Beyond the Keyboard: “Try Harder” Mindset and Goals

Note: This is a blog post by shanks that first appeared on Jan 23, 2024. Republished with permission from the author.

“Without goals, and plans to reach them, you are like a ship that has set sail with no destination.” — Fitzhugh Dodson

The OSCP Grind: My Journey Through and Beyond

Let me start off by being direct. This journey is tough, and honestly, it probably always will be. Let me tell you why that’s ok.

In 2016 I had the dream of attaining the OSCP and having the certification “everyone talked about”. Just starting high school with no money or support it was a seemingly daunting path to pursue. The passion for hacking set a fire in me. At that moment I realized what I wanted to do with my life. I pledged to myself to put all my efforts into achieving this goal, so I started studying with free stuff I could find online. I guess we all start this way, either watching YouTube or reading some books.

A Path and Mentorship

Fast-forwarding to university, I was given an internship in digital forensics which opened my mind to the possibilities that lay ahead.

Fortunately, I was lucky to have a solid leader to shadow. They helped me by encouraging me to pursue a career in cybersecurity and emphasized how I should prepare myself for a continuous process of learning. This gift of mentorship was uplifting and truly inspired me to grow.

I knew it wouldn’t be easy and during my lunch breaks I would split my time diving into a CCNA exam guide and any forensics book they had for me to consume. One book in particular sparked my attention: a study guide for the Certified Ethical Hacker v9 certification course. Now obsessed with learning, I processed that book quickly. Even if I were never to sit for the exam, I still had this drive to understand what all was involved with an ethical hacking certification.

During my return trips home, instead of listening to music while on the bus, I’d search for reviews from people who passed OSCP and how they achieved their goals. Hearing how they had attained what they set out to accomplish made me realize how much I wanted OSCP. It brought me joy to think about now that I had this new found support from my leader and a clear direction. At that moment, I knew I had my own path.

Meanwhile at home, I was trying other resources to get myself used to cybersecurity because in my mind I already chose offensive security for a living, for my future. Knowing already what you want to achieve is a huge step.

It can be difficult finding a mentor but OffSec does this part for you.

The OffSec courses are comprehensive and well structured. They also have a strong community of people helping each other. This makes a huge difference. They’re always friendly, professional and willing to help. Rest assured you will not be alone in this journey.

It’s not only about having a leader/mentor/someone that you can count on, it’s also important to have a future vision of what you want for yourself.

The “Try Harder” mentality

When I first heard about this I didn’t understand what it was about. I thought, “Do they mean trying until you get it?” To me it was vague and initially I was not very fond of this slogan.

Going through the course I began to understand the message a bit better. For me, it represents resilience. That ability to pick yourself up by your bootstraps and overcome obstacles.

re·sil·ience — the capacity to withstand or to recover quickly from difficulties; toughness.

“Resilience” can be translated to embodying a persistent and determined attitude towards challenges. It means not just facing difficulties in cybersecurity but actively embracing them, continuously pushing oneself to learn more, and not giving up when faced with obstacles.

To me it simply meant “never give up”. There were many times I thought of giving up because it felt like it was too hard. At times I would get stuck and could not make sense of anything in that moment. What do you do when this happens? Just step away, go play a game, run, eat or take a walk to clear your head. You will make sense of it sooner or later if you remain steadfast and resilient.

OffSec does a great job teaching things based on this philosophy. Don’t be afraid, it works.

Helping students along the way

Throughout my OSCP journey I had a lot of help, from other students and Student Mentors on the Discord server. Without the community it was overwhelming at times but with their help it gets easier, trust me. You can’t be afraid to engage your fellow learners and ask questions. We’re all in this together, right?

After I became comfortable with this notion and finished a certain challenge, I would try to help other students who were also on the same challenge. I always did my best to help them with hints or insights about a particular issue they were struggling with. I encourage you to do the same! You would be surprised how much you reinforce your own learning by helping others understand the challenges they’re facing.

