Originally posted 17/08/2020 on my first blog site - links now broken but I will try to add them back in
Have you heard of the Dunning-Kruger effect? Well it doesn’t really matter to be honest because I am going to tell you about it anyway, here is an excerpt I skilfully copy pasted from Wikipedia (hackerman.jpeg)…
In the field of psychology, the Dunning-Kruger effect is a cognitive bias in which people with low ability at a task overestimate their ability. It is related to the cognitive bias of illusory superiority and comes from the inability of people to recognize their lack of ability.
What does this mean in real talk? Well basically, when learning something new, you often don’t know what you don’t know, you are blissfully ignorant. As the graph above shows, you know very little about a subject yet your confidence is high. You think that what little you do know has been easy to pick up, why wouldn’t it always be easy? As you start to know more of what you don’t (or didn’t) know you come crashing down into “the valley of despair”. Your confidence is gone as you begin to realise you really don’t know much at all.
At this point, in an ideal world (which, in 2020 has never felt further from reality), you should see a gradual increase in both knowledge and confidence as you progress and learn. As you know though, this world is far from ideal.
The reason I am waffling on about the Dunning-Kruger effect is because I have been going through this myself, although imagine the graph above but it has many more peaks and troughs from the valley of despair to mount stupid and back again. This has been my exciting and nauseating journey. So I have been watching a lot of YouTube videos recently (shoutout to The Cyber Mentor and Hackersploit), mainly surrounding Network Pen Testing (lots of Nmap scans) and a bit of Web App Pen Testing (lots of BurpSuite). When I watch them, I get it. I understand (for the most part) what is going on and why they are doing what they are doing. When I follow along I feel great, just like a “real hacker”.
Then, after promptly arriving on Mount Stupid, I think to myself “I reckon I’ll try a CTF or a Boot to Root room on Try Hack Me. If I enumerate enough I am bound to find SOMETHING”. I try this and come crashing down to the valley of despair when I realise I am out of my depth. Rinse and repeat. Yay, this is fun :/
So what do I do? I am fed up making these trips up and down (I have bad knees you know). Well I definitely need to stop getting ahead of myself, it’s easy to get caught up when watching a professional do something on screen but I need to remember I am still a beginner and need to take beginner steps. I need to get the basics down, get a strong foundation and build on that. This will take time.
I do get slightly disheartened when I am doing, what is labelled as, an easy or beginner room and I need to use the hints or Google. I try to avoid reading write ups until I am out of options but it happens a lot. The thing is, I have no reason to get disheartened, this is exactly the level I am at. Hints are there to be used if needed and we have all used our pal Google for help.
It’s only by getting this solid foundation that I’ll be able to build and progress. I dislike using cliches but some of them really do make sense; you need to learn to walk before you can run.
So I think I’ll sit back and enjoy the rollercoaster as much as I can, while I can.
All the best,