BoredomBusted — Find Your Next Favorite Thing To Do
Discover hobbies, activities, places, and ideas that spark joy. Whether you're looking for something creative, active, social, or relaxing, BoredomBusted helps you find your next favorite thing to do.
Browse our hobby guides, things-to-do collections, and place ideas to never be bored again.

Cybersecurity isn't just for techies; it's a strategic brain game where spotting patterns and thinking like an adversary is the real thrill.
Getting started with cybersecurity as a beginner involves understanding how to identify and address vulnerabilities in computer systems.
You examine how systems talk to each other. You identify where they go wrong. Then, you learn how to exploit or defend those gaps.
The goal isn't to build – it's to break responsibly. Thinking like a criminal is the whole point, unlike coding or IT support.
Cybersecurity hobbyists engage in hands-on activities such as analyzing malware, investigating phishing attempts, writing and executing code, and documenting security vulnerabilities. They participate in capture-the-flag competitions, where they solve security puzzles by exploiting intentional vulnerabilities in controlled environments, honing their skills through practical exercises like inciden…
This hobby provides immediate skill feedback through measurable progress in competitions and bug bounties, validating efforts with clear outcomes. It fosters a sense of belonging within a community of peers, while also allowing for autonomy in problem-solving, enabling creative expression in tackling cybersecurity challenges.
You likely think cybersecurity is for late-night hackers breaching top-secret databases or just a few IT folks keeping systems running smoothly.
Truthfully, you're missing out on the real adventure that's baked into this field.
Capture the Flag (CTF) challenges are a perfect example. A network engineer with fifteen years under his belt said tackling his first CTF felt like being locked in a room where every wall held a secret passage. He wasn't knee-deep in code. Instead, he examined system behavior, made educated guesses, and tested his theories. It was more like solving a mystery novel than typical IT work.
Decrypting these puzzles and altering systems is a legal and organized thrill, thanks to platforms like Hack The Box.
You'll soon find yourself matching wits with hidden threats. These challenges train you to identify the gap between intended and potential system behaviors.
Pattern recognition and strategic thinking draw you deeper. The mindset takes longer to learn, but that's what truly hooks people.
Get ready to explore the cognitive landscape of cybersecurity.
Watching a skilled hacker in action is mesmerizing. They flow effortlessly through the system like they're one with it.
When you first sit down with a terminal, it feels like wandering a building where every door is unlabeled. It's not about lacking skill yet—just battling sheer newness.
Slowness is the method, not the problem. You need that slow start to turn each vague command into something you understand, like knowing what a port scan accomplishes or converting errors into insight.
Week one is mostly setup. You'll spend time installing Kali Linux, setting up a VM, and exploring basic networking tools. Real hacking comes later.
By week two, you tackle your first Capture The Flag challenge. Half of it feels like magic, mostly because the underlying mechanisms don't fully make sense yet.
Week three brings a realization. Understanding how HTTP requests work helps connect previously isolated pieces into a bigger picture.
By week four, reading an error message becomes a habit rather than a reflexive Google search. This shift feels real.
Closing and reopening the terminal isn't failure. It's the process. Every cracked exploit began as one that was broken and edited over and over.
Before diving in, ensure you set up a legal practice environment. Platforms like TryHackMe or HackTheBox offer safe and vulnerable systems. Skipping this step risks real-world mistakes, so set up first.
When to start: Early morning
Duration: 1.5 hours
Cost to try: $20
Success criteria: If you can explain three network-security terms from the first module and score at least 80% on the quiz, do session 2.
Jumping into Kali Linux because it looks impressive leads to guesswork. Beginners press buttons without understanding their impact.
Seeing the CISSP as a roadmap milestone is common. But it's not for beginners.
Dive into platforms like TryHackMe or Hack The Box first. Aim for 30 hours of hands-on lab work before investing in certification prep.
Beginners treat Capture The Flag competitions casually, quitting when stuck. This misses their diagnostic value.
Don't skip unsolved challenges. Read three writeups and fully reconstruct the exploit on your own.
Tutorials assume command line fluency, leaving beginners feeling behind when tutorials jump into terminal commands.
Attackers unfamiliar with SOC analyst methods overlook basic detection techniques.
Cybersecurity happens mostly at your desk. 90% of the real learning happens in your home office. University computer labs and makerspaces are great for community work.
When you attend or join a Discord, say: "I'm new – I've done some TryHackMe but never played a CTF." This simple intro gets you into beginner-friendly events, teams, and channels.
Not all cybersecurity paths feel the same. Pick the wrong one early and you'll spend six months learning things that don't connect to anything you actually want to do.
You're paid to break into systems – legally. Ideal for puzzle lovers and CTF challenge enthusiasts who enjoy thinking like an attacker. Expect to spend on practice labs like Hack The Box or TryHackMe ($14–$20/month).
