10 Things I've Learned So Far As I Pursue My Masters Degree in Cybersecurity
1. The whole Cybersecurity industry laments that if it just wasn't for the moron end users, everything would be elegantly secure. (They say like a mantra: "The End User is the Weakest Link in Cybersecurity")
0
2. Confidentiality, (Data) Integrity, and (System) Availability are the "Three tenets of Cybersecurity"
0
3. The National Institute of Standards (NIST) publishes A LOT of great Cybersecurity guidance and document templates to help a practitioner focus on things to secure and the policies and procedures that are 1/3 of the defensive battle.
0
4. MBAs, Owners, and CxOs HATE the Cybersecurity spend that is forced upon them by government regulations, insurance companies, etc. The majority take the frustration out on their underfunded Cybersecurity team.
0
5. You can't defend everything. The business must define the mission critical systems and prioritize the defense of them.
0
6. Nation states have infiltrated everything of interest and are sitting there watching each other.
0
7. Cryptographic algos are deemed secure until the precise time somebody figures out how to defeat it. Then the crypto community says: "mkay. Just run the same algo X more times on the same message and we should be good."
0
8. IF (when?) quantum computers work, the current crop of crypto algos are all hopelessly broken. The government is already planning for this to happen.
0
9. Hacker groups actually take a break to watch popular sporting events and even go on vacation. You can see the traffic die down in the attack logs when they are out of office.
0
10. The Federal Gov't is chomping at the bit to be able to respond "kinetically" after a cyberattack. That's bad.
0
11. Bonus: Some types of attacks, like ransomware, are really ingenious and elegantly applied computer solutions that leverage all kinds of cool computer science methods and topics.
0
12. Bonus 2: Have great (PRACTICED) backup and restore procedures. That is the ultimate defense.
0
