Hacker News new | ask | show | jobs
by Maven911 2769 days ago
I'm taking cybersecurity classes in NYC recently and granted we touch upon the topic of how to think like a bad actor but most of the curriculum is just trying to keep up with the myriad of topics we need to go over to cover our bases. Thinking like a bad actor is indeed one of those topics that is very hard to explicitly teach, besides already well-known techniques, and angles of attack.

A few things I've noted of the more successful students:

-Students who do well already tend to have a huge passion for the topic before they ever showed up for day 1. I know it sounds obvious but those folks do not need the class, however on the flip side they are the ones who enjoy it the most too. Even when its not employer reimbursed tuition, they are getting the most satisfaction out of the class, despite knowing this stuff already.

-Participating in CTFs and online "Hack this site" and paid labs is a thing they do. No one does bug bounty programs but that's the next level up or dream.

-They pickup small nuances the teachers mention and start researching it right away, nuances that do not get registered by those first learning the topic, or ignored by those who think they know it all already

-Keeping up with daily news is a breeze since it's not a chore for them

-Anyone who mentions the reason they are taking the class is to gain a broad picture understanding e.g. to understand what the tech sec ops are doing, or for better decision making, or even to give better "orders" to their info sec teams (risk mgmt., audit, investigation, standards builder) tend not to know the material that well. Their reasons are fine, and ultimately they will get what they aim to achieve, but not only does it feel diametrically opposed with those who want to learn even more from the class and get their hands dirty, it slows down the class to their level, when they become the majority (not all classes have the same makeup of student profiles).

-Ultimately, it's what you put into the class. Your project can be a bobo I've researched 5 articles before presenting to I want to challenge myself like no tomorrow.