Cybersecurity Q&A
3 07 Mar 2018 02:40 by u/IllIllI
** This is a re-do from about two years ago. Tornadoes and hurricane Irma caused me to not be able to complete the session **
I'll be hosting a three part Cybersecurity Q&A in this sub (/v/programming) starting this Saturday, Marth 10th at 7 PM Eastern and lasting three hours. The sessions will be each Saturday, same time and length, for three weeks.
About me: I am a Cybersecurity researcher with formal training in EC-Council C|EH, C|HFI, Network Defense, and other related topics. I have a background in programming, networking (layer 2 and 3), database management, project management, covering military and private sectors over the last 20 years.
I am not doing this to promote myself for job recruitment opportunities. The sessions are provided as a means to transfer knowledge, exchange ideas, and enhance personal and professional growth in the Cybersecurity field for all involved.
Intended Audience These sessions are meant for individuals in upper management or senior positions, but all are welcome. No topic or questions are considered off-limits, but please try to keep the conversation to subject matter that pertains to the widest audience for the benefit of all involved.
I'll do my best to answer every question, but time and upvoats dictate the flow.
Please Note I won't divulge information or participate in activity which is considered illegal (in the United States); I operate in a strictly non-Black Hat manner. That being said, there is plenty of room for quality intellectual conversation and discussion on the topics at hand.
20 comments
0 u/yurisrevenge 07 Mar 2018 02:48
So your a certified ethical hacker correct?
-1 u/IllIllI [OP] 07 Mar 2018 02:57
I'm not going to provide any information that would identify me. Therefore, I am willing to say that I have been formally trained in those aspects you saw and reiterate that this is NOT about me or to benefit myself in any way, my goal with this is to share knowledge and information for those interested in the subject of Cybersecurity. I hope this doesn't come off as rude; my intention is to educate and promote the discussion of cybersecurity only.
Edit (clarification): I suppose if a mod needs proof in order to make this a successful venture I would provide proof.
0 u/yurisrevenge 07 Mar 2018 03:10
Never asked for info just simple yes or no comrade shit poster that is all. Sorry to offend
1 u/IllIllI [OP] 07 Mar 2018 03:15
No! No offense taken at all!
I just was trying to avoid the next logical step of some troll going in for the hopeful kill. Maybe I have spent too much time on Reddit recently, but I was just trying to clarify that in fact this will be s substantive and intellectual conversation and information exchange for like-minded individuals!
0 u/yurisrevenge 07 Mar 2018 12:00
Da comrade admit i am troll but I also IT guy like you. Much moar respect have for you as IT from another than troll to troll.
I been banned banned from 4chan, Reddit, 9gag, and funnyjunk.com
I am currently building a super network with onion routers and moar.
Also I love to code in python
Easiest code lang to pic up.
0 u/Firevine 07 Mar 2018 03:06
My CS and programming classes are wrecking my face right now, so I'll try to get in on this. Not this weekend, but next time.
1 u/IllIllI [OP] 07 Mar 2018 03:12
PLEASE do engage on this! Try to keep in mind that what you are taught in school is academia and not necessarily what you need to know to exceed in the "real world"!!!!
0 u/Plavonica 07 Mar 2018 05:21
God I hope so. I bloody hate most of my projects. There are a few I had fun with where I was allowed actual choices in what I did.
1 u/IllIllI [OP] 07 Mar 2018 23:45
Try to gain an understanding of the principles they teach. Read the language specification for a language you like. I wouldn't bother too much with memorizing function names or anything like that because APIs change over time. The idea is that you should be able to know what you need to do and can go into an API documentation, find what you need, and then implement it.
As far as choices and creatively solving a problem, I have good news for you: That is a large part of developing software. You start with a goal, determine the best language(s), and using your head (and your trusty API reference) you will make the computer do whatever it is your goal needs.
Here's a couple of things they don't really touch on in school that are very important anywhere: Learn a source control system (I prefer Git), learn how to build and run Unit Tests, figure out the difference between monolithic applications and microservices and in which situations each would be appropriate. Learn how to optimize your code, learn how to build secure code and robust error handling.
Feel free to pick my brain on specifics or questions.
0 u/Plavonica 08 Mar 2018 00:43
They go over all of these things while we learn to program, though to what degree their teachings reflect reality I can only guess at. Right now we are going through how to use Scrum/Agile with git while doing projects for local businesses. Scrum/Agile is surprisingly easy with a background in the military.
