Helping Friends Learn Cybersecurity: Lessons from Teaching Beginners

✍️ Valentin Lobstein  | 
Table of Contents

While pursuing my cybersecurity studies, I began helping friends learn cybersecurity fundamentals. Between lectures, labs, and exams, I allocate time to transform technical knowledge—identifying web vulnerabilities, writing proofs of concept, or automating scans—into clear explanations. Converting experience into teachable points reveals assumptions that were never explicitly explained.

Previously, as a student, I had only helped friends online as part of the Balgo Security team, where we all progressed together. Recently, I began helping beginners with zero background, requiring explanations built from scratch.

The primary challenge is explaining concepts to people with zero background. My own learning was unstructured, so I had to identify core concepts: how a web page loads, using browser developer tools, and understanding basic request and response flow. I organized these concepts so each explanation builds on the previous one. Short, hands-on tasks are more effective than lengthy exercises. Organizing explanations is complex, so leveraging established online resources saves time without compromising content quality. Covering fundamentals is necessary; they form the foundation for advanced topics.

Basic concepts require explicit explanation. For example, I explain that everything visible—HTML structure, styles, and scripts—is rendered by the browser from raw files sent by the server, and that edits in developer tools only affect the local view. I used to verify these details by consulting MDN or RFCs when learning, but over time those habits diminished. Helping others requires returning to authoritative sources, summarizing differences between GET, POST, PUT, and DELETE for clarity. This process reinforces the importance of reading upstream documentation and improves learning methodology.

Effective help requires working directly at the computer and exploring resources together. Opening documentation, running sample code, and stepping through interactive labs, pausing for clarification. This hands-on approach ensures each concept is immediately applied and requires verifying that every step works before proceeding.

Measuring progress without formal tests requires alternative methods. Instead of quizzes, I set small goals. Each completed task demonstrates understanding.

Helping others also improves my own research. Explaining a workflow in plain language uncovers assumptions I never questioned, such as how to structure a testing environment or organize notes. Questions from friends lead back to fundamentals, resulting in better habits and clearer processes.

Helping others learn cybersecurity requires anticipating questions and explaining concepts in multiple ways. Making knowledge explicit strengthens expertise and helps others build theirs.

Why Helping Others Matters

Helping others learn cybersecurity fundamentals requires continuous learning about both explanation methods and technical topics. Unlike technical work, where results are code and reports, helping beginners involves guiding them through their first successes: loading their first page, running a script, or using the console. A single misunderstanding can stall progress, requiring clear explanations.

Starting Small

The approach is to start with basics. Early sessions cover installing a browser, opening developer tools, and typing a basic command. As comfort grows, I introduce progressively harder tasks: examining headers, modifying a script, or tracing a simple workflow. Mistakes are treated as part of the learning process.

I began my own journey on Root Me and VulnHub, which presupposes some development background and quickly became frustrating for total beginners. To better support someone with zero prior knowledge, I plan to integrate structured paths like TryHackMe’s Cybersecurity 101 (https://tryhackme.com/path/outline/cybersecurity101) , ensuring that initial exercises are approachable and build essential skills without overwhelming newcomers.

Structuring for Effective Learning

Effective help requires:

  1. Simple Goals: One clear task per session, view a page source, capture a request, run a script.
  2. Immediate Feedback: Review their work right away to correct errors before they become habits.
  3. Iterative Improvement: Adjust explanations based on what they struggle with, keeping examples relevant.
  4. Active Practice: I guide the challenge-based exercises, and they actively practice.

Helping Others as a Learning Process

Helping others requires revisiting basics. To explain basics, I revisit concepts I thought I understood, finding new ways to illustrate them. This process improves problem-solving. Helping others is bidirectional: friends learn from me, and I learn from them.

Conclusion

Helping friends learn cybersecurity fundamentals helps them gain practical skills. This expands the field, brings in new perspectives, and prepares for future challenges. Helping others is a component of professional growth and contributes to the cybersecurity community.

- Valentin Lobstein (Chocapikk)