-work.

The name itself is something of a joke - my partner and I were talking about how absurd startup names (and particularly software and IT security startup names!) have become. Eventually, they suggested that one day someone was going to name their company “cardboard iguana”… And you know what, I liked the sound of that.

As of this writing, Cardboard Iguana Security is divided into two parts: A Hacker’s Notes and A Hacker’s Log.

A Hacker’s Notes

A Hacker’s Notes is intended to be somewhere between a wiki and a digital garden. It compiles snippets of man pages, brief how-tos, notes about various CTFs and wargames, my own notes about various things, and anything else I find useful during my cyber security journey.

Why? Because I keep hoping to find a “wiki of hacker knowledge” out there, and instead I end up on Stack Overflow. Don’t get me wrong, Stack Overflow is great… But sometimes you just want something that says “here’s how you do X”.

And since I couldn’t find such a thing, I decided to build it.

A Hacker’s Notes comprise the knowledge that I find useful to write down and have at my fingertips (in fact, on my end it’s actually a folder of notes in Obsidian). But I’m hoping that by putting it out there others might also find it useful.

A Hacker’s Log

A Hacker’s Log is the chronicle of my time in cyber security. (Kind of like Star Trek’s “captain’s log”.) Starting tomorrow, I’ll be adding daily course notes as I work to improve my basic cyber security knowledge and perhaps earn a certification or two. Eventually I’m angling to earn the OSCP, but we’re going to start with the basics.

I’ll also occasionally be writing about other personal projects, as well as my thoughts on big events and the state of cyber security (if you’re looking for something other than hacking and cybersecurity, you should try my personal site).

Useful notes will be ported into A Hacker’s Notes. Indexes of particular “series” of posts (such as all my notes about a particular course or CTF) will also live there.

The Path Ahead

Tomorrow I’ll be starting on the TryHackMe Pre Security sequence. Which may prove to be too basic for me, but I suspect will help fill in some holes I know I have in my knowledge (I’m not very strong in either networking or Windows administration). Based upon my experiences with that sequence, I’ll decide where to go next.

For the next 9 months, most of the posts here will be my notes from TryHackMe and ITPro.TV courses, as well as miscellaneous self-paced CTFs. After that…

I don’t know. But I’m excited to find out.

Won’t you join me on my journey?