1 00:00:00,000 --> 00:00:00,500 2 00:00:00,500 --> 00:00:04,260 SPEAKER 1: So I'm just starting the intro to computer programming, 3 00:00:04,260 --> 00:00:08,400 but I'm an over-thinker, so I already know in the future 4 00:00:08,400 --> 00:00:11,340 that I do want to get into cybersecurity, 5 00:00:11,340 --> 00:00:14,950 whether it's network security or pen testing. 6 00:00:14,950 --> 00:00:17,670 I just want to know what steps or courses I should be considering 7 00:00:17,670 --> 00:00:23,262 or that you recommend I take to lead me in that direction. 8 00:00:23,262 --> 00:00:24,970 SPEAKER 2: That's a really good question. 9 00:00:24,970 --> 00:00:28,800 Let me defer to Brian in a moment to see if he has any course recommendations, 10 00:00:28,800 --> 00:00:33,690 but my first reaction is that, reading a lot, honestly, and keeping 11 00:00:33,690 --> 00:00:36,990 an eye on certain blogs is honestly the best way to acclimate yourself 12 00:00:36,990 --> 00:00:38,370 to the security world. 13 00:00:38,370 --> 00:00:40,140 It's kind of an unfortunate thing, but it 14 00:00:40,140 --> 00:00:42,690 feels like every week, every day almost, you 15 00:00:42,690 --> 00:00:45,660 read about something bad that has happened in the world 16 00:00:45,660 --> 00:00:48,030 as it relates to computer security. 17 00:00:48,030 --> 00:00:50,100 Most of us probably are familiar with all 18 00:00:50,100 --> 00:00:53,880 of the articles that have been written about Zoom, for instance, 19 00:00:53,880 --> 00:00:54,717 in recent weeks. 20 00:00:54,717 --> 00:00:56,550 Thankfully they've addressed a lot of those, 21 00:00:56,550 --> 00:00:59,400 but they made a number of poor design decisions early on 22 00:00:59,400 --> 00:01:02,460 and I think that the value of reading lots of blogs 23 00:01:02,460 --> 00:01:06,180 and articles about security is that you start to notice patterns 24 00:01:06,180 --> 00:01:09,210 in humans behavior, so you know what to keep an eye out for, 25 00:01:09,210 --> 00:01:12,300 so as to avoid those problems in the future And two, 26 00:01:12,300 --> 00:01:17,610 you just start to understand how to go about looking for and detecting 27 00:01:17,610 --> 00:01:19,410 these threats proactively. 28 00:01:19,410 --> 00:01:21,220 So I can paste a couple of resources. 29 00:01:21,220 --> 00:01:23,370 For instance, there's a very famous gentleman 30 00:01:23,370 --> 00:01:26,040 by the name of Bruce Schneier, whose website I just 31 00:01:26,040 --> 00:01:27,390 pasted into the chat window. 32 00:01:27,390 --> 00:01:29,580 He has a blog and a lot of other resources there. 33 00:01:29,580 --> 00:01:32,970 He actually spends time lately at Harvard as well, at the law school. 34 00:01:32,970 --> 00:01:35,340 And he is a security researcher. 35 00:01:35,340 --> 00:01:37,930 He speaks commonly on the subject. 36 00:01:37,930 --> 00:01:40,830 And so following people like him might be of interest. 37 00:01:40,830 --> 00:01:43,960 Another popular blog is Krebs on Security. 38 00:01:43,960 --> 00:01:46,410 Let me go ahead and paste another URL there. 39 00:01:46,410 --> 00:01:49,380 You might want to keep an eye on that blog and that website. 40 00:01:49,380 --> 00:01:53,100 For instance, I've pasted the specific link to just one article about Zoom, 41 00:01:53,100 --> 00:01:56,130 so that you can better understand those issues as well. 42 00:01:56,130 --> 00:02:00,390 And then really you can look almost anywhere in the tech world for security 43 00:02:00,390 --> 00:02:06,180 related stuff, for instance Tech Crunch or Slashdot, 44 00:02:06,180 --> 00:02:08,070 or even just keeping an eye on Google News 45 00:02:08,070 --> 00:02:11,310 is a good place for public facing information. 46 00:02:11,310 --> 00:02:14,215 Brian, on the academic side, do you have any thoughts? 