Learning and never enough time!

Viewing 24 reply threads
  • Author
    Posts
    • #5278
      T_Bone
      Participant

      I am 100% sure its not just me that thinks this way but have only been working in security for 2.5 months and sys admin for about 5 years…. The problem is now that i am into security i just cant get enough of it and all i want to do is learn, the problem is there is just not enough time and money….oh and i have a girlfriend so more than half of my free time has to be spent with her!!! 🙂

      I came across the link below and now would like to read every single book on this page. I think what would satisfy my hunger would be a course that spanned over 12+ months which would contain everything in the books on this link and more…

      http://syngress.com/hacking-and-penetration-testing/

    • #33431
      Darktaurus
      Participant

      Wait till you are married and have kids.  Then, you really have no time.  Just a note, try to follow the tweets of HD Moore and Jayson Street and you will learn that you have so much more to learn!! And of course, with no time.  :'(

    • #33432
      yatz
      Participant

      @KillJ0y wrote:

      HD Moore … so much more to learn

      I’d have to agree with this.  I listened to the podcast from Pauldotcom the other day with HD Moore and it was definitely over my head.  Not too much where I couldn’t learn it, but just out of reach that I want to know it NOW.

      T_Bone, I can relate!!!

    • #33433
      rvs
      Participant

      I feel you guys!!!  ;D

    • #33434
      T_Bone
      Participant

      well I thought that it couldnt have just been me that feels this way! The problem is I know that i would never get to HD Moore’s level but feels like there is just so much to learn before i even feel like i am an accomplished security consultant!

    • #33435
      dynamik
      Participant

      I think this is where realistic goal setting and direction/focus can really help. If you try to learn everything about everything, you’re just going to end up spinning your wheels.

      You should pick a topic/area that interests you, and determine a realistic time-frame for getting to your desired level of expertise. That’s not to say you have to go out of your way to avoid learning about anything else (i.e. covering your ears and running out of the room) if something comes up, but you definitely should have one primary area of study.

      I’ve found its also easier to keep up your momentum/motivation and receive a greater sense of accomplishment as you continually advance. When trying to learn several things at once, you advance far more slowly with each topic and feeling like a novice with many things for an extended period of time gets old.

    • #33436
      salil
      Participant

      Hi Guys,

      I am in the same boat. The biggest problem I face is that with so much stuff to learn its easy to drift from one subject to another…one website to another and before you know it you have spent 3 hours on something totally unrelated to what you started with.

      I still have not found a solution but I have kept 2-3 primary goals and a deadline to achieve them. You dont want to miss anything so you cant get away from all the blogs, newsletters, RSS feeds and podcasts.

      Cheers,

    • #33437
      T_Bone
      Participant

      @sachitre wrote:

      Hi Guys,

      I am in the same boat. The biggest problem I face is that with so much stuff to learn its easy to drift from one subject to another…one website to another and before you know it you have spent 3 hours on something totally unrelated to what you started with.

      I still have not found a solution but I have kept 2-3 primary goals and a deadline to achieve them. You dont want to miss anything so you cant get away from all the blogs, newsletters, RSS feeds and podcasts.

      Cheers,

      Yeah I know exactly what you mean sachitre, where ill be looking for information on say CSRF on the web, browse to a site that provides some information on the subject and then you see several other topics that look interesting, start looking at those and then completely loose track of what i was learning!

      I suppose this is why i like to read books because i like to read from start to finish without jumping from chapter to chapter…. problem is books are not as upto date as the web and obviously COST MONEY! 🙂

    • #33438
      j0rDy
      Participant

      everybody has the same problem. security is one of the fastest developing IT branch. Take your time, cause your time here will be a long one. I have never see somebody learn everything in a couple of years and then left because he/she got bored. i good example is the CISSP certification. you need 5(!) years of experience to actually may use the title. this gives an indication what lies ahead. just take your time and have fun!

    • #33439
      sil
      Participant

      @T_Bone wrote:

      The problem is I know that i would never get to HD Moore’s level but feels like there is just so much to learn before i even feel like i am an accomplished security consultant!

      Fail! Sorry I mean this with the utmost respect. By stating something like “I know that I would never…”, you’re setting yourself up for failure. (http://en.wikipedia.org/wiki/Learned_helplessness) Your approach should be “I will be the best at X” no matter how long it takes you to get to where you have to go. This will allow you to keep a positive outloook outward and subliminally and help you further down the road.

      With HD or anyone for that matter, there is experience. No one is born knowing, its all trial, error and learning. However, you have to have a goal and stay focused on achieving that goal. While HD might be considered the grandaddy of say reversing into exploitability, he might outright stink at say forensics, networking, etc., does this make him less that who he is? I think not.

