📚 The Way of Learning: Purpose and Perspective
Let’s revisit the mathematical challenge posed earlier:
$$20 \times \rule{1cm}{0.15mm} + \rule{1cm}{0.15mm} = 65535$$
The reason we initially approached this calculation using only standard arithmetic and typical number boundaries is simple: we solved it based on the patterns we were conditioned to use. We automatically leverage the information and mental models we already possess. This reliance on the familiar is why the art of “Thinking Outside the Box” is so vital to what is often called the “hacker mindset”—the essential mode of thought for security professionals aiming to solve intricate and non-standard problems.
Thinking outside the box means recognizing opportunities beyond the perceived or stated limitations. It necessitates the ability to “pivot”—to shift focus quickly. In complex environments like penetration testing, where we must engage with numerous diverse technologies, it is inevitable to encounter moments of confusion and frustration when things don’t immediately make sense.
🎭 The Emotional State of a “Problem”
It is crucial to understand this distinction:
A “problem” is an emotional state. Without emotions, it is merely a situation.
In other words, feelings of frustration and confusion are often tethered to the perspective from which we view the situation. The learning process is not solely about absorbing theoretical knowledge or practicing technical skills. Our ultimate success and progress are profoundly influenced by our emotional state. If we maintain a positive outlook and possess the internal conviction that we will ultimately reach our objective, we significantly enhance our chances of success.
🧭 Knowing Your Destination
Another indispensable component of successful learning is having a clear, well-defined goal. Consider the following scenarios:
Scenario 1 (No Clear Goal):
You stand still in a room. An instructor tells you simply to “move across the room.” You begin moving. After a short while, the instructor places a chair directly in your path. What is your likely response? You might simply sit down on the chair, as your initial objective was vague and easily satisfied.
Scenario 2 (Clear Goal):
The instructor tells you to “move to the far corner of the room.” You begin moving, and the instructor places the same chair in your way. What do you do now? You bypass the chair and continue moving directly toward the corner, because you know your intended destination.
The fundamental difference between these two scenarios is the clarity of the goal. Knowing your target provides the context needed to continue moving forward. You will perceive obstacles, like the chair, as temporary challenges to overcome rather than stopping points. Without a clear goal, we become disoriented, moving aimlessly from one topic to the next, and the first obstacle we encounter will often cause us to stop altogether.
📝 Optional Exercise: Defining Your Objective
To harness the power of a clear destination, dedicate some time to this exercise:
Write down the specific goal you intend to achieve through this course or learning path. Be as precise and concrete as possible. Try to break it down into measurable outcomes and describe it in a detailed way, using no more than 500 words.
🚀 Optimizing Learning Efficiency
The fundamental challenge in information security is the sheer volume of information. As previously illustrated with the programming language example, the landscape is immense, with a vast number of technical topics to cover. While available learning resources are often highly technical—a good and necessary thing for skill development—the true objective isn’t merely consumption of data. We must understand how systems work, how they are structured, and how to use them.
All the technical information required for success is readily available. The most difficult hurdle to overcome is the strategic combination of our existing knowledge, new information, and the ability to adapt it dynamically.
❓ Navigating the Information Deluge
It is often challenging to find the specific information we need because we first have to answer two critical questions:
- What do we already know? (Our current skill baseline)
- What do we not know yet? (The knowledge gap)
Even when we successfully locate the necessary data, we may struggle to utilize it effectively if we lack the broader overview—the context that connects the pieces. Another major problem is managing this massive input of information and tailoring it to our individual strengths and weaknesses.
📉 The Essential Role of Failure
Consider a student attempting to learn engine assembly. Before that student can successfully assemble an engine, they will typically learn numerous theoretical concepts intended to prevent mistakes.
However, we must embrace the fact that failure is an unavoidable and essential part of learning. It is a cornerstone of success. Experience is built on failures; it signifies that we have encountered diverse, often adverse, situations where things did not work as anticipated, and we learned how to troubleshoot and recover.