47 00:02:14,215 --> 00:02:16,090 SPEAKER 3: On the academic side, I don't know 48 00:02:16,090 --> 00:02:20,140 of any classes that are specifically oriented for cybersecurity. 49 00:02:20,140 --> 00:02:21,850 But there are definitely a lot of classes 50 00:02:21,850 --> 00:02:25,120 I know of that are about cryptography, which is very related 51 00:02:25,120 --> 00:02:29,710 and in spirit about what sort of algorithms you can use in order 52 00:02:29,710 --> 00:02:32,710 to make sure that information is secure, especially 53 00:02:32,710 --> 00:02:35,340 as you're transmitting it over the internet, for example. 54 00:02:35,340 --> 00:02:38,110 And so here, for example, is one class on cryptography 55 00:02:38,110 --> 00:02:41,950 offered by Stanford through Coursera, which might be of interest there. 56 00:02:41,950 --> 00:02:44,830 It has the potential for a more mathematical and more formal 57 00:02:44,830 --> 00:02:49,930 look at how some of the algorithmic side of cryptography works. 58 00:02:49,930 --> 00:02:52,000 SPEAKER 2: And Megan, I can paste one other URL 59 00:02:52,000 --> 00:02:55,780 into the chat window for what's called USENIX This is an association that 60 00:02:55,780 --> 00:02:58,390 holds annual security conferences that, years ago when 61 00:02:58,390 --> 00:03:01,570 I was in graduate school, I actually participated in regularly. 62 00:03:01,570 --> 00:03:04,390 It looks like their next conference is coming up later this summer. 63 00:03:04,390 --> 00:03:06,310 It says Boston, but I'm guessing it's not 64 00:03:06,310 --> 00:03:08,020 going to happen in person most likely. 65 00:03:08,020 --> 00:03:10,195 So maybe, all the better, it will be online. 66 00:03:10,195 --> 00:03:11,320 But that's a community too. 67 00:03:11,320 --> 00:03:15,250 If you're a university student now, you might be able to, in the future, 68 00:03:15,250 --> 00:03:17,530 travel to conferences like those, or at least read 69 00:03:17,530 --> 00:03:19,210 the papers that are published there. 70 00:03:19,210 --> 00:03:21,610 And that, too is, a great way of getting acclimated. 71 00:03:21,610 --> 00:03:25,030 And if you Google around for security tutorials, 72 00:03:25,030 --> 00:03:27,520 when it comes to pen testing, or penetration testing, 73 00:03:27,520 --> 00:03:30,160 as you alluded to earlier, there's a lot of cool stuff 74 00:03:30,160 --> 00:03:31,900 you can do with technology these days. 75 00:03:31,900 --> 00:03:36,500 And I'm sure there are online resources like you download a virtual machine 76 00:03:36,500 --> 00:03:38,830 that some security instructor has configured 77 00:03:38,830 --> 00:03:40,810 to have a whole bunch of vulnerabilities, 78 00:03:40,810 --> 00:03:44,770 and you can use it to actually hack into the virtual machine, 79 00:03:44,770 --> 00:03:46,870 and learn something about the process. 80 00:03:46,870 --> 00:03:50,170 And then what's also popular these days, and let me 81 00:03:50,170 --> 00:03:53,020 see if I can find a link for this final resource. 82 00:03:53,020 --> 00:03:56,020 83 00:03:56,020 --> 00:03:57,890 Here's just one. 84 00:03:57,890 --> 00:03:59,740 I've not participated in this myself. 85 00:03:59,740 --> 00:04:01,780 And it looks like this is the past one. 86 00:04:01,780 --> 00:04:07,840 But contests called capture the flag, or CTF, are very popular these days. 87 00:04:07,840 --> 00:04:11,920 And these are opportunities to compete, either by yourself or on a small team, 88 00:04:11,920 --> 00:04:14,230 to try to hack into things and figure things 89 00:04:14,230 --> 00:04:16,130 out before another team figures things out. 90 00:04:16,130 --> 00:04:20,750 So that's another really fun way to learn more about this world, CTF, 91 00:04:20,750 --> 00:04:22,500 or capture the flag. 92 00:04:22,500 --> 00:04:23,000