Comparing Obsidian and Notion: Uses and Applications in Cybersecurity & Penetration Testing

Written By Winton
 
 

In the realm of note-taking and knowledge management, Obsidian and Notion have emerged as two powerful tools, each with its strengths and weaknesses. Over the past couple of years, I’ve utilized Notion heavily. Obsidian is relatively newer to me, but I love the essence of its interconnectivity, allowing someone with ADHD-like tendencies and sporadic thought scribbling to jot down and mark down everything that comes to mind while making it effective and useful long-term. This article aims to compare these two platforms, focusing on their uses and application in general and also in cybersecurity.

Obsidian vs. Notion: An Overview

Obsidian

Obsidian is a markdown-based note-taking application that excels in creating a network of interconnected notes. It focuses on local storage and privacy, allowing users to keep their data on their own devices. This makes it particularly appealing for those who prioritize data security and control, always available as long as you have your device with you. Obsidian’s dynamic graph view allows users to visualize connections between notes, making it easier to navigate and understand complex relationships.

 
Using Obsidian

Taken from https://www.trafficflows.org/using-obsidian/ , since my graph view doesn’t look nearly this comprehensive (yet). If you hover over any point on this graph, it will show you what you marked down in brackets. [[example]] ← this would show up as a link, and if you created another link within this page, it would create a backlink which connects the two dots on this graph.

 

Notion

Notion, on the other hand, is an all-in-one workspace that combines note-taking, databases, task management, and collaboration tools. I LOVE it as it has effectively solved my disarray that exists within Google’s Docs and Sheets, where notetaking was as messy and the same as it has been for me since high school. Not fun.

It is cloud-based, offering seamless access and real-time collaboration across devices. Notion’s intuitive interface supports a wide range of functionalities, from simple to-do lists to complex project management boards, making it suitable for both individuals and teams.

One thing I did was I followed a YouTube video tutorial on how to create a second brain, essentially mimicking what Obsidian does in a more text-based format with folders and pages, making it look more like a website than anything else. At best, it is a glorified project management tool and brain dump so that I don’t lose a single thought, idea, or task. Although admittedly I haven’t used it much (peep the “edited” date on the top right), so maybe that’s a pitfall of creating such a complex system in order to simplify workflow processes. What a paradox.

Notion Workspace

Core Functionalities

Cybersecurity Applications

Obsidian for Cybersecurity

  1. Local Storage and Privacy: Obsidian’s emphasis on local storage ensures that sensitive information remains on your device, reducing the risk of data breaches associated with cloud storage. This is crucial for cybersecurity professionals who handle sensitive data.

  2. Interconnected Notes: The ability to create a network of interconnected notes is beneficial for mapping out complex strategies and notetaking for exams, pentests, and understanding the relationships between different vulnerabilities and exploits.

  3. Markdown Support: Markdown allows for quick and efficient note-taking, which is essential during fast-paced activities. It also supports code snippets, which can be useful for documenting scripts and commands. Backlinking is one of the most important features in Obsidian that I’ve used so far, since I haven’t integrated many of the plugins yet. Read below.

  4. Plugins for Customization: Obsidian’s extensive plugin ecosystem allows users to add functionalities tailored to their specific needs. For instance, plugins for code syntax highlighting, task management, and even real-time collaboration can be added to enhance productivity. You can also create templates which allow for faster creation of pages with similar features and qualities.

Notion for Cybersecurity

  1. Real-Time Collaboration: Notion’s robust collaboration features make it ideal for team-based activities. Teams can work together seamlessly, share notes, and assign tasks in real-time. Though one drawback is that the latency can get buggy if you add too much at once, or if you have too much media in one page. Something to keep in mind.

  2. Project Management: Notion’s project management capabilities, such as kanban boards and timelines, can be used to organize and track projects. This is particularly useful for managing penetration testing engagements or red team operations.

  3. Database Functionality: Notion’s database features allow for the creation of detailed repositories of vulnerabilities, exploits, and remediation steps. This can be used to build a comprehensive knowledge base for cybersecurity teams.

  4. Integration with Other Tools: Notion’s ability to integrate with other productivity tools, such as Slack and Google Drive, enhances its utility as a central hub for cybersecurity operations.

Pain Points in Using Obsidian and Notion for Cybersecurity

While both Obsidian and Notion offer powerful features for note-taking and knowledge management, they come with their own set of pain points, particularly when used in the context of cybersecurity. Understanding these challenges can help users make more informed decisions about which tool to use and how to mitigate potential issues.

