Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 5

Getting Started In Cybersecurity In A Positive Direction

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

I will just go like this for now. So anyway what I want to talk about today as Monday morning, hopefully you guys had a great weekend. Hopefully you're set up for a great day to cross something out of this morning that tied off to sort of leads to something I have yet to do and I feel really bad about but that I wanted to tackle today and that's getting started in cyber security.

So I posted a video few months ago on YouTube how to get started in cyber security and I've got a ton of great comments a ton of people I'm asking about how they can get started explain their current situation Sanyo. Can you give me some help out and I have a Q on my along if you feel I need to respond to I apologize.

I will respond to you maybe in a group sort of sequence and hopefully individually owned or leased individually 2.2 back to the lot of people are curious about how to get into this area of computer science in nit working. That's great. That is fantastic. The problem I'm having is giving advice.

That's somewhat Nutrilite. Very different view of Howard doing in cybersecurity that a lot of folks. I don't want to perpetuate sort of the same thing. But I think there's a lot of stuff that we need to fix a quick and easy fixes here and we've kind of done this to ourselves and this kind of ties back to something I talk I gave a couple years ago in the article.

I wrote up saying you are you set up for failure and essentially the gist of that push was we have set up teams within our organizations where all the cyber security expertise is that we say cybersecurity everybody's responsibility and that is really a everybody's responsibility then take everyone who has anything to do with cyber-security Amanda start a bundle them away and that's not quite how that works.

Right? That's not logical. That's why would that make any sense whatsoever? So what trigger me this morning was not just looking at these messages that people had I had left me and thank you again for that. But I saw an article on ux movement so I'm user experience movement.

What it was was talking about the best place to put error messages on forms. So if you have a text box that you need to enter is it better to put the error message above the form below the Box above the bar stool after the right of it and it quoted multiple studies multiple studies done on which option is better for which is sort of like less of a mental load and it turns out to the right and below are the two best options to the right on desktop Below on mobile because it creates the flow and revolutionary by any stretch of the imagination but really interesting in that insecurity we fail to do this kind of work.

We work on a whole bunch of assumptions and sort of myth and You know this bassline just like oh that's how you should be doing things. Guess what? We're not getting any better at security. So what we're doing is obviously not really working right? We're making my incremental improvements and bilayer and an inordinate amount of complexity as opposed to re-evaluating our fundamental assumptions and constraints and that's where I go off the rails for a lot of folks home security.

Anita saw can eat all the stuff stuff doesn't have Valium same the problem is that we do it blindly we do it on faith that actually questioning or testing the underlying assumptions that I think there's a huge amount of wins to be had insecurities when you realize that no developer sets out to write crappy and secure code.

No one in operation sets out to build an insecure infrastructure confrontational relationship becomes right backs that usability. There is this myth that is cemented in security culture that it is usability vs. Security anyting developers do to make something more usable will lower it security Not at all true. I'm completely the opposite if you don't have usable systems, you have been secure systems, and I'm right.

If you for going to bend over backwards to try to get it to do what they want, which normally means they're going to break something. So that's where we really need to refocus. That's why I think I've been having such a challenge of answering these questions. How do I get started in cyber security because I think a lot of the activities we do it a lot of the places we start today are not where we should be starting where we should be starting is teaching people basic scientific method if they don't already know when and walking through and questioning certain assumptions about the environment they're working in questioning, but how different systems are deployed and then working through to test those assumptions and sometimes they'll be valid.

Sometimes they won't be valid. That's how that process works. And so I think we can do better teams are set up in a certain way. I have a certain set of skills sets skills are looked for a minute going to write that up in and put out a post in another little more formal video.

I have to answer all those people have been kind enough to take their time I have Read every one of those requests and I will get back to you guys either individually or on Master. They said because I think the more people coming into cybersecurity, especially the more different perspectives that come into cybersecurity the better off.

We're all going to be actually make a change we can actually do better and that's the goal is for everybody to have more secure software. So probably not what you were expecting this morning, but there it is good way to start Monday, I hope you guys are set up for a great day as always hit me up here in the comments below if you're watching this after-the-fact on Facebook or LinkedIn or YouTube if your live here on Twitter and always Mark NCAA.

Hit me up on Twitter IHOP in chat about this. Love to hear your perspective. What do you guys think about how to get started in security? What do you think about the general approach that security case right now? Is that working for you? It's not working for a lot of folks.

And so hit me up. Hope you guys have a great Monday and of course periscope Did not respond, and I'm so you're going to see the awkward. I'm going to try to slice this down, but there is an ex now up top. So maybe it'll actually work one time.

