Hacking is a different discipline compared to other things that you learn because there is a long feedback loop. In a traditional educational setting, we are used to receiving specific and timely feedback about our performance. From there, we adjust our actions accordingly. In the discipline of hacking, the feedback loop is not as apparent.
If you have a machine with seven possible attack vectors, and only one of them is vulnerable, there is no immediate feedback loop to tell you what type of machine you’re exploiting.
On one hand, we’re trying to teach technical information like what it means to attack web applications.
On the other, there is this whole concept of mindset, adversarial thinking, and how we’re going about the process.
We have to prepare students for situations that we cannot necessarily show them. In some cases, students have to find vulnerabilities in software that hasn’t been written yet.
Traditional education relies on a banking model, by depositing information into a student's head. We see if what we deposited earlier is still there. For instance, the format of some multiple-choice tests asks a student to recall information. Because the student is merely being asked to deposit facts, multiple-choice items can be poor indicators of a student's ability to apply knowledge to solve complex problems.
Our students need and deserve more than that. Thus, we challenge students to go far beyond the series of steps that we have shown them.
Since we have a higher goal for our courses, we have to intentionally build them in a way that delivers more than just a set of information. OffSec’s curriculum isn’t just about technical skill, although we do develop that with rigorous training. We also challenge our students to develop a growth mindset, engage critical thinking skills, and overcome unforeseen obstacles.
Our exams have to be more than simply asking the student to regurgitate information.
"You can learn techniques, but to actually come up with creativity on your own, that's not something that's easy to teach." - Jeremy (Harbinger) Miller.
Know how you learn.
With virtual learning, the sense of momentum that's created when a teacher is walking around a room isn't there anymore. The sense of comradery isn't the same as in a physical classroom setting.
This is when self-awareness about how you learn is critical. Ask yourself: do I learn better by reading? By doing, or seeing? What sort of help do I need? When should I ask a Student Admin for help?
How is OffSec trying to teach critical thinking?
We define critical thinking as applying a logical framework to a new set of information. This means that the student is applying logic structures, and accessing their own reasons for belief.
The question becomes, what does critical thinking look like in the context of cybersecurity? One of the best ways that students can do deliberate practice in critical thinking is to try and predict outcomes.
Watch the webinar to learn more about how we teach hacking. Harbinger and Johnny further discuss:
- OffSec’s take on learning security and pentesting skills
- Tips for getting the most out of your OffSec Course
- Why and how we teach the “Try Harder” mindset