Lab Notes — November 3 2025

Overview

Security+ prep day emphasizing infrastructure hardening, career path mapping, and threat modeling fundamentals. Conversations covered salary benchmarking for sysadmin and pentester roles, long-term certification trajectory, and foundational technical concepts like RTOS vulnerabilities and AES encryption standards.

1. Security+ Domain 1 — Architecture and Design

Topic: Real-Time Operating Systems (RTOS)

  • RTOS devices are often vulnerable due to limited patching and inability to install endpoint protection.
  • They’re less frequently targeted not because they’re secure, but because they’re isolated or specialized, e.g., embedded controllers and industrial firmware.
  • Security focus: segmentation, network isolation, and firmware validation.

2. Cryptography Review

  • Revisited AES-512 reference — clarified that AES officially supports 128, 192, 256-bit keys.
  • “AES-512” is a non-standard term sometimes used informally to describe extended custom implementations.
  • Reinforced importance of using FIPS-approved algorithms for compliance.

3. Sysadmin Practice — Git and File Management

Goal: streamline Markdown posting workflow to GitHub Pages.
Key commands reviewed:

git add .
git commit -m "Updated daily lab notes"
git push origin main

Added optional suffix automation:

rename 's/([0-9]{4}-[0-9]{2}-[0-9]{2})\.md/$1-post.md/' *.md

Ensures consistent file-naming convention for published logs.

4. Security+ Domain 5 — Governance, Risk, and Compliance

  • Reaffirmed difference between PaaS, SaaS, and IaaS services in context of Outlook .com and Microsoft 365.
  • Outlook .com = SaaS, since Microsoft manages both the app and infrastructure.
  • Reviewed data responsibility boundaries between vendor and user.

5. Certification Roadmap and Role Progression

  • Current trajectory: SysAdmin → Pentester (Red Team with Purple tint).
  • Short-term goal: Security+ completion.
  • Mid-term: CCNA, CySA+, and Pentest+.
  • Long-term: Red Team specialization with cloud and AI-security crossover.

Key Takeaways

  • RTOS vulnerabilities stem from limited patchability, not invulnerability.
  • AES-512 ≠ valid AES variant — stick to AES-256 for compliance.
  • Maintain version control consistency with automated renaming.
  • Understand shared-responsibility models in cloud contexts.
  • Keep certification path tied to evolving sysadmin-to-red-team roadmap.