      Set realistic goals for yourself and work towards achieving them. Do it for yourself, for the love of it as opposed to the money (it will eventually get there if you do things properly) or trying to be on par with anyone else. One of my goals right now is to understand reversing to the point of opening up any file, knowing how that files works all the way down. This is not an easy task and as one gets older, retention becomes more difficult. However, I split this learning phase into something fun for me.

      It gets frustrating at times because I understand the entire spectrum of things when it comes to reversing on an exploitation scale, there is something (one thing I haven’t figured out yet) that is obscuring a clear picture for me. The learning process I’ve made fun and challenging, its what keeps me going. I dislike having to state: “I don’t understand this” and that approach has allowed me to learn at a greater pace  – making sure I do what I need to do to understand things.

      Never doubt yourself or place yourself in any situation where you state: “I will never be as good as…” otherwise you literally set yourself up to fail. I believe in the power of thought and being able to overcome obstacles no matter what they are (trust me when I state this, I’ve been there done that in life as a whole). You can achieve whatever you want if you believe in yourself enough and create a gameplan to achieve your goal.

    • #33440
      yatz
      Participant

      @sil wrote:

      Your approach should be “I will be the best at X” no matter how long it takes you to get to where you have to go.

      For more on this, listen to Don’s talk about a career in InfoSec as linked here: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3658.0/

    • #33441
      T_Bone
      Participant

      @ sil

      Thanks for that, you know i never even thought about what i said in the post in regards to “i will never get to”…. You are defiinetely right and am certainly going to change my way of thinking…. 🙂

    • #33442
      impelse
      Participant

      @dynamik wrote:

      I think this is where realistic goal setting and direction/focus can really help. If you try to learn everything about everything, you’re just going to end up spinning your wheels.

      I’ve found its also easier to keep up your momentum/motivation and receive a greater sense of accomplishment as you continually advance. When trying to learn several things at once, you advance far more slowly with each topic and feeling like a novice with many things for an extended period of time gets old.

      I agree just focus in one area.

    • #33443
      T_Bone
      Participant

      Yeah I have recently started a role as a pen tester so just need to try and become a ninja in this area.  There is just so much else that goes along with it like the understanding of risk management, security controls, auditing etc etc…. but will focus on this area for now!

    • #33444
      Anquilas
      Participant

      Indeed T_Bone, I’m glad I’m actually hearing it from someone else (and so many others in this thread).

      There is so much to do, so much to learn and so much to read in the security field, that it becomes disorientating. In fact, having a day job that doesn’t really have anything to do with security, my head often goes spinning just by wondering how I will one day manage to achieve the security knowledge I desire.

      As many here have said, the only thing I have discovered so far is that you can only get ahead by setting a single goal, a subsection of all the things you want to learn, and working towards that goal as a first step. Then a second goal/step, a third, etc…
      The theory of this is easy, in practice however, it’s a b*tch. There are just to many interesting things out there 🙂

      In any case, good luck finding the path! 😉

    • #33445
      impelse
      Participant

      I bealived that after some time the knowledge is aceptable do manage some security fied (not all)

    • #33446
      Knb15
      Participant

      T-Bone, here are my two cents since i am another person on the same boat as you and many others.

      I got in to the security field or interested in it only about 3 months ago. Since then, much like everyone who has posted in this thread, i have found that there is a multitude of information out there that can be overwhelming to say the least.

      On one hand it is great that information is readily available for anyone that is willing to take the time to learn. On the other hand, it can easily overwhelm you at the same time.

      So after reading the advice of many from this forum i decided to start slow by purchasing some beginner books about Ethical Hacking. Right now i have enough books to last me a good amount of time (about 4 books).

      Along with reading the first book, i’ve been working on setting up my practice lab at home to be able to test what i learn in the books. So far i’ve got my host machine, 2 VMs (XP and Linux), and a laptop with Backtrack4 and Ubuntu. I’ve got more steps laid out of what i want to accomplish. Just the idea of having a lab can be too much, because it’s hard to know where to begin, what to use, what to do. But i’m taking it one step at a time and think it will work out.

      What Sil was talking about, in the field of psychology, is known as “Self fulfilling prophecy.” There are many books on that, it is a known fact that it does affect your progress in what you do in life.

      In closing, i would just like to say that while the field is huge and hard to get in to, having a community such as this where you can ask questions, and have SO MUCH information at your fingertips helps a great deal!

      Btw, lack of time is also one of my top problems.

      Knb15

    • #33447
      rattis
      Participant

      There is more than enough time in the day. It’s just how your day is structured. But I’ve been thinking I don’t have enough time to study as well… Then I remembered other things I learned.

      If you haven’t, get and read Tom Limocelli’s book on time management. It’s written for computer people, and has really helped. Trick from this, schedule a set amount of time once a day to study or work on a personal project.

