{"id":4618,"date":"2024-01-09T09:51:31","date_gmt":"2024-01-09T16:51:31","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=4618"},"modified":"2024-01-09T09:51:31","modified_gmt":"2024-01-09T16:51:31","slug":"be-curious-tinker-learn-and-grow-part-1","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/blog\/be-curious-tinker-learn-and-grow-part-1\/","title":{"rendered":"Be Curious \u2013 Tinker, Learn and Grow – Part 1"},"content":{"rendered":"
Jonathan Studebaker<\/a>, Senior Security Consultant at InGuardians, Inc.<\/a><\/p>\n Editor’s Note: <\/em><\/p>\n Part 1<\/em><\/strong> of this three-part series discusses the pros and cons of some common learning approaches, information resources for infosec information security (infosec) topics that may interest you, ways to get involved in the infosec community, and setting realistic goals, budgets, and expectations for yourself to maintain work\/life balance. <\/em><\/p>\n Part 2<\/em><\/strong> will discuss some specific training resources and projects like building a home lab, tinkering with Raspberry Pi, and ways to explore mobile, cloud, wireless, and physical security. <\/em><\/p>\n Part 3<\/em><\/strong> will provide a simplified direct reference list with links and resources broken down by topic to provide periodic updates as resource relevance and availability change over time.<\/em><\/p>\n From an early age, I\u2019ve had a sense of curiosity and a strong desire to tinker with the world around me. As a kinesthetic learner, I prefer to learn by doing and experience a developing skill first-hand. Whether we are new to the information security space or seasoned veterans, we are often called upon to wear many hats across a wide variety of disciplines. Regardless of our backgrounds, skillsets, or learning styles, information security as a career choice requires us to be life-long learners. But with so much information and so many disciplines within this broad category, how do we decide on where to start or what to learn next? How and where do we learn it? How much does it cost? How do we maintain work\/life balance?<\/p>\n Learning quickly may sound appealing and sometimes it may be unavoidable if you have a tight deadline or requirement. It is possible to learn a great deal this way, and it can be a good way to get quick exposure to a topic. If a topic isn\u2019t for you, you also get through it quicker and can move on to other things. However, the downside of this approach is that long-term retention and overall depth of knowledge are not as strong. Additionally, taking on too much too fast can be a massive contributor to burnout and stress.<\/p>\n In some cases, we can take our time and move at a slower pace when learning a new topic. For some, this is the only option, as busy schedules and other commitments prohibit them from focusing all their attention and effort on learning the new skill. Consistent learning over time leads to a strong foundation, increased depth of knowledge, and greater mastery of a subject before moving on. Unfortunately, if a topic isn\u2019t for you and if you have a lot invested in it, using this approach may make moving on a very long and arduous process.<\/p>\n Another option is to fully immerse yourself in a topic. For example, when I was in college, I had to write code in and for Linux. At the time I had not used Linux very much and had received only a brief intro to the basics. The first semester I struggled with it, but when I realized that this was going to be my new normal if I wanted to pursue my major successfully, I removed Windows from my personal computers. Not a dual boot. Not a VM. Windows gone. Linux only. While this may sound extreme, it forced me to pick it up quickly while consistent daily use over time helped me to learn it well. Obviously, the downside to this approach is that turning back may be difficult and can result in a significant loss of time, money, and effort if you do.<\/p>\n An alternative approach is to start with small, quick, and free\/cheap learning resources or projects. This gets you some exposure to a topic and if it continues to interest you, you can expand upon it with additional time and effort. If you decide that the topic isn\u2019t for you, that\u2019s okay, pick a new one and move on. The course correction won\u2019t incur substantial loss, you still learned something, and you have a better idea of the direction you want to go. Remember using this approach we\u2019re just tasting the porridge until we find the one that\u2019s just right. Not everyone is cut out for every infosec topic and there are a lot of topics to choose from. This approach will be the focus of this blog series, just remember to watch out for bears.<\/p>\n There are so many free resources available to aid in infosec education. Some of the most obvious sources are social media, online blogs, vlogs, and podcasts. The amount of content can be overwhelming at times and knowing who to follow and what sources to trust can be a challenge. If you\u2019re looking for a place to start, consider creating a free SANS account<\/a>. This will give you access to free webcasts<\/a>, newsletters<\/a>, white papers<\/a>, and more. These resources can also introduce you to subject matter experts, industry leaders, and organizations that you may want to follow on other platforms. Once you\u2019ve made a few connections it can really start to snowball from there.<\/p>\n Check out online chat resources like the BloodHound Gang Slack<\/a> and the InfoSec Prep Discord<\/a>. These are by no means the only options available but are well-known and active places to connect with like-minded individuals on a variety of topics. There are quite a few free online and in-person security-related events as well. Check out Free SANS events<\/a> and other security-related events on services like Eventbrite<\/a>, or meetup.com<\/a>. Live or online security conferences are also a great opportunity to learn and network with peers. Many conferences like DEFCON<\/a> also post the presentations online either during or soon after the conference.<\/p>\n Books and magazines are another great option, but often incur a cost of some kind. Bookstores like Barnes & Noble<\/a> and Amazon<\/a> are great resources for a variety of technology-related publications including information security-specific titles. Publishers like No Starch Press<\/a>, Packt Publishing<\/a>, Wiley Publishing,<\/a> and O\u2019Reilly Media<\/a> have substantial security-related content collections. Check out Humble Bundle<\/a> for an amazing resource that frequently offers bundles of infosec and technology-related software and books for extremely reasonable prices. Traditional public libraries typically provide free memberships and sometimes have excellent technology and security sections. Some public library systems and university libraries even offer free access to online learning resources like LinkedIn Learning<\/a> and O\u2019Reilly Media. Finally, audiobooks from services like Audible<\/a> and podcasts like Security Weekly<\/a> and Darknet Diaries<\/a> can be a fantastic choice for information ingestion, especially if you have a frequent commute to school or the office.<\/p>\n For the folks that prefer a more traditional learning approach, with an online or in-person course, check out training opportunities from groups like InGuardians<\/a>, SANS<\/a>, OffSec<\/a>, INE<\/a>, Black Hat,<\/a> or local schools and colleges. This is far from an exhaustive list of available options but will hopefully give you a starting point to aid in your searches or discussions with your peers.<\/p>\n Depending on where you live, there may be local DEFCON groups<\/a>, OWASP chapters<\/a>, security clubs\/groups, and other security-related meetups. These meetups are often free to attend, have fantastic content, and are a great way to network with people in your local community. In many cases, these groups also offer speaking opportunities for you to present something that interests you. If there aren\u2019t any local to your immediate area, check to see if any have online meeting platforms.<\/p>\nA few common approaches to learning<\/h3>\n
The Fast and Furious Approach<\/h3>\n
The Slow and Steady Approach<\/h3>\n
The All or Nothing Approach<\/h3>\n
The Goldilocks Approach<\/h3>\n
So much information, so little time<\/h3>\n
Get Involved<\/h3>\n