The problem here is the sheer size of the information security field. As we saw in the example with programming languages, there is a lot to learn and many topics to cover. Many of the courses available are very technical. This is a good thing and essential for us to strengthen our skillsets. We have to understand how things work, how they are structured, and how to use them. All of the technical information we need to be successful in this field is already out there.
The primary and most difficult objective we must overcome is the combination of our knowledge, adaptation, and new information.
It often is not easy to find the information we need. First, we have to find out what kind of information we need.
What do we already know?
What do we not know yet?
Even if we find the information we need, we do not know how to use it because we do not have an overview.
Another major problem we must solve is handling this massive amount of information and adapting it to our strengths and weaknesses.
Imagine another scenario:
However, first of all, we have to fail. It is an unavoidable and essential part of learning.
This is one of the parts of the learning process which make us
successful. Experience is built on failures. It explains that we know
how to handle differently. Sometimes adverse, situations where something
does not work as expected.
Academy is structured in a way where the student starts
to assemble an engine guided by the instructor. We will learn what we
need, how to use it, and how to work with it. We will see what kind of
things can happen, collect our first practical experience, and improve
our existing skills. When a student was taught by an instructor who
supported them and showed them how to assemble an engine, they would
know how to do it independently. Moreover, the student can now learn all
of the theoretical aspects more in-depth through practice and
repetition.
In Academy, we will learn not only the basics of penetration testing but also how to:
Learn faster
Structure our knowledge
Find the information we need
Get the overview
Many companies are searching for good penetration testers and information security specialists.
To be good at something means we know what we are doing. If we know what we are doing, that means that we are experienced with this topic. Experience means we have a vast repertoire in this field. Repertoire comes from associations and practical experience. When we say practical experience, we want to know how much we have to practice to become competent at a specific task.
There is something called the "10,000-Hour Rule," which explains that you need to spend 10,000 hours on becoming good at something. We do not want to spend 10,000 hours learning a skill.
When we research this rule a bit, we will find a TEDx talk by Josh Kaufman
in which he explains it more in-depth. He proposes that we can learn
something new in 20 hours, even working on it for just 45 minutes per
day. This sounds much more attainable! At this point, we also should
think about the Pareto Principle, or the 80/20 rule.
The Pareto principle states that with 20% of the effort,
we can achieve 80% of the effect. Conversely, this means that with 80%
of the effort, we can achieve the remaining 20% of the effect, which is
100% missing. However, it is essential to note that it does not apply to
everything but is a general rule applied to specific areas.
The whole section above is an example of a simple association where we combine different approaches and information.
As Josh Kaufman explained, we can become excellent pretty fast. This is the so-called learning curve, including active and passive learning. These active and passive learning types can be found in the Learning Pyramid.
.gif)