      The other tick on finding time, comes from a book on language study (I used to study several foreign languages). Basically the idea is to find hidden moments. Time spent standing in line, sitting in a car waiting for someone, etc. Those times where you’re twiddling your thumbs.

      Make up flash cards, and pull them out while in line. If you have a book on a pda or smart phone (I’m a pda kind of guy) carry that and pull it out to read standing in line. You’re not sitting down to hard study, it’s about refresh and quick learn. I used to carry 2.5×3 cards (cut 3×5 in half) with 5 words in lang of choice on one side, and the English word on the back. Good way to go over review material too, as long as you don’t need to take notes.

      As for a 12 month course… Equix3n and I have been talking in email about training material.  While not cheap, SANS 401, Professional Penetration Testing (Grendel’s book), PWB / OSCP, and other SANS classes can easily take you past a year.

      Me, I’m doing OSWP (wifu), sec+, LPI level 1, and CCNA withing the next 12 months.

      As for money. Create a named savings account, and put 10.00 a check into it. Most of my money goes to debt (medical and irs back taxes), but I still manage $10.00 a check, I use it to buy books or pay for cert classes. Not quick, but it works.

      Books, can be cheap. Buy used, go to the library, get a Safari account from O’Reilly.

      just my take on your topic.

    • #33448
      sil
      Participant

      @chrisj wrote:

      The other tick on finding time, comes from a book on language study (I used to study several foreign languages). Basically the idea is to find hidden moments. Time spent standing in line, sitting in a car waiting for someone, etc. Those times where you’re twiddling your thumbs.

      Make up flash cards, and pull them out while in line. If you have a book on a pda or smart phone (I’m a pda kind of guy) carry that and pull it out to read standing in line. You’re not sitting down to hard study, it’s about refresh and quick learn. I used to carry 2.5×3 cards (cut 3×5 in half) with 5 words in lang of choice on one side, and the English word on the back. Good way to go over review material too, as long as you don’t need to take notes.

      As for money. Create a named savings account, and put 10.00 a check into it. Most of my money goes to debt (medical and irs back taxes), but I still manage $10.00 a check, I use it to buy books or pay for cert classes. Not quick, but it works.

      I’d like to expand a little on chrisj’s post here. Any time can be study time in fact, all instances of anything you do can be used as a learning tool. I have an odd habit of creating analogies to explain technologies to those who don’t understand a lot of things (networking, VoIP, security, etc.)

      Index cards make a great way to remember what you’ve learned. From time to time I tinker with CCIE+S studies, during this time, I would almost always jot something down on some index card and keep it near me for enough time to be able to not only recall WHATEVER it was, but in order to understand it (OSPF, BGP, IS-IS, etc). What I would do for whatever it was I was trying to learn… Jot down the literal description, technical and logical explanation, then make my own analogy to remember it. Works wonders…

      If you have a laptop or a desktop with a microphone, record yourself while you read certain content, then play it back while you drive to work. Reading aloud has been proven to work wonders. I believe in it and have so many CCIE audio cd’s for just about every topic I could think of. Also, some content that is available for free online, you could record the audio and play it back while you drive. The retention starts sinking in. Now… The downside to this is, sometimes it can be confusing for hardcore technical stuff, because you will need to see the OUTPUT to understand it, but that doesn’t mean you shouldn’t take the approach of listening to content… Just don’t do like I do and try to convert IPv6 numbers in your head while you drive. I’ve caught myself a little too sidetracked by audio from time to time.

      Financially we all differ, however ask yourself what are you worth to yourself? Any dime you spend towards learning is for the betterment of yourself. Anything you learn is good learning, no matter WHAT it is you learn. Invest in yourself, whether it’s time or financially and as time progresses you’ll be richer either way (financially or mentally). Remember you only live once and there isn’t anything you can’t learn unless you cheat yourself and not try hard enough. Seriously… chrisj its interesting you mentioned languages… I can RWS: Spanish, Italian, Swedish fluently. I can understand about 70% of Russian including RWS. I can understand 40% of German (RWS) and some Greek… Languages are an interesting thing to learn because genetically, you would learn them like it or not (if you were born in China and your parents were American… Being over there, you’d obviously learn it)… I believe the same applies however, one has to be open-minded and set objectives and goals for themselves.

    • #33449
      dynamik
      Participant

      I’m all about maximizing my study time. I love podcasts when in transit, exercising, and so on. http://www.getmon.com/ has a lot of security podcasts, and I use japanesepod101.com for my language studies (there are a lot of other 101s, so see if they have one for the language you’re interested in).

      I also have an account only for security news on twitter, and I can kill a few minutes waiting in line or wherever and catch up on those on my iPhone. The Anki flashcard utility is also gold, and I use that on my PCs and iPhone as well.

