WEBVTT 1 00:00:00.000 --> 00:00:03.160 All right, so you've given me quite the reading list here, 2 00:00:03.560 --> 00:00:07.480 lots about cybersecurity education and research. Seems like you're interested 3 00:00:07.559 --> 00:00:12.160 in how we're you know, getting ready for these more 4 00:00:12.240 --> 00:00:14.199 and more complex cyber threats. 5 00:00:14.480 --> 00:00:16.960 Yeah. It's a big topic, it is, and for good reason. 6 00:00:18.879 --> 00:00:21.079 What I think is really interesting is that these sources 7 00:00:21.120 --> 00:00:25.199 all kind of point to like this future where cybersecurity 8 00:00:25.239 --> 00:00:29.000 knowledge is just like common, like everyone knows it and 9 00:00:29.039 --> 00:00:31.000 knowing how to use a smartphone. 10 00:00:30.719 --> 00:00:33.479 You know, so like everyone like from college freshmen to 11 00:00:34.159 --> 00:00:36.320 judges needs to know this stuff exactly. 12 00:00:36.520 --> 00:00:39.280 And it's not even just about like making sure everyone 13 00:00:39.320 --> 00:00:42.359 has the information, you know, like the research from that 14 00:00:42.399 --> 00:00:45.600 twenty twenty National Cyber Summit, for example, that one really 15 00:00:45.640 --> 00:00:47.679 emphasizes like we need to build a whole new kind 16 00:00:47.679 --> 00:00:50.759 of cybersecurity mindset. Oh yeah, I saw that one that's 17 00:00:50.799 --> 00:00:56.119 like proactive and adaptive really understands how these cyber threats work, 18 00:00:56.159 --> 00:00:57.560 you know, because you're always changing. Right. 19 00:00:57.600 --> 00:00:59.560 They use this term adversarial thinking. 20 00:00:59.600 --> 00:01:01.399 I thought that, Yeah, that's a good one. 21 00:01:01.479 --> 00:01:02.560 What does that actually mean? 22 00:01:03.320 --> 00:01:07.200 So it's basically about learning to think like the attacker, 23 00:01:07.280 --> 00:01:09.040 you know, like instead of just saying, okay, how do 24 00:01:09.079 --> 00:01:11.640 I defend this system. Yeah, you think, how would someone 25 00:01:11.719 --> 00:01:15.040 try to break into this? You know, like what's their motivation, 26 00:01:15.439 --> 00:01:18.799 what kind of tactics do they use, even like their psychology, 27 00:01:19.040 --> 00:01:19.280 you know. 28 00:01:19.239 --> 00:01:21.920 So it's almost like playing chess, but instead of just 29 00:01:21.959 --> 00:01:25.680 trying to checkmate your opponent, you're trying to anticipate their 30 00:01:25.719 --> 00:01:27.599 every move and build up your defenses. 31 00:01:27.840 --> 00:01:31.239 Yeah. Yeah, that's a great analogy. And like this shift 32 00:01:31.280 --> 00:01:33.640 in how we think it's starting to show up in 33 00:01:33.680 --> 00:01:37.680 how cybersecurity is being you know, taught and assessed. Like 34 00:01:38.480 --> 00:01:41.079 the researchers at the National Cyber Summit talk about something 35 00:01:41.120 --> 00:01:43.200 called the Cybersecurity Concept Inventory. 36 00:01:43.319 --> 00:01:45.359 I saw that mentioned in a couple of the articles, 37 00:01:45.359 --> 00:01:47.079 but I got it. I'm a little fuzzy on what 38 00:01:47.120 --> 00:01:47.799 it actually is. 39 00:01:48.000 --> 00:01:50.560 So it's like this tool and it's designed to like 40 00:01:51.159 --> 00:01:54.439 figure out if students really get those like core concepts 41 00:01:54.480 --> 00:01:57.239 of cybersecurity. And what's really cool about it is that 42 00:01:57.280 --> 00:02:01.519 it's not just about memorizing stuff. The searchers actually talk 43 00:02:01.560 --> 00:02:04.920 about how hard it was for them to like to 44 00:02:04.959 --> 00:02:08.199 come up with questions that really assess critical thinking and 45 00:02:08.240 --> 00:02:10.080 that adversarial thinking we were just talking about. 46 00:02:10.240 --> 00:02:12.840 So instead of just being like, what is fishing. It's 47 00:02:12.879 --> 00:02:16.319 more like, here's a situation, what are the red flags 48 00:02:16.840 --> 00:02:18.599 and how would you actually respond? 