“One important source for the acquisition of knowledge, especially of factual knowledge, is the construction, transmission and comprehension of explanations.” — Learning by Explaining to Oneself and to Others

This is represented in the Feynman Technique. The Latin phrase for this philosophy is “docendo discimus,” which means “by teaching, we learn.”

You’re not only helping other students but also yourself in the process. Retention is increased and understanding deepens.

While I advocate for diving in to the community and helping others to learn while you’re learning, there is a major caveat: you need to take good notes. Without good notes you can’t go back to a particular challenge to help someone who is stuck of just starting out.

Here are the steps I took to help people out more effectively on Discord:

1. Complete the course and challenges. Try to get the most out of it by using new tools and alternative paths.
2. Take thorough notes on how you solve a challenge. Make note of which tools were used and then you can begin to refine your process for explanation.
3. Respond to someone who’s asking for help!

For the students, learning how to ask for help is even more important than simply asking: https://dontasktoask.com/

Community Companion

Before my exam and after helping countless people, I received a DM mentioning that I was given the “Community Companion” role. This role is assigned to those they want to recognize for helping the community in some significant way. I was not expecting this and didn’t even know this existed to be honest.

I didn’t help others in the hopes of getting some recognition for it — I just wanted to give back to the community and have more retention of the things that I learned for myself. This gave me a boost to my confidence and encouraged me to take the OSCP exam and ultimately pass on my first try.

2024 Goals: OSWE and more!

New year, new goals, new certifications!

In the year 2023, I successfully attained the OSCP and OSWP certifications. Building upon this achievement, my objectives for 2024 are set towards pursuing more advanced certifications. This includes a specific emphasis on web penetration testing, bug bounty programs and so on.

My objectives for this year, particularly with OffSec, are outlined as follows:

Pursuit of OSWA & OSWE Certifications
— My primary goal this year is to acquire both the OSWA and OSWE certifications. These steps are pivotal to me in establishing a career in penetration testing, helping me to fulfill the dream that I’ve had since my internship.

The OSWA certification will help me build a more robust foundation in web security. OffSec’s renown in this domain will be instrumental in guiding me through the complexities and nuances required for mastering the material for the more advanced OSWE certification.

Coding and Scripting
— Delve deeper into coding and scripting. Rigorous work here should lead to an improvement in my ability to analyze source code.
— To achieve a high level of proficiency in adhering to and implementing OWASP (Open Web Application Security Project) standards, an essential skill in today’s cybersecurity landscape.

Bug Bounty Programs
— Leveraging the skills and knowledge acquired, I aim to increase my participation in bug bounty programs.

Contribution to the Open Source Community
— Another significant goal for this year is to make meaningful contributions to the security of open-source projects. Identifying and obtaining a CVE will mark a significant milestone in my professional journey.

Ongoing Support with the OffSec Community
— I am committed to providing continuous support to the OffSec community.

But how can YOU achieve your goals?

1. Define your Goal: What’s the big dream? Clearly understand your ultimate objective.
2. Check Your Starting Point: Figure out where you’re at now and how it lines up with your goal. I want to be a more well-rounded pentester, so I want to focus on web app security through OSWA and OSWE.
3. Plan Actionable Steps: Break it down into smaller, doable steps. It helps with motivation. If you’re working on one of the OSCP challenge labs, break the labs down into standalone boxes and the active directory set. That way the challenge doesn’t look like 6 overwhelming machines.
4. Enjoy the Process: Have fun and embrace what you do!

Final thoughts

For those who want to see this when they wake up: don’t give up. You will very soon.

I tweeted this in 2018:

And this is me quoting the tweet in 2023, now as OSCP certified!

It’s all about theJOURNEY! Be resilient; you’ll get there.

Thank you for reading and I hope that I’ve helped you in some way. I wish you luck on your journey, be it with OSCP or any other OffSec certification. You’re on the right path.

Cheers,
shanks