      I definitely like the self-recorded note idea. I’ll have to work that into the rotation. I’ll also have to find some sexy-sounding chica to record them for my, so they’ll be more interesting 😉

    • #33450
      T_Bone
      Participant

      @ SIL

      Now i mean this with the greatest respect….. are you human??

    • #33451
      sil
      Participant

      *points finger @dynamik* <– I ask the same about him. I honestly believe that veryone has the capacity to learn something it all boils down to the individual and how much effort they put into it. I've been at this for quite some time and I have dealt with security, engineering, design and administrator professionally since circa 1990. This began with AS/400 on up. I've spent more hours in the last week behind a computer than most normal people would spend in 2 months.

      Think about that for a minute… I’m at work for about 9 hours or so. I get home and sometimes I fork off another 1 1/2 hours… I spend a lot of time doing a lot of different tasks. During the dotcom daze, the maximum amount of hours I did was 29 hours straight (right into Y2K). I’ve had a lot of time to learn a lot of cool things. This is the only difference, experience. I’ve been at security related things in technology long before there were positions like: “security analyst, security engineer”. Heck, I was originally in the financial industry (Back then at Chemical Bank (pre Manufacturers Hanover)), security analyst to me then was someone analyzing stocks and bonds…

      SO keep that in mind. Experience comes with time. There are programmers who’d mop up the floor with me yet I’d massacre them on networking, etc., does this mean I’m better, no. I might be better at one thing, and suck terribly in another. ASM … Horrible! “Risk Management” horrible, not because I don’t know it, I don’t believe in the politricks behind it. I can argue risk metrics till the cows come home… I hate it. One of the big reasons I failed the CISM in the first place 😉

    • #33452
      T_Bone
      Participant

      Ok, you are definitely human if you hate politics 🙂

      Thanks for your advice, it is much appreciated.  Thats not aimed at just Sil but everyone 🙂

    • #33453
      dynamik
      Participant

      @sil wrote:

      I’ve spent more hours in the last week behind a computer than most normal people would spend in 2 months.

      That is certainly part of it. I described what I “do for fun” for someone who asked the other day, and they condescendingly replied, “So you just sit in front of a computer all the time?” The other part is having a genuine interest in the material. A lot of the guys I work with hate that there is an expectation that they should be putting in time outside of work to improve their knowledge/skills. There is clearly some ill will that I put up 2-3 certs per quarter while they don’t even do that in a year. I also don’t have cable and spend a good portion of my leisure time tinkering with security stuff. Nothing I do is magic or special.

      I guess another part would probably be biting the bullet and being able to learn things you don’t want to. I’m also not a fan of a lot of the BS managerial aspects of security, but I get stuck working with a lot of that too. I’m doing my first formal policy review this week, and in addition to a lot of other research and review I’ve done in advance, I read an entire security policy book during my flight on Monday. I’m extremely ADHD and hated every page of it, but it needed to be done. I’ve done similar things with risk management, IT audits, BCP/DRP, vendor management, etc.

      And for the record, I think it would take me at least two years of intense study to even come close to sil’s level of expertise. That’s one of the reasons I love these types of forums and mailing lists. I’m competitive and OCD, so having exposure to these individuals really pushes me to better myself. I’ll never be the best, but I’m definitely going to try, and I’ll be much further along than had I just progressed as I felt like it.

    • #33454
      Knb15
      Participant

      @dynamik wrote:

      @sil wrote:

      I’ve spent more hours in the last week behind a computer than most normal people would spend in 2 months.

      That is certainly part of it. I described what I “do for fun” for someone who asked the other day, and they condescendingly replied, “So you just sit in front of a computer all the time?” The other part is having a genuine interest in the material. A lot of the guys I work with hate that there is an expectation that they should be putting in time outside of work to improve their knowledge/skills. There is clearly some ill will that I put up 2-3 certs per quarter while they don’t even do that in a year. I also don’t have cable and spend a good portion of my leisure time tinkering with security stuff. Nothing I do is magic or special.

      I guess another part would probably be biting the bullet and being able to learn things you don’t want to. I’m also not a fan of a lot of the BS managerial aspects of security, but I get stuck working with a lot of that too. I’m doing my first formal policy review this week, and in addition to a lot of other research and review I’ve done in advance, I read an entire security policy book during my flight on Monday. I’m extremely ADHD and hated every page of it, but it needed to be done. I’ve done similar things with risk management, IT audits, BCP/DRP, vendor management, etc.

      And for the record, I think it would take me at least two years of intense study to even come close to sil’s level of expertise. That’s one of the reasons I love these types of forums and mailing lists. I’m competitive and OCD, so having exposure to these individuals really pushes me to better myself. I’ll never be the best, but I’m definitely going to try, and I’ll be much further along than had I just progressed as I felt like it.

      That is some very good insight there.

Viewing 24 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?