Homelab - Part 1: The why

Published - Estimated reading time: 7 minutes
An image representing a home office desk with a monitor and keyboard in the centre, the screen has a Wazuh overview screen on display. To one side are a collection of small form factor computers stacked up and a raspberry pi, all of which are wired into a network switch. Rendered in a comic book format that is nearly isometric in appearance.

For those in, or looking to join, the cyber security industry there are many ways to improve your technical skills or understanding.

You can:

  • attend instructor led classes either in person or online;
  • participate in platforms like Blue Team Labs Online or Hack The Box;
  • join online groups to talk about methodology;
  • read the manuals;
  • watch any number of videos from experts;
  • go to ‘capture the flag’ events to take part in simulated exercisees

Alternatively, you can build your own laboratory environment from the comfort of your home and try testing things out - the ‘home lab’. In this series I’m focusing on the home lab option, hopefully making it easier to decide what might work for you if you haven’t started on that journey already.

What a ‘home lab’ really is, or isn’t

It is probably best to start by putting the context around what a home lab really is before discussing why someone would build and use one. I might get some disagreement from the internet, but here’s what I think.

A home lab is any collection of technologies a practitioner uses to try out ideas, methods or techniques and see what happens for themselves. It doesn’t have to be expensive, or even physically installed or used in your home.

I’ve seen gatekeeping often in the cyber security industry, and unfortunately the concept of a home lab is an example of a topic which I think is used as a pawn. There are some who seem to make it sound like you should have multiple physical enterprise grade servers, network switches and firewalls in a full height actual rack within your home. In my opinion you really don’t need that at all, and for some it is defintely not the right choice.

Building a mini datacentre at home is entirely possible to do if you want to, don’t get me wrong, but it isn’t for everyone for many reasons. I think it is good to make sure you know what your aims and goals are when deciding to build a lab, and as your skillset progresses over time you should reassess.

In the next part of this series I’ll talk about hardware options and ways to choose what you need if you want to get actually hands on with your lab. That said, it is entirely possible to have a lab that is built in the cloud, on someone elses computers.

How a home lab works for different cyber careers

The cyber security industry is so broad the benefit and goals of a lab will differ for each career path. You might use a lab to decide if you actually want to go into a particular field, or just to broaden your understanding and compliment your core skillset.

Red teams

Possibly the most obvious cyber career path to benefit from a lab are people looking to work in the field of active testing and assessment, aka the Red team who simulate attackers. Being able to try exploits, see how they work and find ways to deploy them without harming anything which someone relies on is immediately beneficial to learning and growing in this role.

Indeed I know many businesses who offer penetration testing services have dedicated labs for their team members, letting them prototype and find different ways to attack systems. When looking to get into the industry a home lab will let you build the skills in a very real and practical way.

It doesn’t need to be anything complicated to start with, budget hardware or cheap cloud resources are enough to get started. What will be important is finding ways to rebuild your lab quickly, because when you break it you want to reset and go again quickly!

On top of this there are many companies which run ‘bug bounties’, offering a reward for any ethical researcher who finds a flaw in their systems or software. If this is something you’re looking to do then a lab of your own will likely be necessary.

Blue teams

The counterpart to the Red team are our defenders, those watching for abnormal activity and catching early signs of malicious activity. Known often as Security Operations the emphasis is on detection, response and recovery for this part of cyber security. Usually working back from a specific piece of information to figure out the root cause, and find ways to prevent it happening again.

Being able to simulate attacks in a lab and find ways to catch them as they happen, or use forensic techniques to understand what happened afterwards will let someone interested in Security Operations be more prepared for the real thing. You also don’t want to build scripted / automated ways to isolate machines from a network, or block software execution, without testing it somewhere safe first.

A home lab for those looking to develop their operational security skills will likely be similar to someone getting into penetration testing. They are after all looking at much the same problems but from the opposite perspectives. The tools used in those labs will be different, which is a topic for another day.

With the growing number of practitioners out there it is also possible to use your lab to build content for learning platforms. This takes some skill and time to do of course!

Security engineering

Someone needs to build the tools which the Red and Blue teams use. Scale them as the needs grow beyond the initial capacity, or increase resilience of the systems upon which they run.

Security Engineering is often a cross over point from other modern cyber adjacent roles such as Network Engineering (NOCs), Site Reliability Engineering (SRE), Development Operations (DevOps) or Software Engineering. Having a lab when looking to make that transition allows for a playground to test tools and become familiar with their structure.

Governance, risk and compliance

It might not seem obvious why someone who is interested in working on policy and standards, building the human processes and procedures to protect an organisation would use a lab to build technical skills. Certainly I wouldn’t expect someone in / aiming for a GRC role to build a stack of hardware like anyone looking to gain Red or Blue team skills.

For those looking to build their capability in GRC having some technical knowledge is only going to make you stronger.

  • Auditors will be able to look at evidence and truly understand if evidence provided not only is genuine, but also that it really does meet the control criteria.
  • Risk management team members will be able to better assess the effectiveness of controls for threat mitigation.
  • Compliance teams will be better equipped to monitor and identify process issues earlier as a result.

At the end of the day GRC work with everyone in the organisation, understanding more what other Security teams and technical teams do will make you more effective.

It is your choice

I don’t think it is mandatory by any means to have a lab, and I know plenty of people in the industry who don’t have one of their own. Running your own lab can be beneficial through that practical hands on knowledge building, lived experience can be very powerful for memory and understanding.

The trade off is the cost, both in terms of money to create your lab and your time to use the tools. Thats the investment, you put in time & money to gain the greater skillset.

Conclusion

What is important to not overlook is the fact the cyber industry changes constantly, and quickly. Exploits, tools, methodology used now may well be completely irrelevant in just a few months time. Those looking to get into Red/Blue teams are going to need to keep their skills current and a lab will help with that.