A guided learning environment should be structured so that a student begins assembling the engine with instructor support. This methodology ensures the student learns what tools are needed, how to use them, and how to work within the process. By encountering initial practical challenges with guidance, the student gains real-world experience and refines existing skills. Once supported practice establishes the core process, the student can then delve into all the theoretical aspects with greater depth and understanding, reinforced through practice and repetition.
In this model, the learning process extends beyond penetration testing basics to include:
- Learning faster
- Structuring our knowledge
- Finding the necessary information
- Gaining the overall overview
⏳ The Skill Equation: Experience and Practice
Many companies seek “good” penetration testers and security specialists. But what defines “good”?
To be good at something means we know what we are doing. Knowing what we are doing means we are experienced with the topic. Experience implies possessing a vast repertoire in that field, which stems from a combination of associations and consistent practical experience.
This leads to the question of how much practice is needed. While the popular “10,000-Hour Rule” suggests an enormous time investment to achieve mastery, we should not aim to spend 10,000 hours on every skill.
Research into this rule, notably by Josh Kaufman, suggests a much more attainable goal: we can achieve a functional level of proficiency in something new in just 20 hours of focused practice—even by dedicating as little as 45 minutes per day.
At this juncture, we should also consider the Pareto Principle, or the 80/20 rule.
- The Pareto Principle posits that roughly 20% of the effort yields 80% of the results (effect).
- Conversely, this means achieving the remaining 20% of the effect (to reach 100% completion) requires an additional 80% of the effort.
While not universally applicable, the 80/20 rule emphasizes that we can become highly effective very quickly by focusing on the most critical 20% of the knowledge and skills.
This combination of different concepts illustrates how simple association can maximize our learning curve, which involves both active and passive learning types. These active and passive learning modalities are often summarized visually in the Learning Pyramid.
📝 Optional Exercise: The Learning Pyramid
Collect as much information as possible about the “Learning Pyramid” and create a visual or descriptive overview of its structure and findings. Analyze and carefully document the process you used to research this information. This documentation will be useful for later self-reflection.
🔄 Modes of Learning and Maximizing Retention
The concepts explored in the Learning Pyramid illustrate the varying efficiency of different learning activities. This framework often distinguishes between two broad categories: Passive Learning and Active Learning.
😴 Passive Learning: The Lower Efficacy
If we engage with learning material by simply reading text alone, following the estimates of the Learning Pyramid, we typically retain only about 10% of the information related to the overall penetration testing experience. Similarly, by solely watching demonstrations or lectures, our retention rate generally does not exceed 30%.
Passive methods, while important for initial exposure, involve minimal engagement with the material, leading to low long-term retention.
💪 Active Learning: Building Competency
True proficiency begins with Active Learning:
- Discussion and Collaboration: When we start to discuss our enumeration processes, findings, and results with peers, we are exposed to different viewpoints and information, allowing us to compare, contrast, and identify gaps in our own approach. By utilizing this active method, our learning retention increases significantly, potentially reaching 50%.
- Practice and Application: Crucially, before we can meaningfully discuss results, we must practice on our own. When we actively apply techniques and work through labs or real-world simulations, our learning experience grows dramatically, with retention estimates reaching 75%.
Consider learning to drive: You can memorize all the theoretical rules, traffic laws, and safe driving examples you want. Yet, the moment you sit behind the wheel for the first time, you quickly realize that all that theoretical knowledge has not taught you how to coordinate the actual act of driving a car. Only active, practical experience can do that.
🧭 Quality, Context, and Momentum
Before moving on, we must address the nature of the information we gather. Information has a certain quality, but not all of it is helpful. In fact, some data can confuse or completely disorient us. To develop the skill to discern useful from misleading information, we need a repertoire, which is built entirely by practicing. It is therefore essential to understand the context of the topic being researched.
Learning efficiency depends not just on the quality and availability of information, but critically on:
- Our motivation
- Our focus
- Our ultimate goal
💡 The Power of Progress
One highly effective method for sustained motivation is recognizing and celebrating even the smallest successes. We must acknowledge our progress to reinforce our efforts. As discussed, having a clear goal provides direction. Staying focused on that goal helps us recognize when we begin to drift off course. By consistently pursuing our path, we will inevitably look back and see how far we have come.
