2017 Year in Review

meta, other

Hello! This is the second installment of my year in review “series”. Last year I did a year in review and found it to be very beneficial and so the tradition continues.

Blog / Community

My goals for 2017 centered around a few items: finishing an ebook info product, writing on the blog, and mentoring with Chic Geek.

The idea for the ebook was to create something based on my experience in Ruby & Security. This did not happen. I started working on the project and came to the realization that I didn’t want to do an info product. My heart wasn’t there and I killed the goal!

The second bit of work that I wanted to accomplish was writing more for the blog. This also did not happen. Primarily there was no info product to write for and therefore not a lot of motivation to dig up new material for blogging. As well, very little major Ruby related work landed on my plate at work so there were minimal new ideas / material to write about.

Both of the above can feel like failures if I let them. But upon reflection I realize they weren’t things I wanted to do. And I’m okay with not doing something for the sake of meeting a goal. There is a quote from the book With Winning in Mind that applies to this situation:

if you trade up to a new goal in the process of working toward a goal, the first goal has completed its purpose!

In this case, I killed two goals that allowed me to pickup a new goal (more on that later). To me that is a success.

My final goal from last year was to mentor with Chic Geek. I had a fantastic mentee this year. My mentee made it her goal to get a job as a software dev. We worked on researching companies, polishing her resume, practicing for interviews, and working on a portfolio project. It was a very rewarding experience for both of us and my mentee hit her goal and landed a job in town. I was very proud of how hard my mentee worked and that she was able to accomplish her goal.

Goals

For this next year I’ve changed the community and blog related goals to be a little more focused on side projects:

  • Prototype App – A friend of mine has asked me to help him build a prototype Augmented Reality app to use for grant hunting. I like his idea and think I can spin him something quickly.
  • Launch a SaaS – I’ve got an idea that is approximately 40% implemented that I started last year. I’ve done a proof of concept and want to productize this app. I’ll write further about it as this materializes more.
  • Present at the ruby meetup group on security – I’ve got a few ideas lined up that should fall into place.
  • A blog post or two – One would be on the security ideas I have in mind, the other on some of the things I’ve learned at work in the last few weeks of 2017. We’ll see what the rest of the year holds.

Work / Security

Last year I had focused my work / security goals towards learning more about reverse engineering. There are two coleagues at work that I talk to about this topic and I enjoy every minute of it. As part of my goals last year, I decided to take a course on reverse engineering. I was lucky enough that these two colleagues were writing a course for SAIT on Malware Analysis and I was able to beta test it for them. It was a rare opportunity and I learned a lot from the course.

By taking the malware reversal course, I learned that I enjoy reading and discussing the topic of malware, but don’t enjoy the act of reversing malware as much. Which means that I was able to kill my goal of doing a full CTF.

I also learned during the year that I am more interested in web based security. I had the opportunity to attend an internal Cisco training course called r00tcamp. In the course, I was able to explore different types of web exploits – some I was familiar with, others I wasn’t – and also work on a web based CTF. As part of r00tcamp I was given time to find exploits in our product. I found a handful of security bugs (some major, some minor) which was a big win. And I now know that web based security is what I enjoy the most!

I had made the goal to complete a responsible disclosure last year and I am happy to report that I was successful doing this smile I submitted a security bug report through Hacker One, but unfortunately I didn’t get a bounty for it disappointed At least I can check off that I accomplished my goal in this area. white_check_mark

One additional piece of training that I was also able to take advantage of this year was CCENT. One of my co-workers teaches a CCENT course locally, and offered the training up to the Calgary office. By crossing out my info product & blogging related goals, I was able to make the time to go through the course. I learned a great deal about networking and feel like I have a solid grasp on networking fundamentals.

Goals

My goals for this year are focused around bug bounties & web security testing:

  • Achieve work goals related to pentesting – I’ve setup a reading material and security training plan at work and finishing even half of that would be a huge win.
  • Complete the Gruyere “CTF” – this will be good practice for doing real bug bounties.
  • Submit a bug and receive a bug bounty – Knowledge application!
  • Submit 5 bug bounties (stretch goal) – allthethings Knowledge application!
  • Finish crypto-pals (stretch goal) – this isn’t super high on the priority list, but getting more exposure to how crypto works is beneficial, especially with the Internet taking an HTTPS everywhere direction. There is going to be a lot of opportunity for exploiting incorrectly done crypto.

