Silverstr says that to be a security expert you have to get your hands dirty. I totally agree. I know not everyone is like me, but I learn by doing.
Warning, there is a boring personal story in the next couple of paragraphs that is me simply reiterating the last sentance of the previous paragraph. Feel free to skip it if you don’t care.
I bougt a book called (something like) the basic book of photography. I read a fair chunk of it, doing my best to absorb what I could. I read about light, and lenses, and fstops and exposure, and all the neat and interesting things that I find, uhmm… neat and interesting about photography.
Related sidenote: A while back dad had passed on a 28-80mm lense for my Pentax SLR which was very cool. I much enjoyed the freedom of the zoom lense to allow me to put only what I really wanted in the frame. I always thought that at its “non-zoomed” state it seemed that everything was very far away, and thought it was quite odd to have to zoom in on everything, and why couldn’t it just show what I saw with my eyes.
I was wandering around mill lake last month and taking pictures of interesting things, or at least things that I thought were interesting. As I wandered I changed lenses between the “normal” and the zoom lense. I had read at one point that only the very expensive zoom lenses will allow you to keep the same aperture (f-stop) from un-zoomed to zoomed, and on the ends of the lense you’ll find a marking that is something like 4.5-5.6 which indicates that at an un-zoomed state its smallest aperture is f4.5, and at its zoomed state it’s smallest aperture is f5.6.
Anyway, I looked at the end of the lense and noted that it was not a super expensive lense. Oh well, I wasn’t really expecting it to be anyway. I then looked at the end of my “normal” lense and saw “50mm” stamped on it. Something clicked. I looked at the zoom lense again. 28-80mm.
Though most will laugh at this, this was the moment I “got” lenses and how the mm sizes relate. I’ll put it here, but if you’re anything like me you’ll nod, smile, and say “I understand” when you really don’t, and continue living your life. Or you know all this already and you’ll make fun of me for only getting this now.
The normal “width” of a “normal” camera lense is 50mm. This approximates (IIRC) the field of view of the eye, which is why things seemed to look normal though my “normal” 50mm lense. The zoom lense I have isn’t at a “normal” width in its completely unzoomed state, but is in fact, a wide angle lense. Not as wide angle as 14mm (as 28mm is not 14mm), which I understand to be a wide-angle lense, but it’s getting there.
This means that things will seem more stretched out and, well, wide when it’s at that state of zoom. Depth of field will also be far longer and you can do some interesting effects with it. You also get more in a shot.
Anyway, the whole point of that all was that it took me mucking around with lenses to finally understand what I had read telling me all about lenses earlier.
Back to the original point.
Computer security is like everything else. You can read as many books as you want, make as many plans as you want, talk about it as much as you can, talk to other people who have actually done it, but until you get your hands dirty and actually do it yourself you won’t know nearly as much as you can about it. That’s not to say that you shouldn’t read all the information you can about a subject you’re interested in, as knowledge is power, but you can’t have that as the only way of preparing yourself as an expert (or even a “doer”) of anything.