Hey folks, want to know the fastest way to learn cyber security? If yes then you’re at right place!
There is no question that cybersecurity is a hot topic these days. With all of the news about data breaches and cyber attacks, it’s no wonder that businesses and individuals alike are focused on keeping their information safe. But what exactly is cybersecurity?
In short, cybersecurity is the practice of protecting electronic information from unauthorized access or theft. This includes both hardware and software systems, as well as any data that is stored on them. There are many different types of cybersecurity measures that can be taken, but some of the most common include firewalls, encryption, and user authentication.
Everyone wants to learn cyber security fast but they don’t know how they can exactly do it. So without any further ado, let’s know what is the fastest way to learn cyber security in 5 simple steps.
Table of Contents
User Existing Meaning Structures
The first and most important way to learn cyber security faster and easier is to focus on topics realted to your existing meaning structures. You see all of us come with some level of background knowledge in a field or area of expertise. There’s a lot of things you already know and understand very well.
The closer and more connected the skill you’re trying to learn is to the stuff you already know, the faster it is to acquire. That’s why it’s much easier to get into cyber security if you come from an IT or computer science background.
Fields that involve working with software, systems, networks, than if you came from another field, like being a mechanic, english teacher or security guard, where your existing meaning structures are much farther away.
Jumping straight into a cyber security specialty like pentesting or threat intel because it sounds cool or pays well is so far removed from what you currently know that you’ll waste a lot of time covering missing ground and getting stuck.
Cyber security has a lot of different related subfields, so you can always find some niche that connects with what you already know. For the mechanic, it could be learning hard drive repair and data recovery, which then naturally tie into disk and memory forensics, useful skills to have on incident response teams.
For the english teacher, you could start off learning to be a technical writer on cyber security topics, documentation for tools, or security reports. For security guard, you might want to start off by learning more about physical security operations and access controls which could then tie into physical pentesting and software access controls.
Even while studying a topic, don’t just go in the order that information is presented. Find out what concepts are most proximate to what you already know and take a nonlinear learning approach.
Following strategy might require you making a few extra hops, but in the end it’s going to help you build more knowledge and reach your final goal faster. But now you might be thinking “What if I found a cyber security course teaching something that seems closs enough to stuff I already understand, so does it make sense to pull the trigger and buy it?”
READ MORE : How to Become Real Hacker
Interleaving Theory and Practice
See the problem with short-term courses is they don’t fit well with our biology. People learn best by interleaving small doses of theory and practice together over time. Not absorbing massive chunks of knowledge in just one or two weeks, where you’ll probably forget most of what you’ve learned, versus spacing things out.
When you’re learning something new, oftentimes what you think is a mental block is actually a physical block that gets removed when you sleep on it. Your spinal fluid washes away the plaque build up on your neurons, memories and emotions get solidified, and your neural pathways change in ways that help you understand the same thing from different perspectives.
Spacing out your learning schedule with more smaller doses is the best way to make this happen. So instead of banging your head against a brick wall, sleep on it for a few days and you’ll quickly find ways to go over, under, around, or through it.
I understand bootcamps and crash courses are gonna be valuable for a lot of people, but definitely consider the biology of learning as well if you’re dead set or doing them.
Teachers For Practice And Feedback
So what about university? Does it make sense to go to college to learn cyber security? Especially if there’s a teacher you know and really like who works there? Here’s the deal. There’s almost nothing you can learn in school about cyber security that you can’t learn outside of school.
Back in the day, knowledge was tied up in institutions like universities, but now podcasts, digital books, web content, have democratized it to the point of being free. So you’ve got to ask yourself what’s the value I’m getting for the premium price I’m paying?
And the answer is usually access to the teacher. For IT and cyber security, you’re typically going to want teachers who are practitioners themselves, otherwise you’ll just get a bunch of theory and research. Which of you can tell me the difference between an animagus and a werewolf? No one? How disappointing.
But too often do I find people asking to be taught, as if all they needed was to be shown hoe to do X in order to learn Y. And unfortunately, that’s also what a lot of practitioners do when it comes to teaching. Most people in information security who do education and practitioner educators. So they’re practitioner first, educator second.
The default thing that most people would think is, okay. I’m good at this thing. So I will show someone how to do this thing and then they will be good at it. That’s not really how humans learn. It’s not just a matter of watching someone do something once and we’ve really got it, particularly for really complex tasks.
FURTHER READING : How to Bypass 2FA & MFA
What you should do is ask teachers to assign projects that they know how to do, go through the trail and error process of doing it, while getting feedback from them during the struggle. It’s that cycle of deliberate practice combined with feedback that makes you build expertise really fast.
