markn.ca
Archive 4 min read

The Basic Basics

With the initial set of cybersecurity basics segments done, I'm think it's worth moving to a "basics" basics series. The goal would be to help everyone understand how the internet works, how email is structure, etc. Thoughts?

The Basic Basics

Watch this episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Morning everybody. How are you doing today? It is Monday. It is a beautiful day where I am. I hope it's a fantastic day where you are as well. Thanks for joining the show. Last week, I had mentioned that we kind of wrapped up a lot of the cybersecurity basics and had some conversations over the weekend, had some wheels turning in the head.

And I realized while we may be done with a lot of the first round of cybersecurity basics. Obviously, there's a lot more to cover um what really would be important would be having a conversation doing a series of segments on the basic basics. And what I mean by that is I find when I have conversations with folks, even folks a couple of years into their cybersecurity career, there is a fundamental lack of understanding of how this technology works.

And by this technology, I mean, pretty much all technology we are decades into building upon layers and layers and layers and layers of stuff. It's an inordinately complex system that allows me to hit go on my phone and stream to you. That's an amazing set of technologies. It's a wonderful ability that we have, it is built on layers and layers and layers of past decisions.

Some of those good, some of those bad, some of those stretched beyond what they were originally intended for. So you look back and go, why did everyone ever decide to make that protocol work that way you realize back then? It was for a completely different reason. So I was thinking of starting to do a segment on some of the basics, some of the understanding sort of the plumbing of the internet, plumbing of how some of the key tools we use you work.

So things like email, a lot of people don't know how email works under the covers basic routing and by routing, that means, you know, how do you get from point A to point B on the internet? It's not a direct line. There's a lot of nuance and complexity there. That's my idea for a next set of series is sort of this, it basics what I want to hear from you guys is at what level should I address that?

Should I address that to the standard general audience? So to you know, anybody out there, so anybody using technology, if they're at all curious, they could dive in. Should I go a little more on the developer level? So that's an area where I've been focusing a lot on security, professionally giving talks about development process to security folks, giving talks about security to developers because there's a big mismatch that's led to a lot of the problems.

Why you continue to see um security challenges is because of a lack of awareness of these layers. Um Also a sort of the implications and the repercussions of all these decisions. So I'll give you an anecdote was involved uh with somebody and had a conversation about junior developers and this is not a knock against junior developers.

Um But it was interesting in that they uh another senior person in the industry and they asked them a pretty fundamental question about how um a protocol would work or how they would uh sorry, not a protocol would work, but how they would develop um a tool um to get information out to somebody um in the city, you know, we just want to publish the following information.

How would you do it? And you know, as a totally reasonable um understandable response was essentially, oh, well, I'd build a React web page, I'd set it up this way and I'd do this and then, you know, blah, blah, blah and the solution worked and it was a good solution and it totally made sense.

What was shocking um was uh from the senior point of view was that what this junior person had just iterated was a significantly heavy stack that should have just been a few lines of HTML to publish a page, right? And said they had all these frameworks in place. So that it was extensible and it was modular and it was a really interesting approach and it would have worked.

Don't get me wrong, it would have worked. They provided a correct solution. However, it was at such a high level in the stack that from a security or privacy point of view, you're adding a whole bunch of complexity that you don't need. And that is a trend. See over and over again because I think people don't understand some of the fundamentals, you know, and I think that's where I want to kind of go with that basic series.

So more of a question episode today, what do you guys think? Do you think that would be valuable covering some of the basics? If so what, so I'd mentioned already, you know, email routing, we could call work through the thing called the OSI stack, which is a model to think about networking.

Um We could talk about operating systems, we could talk about how your browser works, basic things like this or at least they look basic things I would say categorize that we take for granted and start to talk about the complexities underneath the challenges underneath and why from a security and a privacy point of view, we are kind of in the, you know what sandwich that we are in a lot of cases.

So let me know, hit me up online at marknca for those of you on the vlogs in the comments down below. And as always for anybody, especially our podcast listeners, hit me up by email me@markn.ca. Would love to hear your thoughts. Unfortunately, as you can see on the vlog from the leaves falling down, it is fall.

I don't know how many more of these outdoor segments I can get in. Um I hope you have a fantastic day. I look forward to talking to you online and seeing you on the show tomorrow.

Share Tweet Share Share Email

Read next