Three weeks into learning cybersecurity from zero. This covers Week 3.

Applying before feeling ready

I sent 35 job applications this week. I do not have the Security+ certificate yet. I applied anyway.

Here is what made that reasonable: Security+ exam booked for June 9, four Python tools on GitHub, Splunk Fundamentals 1 certificate earned this week, and 21 days of daily public documentation.

The pipeline from application to offer in cybersecurity averages 4-6 weeks. Applications sent now become interviews in Weeks 5-7. Those interviews happen right around when the Security+ arrives. Waiting until the cert was in hand would mean starting the pipeline at Week 8 — a 4-6 week delay with no benefit.

Security+ — all 5 domains covered for the first time

Domain 4 Security Operations is the most directly relevant to a SOC analyst role.

Incident response process — 6 phases that Security+ tests in strict order: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.

Order of volatility in digital forensics: Collect RAM before hard drives. Evidence that exists only in memory is lost on power is off. Some malware exploits this deliberately — existing only in RAM with no disk artifacts.

Domain 5 covered risk management and compliance. The five frameworks (HIPAA, PCI-DSS, GDPR, SOC 2, NIST CSF) make more sense when you understand the category of damage that created each one.

Second practice test: 90/100. Improvement from Week 2: 95/100. On track for the June exam.

The hash cracker

Core logic in about 15 lines:

import hashlib

with open(wordlist, "r", errors="ignore") as f:
 for word in f:
 word = word.strip()
 if hashlib.md5(word.encode()).hexdigest() == target_hash:
 print(f"Found: {word}")
 break

Tested against the MD5 hash of "password123" using rockyou.txt — 14 million real passwords. Found in [your actual time].

MD5: approximately 10 billion attempts per second on consumer hardware. bcrypt at cost factor 12: approximately 100 attempts per second. That difference — 100 million times slower — is the entire argument for modern password hashing.

Writing the tool made this concrete. Reading about it does not.

Splunk Fundamentals 1 — certified

Free course. All modules complete. Certificate earned and added to LinkedIn.

Key insight: The SPL search that finds top attacking IPs is the same operation as my Python log analyzer — same logic, different syntax, different scale:

index=main "Failed password" | stats count by src_ip | sort -count | head 10

Understanding the small Python version made the enterprise SIEM tool immediately intuitive.

Bandit level 24 — cron job exploitation

The most realistic technique from this week: finding a directory that a privileged cron job reads from and that a lower-privilege user can write to. Placing a script there. The cron job executes it with elevated permissions.

This is a real misconfiguration on production servers. The fix is simple — correct the write permissions on the cron input directory. Without that fix, any user who can write there can escalate their privileges.

Week 4

Full Security+ review. Third practice test. Interview preparation — because applications sent this week will generate responses this week and next. Five applications per day continue.

Code and notes on GitHub — link on profile.