Advice for newcomers to [offensive] Security

This likely applies to other fields as well, here we go.

I suggest you get comfortable with asking, "How did it work before [X] was invented or discovered?" That mindset can help you understand the "purpose" of the technology or invention. In my experience, this makes it stick to long-term memory rather than just absorbing a concept.

If you haven’t realized it yet: we are all standing on the shoulders of giants. Every tool, technique, and concept in offensive security exists because of the hard work of those who came before us—cryptographers, developers, and scientists who laid the groundwork. Respect these foundational layers, even if you don’t fully understand them. Challenge and improve where you can, but always keep in mind the knowledge and hard work that got us here.

Yes, keeping up with the latest tricks can be exhausting; there's already so much to read (and watch—lucky you!). Offsec has always been about staying a step ahead and absorbing new information, whether bypassing an operating system protection, having a 0day on a service, or circumventing a higher-level security control. HOWEVER, if you’re spending a large portion of your time learning the latest techniques and constantly rebuilding your methodology, especially when you're just getting started, you might be building your castle with a deck of cards. Invest time in learning the basics; foundational technology is here to stay, and everything else is built on top of it. You don't need to master all the lower layers either. Using the latest scripts and extensions can help you quickly spot vulnerabilities and might make you feel like the cool kid on the block, but mastering tools that have been around for decades can still be very rewarding and fulfilling.

BEFRIEND the phrase "I do not know": I can’t stress this enough—no one expects you to know everything. Consider weighing how much you know about a given topic. When I’m discussing something I’m not familiar with, I start with, "I've only spent X hours/days on this; here’s what I understand."

You need a combination of time and a constant cycle of trial and error to build experience. Time moves slowly when you're fixated on it. Stop staring at your watch and start focusing on your learning path! You’ll have built a solid amount of experience before you even realize it.

It's okay to buffer and process data in your own way. Everyone has their methods—I’ve met people who absorb and process complex information in what I would describe as alien-like ways. I’m not like them. The number of drawings and sketches I used to mentally connect dots is countless. However, my methods have changed over time; I rely less on sketches now, but I might return to drawing in the future. I don't define myself as a "can't-learn-unless-I-draw" type of person. This is why I personally caution against labeling yourself strictly as a "YouTube/video learner or nothing." I've heard statements like "I can only learn through videos," which can be self-limiting in a field that is heavily text- and data-driven.

And last but not least, know-how and experience are crucial, but how you treat others, whether you help those around you grow, and whether your word holds any value are WAY more important. DON'T be the bully.

That's all for this article at least!