Learning Cybersecurity Through Teaching, Presenting, and Writing

by Miguel A. Calles

We have heard, “Give a person a fish and he/she will eat for a day. Teach a person to fish and he/she will eat for the rest of his/her life.” This saying focuses on the student. Have we considered the benefit the teacher receives? The old adage has a flip side, “Give a person a fish, neither person learns. Teach a person to fish, the teacher further masters his/her skill.” This new perspective gives us insight into the benefits of instruction.

Breaking Into the Field

I did not start as a Cybersecurity engineer or in a related field. I earned my Bachelor of Science degree in Material Science and Engineering. I started my career as a Systems Engineer at a company that builds military systems. It was about 10 years into my career when I decided I wanted to switch focus to Cybersecurity. I read technical books and worked on side projects to build my skills. I asked my leadership for opportunities to work in Cybersecurity. Although I was learning, I wanted to learn more. I hoped I would be able to work as a cybersecurity engineer full-time.

It was exciting when I got my first cybersecurity engineer role at work. The position was entry-level but it would give me practical experience. I would be building up my skills on a full-time basis and learning at a faster pace. One of my first assignments was to write a cybersecurity training manual. Having to teach someone how to secure a military system allowed me to internalize my skills.

Instructing Others Through Writing

Doing something yourself and teaching someone are very different. We can get so accustomed to our abilities that we perform tasks with relative ease. We can fail to realize how difficult a task might be to someone without prior training. To teach, we need to understand where they are coming from and what issues they might have. This requires us to master our skills to be able to instruct others.

At first, I wrote the Cybersecurity manual as a set of instructions. I realized the procedure had many assumptions. As I reviewed the draft, it became evident I needed to provide some context to my target audience. The manual needed to educate the reader on the subject matter. I had to define terminology, explain concepts, and include contextual information. This way, a novice would be able to learn while an advanced reader could skip ahead. This is a win-win! Future revisions of the manual aimed to teach rather than provide a procedure.

Mastering Skills

I discovered something profound the more I revised the manual and aimed to teach in the writing. I realized my Cybersecurity skills and understand were improving. I had to understand principles and how the system worked to be able to teach others. I could not teach what I did not understand.

I looked for opportunities to write, teach, and present as my career progressed. Writing and presenting added new dimensions to my own mastery of skills. Writing is a one-way form of communication. Most of the time the reader is unable to ask questions or give feedback. Yet, teaching and presenting is a two-way form of communication. The audience usually has an opportunity to ask questions and expects real-time responses. Being able to answer questions on a subject matter requires a mastery of the subject.

To Instruct and Grow

We will improve our mastery of Cybersecurity whether we write, teach, or present. These activities need us to better understand the subject matter. We need to distill information in a way that others can understand it. We want to anticipate what questions and confusion the audience might have. We rewrite, restructure, and revisit our work to deliver the best outcome. Practice makes perfect, and we get a lot of practice by writing, teaching, and presenting.

About the Author

Miguel A. Calles is a freelance cybersecurity content writer. He has an information assurance certification, and works as an engineer on a serverless project. He started in cybersecurity in 2016 for a US government contract, and has been doing technical writing since 2007, and has worked in various engineering roles since 2004. Miguel started his interest in cybersecurity when he was in middle school and was trying to backward engineer websites.

This article was contributed by Miguel A. Calles, author of Serverless Security.