Staying Relevant: Balancing Learning And Llife as an Ethical Hacker
Discover how to stay at the cutting edge of cybersecurity without burning out. This blog post provides valuable insights and strategies for continuous learning while maintaining a healthy work-life balance. Learn to optimize your time, embrace microlearning, reinforce retention, and create a realistic, sustainable learning plan. Don't let the fast-paced world of cybersecurity overwhelm you; find your balance and excel in your ethical hacking journey.
FEATUREDBLOG


"Balance and efficiency are more important than the speed of your progress. Find your balance, and you might go farther than anyone in this field ever went."
You’ve heard it before – cybersecurity is a field that evolves at a blindingly fast pace. The tools, techniques, and technologies threatening networks transform rapidly. As an ethical hacker, your skills can become obsolete within months if you aren’t continuously upgrading your knowledge. Point #4 on our hacker roadmap deals with knowing the latest and greatest when it comes to the state of security tools and penetration testing methodologies.
As ethical hackers, our skills face the risk of becoming obsolete within months if we don’t continuously upgrade knowledge. But learning nonstop is unsustainable without balance. I recently gave some advice in an online community that covers some tips on strategically staying cutting-edge while avoiding burnout.
In this community post, I explained to the OP (original poster) that I was a family guy with a full-time job and spent a hard 3 1/2 years grinding out a degree in Cybersecurity with an emphasis on networking, governance and risk management, and security testing. I further added that I had over-time at work to contend with, as well as spending my free hours on various training sites like HackTheBox and PicoCTF, while also cycling through various training courses for Splunk, Palo Alto, Qualys, and AWS/Azure. Towards the last 2 semesters of my degree program, I was adding in time to train and study for the RHCSA from Red Hat and the TestOut Cyber Defense Pro (equivalent to CompTIA CySA+) certifications, while I was preparing for a conference/competition, USITCC, in Texas as an officer in my college’s IT club. Burnout was definitely high on the list of consequences.


The Groove
Cybersecurity, especially red team operations and pentesting, is not always about sitting at a terminal and running a script or hash cracking algorithm. What may be surprising to some, the cool “hacker man” aspect of cybersecurity comprises about 10% to 15% of the job. More often, your time will be dedicated to researching and monitoring of logs, developing action plans for implementing security policies, writing reports and write-ups for vulnerability assessments or pentests, and creating actionable recommendations and presentations for compliance to security standards.
It is an absolute burdern of pressure to consider all of the various perspectives when creating a security policy and implementing rulesets to harden security and safeguard company data. For me, the action of digging into logs from a Nessus scan, or using Wireshark to analyze web traffic and I find the string of information that solve a CTF challenge or answers a question is something that gets me excited and it doesn’t feel like burnout. The rush is what keeps me dedicating time to training and studying, whether by competing in CTFs, attending conferences, or helping a friend diagnose an issue with their computer, all while preparing for a 5 hour proctored practical exam in the middle of Finals week.
Why Continuous Learning is Crucial
Emerging attack vectors and hacking methodologies appear daily. Tools, modular malware, and vulnerabilities are constantly being uploaded to hacking forums and shady marketplaces on the internet. As an ethical hacker and defensive professional, you are responsible for spotting these trends early. There are a few things I would suggest to stay ahead of a major breach:
Subscribe to leading cybersecurity blogs, podcasts, newsletters, forums and social media figures to maintain awareness on technological shifts and emerging attack methods. Sources like Krebs on Security, Dark Reading, The Hacker News and GBHackers are fantastic sources of articles to stay up to date with emerging threats. I personally have subscribed to newsletters from Grey Noise, Morning Brew, and Tenable (makers of Nessus).
Look for writeups or walkthroughs of lab machines and challenges from the popular platforms like HackTheBox, TryHackMe, and CTFTime. Follow blogs of the developers behind pen testing tools for identifying software flaws and network weaknesses before adversaries utilize them. This includes reports done for labs on sites like HackTheBox and Cybrary. They can be a valuable source of information and inspiration for your own future reports or proof-of-concept.
Understand the psychology and social engineering tactics cyber criminals use to manipulate human targets from experts like Casper Bowden and Neal Bridges. One of the easiest vectors for threat actors to attack is the human machine, whether it’s a social engineering attack, phishing email, or a random USB on the parking lot. A lot of professional red team operators and security authorities will say the weakest point in a company’s infrastructure is the human aspect.
