What Can You Learn On Your Own?

Published: 2017-05-06
Last Updated: 2017-05-07 00:22:52 UTC
by Russell Eubanks (Version: 1)
5 comment(s)
We are all privileged to work in the field of information security. We also carry the responsibility to keep current in our chosen profession. Regularly I hear from fellow colleagues who want to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several approaches that can be used to bridge this gap and will hopefully inspire a self-investment both this weekend and beyond. None of these ideas cost anything more than time.
I decided to borrow an idea from an informal mentor, something I generally give them credit for, but not always. I decided to wake up early each morning with the intent to learn something new every day. Maybe the something is a new tool, a new linux distribution or taking an online class. Having done this now for the last 7 years, I can say without hesitation or regret that it has been pivotal in making me a better me. I am convinced that applying just a little bit of incremental effort will serve you well as well.
Ideas to get you started:              
  • SANS Webcasts and in particular their Archive link                         
  • Serve as an informal mentor to a junior team member, while being open to learn from them 
  • Volunteer help out in a local information security group meeting
  • Read that book on your shelf that has a little more dust that you would like to admit
  • Subscribe to Adrian Crenshaw’s YouTube channel 
  • Be intentional by creating a weekly appointment with your team in order to learn something new over a brown bag lunch
  • Foster an environment that facilitates a culture of learning
After considering this topic for a long time, I want to ask this question - What are you doing to invest in yourself, particularly in ways that do not cost anything but your time? Please leave what works for you in our comments section below.
Russell Eubanks
Keywords: Lessons Learned
5 comment(s)


There are MOOCs (Massive Open Online Courses), which are usually available to audit for free. For example, "Cyber Security Basics: A Hands-on Approach" (<https://www.edx.org/course/cyber-security-basics-hands-approach-uc3mx-inf-2x#!>). See also Microsoft Virtual Academy (https://mva.microsoft.com/).
Excellent resource that made me remember these as well:

iTunes technology podcasts —> https://itunes.apple.com/us/genre/podcasts-technology/id1318?mt=2

Higher Education podcasts —> https://itunes.apple.com/us/genre/podcasts-education-higher-education/id1416?mt=2

iTunes U in the Apple App Store —> https://itunes.apple.com/us/app/id490217893?mt=8

A quick Google search for security classes on iTunes U yielded many surprising results

Thanks for supporting the SANS Internet Storm Center!
Start a blog. Even if no one else reads it, it's a great way to document what you've been working on (I use mine as a reference all the time) and by writing it, you're forced to present the work in a formal matter. It really makes you think about what it is you are learning and teaching, and helps cement that knowledge in your mind.
I tend to listen to a collection of Podcasts every morning to prep for my day, ISC Stormcast, Cyber Daily, Risky Biz. Then I browse reddit/r/netsec and other InfoSec sites to keep up on the news and I tend to learn something about a different security domain everyday.

Additionally at some point in the day I read a a few pages / a chapter in whichever InfoSec book I am reading in that given week.
I find the internet, digging, and volume, lots of volume is the best way to learn things on your own. Believe it or not i learned linux system structure and most of the cli interface at the age of about 13 by doing what? reading lots of man pages.

you know what else is great for learning?
ietf.org and the rfc section.

also the list serve mail lists for many groups like

you may not understand many of the documents or theories, but you end up liking what someone is talking about so you dig deeper.

my most recent self learned topic, ssl handshake packet structure and analysis through this rfc

so i would say reading is the number one way to "self learn"

edit: and of course the daily diaries at https://isc.sans.edu/ ;D

Diary Archives