49 00:02:18.680 --> 00:02:21.560 Yeah, yeah, exactly. Like they really wanted to get away 50 00:02:21.919 --> 00:02:26.639 from those like traditional multiple choice questions. Yeah, and build 51 00:02:26.639 --> 00:02:31.719 these scenarios that force students to analyze things right, evaluate 52 00:02:31.759 --> 00:02:32.759 apply their knowledge. 53 00:02:32.960 --> 00:02:33.479 That's cool. 54 00:02:33.639 --> 00:02:35.599 Yeah. And they even like they did a bunch of 55 00:02:35.639 --> 00:02:38.080 interviews with students, okay, just to make sure they were 56 00:02:38.080 --> 00:02:40.120 capturing the right ideas and the right challenges. 57 00:02:40.199 --> 00:02:42.319 It reminds me of those medical school exams where they 58 00:02:42.400 --> 00:02:44.520 give you a patient case and then you have to 59 00:02:44.560 --> 00:02:47.439 figure out what's wrong and how to treat them based 60 00:02:47.479 --> 00:02:49.080 on you know, yeah, the symptoms. 61 00:02:49.199 --> 00:02:51.840 That's a good comparison. Yeah, And speaking of different fields, 62 00:02:51.840 --> 00:02:56.800 it's really interesting to see how cybersecurity education is like expanding, 63 00:02:57.479 --> 00:03:01.120 you know, like beyond just the computer science departments, because 64 00:03:01.159 --> 00:03:05.360 there's this growing awareness that professionals and like all kinds 65 00:03:05.400 --> 00:03:07.759 of fields need this knowledge. 66 00:03:07.840 --> 00:03:11.000 I was really fascinated by that article about creating a 67 00:03:11.120 --> 00:03:15.840 digital forensics training like specifically for judges and prosecutors, you know. 68 00:03:16.439 --> 00:03:18.520 I feel like the legal system is always trying to 69 00:03:18.560 --> 00:03:21.319 catch up it is, yeah, with technology. 70 00:03:20.759 --> 00:03:24.039 Oh totally, And like that knowledge gap. It could have 71 00:03:24.120 --> 00:03:27.199 real consequences. You know, imagine a judge they're in a 72 00:03:27.240 --> 00:03:30.319 case with like digital evidence, Yeah, but they don't even 73 00:03:30.439 --> 00:03:34.240 understand like how it was collected or analyzed. It could 74 00:03:34.319 --> 00:03:38.080 lead to like rulings that are unfair or even wrong. 75 00:03:38.400 --> 00:03:40.360 You know, that's a really good point. I hadn't even 76 00:03:40.360 --> 00:03:41.120 thought about it that way. 77 00:03:41.199 --> 00:03:44.759 Yeah. And so like educating judges about things like digital forensics, 78 00:03:44.879 --> 00:03:47.599 it's really about making sure that those legal decisions are 79 00:03:47.680 --> 00:03:51.319 fair and informed in a world that's like only getting 80 00:03:51.319 --> 00:03:55.479 more digital. Absolutely, and this need for like broader cybersecurity education, 81 00:03:55.800 --> 00:03:59.000 it goes way beyond the court room. You know, another 82 00:03:59.000 --> 00:04:01.560 source you sent it talks about this modular lecture series 83 00:04:02.639 --> 00:04:05.199 video based and it was made to be accessible to 84 00:04:05.479 --> 00:04:08.919 like community college students, busy professionals, everyone. 85 00:04:09.080 --> 00:04:10.960 Okay, this is the one that really caught my eye. 86 00:04:11.039 --> 00:04:13.240 What makes this lecture series different? 87 00:04:13.400 --> 00:04:16.000 Well, first of all, it covers like a ton of 88 00:04:16.040 --> 00:04:21.519 stuff blockchain, cryptocurrencies, ethical hacking, even the dark web. 89 00:04:21.959 --> 00:04:22.399 Wow. 90 00:04:22.519 --> 00:04:25.240 And they designed it so that it's really flexible, like 91 00:04:25.279 --> 00:04:29.000 people could pick and choose the modules that like they're 92 00:04:29.040 --> 00:04:31.360 interested in or that relate to their careers. 93 00:04:31.399 --> 00:04:35.120 They choose your own adventure for cybersecurity education. That's really cool, 94 00:04:35.199 --> 00:04:36.079 and it's so. 95 00:04:36.199 --> 00:04:40.319 Different from those like typical boring lectures, right, Like these 96 00:04:40.319 --> 00:04:43.279 modules are supposed to be like engaging, kind of edgy 97 00:04:43.360 --> 00:04:46.560 even they talk about stuff that people are actually curious about. 