So rather than paying tuition to a school, where maybe a fraction of it goes to the teacher, you could just pay the teacher directly for their time, giving feedback as you’re working through specific, scoped projects. If you can’t find anyone or it’s too expensive, team up with a group of peers who are a little more advanced in IT and cyber security than you are, and pay them instead.
Building Mental Models
What if there’s just a ton of theory and background info I need to learn to be able to practice projects in the first place? It’s kind of overwhelming! To handle these situations, you’ll definitely want to be building mental models and ststems for yourself as you’re learning new things, instead of just memorizing stuff in isolation.
A mental model is just a way of organizing information. How we organize information helps us a lot more often times than the amount of knowledge that we accumulate cause we could structure it better and access it in better and more unique ways.
A lot of expertise is not so much about accumulation of knowledge, it’s about better organization of knowledge. Here’s a few useful mental models in cybersecurity I find useful that you can use to organize knowledge.
The first is the OSI model, which has several layers describing how close something is to the physical hardware, versus application software. When you’re learning about tools or how something works, the mental model helps you think through which layers of the networking stack they interact with.
Let’s say you try to connect to something and there’s no internet connection. Having the model can help you troubleshoot. Maybe you’re not plugged in or have a bad cable, maybe there’s access controls in place, maybe you have a IP subnet typo, your DNS name servers aren’t connected, or the remote server is down. The more experience you have with this mental model, the easier it is to troubleshoot problems and figure out how apps work.
A second mental model is defence-in-depth, which basically means instead of just having a on the front door of your house, maybe you’ll have locks on every other door too, with multiple security zones inside. And then you’ll layer on cameras, guards, lights, attack dogs everywhere, not just the perimeter.
When you’re learning about a network, device, or app, defence-in-depth helps you think about all the areas that can be exploited and need security controls. Two other mental models are timelines and minefields.
Timelines are useful for blue team ops, where you pivot from discovering one security alert to uncovering all the other events that happened on your timeline for a full story of what happened.
On the other hand, for red team ops, treating your target network like a detection minefield can help you think about which areas have honeypots, endpoint protection, or extreme monitoring, which can then help you know which tools and techniques you should use to avoid getting caught by the blue team.
As you learn more about cyber security, you’ll acquire a bunch of mental models and personalized frameworks that can help you handle any new topics or ideas you come across.
When you’re dealing with a lot of dense complex topics, what I like to do is to decompose the pieces using a mind map, which can become its own model. Kind of like how you’d need house blueprints to build a house or a network map to understand a network.
The key thing is to be in divergent thinking mode, where you’re thinking of all the possibilities from a single data point, versus being in super focused analytical mode. When you come across a word or topic, write it down on a piece of paper, then connect it to other pieces and realted topics.
Continue connecting everything together, until it’s mostly mapped out. Then highlight the areas you don’t know very well, then do a focused deep dive to tie everything together. Just make sure you’re updating the mind map every now and then, to keep track of how you arrived at a topic.
During a job interview when you’re asked to explain how something works, it’s gonna explain how something works, it’s gonna be really valuable to showcase everything you know on the spot by retracing your mind map or mental model.
So if I want to learn about file formats, here’s my process starting with mind mapping. I’d begin by drawing some bubbles for files formats, maybe a few like PDF, PNG. Then maybe think through what scenarios knowing about them would be important, maybe data recovery, forensics, carving files from PCAP.
I’d like to figure out the tools used to detect file formats, and different tests those tools use. The man pages for the file command use filesystem tests, magic tests, and language tests which we need to go read more about. There’s also different flags I can use for the file command to explore.
READ MORE : CTF Complete Guide to Be Pro
After building the mind map, I can then skip topic I’m not really interested in because they don’t related to any existing meaning structures for me, and then highlight the topics that do, like how files are stored on a filesystem, because I know a bit about formatting hard drives and USB sticks.
If I have access to a teacher, I might ask them to give me some project ideas for carving files from disk or PCAP using a tool like Scalpel, then ask for feedback when I explain my workflow and process. If I didn’t have a teacher, I could find a forensic discord server or slack channel and ask people for resources they know of that have guided practice labs.
Conclusion: Learn Cyber Security Faster
In this article you saw the fastest way to learn cyber security in 5 simple steps. One of the hardest things about learning cyber security is there’s no formal roadmap and a million different places to start. The more topics you explore, the more holes you discover.
How do you manage this? It all starts with having a strategy and structured plan for learning. This way, you can stay on track and make consistent progress. Above I had mentioned five simple steps to fo this.
I hope this article would be helpful to answer “How to learn cyber security faster?” Are there any learning tools or frameworks you really enjoy using and wanna share? Let me know in the comments below.