5 Steps To Learn New Things Effectively

Teach yourself computer science, cybersecurity, or anything, really.

Recently, a lot of you have been reaching out to me asking how you can get started in the infosec industry. You asked me what kind of skills you need, what type of certificates you should get, and which programming languages you should learn. But I believe that to succeed in the tech industry, there is no single skill that you really “must know,” except how to teach yourself new things effectively.

So today, I’d like to talk about one of the most important lessons you’ll ever learn in both computer science and cybersecurity:

How to effectively teach yourself new things.

If you are a student trying to become a developer or a security professional, then knowing how to teach yourself is really useful when you don’t have access to a mentor or an official degree program in that field.

And as the field of technology is constantly changing, it’s really important that you master the skill of teaching yourself new things so that you can upgrade your skill set even after you’ve successfully launched a career in the field. Let’s get started!

Step 1: Make a Plan

The first step to teaching yourself is to make a plan. Remember when you are taking a university or high school course, on the first day of each course, you always receive a syllabus that outlines exactly what you will be learning that semester and what the timeline would look like. When you are teaching yourself, you want to do the same thing.

In order to effectively teach yourself, you need to first determine:

  • What are the topics you need to learn?
  • What are the subtopics you need to master in order to master that topic?
  • In what sequence and timing should you teach these concepts to yourself?

And as a beginner, this can be quite hard, because you don’t know what the field is actually about yet. So how do you go about making your learning plan?

Let’s say that you are trying to learn about a new vulnerability class: server-side request forgery (SSRF). How do you identify the major themes of this topic? The first thing I recommend doing is that you can google the topic and look at the major headlines of each article about that topic. For instance, let’s look at this article about SSRF.

You can see that the article talks about what SSRF is, the types of SSRF, and how to bypass SSRF protection. You can write these down on a list of things that you need to know about the topic. Do this for a few articles: go through the main themes of posts from different authors to get a high-level overview of the topic, because no one article can talk about all the aspects of a topic and do it correctly.

You can then order the list of topics and determine how to teach yourself and in what order. Start with the topic that requires the least knowledge about the subject matter, then proceed to learn about things that build on top of knowledge you have already learned. And that brings us to our next tip.

Step 2: Take It Slow

Understanding a topic deeply usually takes much more time than you think. So I recommend budgeting at least twice the time you think you need for each subtopic and stick to that timeline. So if you think a concept will take you two days to understand, spend four days on it.

Even if you do gain a basic understanding of the topic well under the timeline, spending extra time researching a topic will only deepen your understanding of the subject matter.

Going back to our previous example, I would recommend spending at least one week devoted to each of these topics: SSRF basics, types of SSRF, and SSRF protection bypass. If you have already gained a good understanding of basic SSRF protection bypasses on day three of SSRF protection bypass week, spend the rest of the week reading up on more obscure instances of SSRF protection bypass and try to think of new and novel ways to do it in different environments. This kind of devoted research time will help you learn more deeply about a subject than most tutorials or courses can offer you.

Step 3: Find Your Learning Style

Next up, different people will prefer to learn in different ways. And you’ll probably find that you prefer to learn about different topics in different ways too.

So experiment with different types of learning resources like blogs, videos, and interactive tutorials to see what you prefer. I personally really like writing things down and teaching others. Experiment to find out how you learn best.

Step 4: Verify Your Sources

People who teach others online make mistakes too. I have certainly made mistakes in my blog posts. So it’s always good to verify your knowledge using multiple different versions of the same resource instead of using one resource as your only source of information.

For instance, if you are learning how to efficiently build a certain functionality, take that Stack Overflow answer with a grain of salt. What do other people say about the topic? What do the top experts in the field say about the topic? Always use more than one source of information and never trust a resource completely. And that brings us to our final tip.

Step 5: Test Yourself and Track Your Progress

As you execute your own learning plan, you need to make sure that you are on track and actually learning what you should be learning. And reading about a topic versus actually retaining the knowledge are two very different things. You need to test yourself to measure your progress.

There are a lot of ways to test your knowledge. One of the things I like to do is to write down everything I know about a topic, and then go back and reference my notes to see if I missed anything or got anything wrong. For instance, let’s say you are learning about defending against SQL injection. You can try to write down every defense you know against SQL injection, then explain their differences, in what context you should use each defense, and so on.

And for a lot of things in CS or in cybersecurity, understanding and being able to execute are two different things. You might understand a concept theoretically, but you need to actually do it to make sure that you can. So in this case, your exam for yourself should include projects rather than the conceptual validation I talked about earlier. For example, if you want to learn how to write code that is safe from SQL injection, you can write a simple program and then try to attack your own program with SQL injection. The key is to make sure that you understood something, rather than assuming that you do just because you studied it.

This will help you make sure that you are on track, and help you gain confidence in your abilities too.

Lastly: A Word on Feeling Overwhelmed

During this process, there will be times when you cannot immediately understand something, or you feel like something is completely beyond your level. That’s totally normal.

Learning is not always a linear process. You will gain a better understanding of a concept once you learn about other concepts in the field or once your brain has had the time to process it. Sometimes, the best thing to do is to let it go and come back to it later.

Learning something that is not immediately relevant, like learning an older version of a language or framework, or reading an outdated technical book can help too. You can often gain intuition and comfort in the topic this way even if the technical commands or exploits are not immediately useful. So that is another strategy you can take when you are stuck.

What other security concepts do you want to learn about? I’d love to know. Feel free to connect on Twitter @vickieli7.