Retrospective

Takeaways

1) If you want to do this in the future, get a degree in IT as it gives you the basic understanding of this stuff (think taking an anatomy class before going to med school)
2) Anyone can learn this really easily - even if you hate computers you could like this
3) Figure out how to use AI - it’s indispensable and will shape the computer related fields in the future
4) Start small - you don’t need to pay for classes or lectures to get started, there are free courses online, and the barrier for entry is very very low
5) You don’t lose anything by trying, you only lose by not trying

Everything below this is notes

Panelists

• David Tomasz -FBI
  • Tracked down big hackers from other countries
• Tricia Mercer - Leadership position at SD Cyber excellence and more
  • Stopped data leak and people stealing data from company
• Victor Nzeata - CEO of Cyber Brain Academy
  • Cleaned up old data from the US military in the middle east to stop the enemy from using it

Cybersecurity Landscape

stuff they did

D: Tracked down big hackers from other countries

T: Stopped data leak and people stealing data from company

V: Cleaned up old data from the US millitary in the middle east to stop the enemy from using it

big threats

T: Lack of cybersecurity knowledge

D: Ransomware

V: AI

Zero Day - Vulnerability that cannot be patched

How do ethical hackers help and ethics concerns

V:

• They are really useful because they simulate real attacks and that is critical for reinforcing weak points and strengthening.
• Gray area b/c in the DOD a ethical hacker patched vulnerabilities but put a backdoor in…

D:

• Not really ethical/moral but more of a legal question
• good penetration testers are really really useful
• come talk to us if you are good at this

T:

• Integrity is super important because they have access to critical data

What inspired you to do cybersecurity?

T:

• Book called the cuckoo’s egg (I HAVE READ THIS WOW)

D:

• I hate computers. Always have. Still do
• Really easy to learn. Everybody should know it
• Went to Quantico and wanted to do something overseas. They suggested cyber and he took it

V:

• Loves coding?
• Saw parallels between military and cyber
• loves that it’s always changing and changing

What should CS students interested in cyber do as next steps

V:

• do background in IT
• Very foundation of CS and cyber can be found there
• bachelor in IT

D:

• also do IT if you plan
• have soft skills - Will take you basically anywhere
  • people skills
  • be nice
  • be a leader
  • be reliable
  • when you walk into a room people should know you and like you
  • need to learn how to manage bad / unskilled people

T:

• Yes.
• Having a background in IT
  • really gives you the essentials
  • can’t do heart surgery without understanding basic anatomy
• Start building things at home - make a network, hack it, etc… real world stuff

Career Opportunities

Obstacles you have faced and how it impacts career

T:

• I’m more on the business side
• speaking with business acumen
  • convincing the higher ups how to do things
  • “how does it make me money?” - leaders
  • dumb it down so they understand why its necessary and why they should invest
• How do you take what you know

D:

• My personal challenge was being ignorant and having to overcome it
• there’s going to be a steep learning curve. A lot of times
• Companies won’t share data with us
• People wont report to law enforcement

V:

• People.
• Have to pick the top 5, have to ask people to do things that are really important
• BCP?
• When you are faced with adversarial danger (country stuff), how do i get stuff done with just 1/5 of my staff?

Future of Cybersecurity

What trends in Cyber are you anticipating for the next 5-10 years and how will it affect jobs

V:

• lot more specializations
  • Health IT
  • Human element of risk
  • Need more people specialized in AI
• Have the same skillset of hackers but being able to also incorporate more organic stuff
  • For example, pacemaker that could be hacked

D:

• Echo AI.
• Talked to a lot of companies / coders who are terrified of losing jobs
• People are firing staff cuz of AI
• Very bad time for coders who aren’t good because AI is being trained on code
• Govt jobs need skilled coders

T

• Agree for AI.
• Next 5-10 years almost every entity will be hiring for cybersecurity
  • small/medium companies beginning to think about that
• Open field of learning how to secure code

How do cybersecurity professionals prepare for constantly evolving threats

T

• lot of sources that you can subscribe to
• constantly being informed and up to date
• not a profession that you can turn on/off outside 9-5
• intrinsical need to want to research
• just dig in

D:

• I do a lot of reading.
• A lot of classified and unclassified stuff
• You are going to need a network. Identify people who are really really good and become friends with them. They will teach you things, get you jobs, and will advance you
• You can’t go home and think you are done.

V:

• Brother who is a doctor
  • always reading and learning
• just as any other profession you have to maintain competency
• being in the know - staying updated
• Cybersecurity is a team sport.
• Solve problems faster
• community that you create by being in this workforce

Audience Q&A

Q: How quickly does the pipeline go from research to action

D:

• A lot of the novel exploits and techniques never get off the ground because it requires too much technical knowledge
• When it does, it only takes hours or days for the exploit to be taken advantage of V:
• Patch Tuesday, Exploit Wednesday

Q: How do you make sure that you are always up to date on new developments

V:

• Always go to conferences, partner meetings, share w/ other people and they will share w you (mostly)
• Real world feedback

D:

• I read the news.
• Information sharing networks are very very dense.
• By industry, by sector, govt private stuff

Cool Tools

• Kali / Linux tools
• NMap
• TheHarvester
• ISC2 - Certified Cybersecurity - free
• A+ cert
• N+ cert
• Security+ cert