i. preface
This article/blog isn’t the normal IT/Cyber post that I usually do. I haven’t done a blog in some time because I’ve been fairly busy – I left the Army, got a Cyber Job, (Blog post incoming… possibly) and I’m currently moving houses.
Nevertheless, between the time I spent studying for CCNA and CISSP – I started on a personal hypothesis of learning that’s being constantly compounded and fine-tuned, as I ingest more information about it.
I figured out how to learn.
To be quite honest, CCNA was harder than CISSP, at least in my experience. I took CISSP twice, the first time without really having a grasp on how I concretely ingest information. The second time, with this hypothesis forming.
Afterwards, I didn’t understand how an entry certificate like CCNA was so much more difficult than a high-level certificate like CISSP. I’ve heard stories of people failing CISSP constantly. My job in the Army wasn’t directly related to CISSP topics – I was a glorified field wifi technician (25H if you’re curious on the MOST/job-code).
The idea I have now – is that CCNA tests your basic levels of configuration – with conceptual understanding as an undertone. CISSP tests conceptual understanding. If you look at the CCNA exam topics, and CISSP exam topics – the intention of the exam is pretty obvious. CCNA employees are paid to do, CISSP employees are paid to think.
Currently, artificial intelligence is taking over civilization. Infrastructure configuration has always been fairly esoteric, as it’s synonymous with busy work – and long hours of troubleshooting. But, if you think about it, configurations are the language of the machine, and we’re trying to express an idea for the machine to understand and implement.
At its base form, the introduction of AI isn’t as game-changing as the introduction of a car, television, or the radio. In my opinion – the ease of human communication has directly correlated to the speed of human development. Not just human communication, but the transfer of concepts. The internet, the radio, faster travel (planes, trains, and cars… thanks Plain White T’s), whatever medium it takes for a concept to transfer from one person to the next.
Artificial intelligence is a productivity booster, similar to the assembly line and more recently the development of self-checkout machines. AI is another means to an end. It is at the whim of concepts humans have created and fed into the machine. (At least for now!)
Conceptual understanding is becoming more and more paramount as we progress from concept to tangibility.
I. Introduction
I believe learning is an art. It’s a craft that’s honed over time, just like painting, drawing, and singing, however, art is truly considered. Nonetheless, in some form or another, every human is capable of learning. I want it to be expressed, that this is how I learned to learn – but I believe that other people can benefit from this information. This blog will be rigidly structured, so any reader can stop and continue if they please. The structure is as follows:
I. Introduction
II. Basic Learning Concepts
IIa. Input/Output
III. Spaced Repetition System
IV. Conclusion
II. Basic Learning Concepts
Everyone has learned something in their lives. But how do we know that we fully understand what we’ve learned?
Understanding is generally tested through tests. CISSP and a lot of AWS certs test this through scenario-based questions, which test your conceptual acquisition. In Security+, many of the questions (at least for 501, the one I took back in 2019) ultimately test your vocabulary knowledge.
Are these good assessments of conceptual understanding?
Yes and no. Mostly no.
IIa. Input/Output
There’s three main output assessments in IT. Topic recognition (Sec+), Scenario based (CISSP/AWS SAA), Configuration based (any vendor specific – like CCNA/P, Palo Alto, etc…)
Understanding is fully tested by its output. If I want to learn how to use SSH, I can read that SSH means Secure Shell – which is a protocol that generally resides on 22 by default.
Note the differences between these questions:
What protocol uses port 22?
What protocol is used to securely connect to a terminal connection to a Linux/Unix server?
The first question is pretty obviously a definition-type question, the second question tests the person’s ability to understand the usage of the protocol.
There’s a few ways to study SSH – via the textbook, by using SSH, by someone telling you what SSH is.
A lot of people recommend using and configuring SSH to understand SSH. Which I fully agree. However… in IT exams, this isn’t how SSH knowledge is tested. The first question is how Security+ would test this question. So if you’re studying for Sec+ I actually wouldn’t recommend this. I would actually recommend sentence/word completion learning.
Some of you are groaning, and stating that the people who pass Sec+ aren’t going to learn security topics. That’s true, but is there actually an expectation for people who have Security+ to have a complete understanding of Security concepts? No. Sorry, but no. Comptia knows this, and everyone who has a Security+ knows this.
Encoding completion is one of the most effective ways to learn vocabulary – next to SRS (I’ll talk about this later).
Elizabeth Ligon Bjork has a in-depth study on this – called encoding
Here’s a video version of this: (I love Benjamin Keep)
“Ok – you’re telling us to learn Vocab, but the entire article is about learning…”
I want there to be an understanding of the intention of output when acquiring an input. If I were to take Security+ or vocab-type tests – I would use encoding.
If I were to learn something like CISSP I would learn through stories.
I like learning about the history of protocols, sometimes the RFC is nice – but the history helps me understand the reason why protocols were created.
I’m going to use an excerpt from this website:
To understand the significance of SSH, we must first delve into its origins. SSH was created as a response to the need for secure remote access to Unix-like systems, which were becoming increasingly popular in the early days of the internet. Before SSH, insecure methods like Telnet and rlogin were commonly used for remote access, making it easy for malicious actors to intercept sensitive data.
History of SSH | SecOpsĀ® Solution. (n.d.). https://www.secopsolution.com/blog/history-of-ssh
If I were to learn to use SSH, then I would just set it up on a Linux server. A lot of times, at least for me – that’s a quick look up, reference/man page, or even an AI question.
The Cheatcode:
In my opinion, the most effective way to learn a test…
Is to continuously take the test.
Some if you know know what I’m insinuating… and yes. At the end of the day. You need to acquire/assess with the output assessment. Rather than understanding the topic as the focal point, understanding the questions would be the priority. Taking a bunch of similar questions to the questions on the test is the best-way to familiarize yourself with the target certificate. I’m not recommending getting yourself in-trouble with finding test-dumps. I’m talking about questions created by people who have taken the test.
ISC2 has an android app for most of their certificates that is really good at creating very similar questions for the actual test.
III. Spaced Repetition System (SRS)
If you don’t know what SRS is, here’s a quick video:
Ok ok. Here is one seriously:
I’ve been learning Japanese. And I stumbled across Anki. But there’s other SRS software. Anki just seems to be the most known.
If you’re using flashcards, you’re using them wrong. SRS is how you should be using them.
IV Conclusion
There’s a million ways to learn. But, I don’t have time to figure it out and try a million different ways.
The true assessment of your knowledge is how you output. You need to learn how to configure a router? The test is to configure a router. So you should acquire through labs. You need to talk about cryptography for an interview? You should acquire through real-conversations. You need to take a test with these topics? Acquire through taking similar tests.
My personal feelings how to learn will probably evolve over time.
But there’s one thing for sure. I love learning.
I didn’t take Sec+, CCNA, CISSP, and get a Bachelors in Cybersecurity because of just money (although it definitely was a motivator!). But because I love it. Not just cybersecurity. But I love learning new things and testing my knowledge. It’s addicting. Here’s the kicker though, if it’s not interesting, I’m not going to learn it.
Stop learning things that don’t interest you. Once you start trying to learn things that truly fascinate you, you’ll be internally motivated to become better at it and more knowledgeable. That’s the real cheat code to your brain.