At this point, it is vital to consciously register the progress made.
Progress is most clearly noticeable when a question that once tormented us has lost its meaning.
Looking back and seeing the distance covered is a powerful motivator. The learning journey often involves tackling numerous complex topics, which is why taking regular breaks and maintaining composure is essential. Trying to force-feed information, such as attempting to master Web Application Penetration Testing in a single two-hour session, is counterproductive due to the sheer volume and technical detail involved.
🌪️ The Vortex Principle
To illustrate the importance of pacing, consider this simple physical analogy:
How do you empty a bottle of water quickly? The standard approach is to invert the bottle and let gravity take over.
Why don’t we try to create a vortex by rotating the bottle around its central axis? By generating a vortex, we allow air (oxygen) to flow up through the center regularly, preventing a vacuum and enabling the water to flow out in a continuous stream without interruption.
The same principle applies to learning. If we attempt to consume too much information without taking breaks, we create a mental “bottleneck” where information flow gets interrupted and we become “stuck.”
The precise number and duration of breaks are individual. This is a question only you can answer, as you know the effects and consequences of your actions on your own cognitive capacity.
🔑 Solving the “Stuck” Problem
When we do get stuck—whether from over-focusing, losing context, or simple fatigue—the solution requires creativity.
In penetration testing, it is crucial to train the eye to notice details that initially appear unimportant. Throughout these materials, you may notice terms printed in bold and green. These visual cues highlight terms that hold essential meaning in the process. Training your attention to notice such minor details is critical. Our knowledge and experiences are built on associations—connections between different perceptions (like colors, smells, or simple formatting) and specific situations, forming memories that can be recalled actively or passively later.
This detail-oriented process is honed only through practice. In the next step, a practical example will demonstrate the vital role of this creative, detail-focused approach.
📝 Optional Exercise: Creativity and Problem-Solving
Collect detailed information on the concepts of creativity and problem-solving. Synthesize all the information gathered and create a comprehensive overview. Based on your research, determine and document the most effective ways for you to engage in creative thinking when confronted with an obstacle.
🧠 Exploring the Brain: Mechanisms of Learning
To fully grasp the structure and purpose of effective learning strategies, it is beneficial to gain a basic familiarity with our own brain—the organ that fundamentally shapes our identity and dictates our learning processes.
🔬 Dispelling Common Brain Myths
The human brain is a perpetually fascinating and still largely unexplored area. Several common myths persist about its function:
- The 10% Myth: The belief that we only use 5-10% of our brainpower is entirely false. Studies utilizing sophisticated tools like electroencephalography (EEG) and functional magnetic resonance imaging (fMRI) have definitively shown that all regions of the brain are constantly active.
- Intelligence vs. Learning Speed: Another widely held, yet inaccurate, belief is that the speed at which one learns something directly correlates with overall intelligence. This is misleading, particularly in complex domains. The brain regions responsible for the most demanding logical and abstract tasks do not fully develop until roughly age 20 (+/- 2 years). The timing of this full development varies by individual.
We often encounter examples, such as those historically claimed about figures like Einstein being slow to grasp certain subjects in school, or people who excel in one area while struggling in another. Without delving deeply into cognitive science or neurology, these instances merely serve as indicators of the non-uniform development of specific brain regions. For instance, the archetype of a computer specialist with highly developed technical skills but significant social deficits can often be linked to the differential development of cognitive areas. Crucially, the brain changes on a physiological level every time we acquire new knowledge.
💡 The Nature of Thought
Despite centuries of inquiry, cognitive science has not definitively proven what a thought fundamentally is. This field remains an interdisciplinary study of conscious and potentially conscious processes, encompassing concepts like memory, language, perception, problem-solving, and volition. For the moment, scientists generally agree that thought is non-material (at least, unproven to be material).
Given the lack of a universal definition, here is a working theory of thought for our purposes:
A thought is an individual process (action or reaction) to one or more influences (internal or external) in which information is interpreted and linked inwardly according to our unique, personally developed methodology.