Obsidian: Pain Points

  1. Limited Collaboration Features:

  • Challenge: Obsidian is primarily designed for individual use, with limited built-in collaboration features. This can be a significant drawback for cybersecurity teams that require real-time collaboration and information sharing.

  • Impact: Teams may struggle to coordinate effectively, leading to inefficiencies and potential miscommunication during activities or penetration tests. Notion is pretty user-friendly if you take the time to learn it in the very beginning and as you go, however.

2. Security Risks from Plugins:

  • Challenge: Obsidian’s extensive plugin ecosystem, while offering great customization, poses security risks. Plugins developed by third parties may introduce vulnerabilities or malicious code, as noted by the community.

  • Impact: Users must be cautious about which plugins they install, and organizations may need to implement additional security measures to mitigate these risks.

3. Steep Learning Curve:

  • Challenge: Obsidian requires users to be familiar with Markdown and its various features, which can be daunting for those new to the platform. Honestly, it isn’t that complex. The plugins and templates are more complex, and I’d love to see how Obsidian makes this more user-friendly in the future so that we don’t have to spend more manual hours making things look nice and work the way we want. I want to SAVE time on effective notetaking, after all.

  • Impact: The initial setup and learning phase can be time-consuming, potentially delaying productivity and effectiveness in cybersecurity tasks.

4. Lack of Built-In Integrations:

  • Challenge: Unlike Notion, Obsidian lacks native integrations with other tools commonly used in cybersecurity, such as Slack, GitHub, and various project management systems.

  • Impact: Users may need to rely on manual processes or additional plugins to achieve the desired level of integration, which can be cumbersome and less efficient.

Notion: Pain Points

  1. Cloud-Based Storage Concerns:

  • Challenge: Notion stores data in the cloud, which can raise concerns about data privacy and security, especially for sensitive cybersecurity information.

  • Impact: Organizations may be hesitant to store sensitive strategies or vulnerability data on a cloud platform due to the risk of data breaches or unauthorized access.

2. Potential for Credential Leakage:

  • Challenge: Notion’s collaborative nature and use as a repository for documentation can lead to inadvertent exposure of sensitive credentials if access controls are not properly configured.

  • Impact: Misconfigured access controls can result in unauthorized access to critical information, posing a significant security risk.

3. Complexity and Clutter:

  • Challenge: Notion’s extensive features and customizable options can lead to a cluttered user interface, making it difficult to maintain organization and focus.

  • Impact: Users may find it challenging to navigate and manage their notes efficiently, which can hinder productivity during cybersecurity operations.

4. Limited Offline Capabilities:

  • Challenge: While Notion offers some offline capabilities, they are limited compared to Obsidian’s robust offline functionality.

  • Impact: Users may face difficulties accessing their notes and data during field operations or in environments with poor internet connectivity, which can be a critical issue in cybersecurity scenarios.

Conclusion

Obsidian and Notion have their strengths and weaknesses, particularly when applied to the field of cybersecurity. Obsidian’s focus on local storage and customization makes it a secure choice for individual use, but its limited collaboration features and potential plugin security risks can be challenging. Much better for the solo artist, although a simple copy over to Notion isn’t challenging at all. Notion’s robust collaboration and project management capabilities make it ideal for team-based operations, but its reliance on cloud storage and potential for credential leakage requires careful consideration and additional security measures. This has been my least favorite part of using Notion as it slows down tremendously over time and usage. By understanding these pain points, cybersecurity professionals can better navigate the complexities of using these tools and implement strategies to mitigate potential risks, ensuring a more secure and efficient workflow.

Both Obsidian and Notion offer unique advantages for cybersecurity. Obsidian’s focus on local storage and interconnected notes makes it a powerful tool for individual hackers who prioritize data privacy and control. Notion’s robust collaboration and project management features make it ideal for team-based operations and comprehensive knowledge management. Ultimately, the choice between Obsidian and Notion depends on your specific needs and preferences. For those who value customization and local data control, Obsidian is the better choice. For those who need an all-in-one tool for managing collaborative projects, Notion is the way to go. I actually choose to use both, since having a mixture of cloud and on-prem options is always safer, and they both have their own strengths and applications which make them more powerful when used together. By understanding the distinct advantages of each platform, cybersecurity professionals (and all individuals) can make an informed decision that best aligns with their operational strategies.

Medium.com

Winton
Previous

Red Team Fundamentals — Why Penetration Testing Alone May Not Be Suitable For Your Company
Next

SOC 2 Readiness — How to Prepare for Your First SOC 2 Audit