There are stories of Tiger Woods hitting 1,000 balls at the range without a break. And of Jason Williams practicing dribbling for hours on end without ever shooting a ball.

That’s how you become an expert. That’s how you get amazing results.

At least in some fields.

I'm wondering...what would that be in #infoSec? In #programming?

Deliberate practice ( is mostly built off of 4 criteria:

  1. Designed and evaluated by an expert
  2. Stretches you and is uncomfortable
  3. Requires your total concentration
  4. Consists of a lot of repetition

Usually, it comes down to exercising one aspect of something. If you want to get good at drawing people, don't just draw 100 people. Draw 100 eyes. 100 noses. 100 hands.

If you want to get good at putts, make 100 putts. From the same spot. Then move a little. And make 100 more putts.

What types of deliberate practice do we have in the tech industry?

Here's a d00d starting up something involving deliberate practice for programmers:

And another one, this time by John Sonmez who's well known in the learning-to-program spheres

@estoricru We may actually be shying away from deliberately practicing things by automating the boring stuff. Food for thought.

@estoricru In my case, I taught myself programming from learning BASIC and Z80 assembly language using magazine listings. Then, I'd ask, "I'd like to make a program to do X.", and try to do it. And fail. And then I'd get quite upset about it (still do to this day, in fact). And then I'd try again.

I've been trying to build my own homebrew computer since 2004. Still don't have what I'm *really* after. I'm *still* pursuing that dream though.

I set aside time quarterly for regular review of installation docs, shell builtins, STIGs, and RFC changes that could affect my work quality.

I also set aside an hour a night to work on anything I want, so long as it gets done in an hour- anything else i simply drop or back out of, and put it on a schedule. Usually that is some kind of cronjob or short script, or playing with an application that I'm fuzzy on because I haven't touched it recently.

@bill @estoricru As a sysadmin, I mostly just mainline absinthe.
@estoricru The difference between the answers of @bill and @sungo gave me quite a laugh.


I usually do refactoring/optimisation passes each week, of what I use, program(med), and quarterly I will evaluate what has been causing me pain in my day-to-day schedule.
@siina @bill @estoricru For a less flippant answer, I have a home lab that I'm always fiddling with and rebuilding. I've rebuilt the cloudlet, what, three times so far?

@sungo @bill @siina These are all definitely practice but not deliberate practice

@estoricru @siina @bill I build servers for a living, writing automations for that. There is no expert-blessed single method for that. "Rebuilding the cloudlet" is short-hand for using mostly the same techniques that I use for my day job over and over again trying to get this thing the way I want it. I'm playing with new techniques that absolutely get pulled into my professional jobs if they work out. And perhaps more importantly, I've been ruling out approaches, based on practice.
@sungo @estoricru @bill My refactoring/optimisation passes every week sure fits the four criteria listed -- I didn't think I needed to break down the process, since it's personal to my way of working.

I'm thinking the absinthe answer is best then. I could always have a bartender or blow test consistently eval my BAC.

@sungo @siina

@estoricru @sungo @siina
More seriously, there are no professional resources for evaluating the practice the way you envision it, so you will never get a right answer.

As far as my practice goes, continuously evaluating the same documentation over and over on a schedule, and checking my methods of application regularly over time is as good as it is going to get.

@bill @estoricru @sungo Reading through some of the examples in the provided link, it seems that what I do is in the same vein as Ben Hogan, just not as intense, because I'm not trying to beat any records or be obsessively perfect in the way I do things.
@siina @bill @estoricru I also think there's a huge difference between deliberate practice at something like a sport and something like tech. Tech is constantly changing and the job is a matter of staying up to speed and refining techniques over time. Golf and basketball and the like don't change. You can get better by practicing the same thing over and over again because they're not going to change the shape of the ball or the basic rules in a year.
@siina @bill @estoricru
In the last 5 years, the preferred methods of deploying services and servers has changed at least once a year. Just when I figure out this year's tech, I'm on to the next.

Yes, and this is why I have a process that focuses on what doesn't change, which is adapting to the constant churn of refactoring that is the norm in this industry.

I joke with neophyte programmers and admins, and tell them that I hope they like the idea of CS finals week study loads for the rest of their IT career if they want to stay relevant.
@estoricru @siina

As far as deliberate practice goes. it is often designed by the people who use it. and has measured results. The "Beginner's Guide" has examples that I'm intimately familiar with. and my serious post was made from that perspective.
I've used similar techniques in other fields to become my local best as what I'd do. regardless of whether it was martial arts. being a chef. or legal case management.
@estoricru @sungo - 1/1

@bill @siina @sungo The answer can absolutely be "there is no way to deliberately practice this stuff." The thought was brought on by an email from a friend who is an author...he was bemoaning that there's no way to really deliberately practice writing. There's no way to measure the improvements.

It appears to be the same for us.

Well. as I said. there is. just not the way you define it. Ben Franklin used deliberate practice for his writing. That is in the beginners guide. But even his method doesn't strictly follow the steps you mention.

Most methods won't in the way you envision it because some skills. even when broken down. aren't immediately repeatable in the same way my sifu insisted on having every aspect of Sil Lim Tao perfect before moving on to anything else - 1/4

@estoricru @siina @sungo They are repeatable and measurable however- just the methods or focus on the "basics" aren't on the shell command itself. it is on how it is learned.

I've been going through with this teaching my daughter sysadmin basics. She is still learning ssh. She will be learning it not until it becomes rote - 2/4

@estoricru @chuck code katas; relatively simple problems with constraints that exercise a particular programming skill

@estoricru For coding, I would say that code golf qualifies. Hacking on little, not really useful stuff as a way of flexing your mind and coming up with new ways of doing things, or at least thinking about the problems.

Also, the time-honored tradition of re-implementing stuff so you can get a better handle on what all goes into it. I wrote Systembot for that reason - system monitoring was getting to me because I didn't have a good mental model of how it worked, so I wrote my own.

From the security side, maybe crackmes and online CTFs would qualify as deliberate practice.

@estoricru Some untested ideas,

Write proof of concept for well known vulns. Read specs, look for flaws. Read sourcecode like you woukd a technical book - looking for patterns and structures. Try to pull snippets out of code and unit test them, or write a fuzzer for their inputs. Make a list of pet peeves for a favorite app and see if you can fix one. Pick up a new library and make toys - literal toys, stuff a kid might like to play with, extra sparkly.

@estoricru The thing that makes this deliberate is that you are spending regular hours, with the work tools, in the mental zone of 'wtf even is this' just barely outside of the comprehensible, tripping over edge cases.

@feonixrift Generally deliberate feedback is a specific thing where you practice a specific aspect and get feedback to improve it. Like putting from the same distance towards a hole 1000 times. Shooting from the 3 pint line 1000 times, etc.

@estoricru Ok so that's gonna differ, but... a. 'got the proof of concept to work on n vulnerabilities of class X' is pretty much exactly that, and b. there are plenty of high skill crafts that don't provide that at all yet are amenable to deliberate practice so long as your own mind and body are put through paces with continual attention. I think feedback here is in the neural network sense, not the homework grade sense, so reducing it to a single metric would pitch out continual contextual cues.

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.