Drowning in Security Solutions


At the RSA convention the other week, I met a wonderful European gentleman named Knud. The ‘K’ is pronounced for this name. Knud told me the story of a Viking king who was known for shouting at the waves.

According to several documented accounts, this king would make it his mission to order the waves to cease at his command. The Viking lord was spotted many times standing on top of a cliff yelling at the waves below to stop.

For what purpose, we will never know. We do know that the waves did not stop and have not stopped for any man beyond religious accounts. No mortal man has ever been able to command the ocean to bend to their will. But that would be a cool trick to witness.

The biggest question here is why a noble man would even try to stop these forces of nature. Because he thought he could? Because he thought he had some magical power? Because he was trying to prove a point, maybe?

In digital security, we often find ourselves trying to shout at the waves as well. We go to training, attend classes, buy new software, add all sorts of cool gadgets in hopes that we too can control the waves of security woes.

This is not an uphill battle, it’s a battle you can’t win with the way things are going now.

No, this article isn’t about FUD. It’s about the reality of futility. RSA had an estimated 35,000 attendees. Of those thousands, I only saw a few African Americans and a small percentage of women in the crowd. Except in one case, I did not see a single teenager.  Why is that?

The last time I looked, there was a significant part of our population that isn’t white and male. So why is digital security dominated by old white guys when the real world doesn’t look anything like that?

Amit Yoran of RSA had a talk about the need for a new map in the field of cybersecurity. How about we start by populating that map with a better representation of the real world?

We can add some minorities to the workforce. We can increase the amount for women in this profession. Maybe even give them equal pay for equal work.

While Mr. Yoran has you sitting in the dark when it comes to security, we at the Institute for Security and Open Methodology (ISECOM) have created a free teaching platform for teens.

If we want a new shift in thinking, if we want the waves to actually stop, we need to come up with a new solution.

At Hacker Highschool, we have a new solution, and it’s called free education. There are all kinds of lessons for teens to download that will teach them about the digital security profession. These lessons are free to download and are translated into twenty-two languages.

The lessons do not favor any particular product or vendor, we teach our students to think for themselves. The lessons do not endorse sitting in the dark, waiting for an opportunity. Instead we teach something called trust.

Trust is established by implementing the ten operational security controls listed in the Open Source Security Testing Methodology Manual (OSSTMM). This is an unbiased evaluation of any device, network, or product down to the chip level.

You, the evaluator, get to determine whether something is trustworthy or not. The vendor marketing jargon and fancy words fall to the side when you use the free OSSTMM.

This is what we are teaching at Hacker Highschool. We are teaching the next generation of digital security professionals to question every firewall, every protocol, every chip on every device and every means of communication to see if they are trustworthy.

The OSSTMM uses a simple mathematical formula to remove any doubt that could add opinion over fact.

Our lessons at Hacker Highschool are being taught at a rate of 6 million downloads. Of those downloads, only 2% are from the U.S… Why is that?

Why is it that China understands the importance of teaching their youth about security but the U.S. does not? Europe and Asia also understand this critical shortfall but not in America. We don’t ask for your race, gender or financial background to download our free material. We just want you to learn.

Hacker Highschool has the lessons, the teacher training material and the certifications are backed by ISECOM.

We want you to stop shouting at the waves and shine some light into the darkness. The new map belongs to our future and we need to start teaching them about the mistakes we already made.

For those who are asking who I am, I’m an unpaid volunteer for Hacker Highschool, as all of us are. We believe in this cause but we need your help. Help us to help you. Teach the next generation of teens about our field. Shine some light on to their faces and watch them learn.

A little knowledge goes a long way.

Source: http://blog.norsecorp.com/2015/05/03/drowning-in-security-solutions/

May 9, 2015
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
happy wheels
happy wheels
3 years ago

Very interesting stuff here. I need this information. Thanks for sharing!

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023