98 00:04:46.800 --> 00:04:49.079 You know. It's like not just learning about firewalls. It's 99 00:04:49.120 --> 00:04:53.120 like getting a glimpse into like the world of crypto 100 00:04:53.439 --> 00:04:57.600 or like ethical hacking, like a little taste of cybersecurity. 101 00:04:57.680 --> 00:04:59.800 So people want to learn more. Yeah, that's a good 102 00:04:59.839 --> 00:05:02.439 way put it. It's like an appetizer, especially since there's 103 00:05:02.480 --> 00:05:05.439 just so much information out there. You know. It's about 104 00:05:05.439 --> 00:05:08.600 building like a foundation of knowledge and then letting people 105 00:05:09.600 --> 00:05:12.720 like pursue what they're actually into. Yeah. 106 00:05:13.000 --> 00:05:16.279 Right, So we've talked about a new cybersecurity mindset and 107 00:05:16.319 --> 00:05:21.439 making education more accessible. What other big trends are we 108 00:05:21.480 --> 00:05:22.639 seeing in these articles? 109 00:05:22.720 --> 00:05:24.279 I think one of the coolest things is that there's 110 00:05:24.319 --> 00:05:29.600 this real shift happening towards like hands on learning and gamification. 111 00:05:29.920 --> 00:05:33.399 Like the old way of doing things with lectures and textbooks, 112 00:05:33.199 --> 00:05:34.560 it's it's kind of fading away. 113 00:05:34.680 --> 00:05:36.680 Yeah, that makes sense. You can only read so much 114 00:05:36.720 --> 00:05:39.560 about network security before your eyes like lays over. But 115 00:05:39.560 --> 00:05:42.000 if you're actually building a network and trying to defend 116 00:05:42.000 --> 00:05:46.639 it against simulated attacks. That's like a whole other level totally. 117 00:05:46.759 --> 00:05:49.040 And actually one of the articles you sent it dives 118 00:05:49.079 --> 00:05:53.560 into using serious games to teach devsekops. Okay, have you 119 00:05:53.600 --> 00:05:53.959 heard of that. 120 00:05:54.639 --> 00:05:57.120 I'm not super familiar with it. Can you break it down? 121 00:05:57.160 --> 00:06:00.439 Okay? So it stands for Development, Security and Operations and 122 00:06:01.160 --> 00:06:04.439 it's basically a set of practices that like build security 123 00:06:04.839 --> 00:06:08.120 into every part of making software. So instead of thinking 124 00:06:08.160 --> 00:06:11.199 about security like at the end, you know, as an afterthought, 125 00:06:11.759 --> 00:06:14.439 it's baked into the process from the very beginning. 126 00:06:14.160 --> 00:06:17.079 So it's like preventing those vulnerabilities instead of trying to 127 00:06:17.120 --> 00:06:19.120 fix them later exactly. 128 00:06:19.120 --> 00:06:21.120 And that's where these serious games come in. They create 129 00:06:21.160 --> 00:06:24.759 these like simulated worlds where students can like play around 130 00:06:24.759 --> 00:06:29.759 with devsekops principles, you know, they make decisions about security investments, 131 00:06:30.079 --> 00:06:32.600 and then they actually see what happens based on their choices. 132 00:06:32.720 --> 00:06:36.120 So it's kind of like a flight simulator for software developers. 133 00:06:36.160 --> 00:06:38.439 They can crash and burn in the virtual world without 134 00:06:38.600 --> 00:06:41.120 like you know, actually causing damage exactly. 135 00:06:41.639 --> 00:06:44.199 And one of the games in the research actually makes 136 00:06:44.240 --> 00:06:47.600 students think about like the costs and the risks of 137 00:06:47.680 --> 00:06:50.079 different security measures. Ok, Like they have to make tough 138 00:06:50.160 --> 00:06:54.680 choices balance the need for security with other things like budget, 139 00:06:54.920 --> 00:06:57.519 how long it takes to develop user experience. 140 00:06:57.800 --> 00:07:01.680 Wow, so they're really having to like think critically and strategically. 141 00:07:01.959 --> 00:07:03.959 Oh yeah, and I bet it's way more fun than 142 00:07:04.000 --> 00:07:05.879 just reading about it in the textbook. 