Stop Studying Security

Yeah , you hear me right ! I'm a seasoned security professional covering multiple umbrellas of the security domain.

In initial years of my career, I studied a lot about security concepts , books , blogs and YouTube Videos.

My Internet feed was all about OWASP , SANS , Encryption, Networking and more.

During my CISSP preparation, I dig into all concepts mentioned in Sybex and Shon Harris. I don't even remember most of them now. Sigh !!!! I failed in CISSP.

The problem I faced that reading a lot doesn't guarantee that your productivity would increase.

Theory vs Real world challenges :

PenTest(Bug Bounty) or any area of Security is NOT a science, it is a skill that are honed through practice, practice and more practice only. ~ (Source: Internet)

• Theories mentioned a book may not help you with REAL world problems.
• You may understand Biba Model or Bell lapadula model thoroughly but it may not help at your job. Or you would be confused how are you going to apply them in your organization.

Dilemma of Analysis Paralysis :

I was stuck in the never ending loop of analysis paralysis.

• Is it a security bug or security issue ?
• I don't understand the product or network flow. If I report it , I may look stupid ?
• If it is a flaw , how to exploit further ?
• If it not exploitable , is it worth reporting ?
• Is it related to my area ? Should I (appsec) report it ? Or should I leave it to GRC (Governance, Risk, Compliance) ?

Stop doing Too many Security Certifications/Courses

I always thought once I do this course or that certification; I would be more productive at my work. I would add more value or more caliber something like that.

TRUTH is you won't. Understanding the business, product or service offered by your organization ; AND applying your knowledge around it would add real value.

You will do mistakes.

You will fail.

Do the mistakes fast and Learn.

Dig Deeper.

Focus on deliberate practice: Simply going through the motions is not enough. Engage in deliberate practice, which involves focused and mindful effort.

Learning by Doing will always beat Learning by studying in the long term.

Disclaimer: All the information mentioned in this article are of my own and aren’t the related to my past or present employer.