My 5 Step Infosec Learning Methodology

Learning (Noun): The acquisition of knowledge or skills through experience, study, or by being taught. There are many ways to learn and everyone has a different style that works best for them. When reading my thoughts below take into consideration that I much more prefer audio/video than reading. To me this is because when it comes to audio I can listen passively while I do something else, like mow the lawn or work out. So when you’re mapping out your approach, take a look at your lifestyle and the time you have throughout the day to consume information. If you have time to sit down and read and you enjoy that, great do it. If not, maybe try audiobooks or podcasts.

Ok, so the most important thing to me, my number one goal, when i’m learning something new is immersion. I know myself and I know that when I just read a blog post here and maybe watch a video on youtube there, i’m not allowing the content to really soak into my brain. I need repetition and constant interaction with whatever i’m learning. So, I try and do all the things i’m going to list below on a regular basis. I make it a habit, a practice to participate in these 5 “methodologies” very regularly.

When you are constantly in the trenches, constantly in the mix and you have immersed yourself in a topic you begin to pick up on trends and commonalities and differences that you might not have been able to pick up on if you were not learning on a regular basis. So I highly recommend immersing yourself in whatever it is you want to learn.

Now onto my 5 step learning methodology.

1. Podcasts. One of my most faLeorite ways to consume information and get educated is by listening to podcasts in whatever the subject area is. In my case it’s infosec, IT, cybersecurity, etc. You get the point. Podcasts allow passive consumption, which is the biggest reason I love them right now. I can listen to podcasts while I mow the lawn once a week. I can listen to podcasts on my commute to and from work. I can listen to podcasts while i’m working out. The opportunities to listen to podcasts are really endless. It all depends on your lifestyle and your schedule and what you’re up to. I highly recommend, if you haven’t already, to look into podcasts that are in your subject area or discipline.
   • Frequency: Minimum Daily. For me personally, I find that finding podcasts that I can listen to on a daily basis is the best way to make sure i’m consistently and constantly immersing myself into infosec. I find as many quality podcasts as I can to fill up my commute time, exercise time, etc. How frequent you decide to dig into podcasts, and any other content for that matter, is totally up for you. This is just what works for me.
2. YouTube. You can seriously, without a doubt in my mind, get a degree from YouTube alone. There’s billions of hours of content on YouTube uploaded every day. There’s so much information you wouldn’t even be able to begin to consume it all for any subject area. Go ahead and try i’ll wait. Just kidding. But seriously. Especially when it comes to IT, Security, etc. there’s tons and tons of quality content on YouTube. MIT has a boat load of content up on YouTube and they tend to be very comprehensive. There’s also full courses or sections of courses on YouTube you can take advantage of. Seriously this is a big big resource to use.
   • Pro Tip: Read Comments. One thing I think is super helpful when looking for quality content on YouTube is to quickly glance at the comments on each video. Give it a once over and look for people giving the video a thumbs up or thumbs down, look for positive comments and look for bad comments. This will quickly give you a rough indication of the quality of that video.

3. Books. Find the best books on the subject and make it a religion to read regularly, at least weekly. When i’m looking for books I will check out reviews on Amazon or Audible and see what people have to say about them. I will make sure that the topic of the book is really focused in on something I really want to learn about, and then I just jump right in. I don’t spend too much time over analyzing if the books going to be good or not. I think you can find a lesson in anything. So even if you only listen to half the book and decide its crap, I still think you can get something out of it.

4. Online Courses. My favorite resource for this right now is Cybrary. If you’re on a tight budget and don’t or can’t shell out money for paid courses this is the best place to start right now, in my opinion. They have tons and tons of courses related to IT & Security. They even have paid plans where they give you access to virtual labs if you want to go that route. When you graduate from those and want to get more in-depth and comprehensive online courses that have mentors and virtual labs and certification stipends, then you will want to look at Udemy, ITProTV, Lynda, Pluralsight and Coursera to name a few. They all have their strengths and weaknesses, but those are the ones I have heard the best reviews about. I’m excited to pitch these to my boss so I can speak to them firsthand and really give an accurate review. For now, just take my word that these are among the best of the best right now.

5. Do. “Progress is made by doing, not by pondering.” Actually execute what you learn in a lab/sandbox environment. This is the most important step. The things I am learning I am practicing on my own personal lab. AKa VirtualBox. Remember what I said above about immersion. I really think that if you begin to interact with the community, provide value to others, get feedback from others and join in on the conversations you will begin to learn faster and more completely in whatever it is you’re trying to learn.

That’s all I have for now on this topic. This has been a little brain dump to get some ideas out on paper. I truly hope that someone, maybe 1 or 2 people find value in this. If you did get value from this or if my thoughts sparked an idea of your own or if you want to continue this conversation, hit me up on Twitter @techspence, I would love to connect!