143 00:07:05.680 --> 00:07:09.120 Right for sure. And I think another research team was 144 00:07:09.160 --> 00:07:12.759 talking about their work with something called a single board 145 00:07:12.759 --> 00:07:15.680 computing constellation, Oh, yes, which is basically it's a. 146 00:07:15.759 --> 00:07:18.360 Small cheap computers all network together. 147 00:07:18.560 --> 00:07:23.519 Yeah, to give students hands on experience with like cybersecurity concepts, 148 00:07:23.519 --> 00:07:26.920 so they're not just reading about firewalls, they're actually configuring 149 00:07:26.959 --> 00:07:29.240 them and testing them out in a safe environment exactly. 150 00:07:29.319 --> 00:07:33.800 Yeah. You can explore things like kernel modifications, network traffic analysis, 151 00:07:34.360 --> 00:07:38.040 even like ethical hacking techniques. But it's all in this 152 00:07:38.279 --> 00:07:40.120 like controlled setting. 153 00:07:40.240 --> 00:07:43.759 So it's like a cybersecurity playground where students can experiment 154 00:07:44.160 --> 00:07:47.360 and learn without worrying about breaking anything important. 155 00:07:47.720 --> 00:07:49.439 Yeah, that's a good way to put it. And this 156 00:07:49.639 --> 00:07:52.920 like hands on approach it's really key to understanding like 157 00:07:53.560 --> 00:07:56.279 the technical side of cybersecurity. You know, it's one thing 158 00:07:56.639 --> 00:07:59.000 to read about how a network works, but it's totally 159 00:07:59.040 --> 00:08:01.560 different to build one, configure it, and then try to 160 00:08:01.600 --> 00:08:02.560 you know, hack into it. 161 00:08:02.680 --> 00:08:05.040 Right, because that's where the real learning happens, you know, 162 00:08:05.079 --> 00:08:07.360 when you run into those challenges and have to figure 163 00:08:07.360 --> 00:08:08.759 out how to solve them yourself. 164 00:08:08.959 --> 00:08:11.839 Yeah, for sure. And that leads us to another big thing. 165 00:08:12.480 --> 00:08:15.879 These articles highlight the cutting edge research that's happening in 166 00:08:15.920 --> 00:08:19.519 the world of cybersecurity. It's not just about making education better. 167 00:08:19.560 --> 00:08:22.199 It's about like pushing the boundaries of what we know 168 00:08:22.399 --> 00:08:25.040 and coming up with new tech and strategies to fight 169 00:08:25.120 --> 00:08:27.519 these these threats that are always changing. 170 00:08:28.079 --> 00:08:31.240 I'm really interested in that research on securing all these 171 00:08:31.240 --> 00:08:35.879 new technologies, especially because the world is like becoming so 172 00:08:36.120 --> 00:08:39.840 interconnected so fast. What were some of the key areas 173 00:08:39.840 --> 00:08:42.120 that stood out to you, Well, the research. 174 00:08:41.799 --> 00:08:43.960 From the National Cyber Summit. They really dig deep into 175 00:08:43.960 --> 00:08:47.879 the whole thing about securing unmanned aerial vehicles. Yeah yeah, 176 00:08:47.960 --> 00:08:50.200 which is just a fancy way of saying drones. 177 00:08:50.440 --> 00:08:51.000 Drones. 178 00:08:51.320 --> 00:08:53.440 Yeah, you know, I never really thought about the cybersecurity 179 00:08:53.440 --> 00:08:56.440 side of drones before, right, but it makes sense. They're 180 00:08:56.440 --> 00:09:01.519 like flying computers, you know, and if someone hacks into one, 181 00:09:01.759 --> 00:09:05.159 the results could be pretty bad. And the researchers they 182 00:09:05.200 --> 00:09:08.159 talk about some of the unique challenges with drones, like 183 00:09:08.200 --> 00:09:11.039 how much they rely on wireless communication and how they 184 00:09:11.120 --> 00:09:13.960 might be used in like really sensitive areas. You know, 185 00:09:14.320 --> 00:09:16.879 we're not just talking about some kid's toy drone like 186 00:09:17.279 --> 00:09:20.080 getting hacked and flying into a tree. We're talking about 187 00:09:20.120 --> 00:09:25.399 the potential for like espionage, sabotage, even physical harm. 188 00:09:25.919 --> 00:09:28.720 So like if a drone was carrying something sensitive and 189 00:09:28.759 --> 00:09:31.600 it was hijacked or its data was stolen, that could 190 00:09:31.639 --> 00:09:36.720 have serious consequences for like national security businesses, even individuals. 