To clarify this definition, consider the fact that some languages, like Scots, have hundreds of words for “snow.” Upon reading this new information, an individual process is immediately initiated. For most, this begins with a sense of surprise (reaction) to the external influence (new information), which is then interpreted and linked internally to existing knowledge nodes (e.g., Scotland $\rightarrow$ Snow $\rightarrow$ 421 $\rightarrow$ Words). These links are also known as associations. Our memory and information processing rely heavily on these chains of associations stored within our neuronal networks.
Latest research suggests the brain is continually active and producing thoughts, though it remains inconclusive whether the brain is more active during waking or sleeping phases, due to the duality of conscious and subconscious processing. Experiments like the Libet Experiment have demonstrated that conscious experience (the awareness of a decision) is measurably delayed after the underlying neuronal processes have already begun.
🌓 Consciousness and the Subconscious
To leverage our cognitive abilities for learning, we must understand the roles of the conscious and the subconscious minds.
🧠 Conscious Thoughts
Consciousness is a highly complex subject, but for our practical understanding, we can use the following definition:
Consciousness describes the totality of all mental processes through which we become aware of both the external world and our internal world via active observation.
When we are actively observing a monitor full of text and have the capacity to intentionally decide to look away or change the situation, we are operating in a state of consciousness.
🌑 Unconscious Thoughts
Psychology also recognizes the subconscious—a layer of consciousness where thoughts arise but are not superficially perceived. What we do perceive are emotions, which often serve as reflections of our subconscious thought processes. We process a significantly greater volume of thoughts subconsciously than consciously.
Subconscious thoughts are highly influential. Studies have indicated that the subconscious mind can make a decision up to 30 seconds before we become consciously aware of it.
The Libet Experiment demonstrated a fascinating distinction between conscious and unconscious perception based on the duration of brain activity. In one part of the experiment, subjects were exposed to visual stimuli. If the stimulus lasted less than half a second, they did not consciously perceive it. Yet, when asked to guess which light was illuminated, subjects guessed correctly far more often than random chance (50%). When the stimulus duration was between 150 to 260 milliseconds, they guessed correctly 75% of the time. However, for a subject to achieve conscious perception, the stimulus had to last for approximately 500 milliseconds.
This demonstrates that information processing is constantly occurring, and by understanding the relationship between conscious effort and subconscious processing, we can better structure our learning to harness the full potential of our brains.
🎯 The Will: Driving Action and Overcoming Fear
The concept of will is complex, interpreted differently across various disciplines. In psychology, it often relates to a descriptive construct stemming from a conscious decision to act, thereby heavily involving rational thought.
In its broadest sense, will involves:
- The mental act that generates the impulse to achieve specific goals.
- The setting of those goals.
- The ultimate translation of those decisions into conscious, deliberate, and planned action.
Philosophically, will is defined as choosing a particular course of action based on conscious motives. Therefore, for our purposes, we can simplify will as the sustained effort to perform a certain action or achieve a specific, determined goal.
🌟 Defining Desire and Overcoming Inertia
Before we can commit our will to a goal, we must first achieve absolute clarity regarding our desires. We must articulate, in meticulous detail, what we want and what it will feel like when that goal is realized. This process is akin to dreaming—imagining the desired future state.
Unfortunately, many people halt this process almost immediately because they cannot immediately visualize the path to get there.
These individuals overlook a foundational truth: the path plays absolutely no role in how we initially define our goal, because the path is only created by the steps we take.
If you review the lives of the most famous and successful actors, developers, or scientists, you will find that virtually none of them planned or foresaw the exact trajectory their careers ultimately took.
🛑 Fear and Belief
Desire is intrinsically tied to belief. When we truly believe in our capabilities, the pressure of our self-limiting fears is relieved, granting us access to the valuable chains of association in our thinking that were previously interrupted.
We must internalize this profound realization:
Fear is a state, and the product of our imagination of the future and its potential consequences, where the present is suppressed.
