SPEAKER 1: So I'm just starting the intro to computer programming, but I'm an over-thinker, so I already know in the future that I do want to get into cybersecurity, whether it's network security or pen testing. I just want to know what steps or courses I should be considering or that you recommend I take to lead me in that direction. 

SPEAKER 2: That's a really good question. Let me defer to Brian in a moment to see if he has any course recommendations, but my first reaction is that, reading a lot, honestly, and keeping an eye on certain blogs is honestly the best way to acclimate yourself to the security world. It's kind of an unfortunate thing, but it feels like every week, every day almost, you read about something bad that has happened in the world as it relates to computer security. 

Most of us probably are familiar with all of the articles that have been written about Zoom, for instance, in recent weeks. Thankfully they've addressed a lot of those, but they made a number of poor design decisions early on and I think that the value of reading lots of blogs and articles about security is that you start to notice patterns in humans behavior, so you know what to keep an eye out for, so as to avoid those problems in the future And two, you just start to understand how to go about looking for and detecting these threats proactively. 

So I can paste a couple of resources. For instance, there's a very famous gentleman by the name of Bruce Schneier, whose website I just pasted into the chat window. He has a blog and a lot of other resources there. He actually spends time lately at Harvard as well, at the law school. And he is a security researcher. He speaks commonly on the subject. And so following people like him might be of interest. 

Another popular blog is Krebs on Security. Let me go ahead and paste another URL there. You might want to keep an eye on that blog and that website. For instance, I've pasted the specific link to just one article about Zoom, so that you can better understand those issues as well. And then really you can look almost anywhere in the tech world for security related stuff, for instance Tech Crunch or Slashdot, or even just keeping an eye on Google News is a good place for public facing information. 

Brian, on the academic side, do you have any thoughts? 

SPEAKER 3: On the academic side, I don't know of any classes that are specifically oriented for cybersecurity. But there are definitely a lot of classes I know of that are about cryptography, which is very related and in spirit about what sort of algorithms you can use in order to make sure that information is secure, especially as you're transmitting it over the internet, for example. And so here, for example, is one class on cryptography offered by Stanford through Coursera, which might be of interest there. It has the potential for a more mathematical and more formal look at how some of the algorithmic side of cryptography works. 

SPEAKER 2: And Megan, I can paste one other URL into the chat window for what's called USENIX This is an association that holds annual security conferences that, years ago when I was in graduate school, I actually participated in regularly. It looks like their next conference is coming up later this summer. It says Boston, but I'm guessing it's not going to happen in person most likely. So maybe, all the better, it will be online. But that's a community too. If you're a university student now, you might be able to, in the future, travel to conferences like those, or at least read the papers that are published there. And that, too is, a great way of getting acclimated. 

And if you Google around for security tutorials, when it comes to pen testing, or penetration testing, as you alluded to earlier, there's a lot of cool stuff you can do with technology these days. And I'm sure there are online resources like you download a virtual machine that some security instructor has configured to have a whole bunch of vulnerabilities, and you can use it to actually hack into the virtual machine, and learn something about the process. 

And then what's also popular these days, and let me see if I can find a link for this final resource. Here's just one. I've not participated in this myself. And it looks like this is the past one. But contests called capture the flag, or CTF, are very popular these days. And these are opportunities to compete, either by yourself or on a small team, to try to hack into things and figure things out before another team figures things out. So that's another really fun way to learn more about this world, CTF, or capture the flag.