There isn't much on monolithic vs micro-services but they do go over some of the laws involving large corporations vs goin' at it on your own/with a partner. Secure code is gone over but to really get into it they make you pony up for extra classes (that I can't afford). I went with the mathematics instead of cyber-sec route anyways.
There are several early classes that have us specifically go over the documentation. Forcing us to learn from it and then make our projects from that. While the documentation is good enough for professionals to use as reference, it makes for some terrible teaching/learning material.
This is probably why I have such problems in a traditional learning environment. I try to learn the underlying ideas behind what they are teaching instead of just memorizing shit for a week and forgetting it.
1 u/IllIllI [OP] 09 Mar 2018 02:30
It sounds like you are getting a good foundation, that's good. For secure programming, that is truly a "matryoshka doll" type of thing to get into and even after multiple classes it's only a foundation and it's something that can keep you on your toes well into your professional career. Secure programming has layers upon layers of complexity and one can never really account for all possibilities while implementing code securely in a practical manner. It is possible but not practical to get extremely granular control over things, but project managers have deadlines and projects have costs; the more effort that goes into this aspect increases the time to complete the project which results in increased cost. So that, essentially, is how we wind up witnessing mind boggling news stories of unbelievable breaches and data loss. Because in the end, some aspects of security were given less attention or none and the company decides to weigh the risk versus a possible hit to their credibility, pay a hefty fine, and the related costs in cleaning up the mess. Secure coding is just becoming more important as these scenes continue to happen; I only see the emphasis on secure coding growing further as time goes on.
0 u/Plavonica 09 Mar 2018 03:57
Certainly this is why it is on my mind as I program. However:
This.
1 u/IllIllI [OP] 10 Mar 2018 01:59
Trying not to "steal too much thunder" from the upcoming mini-series on Cybersecurity, but this is at the crux of many Cybersecurity problems, and it is my intention to delve as deeply as possible into this format with as much material as possible as would be beneficial in this regard. There is a certain and undeniable "catch 22" within this realm which M U S T be overcome by corporate interests in order to progress further!
0 u/dooob 07 Mar 2018 05:08
Just a tip: dont take downvotes as opinion, there are people who hate this place (voat) and downvote good stuff. I cant wait, hopefully I'll learn something. Post on a couple of other subs like v/TellVoat or v/whatever to get a bigger turnout and hopefully encourage more specialists to do these types of stuff.
0 u/IlIlIlIl 07 Mar 2018 11:22
Me: https://voat.co/user/IlIlIlIl
You: https://voat.co/user/IllIllI
I don't really have any questions except why are you stealing my username???
0 u/IllIllI [OP] 07 Mar 2018 23:30
You sir, have a fabulous username. Good choice.
0 u/IllIllI [OP] 10 Mar 2018 02:20
Cybersecurity Q&A, 24 Hour Lead-Up Primer:
In order for this to be of use to the widest possible audience, it is recommended that questions be posed in a manner which would present the greatest knowledge gain for the widest audience possible while keeping in mind that the format is targeted to senior level practitioners. No questions will be considered off limits while they are within the realm of programming and cybersecurity so please consider the fact that the audience is GLOBAL and situations and circumstances may vary by region and nation.
Well formed questions will pose an actual and actionable problem, theoretical problems and edge-cases are not necessarily going to benefit everyone but if you strongly believe that the discussion in this regard will benefit those involved for some upcoming problem please don't hesitate to add it to the discussion. As always, time and upvoats will dictate the flow, but if a underserved topic or question remains and begs for further discussion please feel free to message me to engage on it.
It is suggested that all day one questions be posed BEFORE the start time so that the maximum amount of answers and interaction may take place.
Please be civil, this is meant to be an intellectual exchange of information and not an ePeen measurement contest.
0 u/IllIllI [OP] 10 Mar 2018 23:57
Go ahead and ask away! I'll be standing-by for the next three hours to answer your questions!
0 u/facetumor 11 Mar 2018 04:34
Do you think we'll keep seeing cryptojacking ads on major platforms in 2018? Is it a solveable problem?
0 u/IllIllI [OP] 21 Mar 2018 00:35
Obviously this was scrapped due to lack of participation by the community. Mod(s) please feel free to archive this post. Unfortunate that after all these years Voat still does not have the user base that it should.