Fear is a necessary and healthy response in situations that genuinely threaten life or health. However, sitting in front of a computer, paralyzed by the fear of being inadequate for the tasks ahead, is often irrational. In such a state, we begin to subconsciously program ourselves for failure before even attempting the work.
We must challenge this fear by asking three simple, rational questions:
- Have we already worked through all the material?
- Have we already seen what is being taught and how it is being taught?
- Do we already possess all the expected skills?
If the answer to these questions is “no,” then it is clear that the fear is preemptive and unjustified. We are fearing something without even giving ourselves the chance to try.
💔 The Paradox of Failure
It is an interesting paradox that many students in the field of cybersecurity react illogically to fear. Those who experience apprehension about failing or not learning well enough often give up the moment they get stuck on a difficult subject.
However, isn’t that surrender the very failure they were attempting to avoid all along? It is. Yet, for these students, giving up is often easier than persisting, learning, and improving. Improvement is an inevitable outcome when we maintain persistent practice and try diverse approaches.
To prevent this immediate surrender to perceived failure, we must maintain a clear, compelling goal in mind. That goal serves as our anchor and directional guide, reinforcing the will needed to overcome the inevitable obstacles.
🎯 Defining the Destination: The Power of Goals
The term goal refers to a desirable, generally altered state situated in the future that we actively strive to fulfill. A goal is, therefore, a defined and desired endpoint for a process. For a goal to be considered successfully achieved, its formulation must allow for a precise determination of the desired final state.
Goals exist in many varieties, including:
- Quantitative (e.g., specific metrics, numbers)
- Qualitative (e.g., skill mastery, emotional state)
- Complementary or Competing
- Main or Secondary
🧩 The Challenge of Goal Models
For nearly every type of goal, dozens of different formulas and models (e.g., SMART, OKRs) have been created to purportedly achieve them in the “best possible” way. However, finding a single model that perfectly aligns with our individual needs, life experiences, and aspirations is exceptionally difficult. Each model has a different focus, and to find the ideal one, we would need to study and test each for an extended period.
A core conflict arises because efficiency often conflicts with comfort. A model that feels comfortable may not be the most effective one to reach the goal. Trying to find the “perfect” model can become a significant time drain.
⛰️ The Importance of Specificity
Despite the complexity of models, research provides a clear directive: A meta-analysis of over 200 studies involving more than 40,000 participants concluded that over 90% of people are significantly more successful in achieving their dreams by setting challenging and specific goals.
We must strongly emphasize the importance of setting a crystal-clear objective for ourselves. Ask yourself honestly:
- Do I want to pass an exam?
- Do I want to obtain a certification?
- Do I want to learn and master new skills?
- Or do I primarily want to impress and please others?
The “path” you choose will differ dramatically based on your answer. There is a vast difference, for example, between striving to master the skills and merely getting the paper confirmation (certification).
🛑 Certification vs. Competency
Many assume that certification automatically proves the acquisition of trained skills. However, for many, the certification simply serves as a formal acknowledgment of participation. If your sole goal is the certification document, you will naturally look for the quickest, easiest route. This might involve asking peers for solutions to avoid having to think through difficult tasks yourself.
This avoidance of independent thought is highly detrimental. By bypassing our own “thinking” and problem-solving attempts, we deprive ourselves of the opportunity to create vital chains of associations in our brain. These association chains are the neurological links that fuel our thought processes and information integration, which is the mechanism by which we learn to solve problems. In simple terms, avoiding the hard thinking deprives us of the ability to learn and develop.
Because the decision of what goal we want to achieve directly influences how we learn, a well-defined objective fundamentally helps to shape how we think.
🗺️ The Path of Unknowing
Another crucial aspect of goal achievement is understanding the journey itself. If you analyze the careers of highly successful and well-known figures today, none of them were able to know or plan the precise path that ultimately led them to their destination. What they did know, however, was the clearly defined goal they had set.
Any person claiming their method is the only right way should stick to that way if it works for them. But claiming no other ways exist is a statement of personal limitation, not universal truth. Metaphorically, if a person only knows one way to reach a higher floor and doesn’t know how to use a ladder, they will only succeed with external help.
Regardless of the target, the first and most crucial step is simply to decide on the goal.
