[Maven911]

A bit of a tangent: as someone studying cybersecurity at a university in NYC and dealing with a range of topics: virtualization, forensics, incident response, defense, offense, CTFs, bounty programs etc. etc. And at the pace I am going at it (evening classes), it will take a few years to finish, and even then I might not start in the security industry right away.

I would like to ask, in your opinion, what is a good way to stay up to date, simulating as close as possible to real-world experience through hands-on self-teaching methods ? And what areas would you concentrate on personally, considering how vast the field is.

[david_shaw]

I honestly think that following current events -- whether that means technical news via HN, or more mainstream events covered by traditional media -- is the best thing you can do to stay up-to-date on what people are thinking about. Take analysis with a grain of salt. Look at breaches and ask yourself how they could have been prevented (or perpetrated!)

Attend community events and conferences. There are local "Bsides" conferences in most cities, and the big conferences (DEF CON, Black Hat, ShmooCon, etc.) are great too. I haven't been to Summercon or Hushcon East, but I've heard that they're both great NYC conferences. When you're at these things, don't just go to the talks (you can see them on YouTube later), but talk to people in the hallways/bars/parties and find out what kind of challenges they're facing.

Attend local meetups. See what people are talking about. Be involved with the community.

If you do these things, I can guarantee you'll stay current -- and hopefully, it will keep your interest in security going strong :)