The Learning Hack - Taking It One Step at a Time

Learning New Concepts

This article is not so much about teaching you the how of hacking but rather the approach to learning any kind of cybersecurity concept, tool or system. Having a goal, taking things one step at a time and in smaller chunks will help with ensuring you’re not feeling overwhelmed and spinning your wheels trying to take hard concepts and trying to walk backwards - or “reverse engineering” - your learning. Don’t worry, there’s plenty of time for learning reverse engineering…

What is your end goal?

I always like to start with a goal. Is it to learn how to “blue team”? Or stand up a Intrusion Detection platform such as Security Onion or Suricata? Size out your goals first - then let’s break down the goals into milestones. Each milestone will represent every knowledge component. In the case of learning how to be a Blue Team player, well that’s a lot. That could be broken down into multiple smaller goals (e.g. learning vulnerability management, incident analysis, end point security…). Let’s take a more manageable one - learning Suricata. Some of the smaller milestone or sub-goals could be:

1. Learning Linux management and commands
2. Understanding the hardware
3. Understanding what Intrusion Detection is and what other products are a part of this space
4. Learning how to install and manage Suricata
5. Tuning alerts and creating new custom rules

This is just a quick template but if you’re not an expert in Linux then let’s start there. You could just learn enough to stand it up, but if you were to encounter issues with the operating system how much would you know about troubleshooting? Understanding what you need to learn for every component of your goal is key to a holistic learning path.

Now let’s look at learning how to hack or using security tools: 4 Step Process

Taking the same goals as before we can make a basic template for this:

1. Understand the supporting technology or the technology you are trying to protect
2. Have a fundamental understanding of the security tool
3. Knowing what “normal” looks like
4. Knowing what anomalous or bad looks like

Use these 4 basic steps will help you build your skill sets.

To continue the example of the Intrusion Detection System (IDS):

1. How well do you understand networking concepts? TCP/IP, Ports, base protocols like HTTP, FTP, Telnet, SSH, NTP.
2. Learning to configure and use Suricata (or do you also need to learn how it’s installed and the OS and hardware you’re hosting it on?)
3. What does normal traffic look like? Examine what is running on your network (or lab).
4. If you’re running a lab, see what some suspicious traffic looks like? Take innocuous samples or emulate it.

What are some resources I can use to learn from?

Personally I love YouTube videos. They aren’t great for doing labs but good for learning concepts. Sometimes they are also worth it for watching step by step instructions for building or installation. Of course there is always AI - however be sure you are prompting it to be a teacher and not just giving you the answers. Ask for AI to give you quizzes at the end or to challenge you with “what if” scenarios. And there is always Coursera, Udemy and plenty of other resources. I also find great little cheat sheets on LinkedIn sometimes. Don’t forget reddit and following popular cybersecurity pros. A simple search can yield you names to follow on X or LinkedIn.