Listen to hacker podcasts like Darknet Diaries and Cyber Insecurity during daily commutes or household chores instead of merely music. Even though this method of information gathering isn’t very practical, it gives you the chance to imagine how some of these attacks are carried out. In most cases, you can learn some the terminology and mindsets that attackers employ just by listening to podcasts like those from Sumsub, Threatwire, and Seytonic have an amazing platform on YouTube.
The Accumulated Risks of Endless Upgrading
While upgrading is necessary to stay relevant in the world of cybersecurity and the digital landscape, the reality is that relentless learning and skills upgrading carries big personal risks if not kept in check. Burnout is not only a very real thing, it often creeps up on you without very little warning until it’s too late.
I was in a subReddit not long ago where the author of one post was talking about feeling buned out and on the edge of hoplessness from constant IT and cybersecurity training. They were talking about how their colleagues would spend upwards of 20 hours a week outside of work studying and learning new things, which sounded exhausting to this user, and they were only training in preparation for finding a job in this field. Admittedly, I cautioned the “always be upskilling” mentality that is so prevalent in technology (I’m guilty of promoting this too!), and can quickly destroy your work-life balance, mental health, and physical wellbeing without mindful moderation.
I would know — at times during my degree program, I was juggling a full-time job, overtime hours, multiple difficult cybersecurity courses, CTF practice until 2AM far too often, certification exam preparations like the RHCSA and CDP, pentesting research, and IT club leadership duties. If you want to talk about overloaded, I can carry that conversation for a few hours. For a stretch, I started burning out badly and losing motivation until I finally implemented better time budgeting and boundaries. My story is far from unique either — countless aspiring and experienced infosec pros suffer from poor work-life balance.


Creating a Realistic, Maintainable Learning Plan
The key to a realistic learning plan is finding a balance. Between endless learning and training, the uphill climb of demand for cybersecurity professionals and your personal needs, finding a balance with deliberate time management tactics and maintenance of interests beyond solely hacking crucial. You must be strategic in order to sustain yourself over the long journey of mastery, while also maintaining your personal lifestyle and mental health. Here are several techniques I’ve validated through personal experience over a decade.
Time Block Scheduling
“A 40 hour time-blocked work week, I estimate, produces the same amount of output as a 60+ work week pursued without structure.” – Cal Newport, Author of Deep work.
I have often said to my colleagues and friends that I run on 30 hour days with 24 hours available. What many of them fail to understand is that I am performing 30 hours worth of action and activities in a 24 hour period of time. Becoming a digital hermit isn’t an option for the vast majority of people, so we need to develop solid strategies to focus our energy in a world designed to distract us from our intended goals.
Time block scheduling is a method of controlling your schedule instead of it controlling you. Time blocking, task batching, or day theming is a fairly simple, effective and efficient way of controlling how your time is spent from one day to the next.
Budget 3-6 hours per week for infosec learning — this includes researching various tools or topics, pacticing in online modules, CTF practice and other activities. Condense into blocks of activities if possible for momentum, or trade off days between some activites. This could be a list of activities that you need to complete, but instead of putting everything on that list, put the fastest 5 you can do. If you put everything on there, it gets overwhelming; if you keep short, like the top 5 things you can complete the fastest, you will make progress and it won’t seem so daunting.
Allocate specific days/times for structured learning in your calendar — treat this the same as any other obligation like work, school or college. Treating this like the class schedule you had in school and making sure you only do the activities in the time frames they are allocated to prevents you from spending too much time on some. Do not cross over into other’s time blocks; just because you hit a groove or you’re close to some milestone, you can always come back later once you’ve finished everything else. Stealing time from one activity to put towards another just puts you in cram mode and you will feel unnecessarily rushed to finish.
Use time management and project planning apps like Plaky and Clockify to plan out your schedule with time-frames and track your time for each activity. There are a multitude of scheduling solutions out there and the vast majority have free options for you. These types of solutions give you a tangible way to track your progress and time spent on your various tasks and give you a way to organize your planning process.