⚖️ The Process of Decision Making
The process of decision making—how we arrive at choices in various situations—is an extensive and complex subject studied across many disciplines. To facilitate a better understanding of the human thought process, numerous theories and phases have been created. However, defining precise phases is challenging because every individual possesses unique thought processes and patterns.
In its simplest form, a decision is the choice of one option from several available alternatives. All decisions are fundamentally driven by the perceived importance of the circumstances. We choose the option from which we expect to gain the greatest benefit, which means decisions are made not only rationally but also emotionally.
To illustrate with a simplified scenario: Imagine you have an unexpected day off. You must choose between using that time on a personal project (which might lead to a salary increase) or helping a friend move house.
- If your personal well-being and loyalty are more important than potential income, you decide to help with the move (an emotional/value-driven choice).
- If your income and career progression are paramount, you choose to work on your project (a rational/cost-benefit choice).
Research in decision psychology indicates that human behavior is rarely guided exclusively by cost-benefit analysis. Since strict models of rationality often fail to reflect real-world decision-making accurately, an individual’s decision behavior is best understood as a process where rationality occurs only to a limited extent.
🚃 Challenging the Constraints: The Trolley Problem
Let’s examine a well-known ethical thought experiment: The Trolley Problem.
The basic scenario asks: A train is speeding toward five track workers. A switchman can divert the train to a side track where only one person is working. Should he sacrifice one person to save five others?
Attempt to make a decision and trace the thought process that led you there.
When surveyed, researchers found that the extreme nature of this scenario caused significant psychological distress, leading some to conclude that it is “impossible” to make a correct decision because the psychological burden is too great and no simple solution is apparent.
However, this situation is structurally similar to the math problem we examined earlier: $20 \times \rule{1cm}{0.15mm} + \rule{1cm}{0.15mm} = 65535$.
In the Trolley Problem, we are initially presented with only two options:
- Flip the switch: one person dies.
- Do nothing: five people die.
The flaw in the Trolley Problem, like the math problem, is that we impose the limitations ourselves.
In the math example, we assumed we had to stick to arithmetic rules. In the Trolley Problem, we assume we are only allowed to press the switch or do nothing. But no one explicitly stated those limits.
Consider an alternative solution to the Trolley Problem (often seen in variations): What is your first reaction? “We’re not allowed to place pillars!” or “We can only press the switch!”
The truth is, no external authority imposed those rules. If we learn to set our limitations based only on verifiable facts, our decisions become much easier and far more effective.
❓ Fact-Finding for Better Decisions
If we analyze the Trolley Problem from a fact-finding perspective, critical information is missing:
- How far away is the train?
- How fast is the train going?
- How much time do we have to try to save everyone?
- What tools do we have at our disposal (ropes, signal flares, phones)?
- Are all the people conscious?
These factors are not provided. But just as we were not explicitly told we couldn’t change the arithmetic operators in the math problem, no one said we could not introduce new circumstances to the Trolley Problem. If we knew all people were conscious, we could potentially save everyone by simply shouting a warning.
Even if we take the extreme of a 10-second arrival time, we are not constrained to the two initial choices. An extreme, non-standard solution (though highly dangerous) could be to flip the switch while the train passes over it—a maneuver called “double-tracking”—which would likely derail the train, possibly saving the people on both tracks.
To make an informed decision, we need to know the factors and accurately assess the consequences. The more facts we gather, the more precise and effective our decision-making will be toward our goal.
If someone claims a solution is impossible, it means they do not see a way, not that a way doesn’t exist. Many people tragically internalize this limitation, giving up before they even try.
When we feel stuck or unsure of what to do, it is usually because we have not gathered enough facts to make a good decision. Once sufficient data is collected, we open up new possibilities and paths, allowing us to better calculate the probable outcome.
Ultimately, your success will be unquestionable if you:
Decide (Decision Making) on the goal defined in detail (The Goal) that you truly desire from your heart (The Will), and which will make you happy both consciously and subconsciously (The Brain).
How to learn Cybersecurity: Part 3 – Documentation