Learning in InfoSec (Work-In-Progress)

Various theories exist on “the right way to learn”. For example, the 3 types of learners (Visual, Auditory, Kinesthetic) and 10,000 hours of intense practice to become an expert in anything.

Why is it a challenge?

Information Security seems to be best suited for what I call scientific learners, which is similar like Kinesthetic learning. I attribute this to overwhelmingly fast rate of change, as well as depth and breadth of each sub-specialty. Most of the questions don’t have explicit answers documented and the answers that can be found are likely on social media and require verification as its common to find incorrect answers/explanations.

Key Learning Method/Assessing Aptitude

On a near daily basis, we run into challenge that we don’t know how to solve, but have usually a few words to help. We have to be able to take a few words and a search engine to figure out the ideal way to solve the challenge. This is both our most common learning method and a great way to assess aptitude before technical training.

The test

Take a difficult complex technical subject that you know nothing about and learn it through research to the point where you can assess and recommend a reasonable solution.

Peer Learning method (Supplemental method for finding a better solution)

I seek people interested in the challenges I think about and get anyone and everyones take especially at conferences. It’s always interesting to see others views on toughest challenges to see if anyone has found a better solution.