Set reminder alerts on your phone or calendar to complete planned learning hours without procrastination sabotage. Because the only governing body that can hold you accountable instead of an authority, procrastination is your greatest threat to your progress. Discipline is not the easiest thing to learn and practice, but nothing worth the desired results should be easy. Earn your results instead of expecting them by creating ways to remind you of your schedule and don’t stray away from it.
Microlearning Optimization
Over the last several years, microlearning has gained massive popularity in the training industry and professional studies, as well as various other disciplines. With little searching, substantial amounts of information, articles and research can be found on how to create, develop and implement microlearning habits. While further study is needed to understand how the effects of microlearning training enhances learner performance in the workplace and academic settings, you can find numerous sources of literature and information on trends and patterns of how microlearning is used.
Start by replacing 1 hour of mindless social media, web browsing and so-called “Doom Scrolling” with security news reading, podcasts and educational videos. Practice doing this every day. For the easily distracted, the use of browser extensions to block sites to reduce temptation, as well as turning your phone off during these time blocks.
Listen to hacker podcasts like Darknet Diaries and Cyber Insecurity during daily commutes or household chores instead of merely music; many of these podcasts can be found on all of the major hosting services like Twitch, YouTube, Spotify, and Apple Music. Hacked is an easy beginner podcast I found on Spotify that you can start with, consisting of fairly short episodes with a very informal, easy to follow format and simple explanations that don’t assume that you know Mid-Senior level knowledge of the field.
LinkedIn Learning offers various modules and video series that cover a wide array of subjects, tool suites, and methodologies that you can play or listen to throughout your day, as well as having the ability to play, pause, and then pick up where you left off on a different device or another time/day. It also can send you push notifications as reminders, as well as weekly updates on your progress, so you don’t forget to continue your learning.
Reinforced Retention
Improving retention in studies and training starts with building positive and supportive environments. Improving your performance and habits could be as simple as creating a dedicated, orgainzed workspace or building out a network of professionals and other aspiring ethical hackers and attending conferences or workshops to here from industry leaders.
Attend conferences and conventions. Whether you have a B-Sides in your area, or conferences like NoiseFest and USITCC, find these events and sign up for them. Many are free, and quite often, a lot of them are entirely virtual and don’t require you to miss work or school and you can attend them by visiting their respective websites while completing other menial tasks to maximize your time.
Sign up for free online training sessions and programs to increase your knowledge and information of the field. FreeCodeCamp, Professor Messer, Black Hills Information Security, Network Chuck, David Bombal, The Cyber Mentor, and so many other cybersecurity/InfoSec content creators have gifted us hundreds of hours of educational material, and it’s all FREE. You don’t need to sign up for expensive training programs and courses to learn something new.
Take detailed lesson notes in OneNote/Joplin/Obsidian/SimpleNote/CherryTree or any other hierarchical note taking application for future reviewing rather than losing knowledge gained. Most, if not all, of these note taking applications support Markup Language, allowing you to create fancy looking notes with tags and links to other note sheets. Additionally, being able to learn a text-encoding system to specify the structure and formatting of a document is a valuable skill that could translate into your desired career.


Maintaining Balance
While hacking skills require constant nurturing, we have to remember to not overwhelm ourselves to our own detriment. Having the skills to allocate reasonable time periods for learning, while also investing in other life pursuits is the key to bringing happiness beyond cybersecurity study. Healthy habits and scheduling our activities into manageable blocks is necessary to fend of fatigue and prevent burnout. Yes, your skills and development are important, but they depend on you sustaining your energy and passion for the field.
Cybersecurity as a concept, and a career, means accepting lifelong learning and development. However, by planning study blocks thoughfully, swapping entertainment for education, focusing fully during those windows, and budgeting time wisely while balancing other priorites, you can continually upgrade your hacker skills without crashing. Find your own personalized formula that allows you to consistently level up while still flourishing in all areas of life! Pace yourself for a marathon instead of attempting unsustainable sprints; this journey is the long haul and exhausting yourself to reach a high level quickly is just going to leave you burned out, bored, and breaking down before you even make it past the 1 year mark.
You can achieve so much more by being both intentional and moderate with your valuable time and attention – your mindset and well-being both depend on this. So many people that have fallen off the path because they gave up their free time and pushed everything except training out. Balance and efficiency are more important than the speed of your progress. Find your balance, and you might go farther than anyone in this field ever went.