Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning, everybody. How are you doing today? A little off time today because as you can see on the vlog here, um, still in uh Las Vegas for black hat, um, somewhat adjusted to the time, but, um, still a challenge to figure out to get, you know, purely on time as the normal 9 a.m.
eastern. Um, so mornings with Mark, um, crazy number of episodes, we're almost at 100 very exciting. Um, and a good time to look back. Now. Um, this week, a good friend of mine told me something, um, a suggestion, uh, you know, we were having a discussion, they had a suggestion.
It was fantastic and basically, uh she said you should probably do some, uh mornings with Mark, um, some video, something around the basics of cybersecurity, some basic definition of vocabulary, um, basic principles just purely back to security, you know, 01 and 101. because it's really hard to get up to speed and I thought, ok, and you know, so then I said, surely that can't be right.
You may ask who Shirley that's not important. What's important is she was right there is not an easily accessible, um, common parlance, um, easily relatable set of cybersecurity basics. Um, there's a lot of stuff out there around the basics. A lot of it is worded in, um, you know, college level language, um which even when you were in college was not useful, um, it's all added complexity.
It's all, um, really set up to make it seem like it's a lot more than it should be. I'm a huge fan. You guys know this by now. Um You've been tuning in on the vlog, you've been tuning in on the podcast. I'm a huge fan of just making it relatable, making it basic because I don't think cybersecurity needs to be as crazy and complicated as we've made it.
Um I think a lot of that um relates back to people who build the technology, but it goes all the way through to operational security like yesterday's episode. Um everything around security is, has a whole, I think layer of complexity when it comes to the usability, when it comes to the wording, when it comes to how we discuss this stuff that makes it needlessly complicated and needlessly um difficult and it discourages people from joining in.
It, discourages people from um being active participants in their own security. Um It's a whole host of issues and it's not, it's not needed at all. So after this conversation with uh my friend, um I kind of opened my eyes with a little bit of a different viewpoint.
Um, especially here at Black Hat, walking around the show floor, talking to some folks looking at the talk titles, um, you know, tracking everything on social having, um, interviews with journalists. And I was kind of disappointed and there's a lot of great info, don't get me wrong.
There's a lot of great info. There's a lot of great stuff going on. Um, but what I was disappointed in was that it was extremely, there's a massive barrier to entry here. Um, and for a discipline that should be as mature as ours at this point, that's unacceptable.
We should not have a barrier that high for people to get in, for people to participate, for people to be understanding, um, to understand what's going on. It's especially given how, um, we keep spouting that security is everybody's responsibility. Well, if it's everybody's responsibility and everybody is here because they're all on sorts of different disciplines.
So, if everybody's at a reasonably low level and then we make the barrier to entry, um, 10 levels above where everybody else is. How does that align with our desired outcome of making everybody responsible for their own security? It just doesn't. So I thought that was really enlightening and for myself, I know I fall victim to it because I've been in this, um, profession for a very long time.
Um, you know, thankfully those of you on the podcast are spared, uh, the, the ever increasing patch of gray and white, um, throughout my hair. Um Another reason why you always see me generally clean shaven. Um, it's easy to become cynical. It's easy to become bitter.
I fought really hard against doing that. Um, but one thing that I was kind of blind to and this conversation with my friend woke me up to was that, yeah, we've made it really hard to get started, not just as a cybersecurity practitioner, but just as anybody to understand this stuff.
I mean, I know a lot of my media work. Um a lot of my tech columns, things like that, try to talk to a general audience. I try to make that bridge, but there's a huge body of work that there, there's no easy bridge in. Um So, uh I'm putting some thought into how to help that, how to, how to tackle that.
So, um I mentioned yesterday, uh I will reiterate it now, um taking a brief pause on mornings with Mark because I'm on a vacation for the next uh week and a bit, which is wonderful. Um Finally getting some nice disconnected downtime. Um But when I come back, I'm gonna do a series on um basics relating the basics of cybersecurity, what we're doing, why we're doing it um in relatable, easy to understand terms.
Um uh that will obviously um trickle into mornings with Mark. Um I think I'm hoping that will be um another product um in a little more polished format that maybe I can publish out under the trend micro handle, um or uh under my own, we'll really figure out where that best fits, but look for a bunch of that content coming through uh mornings with Mark, but also in a more polished sort of digestible video bys form.
Maybe some cool funky web presentation saw a very interesting thing from Putting dot Cool yesterday on the breakdown of comedy structure and the way they presented that visually was really compelling and it made the material really relatable. So I'll play around with the format a bit.
But the end goal is to accomplish what my friend said there was a gap for um which is not, you know, not having that easily relatable stuff for people who are not cybersecurity professionals, but also it'll help cybersecurity professionals who are just getting started, which I know from your comments um out in the audience.
That's something challenging for everybody. So what do you think? Let me know, hit me up online um at Mark NC A uh for the vlog in the comments down below as always by email me at mark nd uh dot C A. Um That's me at Mark N dot C A.
How do you help bridge that gap? Not just for starting cybersecurity professionals, but for everybody. How do you get um the basics related to them? Do you use analogies? Do you give it to them in the, in the currently published set of stuff, which is way too complicated.
What's your experience? Let me know. I hope you have a fantastic day and a fantastic um, next week and a bit. Um, I will see you back later uh, in the month. Um, I will be lightly on Twitter, uh while on vacation, but just more for personal fun than work.
Um, but I hope you are set up to take a little bit of downtime too. We'll talk to you soon. Have a good one.
