Observations on Learning

Observations on Learning
Observations on Learning

Years ago when I was working for someone else my boss send me a guy who wanted to learn what I did. This person had a degree (maybe a PhD) in nuclear physics and had been working on the nuclear weapons program but he was looking to change fields.

On his first day I gave him a sort of summary walk through of a bunch of different concepts to give him a feel. I showed him some basics like password cracking, a few web bugs, post exploitation operations, some disassembly and flow graphs in IDA, etc. Then I outlined a learning plan for him roughly following how I learned; building VMs, building vulnerable systems, walking through basic attacks, reading blackhat/defcon papers and presentations, instrumentation, etc.

On about the 3rd day he said to me: "Listen, how long is this going to take?"

I replied: "Well it took me about 10 years but you are a lot smarter so you might be able to do it in 2."

He never came back.

In 2019 I was sent a student who they wanted me to give some advice to about how to get into offensive security. I describe my learning process to her and she said "Oh I don't have time for all that." and that was the last time I saw her.

I've run a couple of companies, mentored a variety of students and employees, and taught a number of classes at Blackhat and other places.

Blackhat Classes

I've noticed a few of different styles of learners and I've tried to adapt my approach to them depending on their needs. Early on I didn't do this. I had this unconscious idea that everyone learned like me so that's what I expected, and I ended up frustrated when it didn't work out that way. (They were also frustrated, no one likes to feel like they are failing). One of the most important things you can do as a leader or instructor is to see your people for who they really are and tailor your team and tasks to that.

  1. "No one has ever taught me that so I can't do it."
  2. "I can do it, but you have to walk me through it step by step."
  3. "If you explain the concepts to me, I can infer and build an approach based on the concepts"
  4. "If you give me the end goal, I can figure out and learn what I need to learn to accomplish the goal, as long as I can ask you questions if I get stuck"
  5. Not going to attempt to learn and will immediately give up. I don't trouble myself with this type, I just try to help them find somewhere else to go if I can.

I struggled for a while understanding these different learning types. Through my life it was very rare that anyone taught me anything. Most of my skills have been developed by solitary grinding so when someone says "no one has ever taught me how to do that" my instinct is to respond "no one ever taught me anything, suck it up and figure it out." This isn't helpful, not everyone is like me. Many people were trained via good instruction and never had to learn by self directed trial and error. They are still valuable and can be effectively employed as a part of the team, it just takes some design work to figure out how.

My approach with the first one is to break things up into small, concrete tasks, sit with them and collaboratively share the screen, and slowly build their confidence over time. This is pretty time consuming and works best when you are trying to cultivate a student or intern who has a lot of potential but no confidence.

My approach with the second one is the following:

  • Build a slide deck explaining the concepts and deliver it.
  • Have an exercise implementing the concepts.
  • Have a step by step "solutions" slide they can refer to and replicate.

For the third, I do the same thing but I eliminate the step by step solution slide.

For the fourth (obviously my favorite), I provide as many resources as I can including lab equipment, gadgets, good computers, displays, and internet access, powerful VM servers, a strong library of books both physical and virtual, a large whiteboard, etc.

One of the Red Crow Book Shelves

I'll be doing a post walking through the Red Crow lab and highlighting a lot of the equipment that we use at a later time.

I've noticed with the fourth type of learner that if you provide them all the resources they need to succeed, they tend to take off like a rocket and solve problems with a surprising speed.

One special ingredient is to put these learning styles together in a room as a small team (2-5 people), coach them a little on how to treat each other and how to think about the other persons perspective, and then watch the magic happen. People will start throwing out ideas, the fourth type will often figure out what needs to be done, map out the tasks and steps, and then delegate them out to the other learning types. The other learning types (like most people), really want to contribute and feel like they are of value to the team and will get excited about having a roadmap on what to do. The fourth type tend to get a ton of satisfaction out of creative problem solving and seeing the finished product, but don't necessarily enjoy all of the detail work.

I've got a new apprentice now and its been interesting to watch this process. My first apprentice is the fourth learning type and my second apprentice, who is much younger, is a bit of a mix of 1,2 and 3.

I started out by walking my first apprentice through a bit of everything and he has gravitated to programming, network analysis, and AI. He's currently learning how to do memory corruption exploits and DLL injection. He wasn't sure what he would be interested in, tried a bit of everything, and then found his niches. He's also particularly good at reading research papers and creating documentation.

My second apprentice (A2) came to me immediately and indicated that reading papers and writing up research was not his thing. He also doesn't like programming very much. But we discovered he really shines at hardware.

New Hardware Tech Apprentice

In just a week he has started designing and building circuits, built a raspberry Pi kit and an Arduino kit, has done some decent soldering, and converted the custom connector on a device to USB C. Much of this under the guidance of apprentice #1 (A1). A1 helps A2 solidify the end goal, break the problem in to small tasks and A2 executes.

Having these two guys in the same room has been fascinating and super valuable. They feed off each other and seem to be more productive than they were alone. They have come up with the idea that A2 will build custom hardware implants and A1 will write the software for them. I can't wait to see what they build.

Thanks for reading,