Noob Mistakes, From a Noob


I have recently hit a wall with my progress. I personally believe this wall is a mix of the rate of improvement and the speed in which I am learning new subjects. Compared to when I first started, the overally rate is pretty pants. After having a pretty long think and a read around personal valuable resources which I will discuss in this post, I wanted to get my thoughts down and (hopefully) help other people dodge my current situation or identify the same situation and we can moan together.

In the Beginning

My background is made up of Games Programming, Mobile App Development and Web Development. I'm pretty confident with a good selection of programming languages, development environments and processes. When wanting to move into infosec I had no idea about anything. I had rarely used Linux (if anything, I stuck to GUI's), the terminal felt pretty daunting, I had no idea about networks other than making sure my ethernet cable was plugged in properly (to be honest, that is still my peak) and I thought my coding practices were pretty good (man, I was wrong).

To put it in short terms, I was clueless.

To begin my learning process I did a couple of things:

1) Started my MSc in Cyber Security. This gave me a pretty good overview of topics but didn't really focus enough on a single subject for me to get a good understanding. However, the modules did give me a good foundation for taking the next steps in my own time.

2) Signed up on Hack the Box and spent countless hours Googling everything I saw and attempting to complete the "easy" boxes on the platform. I met some really cool people on the platform and managed to make some great friends along the way (best bit of my career transition by far) - shout out Jac, Sion, Sammi, Phill, Azeria and Dan!

3) I reached out to Azeria and asked her a question that I regret asking. Not because it didn't get me anywhere, but because she answered it far too well! The initial messaged I sent her included something like "I'm super new to this field, do you have any resources you could recommend for learning Reverse Engineering?" The resources she sent me were flawless, incredible content - but my god there was too much. You know when you watch a film and see that chubby kid in the library, hiding behind a fort of books when he is trying to figure something out... yeah that was me. It still is.

The Main Mistake

If you haven't realised this far, my initial steps were pretty heavy. I have listed 3 of the main actions I took when I was fresh and wanted to start learning. That was a lot of different areas to juggle, and if I am honest - I should have taken my time and learnt a lot about one topic rather than trying to learn many topics. The only defence I have is the fact I didn't really know what pentesting was - but my solution to that would now be; "research it, break it down and prioritise".

I now believe I have hit a wall because of my initial steps. As I tried to learn a bit about everything rather than focus on a single topic, I have skipped a lot of the important basics which I now need to try and make up during the activities. I love my current position and the work I do, but I feel so derpy when something simple trips me up. I often think if I had covered the basics perfectly and become skilled with the basics before moving on, certain obstacles that arise now wouldn't be a hinderance and stress me out as much as they do.

This stress generally leads to a burn out (for me anyway). As I am capable of doing fun, hacky stuff - when I feel forced to take a step back and learn the basics for that topic, I get bored and just procrastinate. THIS is my biggest meh. I believe this meh has been lurking in the shadows, waiting to bite me and scream "I told you so" when I jumped into the deep end.

What Would I Have Changed?

Honestly, I don't regret the steps or choices I have taken so far. However, if I was fresh to the industry and starting again I would invest more time into the basics of a single subject. Break it down as much as I can and become as comfortable as possible with one area that I enjoyed. That area would still have been web testing, which is my main area of focus for work now, but I would have definitely taken more time studying the single topic, sub-topics and everything around them.

If I had access to Azeria's posts about learning a new topic back then - it literally presents what I would have done. I am going to be following her advice to dive deeper into ARM exploitation and finally get a good understanding and a grip on the topic. Each time I have worked with it, I (again) jump in to the deep end and start hitting challenge that are protected by ASLR/NX etc before I have even brushed up on the differences between ARM and x86. I quickly caught up in my simple mistakes, overly stressed and crash (sure there's a funny there). I would highly recommend taking half an hour to read the following 3 posts by Azeria and try to take in the information she presents. The lessons I took away from reading them have helped me carve out and define a new path that should be more achievable, so hopefully others can too. She says somewhere in one of the posts that she wishes she knew these methods during her time in Uni, so for anyone approaching a heavy period of studying you should definitely check them out!




What's Next?

Keep going. Don't give up. Burn out sucks, but it's a part of life - just learn how to manage it. Focus on your health (I'm awful at this), take breaks (also awful at this) and spend time doing other things (that's a hatrick from me).

To sum up, don't do what I did/do. Stay happy :)

Show Comments