Gatekeeping can be understood as the activity of trying to control who gets particular resources, power, or opportunities, and who does not, possibly by limiting access to information.

In terms of cyber topics that could be access to relevant information about security topics in order to understand, learn and develop expertise.

So, people willing to learn about cyber security, hacking and the like are having the problem of finding information about these topics, are they being denied information by bad people? Do they have to pay huge amount of $$ for it? Is that what I am saying?

Hello Friend
no

Of course, there will always remain some niche knowledge a little hidden, but the vast majority of cyber topics – I would argue suffer from a complete opposite of that!

There is a lot of information, easily accessible, huge quantities actually and on a surface level this is great. It gives new people the opportunity to learn as easily as possible, choosing from a myriad of different sources.

If you are interested in a topic, you just google that and you will find everything from YouTube videos, twitter threats, how to’s to articles. You will find a metric ton.

BUT…..

Most of it is actually not helpful at all. It’s shit.

Between minimal effort AI-generated content, half-truths and flat-out wrong stuff, every company out there has a blog, where for the sake of Search Engine Optimization (SEO) and more traffic to their site, every buzzword imaginable is found.

And to most cyber security topics you will find a blog, with an easy explanation, a very good and non-confusing graphic, or a simple step by step tutorial.

You will find a medium blog or some cyber influencer going over the basics again and again, making sure to make it easily understandable and digestible.

Wait, what you write here, that’s not gatekeeping at all!

No, its REVERSE GATEKEEPING!

Hello Friend
I will get to that, if you read on, or don’t, I mean I’m not your mom or anything.

Reverse Gatekeeping in action

Okay let’s make an example, maybe this helps to get my point thru.

(However, not making my point to easily understandable is part of the meta :) )

Say you want to learn about credential dumping in windows, okay.

So, you google and find a bazillion resources like this one:

Hello Friend
Your typical vendor post, complete with annoying chat

This one “explains” how to install the tool mimikatz, this is just one example of a large number of blogs from some companies with SEO.

You read that and afterwards you can install a tool. Great. Easy, right?

But, what have you actually learned about credential dumping?

You can read this thing in one go and afterwards say:

“Yeah, I get it, this whole thing is easy. I got that windows creds dumping down.”

And then to make sure you move on the next one:

Hello Friend
Behold the beauty of modern browsing, with cookie banners and sign ups all over your screen

Cool now you go over some medium blog, at least the part you can read and afterwards you think again:

“Nice one I did it with meterpreter now, I am becoming an expert so fast.”

No, actually not.

The problem here is reverse gatekeeping.

You are being kept from the magic, the real thing is being kept from you!

By making everything easy, you never get to the see the complexity, the sheer madness involved in this and other similar cyber topics, all the while making you believe you got it already.

This is a Problem

I think this is really bad if you are learning cyber stuff right now. To make this clear I am not saying there should never be a basic tutorial! Far from it, this is not my point. And yes if you already have knowledge in these parts you will find the good stuff, sure.

I am saying that by having a huge focus on simplicity on complex topics in general, new people are denied that very complexity. You will not learn redteaming in a 8 minute youtube video, this is a complete career path with a life long learning.

If you are interested in marine sealife for example, but all you ever get to see is a shallow river, then you are being denied, without even knowing it, because you don’t actually know that deep see creatures even exist.

It’s not that the information is limited, quite the opposite, you get so much free and easy information, and this information shows and enforced a simple and easy to follow view about a topic, however, this view is not real and it actually keeps you from learning and seeing the whole and complex parts you wished to learn. Further, by presenting everything as easy and fast to learn, it robs you of the learning itself and enforces a false sense of knowledge, it does not tell you that there is magic to be found and that this path takes years. That is why I call this problem reverse gatekeeping.

I don’t think this is on purpose by some grand evil design, it is just a consequence of algorithms and the overall content strategy on the modern web, combined with the simple gets more views economy.

And yes, someone will always claim you can explain a complex topic very simple if your good enough, but honestly there are limits to it.

Go find the magic

So, if you really want to learn things in cyber go for complexity, if you’re googling about credential dumping for example and you see how to here, easy tutorial there, simple step Youtube in just one minute here – then do yourself a favor, click on something like this instead:

Hello Friend
The smell of complexity in the morning

In fact, specifically search for it, ignore all the easy stuff as much as you can!

This is from an amazing, and absolutely deep blogpost about windows credential dumping (from a friend of mine actually) (See twitter, github).

Find it -> here

Go ahead click it, bookmark it for later and read on.

In this thing, you will not understand everything just by scrolling by and that is great, this is how it is supposed to be.

Now, you have a project, instead of reading a thing one time and go:

“Yeah, I know this”, read this and go “wow, I want to learn this”, instead.

This is the way. Embrace the complex.

You can take your time, go step by step, but never be okay with just the simple stuff.

So next time when you research a topic, click on the overly complex looking graphics for a change, go for length and deepth, don’t be discouraged when you don’t understand something right away, this is a good thing, this is learning - this is how it’s meant to be, this is how you git gud.

Dig through the mountains of basic soil, till you find a complex, raw and unoptimized gem of knowledge. Be the Nerd and Nerdette your mom always knew you were.

Don’t let yourself be reverse gatekept and there will be magic to be found I pwomise.

Hello Friend
Ride with me like space witches on acid