Advice for first year IT students

          Maybe you always knew you wanted to pursue a career in computing, or maybe computers are a new love for you. But when I started my IT degree I had already put years into a fine art degree. I had no idea how computers, or networks, worked but my curiosity had been piqued by increasing advances in technology and its impact on our daily lives. When I realized how intimately connected my life was with various technologies that were each essentially a black box to me, I had to know more about them!

          Even if you have some experience, you may not be sure where to start, how to prepare for higher level courses or what is expected of you outside of school. Like with foreign language the best way to learn and understand something thoroughly is through immersion and hands on practice. So your first priority should be to get a lot of exposure and have as much fun as possible getting it!

Starting from Square One

This is simply a list of suggestions I would give to myself a few years ago. These are mostly things I’ve been advised to do and have already done myself, as well as a few things I’m working towards myself (like contributing to open source projects and teaching others).

  • Build good foundational knowledge. To understand networking you need to understand at least a little about computers, operatings systems, browsers and networking devices. You may go into shock at the sheer amount of acronyms but trust me, they will seem second nature after a while.
  • Comptia A+ and Network+ exam objectives or test prep books can give you a good idea of what you should know. Comptia provides vendor neutral tests that certify a certain level of IT knowledge and skill. A+ essentially certifies that you have basic technical support and troubleshooting skills. Network+ is a step above and focuses more on troubleshooting and design of networks than A+ does. Even if you know most of this already it’s worth looking into in order to address any gaps in your knowledge.
  • Balance book-learning with hands-on learning. Don’t just plow through a textbook or training manual without trying things out yourself. You do need to understand the general ideas before you can build your own lab but don’t over do theory at the expense of application. Which brings us to…
  • Make yourself a home lab. This is one of the best things you could do for yourself as an IT student. The easiest way to experiment with different operating systems and networking configurations is to set up virtual machines with software like Virtualbox or VMware Player. Virtualization gives you so much freedom to experiment without additional cost. Your biggest limits are how much RAM, storage space, and imagination. Everything makes more sense and sticks better when you go through the process of doing it yourself.
  • Make one of your VMs Kali Linux. Kali is chock-full of hack tools and if you’re anything like me it can make it way more fun and easy to learn how things work. For example, reading about how websites work often makes me want to pluck out my eyes. But fire up Burpsuite to learn how to map and exploit a website and suddenly it’s 100% more interesting.
  • If you have the funds and time build your own desktop. It’s fun, it’s custom and it’s educational.
  • Find technology conferences in your area and go to them. It’s a great chance to see what professionals are talking about and learn from them. Most security conferences have various “villages” focused on different skills like lockpicking, badge building, hardware hacking, social engineering or other areas of interest. You can hang-out and learn something new in a laid back environment. There will certainly be presentations and maybe some workshops, competitions or Capture-The-Flag contests (basically jeopardy style computer nerd puzzles).
  • If there are no conferences in your area, or within driving distance there Your school may  have a computer engineering, information technology, or cybersecurity club you could attend and learn from. There may be Python, Linux, security or otherwise techie meetups you can participate in. Look for your local DefCon group as well [something like DC 123 ].
  • Consider checking out infosec twitter, or finding subreddits in your area of technological interest.
  • Don’t psych yourself out. Often, when I invite someone to check out the security club at school they tell me they are worried they don’t know enough. Everyone feels that way at some point, but the whole point of the club is to learn together! What you’re doing to progress, and whether you have the drive to do so, matters more than what you know at this exact moment. If you put in serious effort, and don’t act entitled to other people’s time, you’ll find there are plenty of people who want to share what they know or are willing to give some general guidance.
  • Come up with projects that are fun for you! Build a website, set up a VPN on your raspberry pi. Consider donating your services to a non-profit to contribute to your community and gain experience. 
  • Find an open-source project you love and want to contribute to and use it to learn to code. It might sound crazy but it can be, and has been done.
  • Learn something teach something.  Whether that means a lightning talk, tutoring, blogging, or starting a club!

          What this whole list really comes down to is relax, explore, experiment, and get involved in the community. If you can have fun and work hard at the same time there is really no limit to what you can accomplish.

Why should I try College Cyber Defense Competitions?

If you are an information technology or cybersecurity student with the opportunity to participate in a collegiate cyber defense competition I highly recommend you take advantage of it. If you don’t have the opportunity to join an existing team I suggest you make one!

Why? Because when you are tasked with defending a network you’ve never seen before, with one hand tied behind your back, while your CIO and CEO demand extensive reports and policies be written while you respond to intrusions … a lot of things start to click. Things that you’ve learned in class, or personal experimentation, get tied together within a greater context. You’ll learn from your teammates and be forced to learn new tools or concepts on the fly. And, if you’ve never been given administrative privilege in a network, not of your own design this is an extremely useful experience.

It’s a really, really bad day at work simulator.

It will test your nerves, communication skills, technical skills, team cohesion, and organizational skills.

You might stress-break-out but you’ll get a hell of a rush when you take back machines.

At some point, you’re going to think the hackers have taken down a service or system and, if you’ve kept good enough change logs, within five minutes you’ll discover that you, or a team member, hurt yourself by overhardening. If you don’t have good enough change logs or your team isn’t gracious and humble enough to absorb mistakes you’re gonna have a bad time. This fear is affectionately and resentfully referred to as The Ghost of Red Team. And it’s a perfect example of how psychological this event is. Unlike an athletic sport, you can’t compare your team’s performance to others, and you may not be sure about your adversaries’ performance either.

Similarly, if your team doesn’t have enough respect for business injects, such as the aforementioned policy writing assignments and reports, you will lose. It’s not the cool job and nobody wants to do it but you will lose if someone doesn’t do it and do it well. Just like you need all your services up as long as possible, you need every inject turned in and done as well as possible.

These competitions are incredible learning experiences and potentially good networking opportunities. In light of that, I’d like to be able to help students who are interested in cyber defense competitions get an idea of what they’re in for and how to prepare. I can’t and won’t get into specific detail about particular competitions. But, I can and will write what I would have liked to know about preparing for competitions in general. Hopefully, it’s beneficial to you.