Have a great Monday. Will talk to you soon. I will just go like this for now. So anyway what I want to talk about today as Monday morning, hopefully you guys had a great weekend. Hopefully you're set up for a great day to cross something out of this morning that tied off to sort of leads to something I have yet to do and I feel really bad about but that I wanted to tackle today and that's getting started in cyber security.

So I posted a video few months ago on YouTube how to get started in cyber security and I've got a ton of great comments a ton of people I'm asking about how they can get started explain their current situation Sanyo. Can you give me some help out and I have a Q on my along if you feel I need to respond to I apologize.

I will respond to you maybe in a group sort of sequence and hopefully individually owned or leased individually 2.2 back to the lot of people are curious about how to get into this area of computer science in nit working. That's great. That is fantastic. The problem I'm having is giving advice.

That's somewhat Nutrilite. Very different view of Howard doing in cybersecurity that a lot of folks. I don't want to perpetuate sort of the same thing. But I think there's a lot of stuff that we need to fix a quick and easy fixes here and we've kind of done this to ourselves and this kind of ties back to something I talk I gave a couple years ago in the article.

I wrote up saying you are you set up for failure and essentially the gist of that push was we have set up teams within our organizations where all the cyber security expertise is that we say cybersecurity everybody's responsibility and that is really a everybody's responsibility then take everyone who has anything to do with cyber-security Amanda start a bundle them away and that's not quite how that works.

Right? That's not logical. That's why would that make any sense whatsoever? So what trigger me this morning was not just looking at these messages that people had I had left me and thank you again for that. But I saw an article on ux movement so I'm user experience movement.

What it was was talking about the best place to put error messages on forms. So if you have a text box that you need to enter is it better to put the error message above the form below the Box above the bar stool after the right of it and it quoted multiple studies multiple studies done on which option is better for which is sort of like less of a mental load and it turns out to the right and below are the two best options to the right on desktop Below on mobile because it creates the flow and revolutionary by any stretch of the imagination but really interesting in that insecurity we fail to do this kind of work.

We work on a whole bunch of assumptions and sort of myth and You know this bassline just like oh that's how you should be doing things. Guess what? We're not getting any better at security. So what we're doing is obviously not really working right? We're making my incremental improvements and bilayer and an inordinate amount of complexity as opposed to re-evaluating our fundamental assumptions and constraints and that's where I go off the rails for a lot of folks home security.

Anita saw can eat all the stuff stuff doesn't have Valium same the problem is that we do it blindly we do it on faith that actually questioning or testing the underlying assumptions that I think there's a huge amount of wins to be had insecurities when you realize that no developer sets out to write crappy and secure code.

No one in operation sets out to build an insecure infrastructure confrontational relationship becomes right backs that usability. There is this myth that is cemented in security culture that it is usability vs. Security anyting developers do to make something more usable will lower it security Not at all true. I'm completely the opposite if you don't have usable systems, you have been secure systems, and I'm right.

If you for going to bend over backwards to try to get it to do what they want, which normally means they're going to break something. So that's where we really need to refocus. That's why I think I've been having such a challenge of answering these questions. How do I get started in cyber security because I think a lot of the activities we do it a lot of the places we start today are not where we should be starting where we should be starting is teaching people basic scientific method if they don't already know when and walking through and questioning certain assumptions about the environment they're working in questioning, but how different systems are deployed and then working through to test those assumptions and sometimes they'll be valid.

Sometimes they won't be valid. That's how that process works. And so I think we can do better teams are set up in a certain way. I have a certain set of skills sets skills are looked for a minute going to write that up in and put out a post in another little more formal video.

I have to answer all those people have been kind enough to take their time I have Read every one of those requests and I will get back to you guys either individually or on Master. They said because I think the more people coming into cybersecurity, especially the more different perspectives that come into cybersecurity the better off.

We're all going to be actually make a change we can actually do better and that's the goal is for everybody to have more secure software. So probably not what you were expecting this morning, but there it is good way to start Monday, I hope you guys are set up for a great day as always hit me up here in the comments below if you're watching this after-the-fact on Facebook or LinkedIn or YouTube if your live here on Twitter and always Mark NCAA.

Hit me up on Twitter IHOP in chat about this. Love to hear your perspective. What do you guys think about how to get started in security? What do you think about the general approach that security case right now? Is that working for you? It's not working for a lot of folks.

And so hit me up. Hope you guys have a great Monday and of course periscope Did not respond, and I'm so you're going to see the awkward. I'm going to try to slice this down, but there is an ex now up top. So maybe it'll actually work one time.

Have a great Monday. Will talk to you soon.