by Jeremy Miller
This post first appeared on October 31, 2021 and is republished with permission from the author.
Disclaimer: The ideas below are my own and may not reflect those of my employer.
When I was a student at Offensive Security, I asked a Student Administrator a question. I don’t remember what the question was, and I don’t remember which machine I was attempting to attack. What I do remember is the SAs response to my question. In Socratic fashion, they answered my query with one of their own:
“Why do you think that your beliefs about the machine are the right beliefs to have?”
Those words framed the way that I think about learning hacking and penetration testing. I’ve now worked at OffSec for approximately six years, and have served as a Student Admin myself for half that time. I’ve helped hundreds (if not thousands) of students develop their own skills, and have had many conversations with students and colleagues about how to learn information security skills effectively, especially from an attacker’s perspective.
During an impromptu chat on discord a few days ago, one student asked how they could help their friends learn without giving