Why hands-on experience in cybersecurity is key to success

by Black Hat Middle East and Africa
Why hands-on experience in cybersecurity is key to success

There are numerous courses and certifications available to cybersecurity students and aspiring professionals. Many of them are good, and there’s definitely a place for formal learning in this sector – and some cybersecurity experts take their studies to Masters degree or doctorate level. 

But learning in the classroom (or a digital equivalent) has to be backed up by real-life experience. Every time we ask cybersecurity professionals whether they value hands-on experience more than formal education, they say yes. 

So what hands-on cybersecurity opportunities are out there for students to gain experience? 

Capture the Flag

We’ve written about why Capture the Flag (CTF) is so important to the cybersecurity ecosystem before. And for aspiring industry professionals, CTF challenges offer an incredibly valuable route to build experience, connect with a network, and establish a reputation for themselves. 

Heba Farahat (Senior Cybersecurity Consultant at Liquid C2) said:

“I believe that CTFs offer one of the most effective ways to learn about cybersecurity in a gamified manner.”

“For that purpose, I actively participated in CTFs at the start of my career, and my team ranked among the top 5 in several regional competitions. Eventually, I transitioned from the player seat to the driver seat, aiming to help more people enhance their cybersecurity skills. Over the years, the number of participants doubled, attracting players from 15 different countries, with women comprising over 60% of the participants.” 

Hacking lab environments 

They’re also known as ‘cyber ranges’ or ‘virtual hacking labs’. They’re simulated environments specifically designed for people (students, cybersecurity professionals, and enthusiasts) to practice their ethical hacking skills and develop their abilities in a way that is controlled and legal. 

Usually, a hacking lab environment is made up of systems that are intentionally vulnerable to attack, unpatched networks, and applications that replicate real-world security scenarios.

You can find ready-made hacking lab environments online – from SlayerLabs to OverTheWire, and PenTester Lab to Hack The Box.  

Building home labs 

As well as engaging with existing hacking lab environments, you can build your own. And you can do it for free. 

To get you started, we like this comprehensive guide by StationX – which takes you through the hardware and software you’ll need, and provides step-by-step instructions. 

Real world experience deepens your perspective 

As well as developing technical ability, real hacking experience that exposes you to different environments and different people helps to build an understanding of cybersecurity that’s rooted in the world you’ll be working in – and not restricted only to technical skills. 

When we interviewed Omar Khawaja (CISO at DataBricks), he said: 

“I used to think technical security controls were the most important part of a security program, then I realised it was important to not just have controls but for the controls to be part of some comprehensive framework (compliance!).”

“Then I evolved my thinking to consider the business as the most important stakeholder (risk management). Along the way, I learned that in a complex organisation, people and process are immensely more important than technical controls.”

So if you want to be an ethical hacker, take every opportunity to gain hands-on hacking experience. It’ll set you up with the knowledge, skills, problem-solving capacity, and the contacts to navigate your career path with confidence. 

If you want to immerse yourself in the future of cybersecurity, join us in Riyadh for Black Hat MEA 2024. 

Share on

Join newsletter

Join the newsletter to receive the latest updates in your inbox.

Follow us


Sign up for more like this.

Join the newsletter to receive the latest updates in your inbox.

Related articles

The rise of Ransomware as a Service

The rise of Ransomware as a Service

The rise of Ransomware as a Service (RaaS) means that inexperienced cyber criminals can launch effective attacks with minimal technical skill, exploiting and extorting more victims.

Read More