The process of “learning how to learn” is complicated. Most of us have never truly learned how to learn effectively.

This useful excerpt is from a module on Hack the Box.

Learning Efficiency

The sheer size of the information security field is overwhelming to any new learner. There is a lot to learn and many topics to cover.

The primary and most difficult objective we must overcome is the combination of our knowledge, adaptation, and new information.

It often is not easy to find the information we need. First, we have to find out what kind of information we need.

What do we already know?
What do we not know yet?

Even if we find the information we need, we do not know how to use it because we do not have an overview.

Another major problem we must solve is handling this massive amount of information and adapting it to our strengths and weaknesses.

According to a TEDx talk by Josh Kaufman, he proposes that we can learn something new in 20 hours, even working on it for just 45 minutes per day. This sounds much more attainable! We can become excellent pretty fast. This is the so-called learning curve, including active and passive learning. These active and passive learning types can be found in the [Learning Pyramid].

Josh Kauffman

Learning Pyramid.

Here’s how you can learn anything in 20 hours -

  1. Break down a skill into its components. The first thing you need to do is to decide what you want to learn, and then break it down into smaller, manageable pieces.

  2. Learn enough to know when you’re making a mistake. “Get three to five resources about what it is you’re trying to learn,” says Kaufman. “It could be books, it could be DVDs, it could be anything, but don’t use those as a way to procrastinate.” Set a limit on the number of resources you’re consulting — there’s no need to buy every book or watch every YouTube video on the subject; there’s time to do that later — and jump in.

  3. Remove any and all barriers to practice. This may require stowing away your electronic devices while you tackle your hobby. Or get creative and combine your favorite distraction with your new activity. In a TEDxPenn talk, behavioral scientist Katherine Milkman advocates a technique called “temptation bundling”: pairing something you know you love to do with something you’re trying to get yourself to do. Turn on your favorite podcast while you cook, or you could turn your weekly coffee with a friend into a weekly at-home yoga session with the two of you.

  4. Practice for at least 20 hours. To overcome what Kaufman calls the “frustration barrier” — that period in the beginning when you’re painfully incompetent and you know it — you must commit to sticking with your new activity for at least 20 hours. By that point, he says, “you will be astounded at how good you are.”

Pareto Principle

At this point, we also should think about the Pareto Principle, or the 80/20 rule.

The Pareto principle states that with 20% of the effort, we can achieve 80% of the effect. Conversely, this means that with 80% of the effort, we can achieve the remaining 20% of the effect, which is 100% missing.

Learning Types

Passive Learning

If we follow the Learning Pyramid while going through the modules just by reading, we will learn only about 10% of the whole penetration testing experience. By watching some demonstrations, we will not learn more than 30%.

Active Learning

When we start to discuss our entire enumeration process, results, and findings with others, we will see different points of view, results, and information to compare with our own and find out what we missed. By using this type of active learning, we collect up to 50% experience. Before we can discuss our results with others, we should practice on our own. So while we practice, our learning experience grows to 75%.

Handling frustration

Frustration Causes

We can see from the diagram that, in this case, we lack some resources that frustrate us. In information security and pentesting, these kinds of resources will often be information that we have to work with.

We have to remember that this feeling of frustration is temporary. This means that when we feel frustrated, it will pass. we don’t need to feel scared and panicky at such a feeling. Frustration passes, the experience we have gained through it remains.

Instead, over time, we will become calmer in reacting and dealing with such stressful situations, which in turn will strengthen our self-confidence.

Failure as a tool

To be able to learn anything, firstly, we have to fail. It is an unavoidable and essential part of learning. This is one of the parts of the learning process which make us successful. Experience is built on failures. It explains that we know how to handle differently. Sometimes adverse, situations where something does not work as expected.

Let’s get the learning started!