This week I was reminded of a great way to improve your skills: hands on practice in a well-organized workshop or training program. In my case, I took some "boot camp" courses in computer hacking at a security conference to brush up on my skills and learn about new tools. I felt like I was getting rusty and wanted a refresher. Boy, was it fun! [Note: I don't hack things for malicious reasons - I help people secure things for a living, and a strong defense requires a deep knowledge of how the attackers will come at you.]
I try to keep up with things from online sources (blogs, discussion boards, etc.) but it is difficult to internalize some of this without sitting at the keyboard and trying some things. In this regard, the workshops I was in had a few key advantages:
Access to experts who can help you learn
I am generally good at solving problems because I have a good mental process for figuring things out. However, sometimes I know what questions to ask but not how to get the answers. This happened a lot in my class.
One of the instructors set the stage nicely for this by saying, "I won't tell you the answer, but if you ask me the right question I will tell you how to get the answer." Essentially, he was testing for whether or not we grasped the concepts behind the problems we were trying to solve; if we understood well enough to formulate the right question, he would point us to the right tools, resources, or processes for us to research how to get the answer we were looking for.
Access to others with different approaches
Another aspect of the classes that I liked was how we compared solutions and approaches after each challenge. Each student would independently solve the problems, then we'd talk through how we got to the solution at the end. I learned a bunch of techniques from other people that helped me improve my own skills - in other words, when I saw a method that worked better than my approach I added it to my arsenal.
We also learned about tools and tricks to make things easier - typically leveraging a proven process, or automation, or resources we didn't know about before the classes.
A safe environment to try new things
We were all in the classes to learn new things, so there was no stigma attached to making mistakes, and no shame in asking for help.
Also, the people who conducted the classes provided us with a fantastic assortment of systems to hack, each with different operating systems, different vulnerabilities, different kinds of target "prizes," etc. This is very difficult to come by in the real world unless you have a pretty sophisticated lab setup. It felt kind of like a playground.
Competition fuels the fire
In a lot of classes, there are competitive exercises intermingled with the learning exercises. My classes were no exception - we had several "capture the flag" scenarios that allowed us to compete with each other to see who could achieve the goal first. This was a lot of fun, as it forced us to apply the things we'd been learning but put some time constraints on us. That made it feel much more real, and not so academic.
Feed the thirst for knowledge
The other side effect? I now want to learn even more about the topics I worked on in class. I have a long list of things that I touched on in class, but want to research more deeply. And I want to check out a few training classes that can help me get there faster.
There you have it - 5 ways classes helped me improve my skills. There are other benefits (met some great people, got CPE credits, etc.) but these are the ones that will keep me coming back. What about you? Have you taken a course lately? It might be a good way to get you into a new mode of learning and improve your skills.
If you want to protect yourself better in the future, here are some tips that can help:
