Cybersecurity Linux

Why I Use Ubuntu Instead of Kali Linux for Security Learning

teodulfo.espero

May 22, 2026

Photo by Max Bender on Unsplash

Most people getting into cybersecurity eventually hear the same advice:

“Install Kali Linux.”

Apparently, the path to becoming a security professional now begins with downloading an operating system that looks vaguely intimidating, opening a terminal, and pretending to understand what metasploit does.

Of course, every YouTube cybersecurity expert, self-appointed or otherwise, will tell you to install Kali Linux. Because nothing screams “solid fundamentals” quite like launching tools you barely understand and mistaking activity for learning.

I understand the appeal.

Kali Linux has branding. It feels serious. Tactical. Like you are about to infiltrate a classified network while dramatic music plays in the background and the camera zooms into your face for no obvious reason.

Reality, unfortunately, is less cinematic.

Usually, it involves broken dependencies, documentation, virtual machines, coffee, confusion, and asking yourself why something that worked yesterday suddenly stopped cooperating today.

So after experimenting and thinking about what I actually wanted to learn, I settled on something far less glamorous:

Ubuntu.

Yes, ordinary, boring, sensible Ubuntu.

And honestly, I think it was the better decision.

Security Is More Than Running Hacking Tools

One misconception I see often is that cybersecurity is mostly about offensive tools.

People imagine penetration testing, exploit frameworks, vulnerability scanners, packet injections, dashboards full of blinking things, and screenshots involving so much green text that apparently someone watched too many hacker movies in the 1990s.

That exists, of course.

But security is also:

  • Systems administration
  • Networking
  • Operating systems
  • Permissions
  • Logging
  • Identity and access management
  • DNS
  • Certificates
  • Patch management
  • Firewalls
  • Troubleshooting

And most of those things in the real world are not happening inside Kali Linux.

They happen on servers.

Infrastructure.

Cloud systems.

Linux environments people actually deploy.

Ubuntu happens to be one of them.

If I want to understand Linux security in a practical way, learning on a distribution commonly used in real environments makes more sense.

Learning how systems actually work feels more useful than learning how to launch tools I barely understand.

Because eventually, someone has to explain why production stopped working.

And unfortunately, “but I know Kali” is not usually an acceptable answer.

Kali Linux Is a Tool, Not a Lifestyle

This might sound mildly heretical in some cybersecurity circles, but Kali Linux was never really designed to be someone’s everyday operating system.

It is specialized.

It comes loaded with offensive security tools for assessments, testing, and investigations.

That is useful.

But using Kali as your primary learning environment while still building Linux fundamentals feels a bit like trying to learn automotive engineering by immediately driving a race car into a wall.

Technically possible.

Questionable decision-making.

Before worrying about penetration testing tools, I wanted to understand:

  • Linux administration
  • Networking fundamentals
  • Bash and shell scripting
  • SSH
  • Permissions and access control
  • Firewalls
  • Services and daemons
  • Logging and troubleshooting
  • Network protocols
  • Python and PowerShell automation for infrastructure

Ubuntu turned out to be a better classroom for that.

Less noise.

Less theater.

More actual learning.

And significantly fewer opportunities to accidentally convince myself I am a cybersecurity expert because I successfully ran someone else’s script.

Real Security Starts With Understanding Systems

There is an uncomfortable truth in cybersecurity:

A lot of people want to “hack” before they understand how computers actually work.

It is a little like wanting to become a surgeon because scalpels look cool.

Security without systems knowledge becomes shallow very quickly.

You can run tools.

You can memorize commands.

You can watch demonstrations.

But when something breaks, behaves differently, or produces unexpected results, you are stuck.

Because tools change.

Principles do not.

Learning Ubuntu forced me to understand Linux rather than simply consume security tools.

And frankly, that struggle has probably taught me more than any flashy security distribution ever could.

There is also something oddly satisfying about fixing problems in Linux.

Not while it is happening, of course.

At the moment, it usually feels like a deeply personal disagreement with the operating system.

But eventually, after enough Googling, terminal commands, mild suffering, and increasingly specific internet searches, something clicks.

And suddenly, the machine works.

Mostly.

Until tomorrow.

My Tiny Data Center of Questionable Decisions

Another reason I prefer Ubuntu is that I run multiple virtual machines for different purposes.

At some point, my setup quietly evolved into a tiny data center of questionable decisions and increasingly specific forms of self-inflicted suffering.

Right now, my Ubuntu environment looks something like this:

  • ubuntu-admin01 for Linux administration and systems work
  • ubuntu-client01 for workstation testing and pretending to be an end user with problems I created myself
  • ubuntu-dev01 for programming, development, and increasingly personal arguments with the compiler
  • ubuntu-srvr for server-side experiments and infrastructure learning

No dramatic hacker wallpaper.

No giant skull logo.

No wallpaper featuring anonymous hooded figures apparently plotting cybercrime from an abandoned warehouse.

Just Ubuntu virtual machines running on KVM through virt-manager, quietly reminding me that learning infrastructure mostly involves breaking things and pretending the breaking was intentional.

Sometimes networking mysteriously stops working.

Sometimes permissions behave like they were designed by philosophers with anger issues.

Sometimes Linux simply refuses to cooperate and offers an error message so vague it might as well say:

“Figure it out, genius.”

But strangely enough, that is where the learning happens.

Because real cybersecurity work is not just clicking offensive tools and looking serious while terminal windows scroll dramatically.

It is understanding systems.

How machines talk to each other.

How services fail.

How DNS can ruin your entire afternoon.

How logs quietly reveal that the problem was, regrettably, your own fault.

Virtual machines let me experiment, break things, snapshot environments, and rebuild them without consequences beyond bruised pride.

And honestly, this feels closer to real infrastructure learning than pretending cybersecurity is a collection of cool-looking screenshots.

Because eventually, security professionals defend environments.

They troubleshoot systems.

They understand why things broke.

Not just how to run a vulnerability scanner and post mysterious screenshots online with captions like:

“We stay grinding.”

The Problem With Cybersecurity Theater

Modern cybersecurity culture sometimes feels strangely theatrical.

Screens full of neon text.

Buzzwords.

Dramatic marketing.

Videos implying success is one Kali Linux installation away.

The occasional person wearing a hoodie indoors for reasons known only to them and perhaps unresolved emotional issues.

And apparently, somewhere along the way, cybersecurity became associated with RGB towers, glowing peripherals, three ultrawide monitors, and a setup that looks capable of controlling regional air traffic.

Meanwhile, I am over here with Ubuntu virtual machines, terminal windows, coffee, and the occasional quiet existential crisis over networking.

No RGB towers.

No glowing keyboard flashing like a mildly aggressive Christmas decoration.

No LED lighting dramatic enough to summon Batman.

No command center that looks like NASA accidentally outsourced security operations to Best Buy.

I do not even have the obligatory RGB setup that social media apparently requires for cybersecurity credibility.

No keyboard glowing like a nightclub.

No desktop fans spinning with enough lighting to guide aircraft.

Just Linux.

Logs.

Configurations.

Networking.

Permissions.

And increasingly specific Google searches written in the language of desperation.

Because real learning is slow.

Embarrassingly repetitive.

Sometimes frustrating.

It involves documentation nobody wants to read.

Broken configurations.

Research.

Logs.

Mistakes.

Then making the exact same mistake again, except now with slightly more confidence and somehow worse language.

Ubuntu has been surprisingly good for that kind of learning.

No pretending.

No hacker cosplay.

No illusion that installing Kali Linux suddenly transforms someone into a cybersecurity professional.

Just Linux.

And honestly, I think that is enough.

Final Thoughts

Will I still use Kali Linux?

Of course.

It has a place.

If I need a specialized security distribution for testing, assessments, or experimentation, Kali exists for a reason.

But for learning Linux, networking, scripting, systems administration, and the foundations security actually sits on, Ubuntu simply makes more sense for me.

Because before learning how to attack systems, I wanted to understand how they work.

Maybe that is the less exciting path.

But it also feels like the more honest one.

And besides, spending six hours troubleshooting networking in Ubuntu may not look impressive on YouTube, but at least when something breaks, I have a fighting chance of understanding why.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *