How to learn information security
by Kai Roer - Senior Partner, The Roer Group - Tuesday, 29 April 2014.
Learning is a skill. A skill that can be, well, learned. I am often approached by young people who ask me what does it take to move into the information security field, what certifications are required, what training should be done, and so forth. In my opinion, the most important skill in infosec, and many other areas too, is the ability to learn.

Twenty years ago, security was a very different, and much narrower field than it is today. As technology evolves, so do the threats, and with new threats come new protection requirements. In order to be able to do a great job in the infosec field, you need to constantly up your game, and learn as much as you can every single day.

Here are some methods I use to learn, and I apply these not only when I study for a psychology class at the university, but also when I need to learn a new skill, or when I discover an new area of interest that I want to know more of.

1. Take interest in the new

The most important thing in life is to realize that there are always new things happening. Evolving technology, evolving threats, evolving business context - everything is in constant change. Accepting this fact will help you set out to discover changes before they become evident to others, and thus prepare yourself and your organization. Being on the lookout for new information and allowing yourself to be curious is very important when you set out to learn.

2. Mix sources

People are different, and so are our learning preferences. Some prefer reading, some prefer doing. Some need practice, others need time to reflect. For most of us, a mix of methods and sources yields the best results.

As a learner in 2014, you can easily mix sources. From university classes to certification trainings, from reading books to watching YouTube videos, and attending Massive Open Online Course (MOOC) classes - you have so many options when it comes to learning today that not learning should be no longer an option. And if you are one of those who prefer practice, well, go on then! Set up a virtual environment at your home, in your office, or even on AWS, and hack your heart out!

3. Always question common beliefs

As stated above, change is inevitable. Questioning common beliefs should be a habit for any individual working in the infosec field, but not many have acquired it. Ask yourself "Is this really what it seems?" and "How can this be?" and also "What other interpretations could explain this?". Apply some of that scientific method you learned at the university (or learn some if you did not). Question everything, and you will learn more. You may even stumble across a bug, a new way of doing things, and even a blindspot no-one has ever even considered!

4. Challenge yourself

We incorporate a large amount of mental models, behaviors and habits on an individual level. Most of these can be changed if you want it bad enough. The way you do your job, the way you think, the way you learn are social constructs, meaning they are methods created through interaction with social groups. You are in charge of your learning, so you also need to take control and challenge your own status quo. If you think that you are "too old for this" or that "this is way too hard" for you, apply cognitive psychology, and change your thoughts into: "With my age comes experience I can use to learn more, faster and better," and "This is a challenge I will rise to".


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th