As you’ll probably be able to relate, I love reading. In particular, I love reading about cybersecurity. Ever since I was a kid, I was reading books and consuming as much content about security as possible — starting on books like Ghost in the Wire and watching Hak5 videos. Eventually, I was reading blue team defender manuals in bed at night.
Fast forward to today, and little has changed (although I stopped reading cybersecurity manuals before going to bed). Twitter, Hacker News, Mastodon, Github, and dozens of threat research blogs are where I spend at least a couple hours daily. In the past couple years as I entered the industry, an issue began to arise — memory. Remembering and being able to reference something I read in the past became more difficult. What good is all that reading if I can barely remember anything for more than a few days at most?
Productivity as a Lifestyle
By now, you will have noticed a trend over the past few years. Productivity as a lifestyle has become immensely popular. Vloggers, influencers, redditors and app-makers who operate purely in the realm of productivity and note-taking specifically have grown exponentially. And with that, PKMs (Personal Knowledge Management) systems have become a hot topic online. I’m not going to lie, I get sucked into this stuff occasionally, and find myself constantly tweaking my workflow to eek out the ideal ‘system’ — whatever that is (I’ve written drafts of this blog post several times over the last 6 months).
Below is the PKM system I’ve settled on as of the beginning of 2023. There are two main things to keep in mind; First, this system is highly fluid and it’s almost certain to change. Second, what works for me may or may not work for you. This is merely how I do it, and what works for my brain likely won’t work for yours. Take everything here as a source of inspiration. That big tangent aside, this is my workflow.
Capture Workflow
I use a combination of a few tools to currently collect, organise, and synthesise knowledge — Notion, Readwise, and Obsidian.
Notion
Notion was my first real step into collecting and categorising content from across the web, and despite adding Readwise to this workflow recently, I still find myself using Notion as the first capture point. It’s easy to share to from Android’s share menu, I can use the web clipper extension, it syncs everywhere instantly. An example use-case is, If I’ve found a cool tweet based on using Impacket for remote code execution, I can share that to Notion, tag it as “pentesting”, and populate the ‘Tool’ field with Impacket and Active Directory. I can then mark the note as ‘Done’ or ‘To be done’ if I want to annotate it in detail later through Readwise.
Notion also has the power of relational databases. This means I can link between multiple databases and leverage different views. I used this for a lot more in the past, but now that I’ve moved to Obsidian predominantly, the only real thing I use it for is the tool database.
The Tool Database
I decided to create a separate database just for tools and scripts and the like, since I wanted to define a separate schema and be able to filter that separately. I’ve designed it with the intent that as a “purple team” inclined person, I might want to be able to filter for red team tools and what they’re used for, and at what stage in the attack they align to. This is super handy for threat research and detection engineering aimed at detecting the TTPs of these tools.
Readwise
Readwise is a recent addition and the only paid service in this workflow. The big benefit of Readwise is the new ‘Reader’ functionality, which allows you to send articles, books, tweets, PDFs, youtube videos, podcasts, RSS feeds and somehow even more into it and then annotate them as you go. You can also do handy things like invoke ‘Ghostwriter’, an implementation of GPT-3 that can be used for generating summaries, simplifying content, and even generating Q&A questions based on the content of the article. It’s really cool, and it serves as the main collection point for resources that I want to highlight and really absorb in more detail.
The other prime benefit of Readwise is the ability to sync highlighted content from all your various sources into Obsidian, and customise the layout of the file to your liking. In my configuration I’ve got some YAML frontmatter, and formatted the highlights as quotes for easy legibility and to delineate my writing from someone else’s.
This is an example of an article I first added to my ‘To be done’ list in Notion, then read in Readwise, with highlights syncing through into Obsidian automatically.
All of that said, I haven’t been using Readwise for long, and it is a paid service. With the move to Obsidian, I’ve been enjoying owning more of my data, and I’m not super comfortable tying up a lot of my reading in a paid subscription. However, It’s the best of it’s kind at the moment, so we’ll see how long I stick with it.
Obsidian
Obsidian is by far the best note-taking app on the market right now. It’s free (but closed-source) and sports a vibrant community of plugin developers that allow you to tweak your experience and workflow endlessly. It really scratches that part of my brain that desires to constantly meddle with workflows without actually changing tools, which is by far the most detrimental issue with that urge. Obsidian tends to draw people in by how it lets you link notes together, and create a visual relationship between them which can be graphed.
Obsidian works off of local markdown files, making them resistant to changes in tools in the future. It also places the ownership (and responsibility) of those files in your hands rather than someone else’s. This means it’s on you to sync and manage your data. Some will be attracted to that, others will be deterred by it.
I use Obsidian in a very folder-hierarchical way that runs somewhat contrary to how a lot of Obsidian-advocates would recommend, which is to have little to no hierarchy and just have all your notes float around in one folder and navigate by search and backlinks. I like a solid Confluence-like structure and navigating the explorer to find what I’m looking for. However, I follow a couple simple rules:
1. Firstly, go no more than three folders deep. If you need to go deeper or organise further, use links.
2. Secondly, keep the high-level folders as broad as possible. A practical example of this is a top level folder called ‘Tech’, with sub-folders for things like ‘Active Directory’. I can usually stick in the bulk of my notes on the topic in there and link between them where necessary or find them by eye, while still leaving some room for a third folder if needed. Right now this standard is very loose, which is a deliberate choice, since more structure and rules can have a massive impact on creativity.
This can be augmented really well by Obsidian’s built-in search, or plugins such as “Omnisearch” which are perfect for finding content by keyword, file path, or a combination therein.
Concluding
This article is getting really long at this point, so I’ll leave it there. There are so many facets to this kind of thinking and workflow, so I’ll likely write more diving into more specific use-cases and examples another time. If you have any questions about anything, feel free to send me a DM on Twitter or fire me an email at rcegan@omg.lol.