Instead of breaking things, you're monitoring, detecting, and responding to threats. This is where most entry-level jobs actually live. Great for analytical thinkers who prefer patterns and investigation over exploitation. A SIEM tool like Splunk has a free tier; most practice is software-based and low-cost.
You find vulnerabilities in real company systems and get paid per valid bug. Best for self-directed learners who don't need structure or guaranteed returns early on. Free to start via platforms like HackerOne or Bugcrowd; no upfront cost, just time.
Security work focused specifically on cloud environments like AWS, Azure, and GCP. Demand is outpacing the talent pool right now, which makes this specialization high-leverage. Best for people already working in IT or dev roles who want to pivot without starting from zero. Cloud provider free tiers let you practice without spending anything meaningful.
Less technical, more policy and process. You're ensuring organizations follow frameworks like ISO 27001 or NIST. Ideal for those from legal, business, or project management backgrounds. Certification costs (CISA, CRISC) run $500–$800, but the role itself requires almost no lab setup.
Scripting and Automation is a sibling pursuit and often surfaces the same kind of curiosity.
If you want a related angle, Speed Reading is the natural next stop.
If you want a related angle, Open Source Contributions is the natural next stop.
Beginners often think they need to master tools like Nmap and Burp Suite. They buy software and learn command line tricks, but something's still off.
Tools aren't the real obstacle. It's about how systems actually behave.
The crucial skill? Threat modeling from an attacker's viewpoint. Look at any system and ask, what does this trust that it shouldn't? That question opens every door before you touch any tools.
Forget memorizing CVEs. Train your brain to spot assumptions in software, networks, and human interactions. Understand how control is transferred and misplaced.
With attacker-focused threat modeling, Capture the Flag (CTF) challenges aren't frustrating hunts. Vulnerabilities stand out once you understand the system's assumptions.
Running tools blindly is a dead end. In complex environments, fishing for results won't cut it.
Next, let's find out where this skill truly makes a difference.
In thirty days, aim for twelve sessions. Space them to allow reflection but keep the momentum.
Three sessions a week let you catch the rhythm of cybersecurity work. Every iteration of problem-solving gives a taste of the field's energy demands. By the end, you'll know if the cycle invigorates or exhausts you.
When you dive deeper than the exercises just because you can't help it, you're hooked. That's not perseverance. It's true fit. The next step is building a home lab and starting on a certification path.
Feeling indifferent signals that the idea of cybersecurity intrigues you more than the work itself. Consider exploring related areas like networking or IT support to see if a different angle suits you better.
If sitting down for each session is something you dread, heed that. Cybersecurity suits those who find the challenge enticing, not just challenging. Walk away now rather than invest in costly exams that won't hold your interest.
The strongest sign you're on the right track? Watching a news story about a data breach and needing to know how it happened. That pull toward understanding the mechanism is your cue. If this curiosity sparks more than once, you're likely well suited for the field.
Plenty of people land on cybersecurity after browsing the full hobbies list — that's a fine place to start, too.
Looking for something lighter? Our boredom-busters guide is built for exactly that.
You'll benefit from basic IT knowledge and comfort with command-line interfaces, but many beginners start without specialized background. Strong problem-solving skills and curiosity about how systems work are more important than formal prerequisites. Most learning resources cater to beginners and teach foundational concepts step by step.
Entry-level competency typically takes 6 months to 2 years of dedicated study, depending on your starting point and learning pace. Professional certifications like CompTIA Security+ or CEH generally require 6–12 months of focused preparation. Career advancement beyond entry-level roles often requires additional years of hands-on experience and specialized certifications.
Cybersecurity is the broad field of defending systems and data from attacks, while ethical hacking is a specific subset that involves authorized testing to find vulnerabilities. Ethical hackers use similar techniques to malicious actors, but do so legally with explicit permission to help organizations strengthen their defenses. Most cybersecurity careers involve elements of both protection and authorized penetration testing.
You can start free with open-source tools, online tutorials, and practice environments like HackTheBox or TryHackMe. Formal training ranges from $200–$1,000+ for online courses to $5,000–$15,000+ for bootcamps or university programs. Professional certifications add additional costs ($300–$500 per exam), but many employers cover certification expenses.
Essential starter tools include Wireshark (packet analysis), Metasploit (penetration testing), Burp Suite (web security), and Linux distributions like Kali or Parrot. Most tools are free or have community editions, and learning them is part of your training journey. Hands-on labs and sandboxed environments let you practice safely without risking real systems.
Yes, cybersecurity has strong job demand, competitive salaries, and numerous entry-level certifications that open doors without requiring years of experience. The field values self-taught learners and those who can demonstrate practical skills through certifications or portfolios. However, it requires patience to build foundational knowledge and commitment to continuous learning as threats evolve.