Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
All right. So what I want to continue here was with Mornings with Mark episode 58. Continue that theme of um soft skills um getting started in cybersecurity because I think a lot of the questions I get are great. They're valid and they're always almost focused about the technical side.
Um You know, what course should I be taking? What skills do you know, what technical skills do I need to learn? Where should I be focusing my um educational efforts? And those are great questions and they don't exclude the soft skills, but they're always slanted towards being around the technologies.
And I think that's understandable, but there's doing this ourselves and the community a massive disservice. There is a huge aspect of cybersecurity that is around the soft side, around people. And I'll give you a couple of concrete examples that popped up in the news recently.
Um So there was another hack um around um uh um uh Cryptocurrency. Um uh 1.5 million or so in Ethereum was stolen, I believe it was. Um And then pair that up with a um article that Wired had about how they lost 100,000 in Bitcoin because they destroyed some, uh, keys on purpose.
And, you know, look back a few months and you'll see any number of exchanges or brokerages or I CS that have been hacked or manipulated. And there is a reason for this, this, obviously it's pseudonymous. It's easy to get funds in and out.
It's a good target for criminals, but more often than not. Um, you know, at the end of the day, Cryptocurrency is just a file sitting on a system somewhere. So the challenge is, is um how do you protect that?
And there's technology? Sure. Um you know, you need strong intrusion prevention, you need strong anti malware and all this kind of stuff, but primarily it's around operational security or people, right? Dealing with the people side of it. How do you make sure that your people are not making some mistakes?
And I put quotes around mistakes. You know, you heard it there in my voice because I don't think they're mistakes. I think it's a failure to create a process. It's a failure to create a usable workflow for people to be secured by default.
This comes back to being security by design. You need to have systems that are usable. This has been a massive focus in my research and interest for the last decade plus is usable security systems because more often than not people don't have malicious intent.
Nobody says, hey, I've got this great IC and I hope it gets hacked or look at all this um, Cryptocurrency I have whether it's an Ethereum Bitcoin or Moro whatever it is, I hope somebody steals it. Nobody says that these are people who have made simple mistakes, people made operational mistakes.
And I think from getting started in a cybersecurity perspective, we need to focus far more on the people side of it. So this means developing your soft skills, not just the social engineering side though, obviously, that's super cool and interesting, but in working with people in building teams and understanding their points of view so that you can then help them build a workflow that is secure by default, that has privacy by design that works for them.
And that's really the big key. And I think that's where we lose sight a lot of the time and security is that we are so focused on the technical side that we forget about the people side. Yet the people are 90% of this problem.
So if you're getting started in cybersecurity, I strongly suggest that you start to look at upgrading your soft skills, upgrading your people skills. Now, the challenge here is a lot of that's experience based and I know the biggest problem we have in getting people into the field is Ridic requirements for junior uh entries, right?
So a junior position with five years experience, what is that? That's never going to happen. So um going out and getting experience, I can say that very easily. But is that really effective? No, but if you're thinking about university, which was our topic in the last episode, um, maybe a minor in psychology or organizational psychology would help.
Um, or even just picking up a few courses here or there. If you are already finished that phase, um you know, focused on, um leadership skills, on team building skills on communications, practicing what I'm doing right now, getting the word out communicating.
Um For me, I like the daily vlog. I like going live. I like um writing up stuff when I have the chance. I like sharing and educating, but this is a good skill that you can practice and you can get better with time.
Um I made the mistake of looking back on Mornings with Mark for the first few episodes and, oh, wow, how bad were they? Uh I apologize and I appreciate your patience, but I feel that I gotten better despite the shaky introduction to this one.
just checking out a new mic setup and streaming and all this kind of stuff. But still, I feel, you know, 58 episodes in that I've gotten better and that's practice. That's repetition. That's something anybody can do. There's zero barrier to entry here.
Now, whether people are watching it or not, you're gonna get better. Um That's a soft skill you can practice, that's a soft skill. You should be practicing, working with teams leadership, you need other people around you and that comes with time.
But you can put the efforts in now read some great books. I'll dig up some links of the, some of the material that I've read and I'll put them in the description and I'll tweet them out afterwards at marknca as always, but soft skills are critical because the vast majority of issues come down to not to a technical failure but to a workflow or a process or a people failure.
And that's really no matter which way you slice it is still an information security failure. But it's one that we can fix through non technical means by working with people. And far often are, you know, way too often our gut reaction to a security breach or hacking.
We need more technical controls, we need to buy more product, we need to put stuff in place to stop this from happening when really the solution is to examine the workflow and maybe do a little education, a little outreach.
Understand why people are working in a certain manner as opposed to in a more secure manner. I would count that as far more productive use of your time on many levels. In order to get there, you need to beef up your soft skills.
What do you think? Hit me online at marknca. This is always a discussion. It gets better with time, the more we talk about it, the better we all get um talk to me in the comments below. Um What's your approach for soft skills?
How do you improve your people skills? I know for me, I'm very much an introvert, believe it or not. Um People skills can be hard but you put yourself out there, you build trust. Um You know, you push the envelope a little bit because at the end of the day, if you're not educating and helping people raise the bar, um, you're not really getting to the end goal, which is making sure that whatever system you're deploying does what it's supposed to do.
And only that and systems include not just tech but people too talk to you soon.
