How to Learn Cybersecurity
Applying Cognitive Psychology to Cybersecurity
Introduction
Cognitive psychology is the study of how humans process information such as attention, learning, memory, perception, problem solving, and reasoning. Not only does cognitive psychology apply to learning, but all aspects of cybersecurity from behavior to biometrics to social engineering. It is about making sense of human behavior. Does this sound like Artificial Intelligence? Well, cognitive psychology and brain science are the foundations of AI.
In this article and future articles, we will be applying knowledge and techniques published by cognitive psychologists and neuroscientists to cybersecurity knowledge. Additionally, I’ll be revising past articles I’ve published to apply these concepts. I should also note, I’m a cybersecurity professional with 17 years of formal (unrelated) education, a handful of certifications, and an interest in cognitive psychology. I’m not a cognitive psychologist or neuroscientist, I’ve tested these methods and have seen a _significant_ improvement in my knowledge retention, problem solving, and how I think about things.
Bloom’s Taxonomy
Bloom’s Taxonomy is a psychology model used to classify learning objectives. There are three models to this theory but they can be summed up using the following:
1. Memorize: Recognizing and recalling 2. Understand: Discussions, summarizing, inferring 3. Apply: Implementing, relationships, problem solving 4. Analyze: Comparing and contrasting 5. Evaluate: Critiquing and prioritizing 6. Create: Hypothesizing, planning, producing
We need to combine all these levels of learning to be a successful student. Once applied appropriately, our learning skills will be developed enough to apply these techniques to any subject.

Higher Order Thinking vs Lower Order Thinking
Higher order thinking applies cognitive processes such as critical thinking and problem solving to learn concepts, processes, and facts. Lower order thinking does not apply the same cognitive processes and has proven to be less effective in learning and retaining information, and skill development.
Does any of this sound familiar? If applied correctly, active learning commonly correlates to higher order thinking. Similarly, passive learning learning is commonly associated with lower order thinking.
Applying Bloom’s Taxonomy
You shouldn’t assume you have the information right, you should ask questions. I’ve made sense of connections that I incorrectly correlated then didn’t test until exam day. Have you ever received a test question that made you realize everything you made sense of was wrong?
Well, challenge reveals gaps in connections.
Break apart the content through mind mapping it out, asking questions, and testing yourself with questions. I’ve created mind maps for exams, asked questions of others and tested myself only to realize a connection was incorrect. Sometimes the connection is incorrect or there might not even be a connection.
After reading through a SIEM’s documentation, I forced myself to make sense of it by creating correlations (even when the documentation lacked). I was going through some content with another team member who was asking me questions. After talking to him, he cleared up a lot of connections I missed. He phrased it perfectly, “okay I read it…but why does that matter? what does that even mean?”
Here’s an example of a mind map I’ve created:

When you start to learn a new subject, you probably won’t see the correlations or the ones you formed will be incorrect. News flash! That’s alright, you’re learning! The above mind map is the 7th revision of it being cleaned up and probably my 20th revision across 8 months.