Weightlifting

Weightlifting did not go as planned this year. Let’s start with the numbers:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
               | 2017 |  2017  |      |
               | Goal | Actual | diff |
--------------------------------------|
Snatch         |  165 |  140   | -25  |
Squat Clean    |  245 |  200   | -45  |
Split Jerk     |  200 |  195   | -5   |
Clean & Jerk   |  200 |  195   | -5   |
Front Squat    |  265 |  215   | -50  |
Back Squat     |  315 |  240   | -75  |
Push Press     |  165 |  175   | +10  |
Strict Press   |  135 |  135   |  0   |
Bench          |  225 |  185   | -40  |
Deadlift       |  400 |  340   | -60  |
Overhead Squat |  185 |  165   | -20  |
BS + DL + BP   |  940 |  765   | -175 |

My presses & jerk went according to plan and I’m jerking above bodyweight success However my squats, deadlift, and olympic lifts did not. In fact, many of these numbers did not change from 2017. This happened for a number of reasons:

  1. Family
  2. Training Plan
  3. Injury

Let’s start with the family reason. This little guy decided to enter the Miller family:

Max Miller

My son Maxwell was born in June and he is an absolute joy (he’s the one on the right.) Anyone with a newborn will tell you one of the first things to go is sleep. And if you’ve done any weightlifting, you know that sleep is a must. This large change affected my training and weightlifting (no surprise there, or disappointment, our kiddo is amazing!)

The second reason that my weightlifting didn’t go as planned was that my training plan didn’t align with my goals. I had wanted to do a few weightlifting cycles like last year, but they never happened. I got distracted by the CrossFit Open, then distracted again with some other “nice to have” goals. All of a sudden it was December and I realized I had done nothing to hit my numbers. Oops!

I’ve already made changes to my programming to better align myself with my training goals, and have changed my focus away from CrossFit to exclusively weight training. I’m confident that this alone will help to hit my numbers this year.

The final reason for not hitting my numbers was injury. Around the time Maxwell was born I started to have pain in my left hip, especially when squatting. After a bit of diagnosing it turns out that bad mechanics were to blame. My hip flexors & quads were so tight they were having an affect on my hip socket and in turn causing pain in hip based movements (which is the majority of movements.) collision

It has taken me around 2 months to be pain free in my hip, and has been another month of rehab to fix my squat mechanics. There is still a long way to go and my squat is nowhere near fixed yet. I’ve only begun squatting with load this month and at a faction of what I’m capable of. Injury sucks and it is going to impact my goals for 2018.

Goals

This year I’ve set reasonable expectations for my goals, and a big stretch goal in the event that everything goes exceptionally well. My primary goal is fixing my squat. Without that working, everything else doesn’t matter.

If my squat is on track, my next set of goals revolve around hitting a 50 percentile against Beyond the Whiteboard. I use BTWB to track my lifts and it represents roughly what the CrossFit population is capable of. I’ve been > 50 for everything but powerlifts & olympic lifts for awhile and this has been the catalyst to lift seriously. Translated into weights that looks like:

1
2
3
4
5
6
7
8
9
10
11
12
               |         | 2018 |      |
               | Current | Goal | Diff |
---------------------------------------|
Snatch         |   140   |  145 | +5   |
Squat Clean    |   200   |  205 | +5   |
Split Jerk     |   195   |  200 | +5   |
Clean & Jerk   |   195   |  200 | +5   |
Back Squat     |   240   |  285 | +45  |
Strict Press   |   135   |  145 | +10  |
Bench          |   185   |  225 | +40  |
Deadlift       |   340   |  355 | +15  |
BS + DL + BP   |   765   |  865 | +100 |

These numbers are less ambitious than last years numbers.

To that end, I’ve setup a second goal if I hit the above numbers before the end of the year. That goal is to align my ratios against an “ideal athlete”. This is the idea that using the backsquat as a base measure, different lifts should be a certain percentage of the backsquat. I’d need to hit the following numbers to meet that goal:

1
2
3
4
5
6
7
8
9
               |         | 2018 |      |
               | Current | Goal | Diff |
---------------------------------------|
Snatch         |  140    |  190 | +50  |
Squat Clean    |  200    |  235 | +35  |
Split Jerk     |  195    |  240 | +45  |
Clean & Jerk   |  195    |  230 | +35  |
Push Press     |  175    |  185 | +10  |
Front Squat    |  215    |  245 | +30  |

Some of these numbers are pretty crazy given where I am now. And being able to add 45# to a split jerk, or 50# to my snatch in a year would be amazing.

This page was published on by Gavin Miller.