191 00:09:36.799 --> 00:09:39.720 Oh yeah, totally. And to deal with those challenges, the 192 00:09:39.759 --> 00:09:43.559 researchers talk about things like the CNSSP twenty eight, which 193 00:09:43.559 --> 00:09:48.960 is basically a set of cybersecurity rules specifically for national 194 00:09:49.039 --> 00:09:52.639 security systems that are unmanned. Okay, so they're essentially trying 195 00:09:52.679 --> 00:09:56.559 to create a framework for like building and using secure 196 00:09:56.639 --> 00:09:58.559 drones for the government and the military. 197 00:09:58.679 --> 00:10:00.639 So it's kind of like building codes for houses, but 198 00:10:00.679 --> 00:10:01.279 for drones. 199 00:10:01.639 --> 00:10:03.399 Yeah, that's a good way to think about it. And 200 00:10:03.440 --> 00:10:05.960 besides those rules, they're also looking at how to make 201 00:10:05.960 --> 00:10:09.120 civilian drones safer too, looking at things like you know, 202 00:10:09.159 --> 00:10:12.399 how to authenticate drones, protect the communication channels, even put 203 00:10:12.440 --> 00:10:16.960 in like self destruct features if a drone gets compromised. 204 00:10:16.480 --> 00:10:19.679 Self destruct. That sounds pretty intense, it. 205 00:10:19.639 --> 00:10:22.200 Is, but it just shows how serious this is. If 206 00:10:22.200 --> 00:10:24.480 a drone is compromised and there's no way to get 207 00:10:24.480 --> 00:10:26.799 it back, sometimes the best thing to do is make 208 00:10:26.799 --> 00:10:28.759 sure it doesn't end up in the wrong hands, right, 209 00:10:28.960 --> 00:10:30.080 or cause more problems. 210 00:10:30.200 --> 00:10:32.360 Yeah, so it's kind of a last resort to prevent 211 00:10:32.480 --> 00:10:34.240 a bigger disaster exactly. 212 00:10:34.720 --> 00:10:38.039 And this research on drone security is just one example 213 00:10:38.440 --> 00:10:40.399 of the cutting edge work being done in the field. 214 00:10:40.879 --> 00:10:43.480 Another area getting a lot of attention is security for 215 00:10:44.039 --> 00:10:46.879 like smart homes and the Internet of Things. 216 00:10:47.120 --> 00:10:49.240 It seems like everything in our homes is getting connected 217 00:10:49.279 --> 00:10:53.679 to the internet these days, smart refrigerators, smart thermostats, smart doorbells, 218 00:10:54.080 --> 00:10:55.519 even smart toothbrushes. 219 00:10:55.639 --> 00:10:56.519 I know, it's crazy. 220 00:10:56.600 --> 00:10:59.559 It's amazing, but also a little overwhelming from a security 221 00:10:59.600 --> 00:11:00.960 perspect you know, oh. 222 00:11:00.840 --> 00:11:03.919 Yeah, totally. And the researchers they're finding some pretty scary 223 00:11:04.000 --> 00:11:08.120 vulnerabilities in these systems, Like they've found ways that hackers 224 00:11:08.120 --> 00:11:12.120 can use innocent looking devices like smart meters to gather 225 00:11:12.240 --> 00:11:14.000 information about our habits and what we do. 226 00:11:14.120 --> 00:11:16.679 Wait, so someone could hack into my smart meter and 227 00:11:16.759 --> 00:11:19.159 figure out when I'm home when I'm not even what 228 00:11:19.200 --> 00:11:20.320 appliances I'm using. 229 00:11:20.440 --> 00:11:23.080 It's possible, Yeah, and that data could be used for 230 00:11:23.159 --> 00:11:26.639 all sorts of things like targeted advertising, but also scarier 231 00:11:26.720 --> 00:11:29.759 things like identity theft or even blackmail. 232 00:11:30.039 --> 00:11:32.720 That's kind of unsettling to think about how our personal 233 00:11:32.759 --> 00:11:35.840 information can be taken and used and we don't even 234 00:11:35.879 --> 00:11:36.600 know about it. 235 00:11:36.600 --> 00:11:38.960 It is, and it really highlights how important it is 236 00:11:39.000 --> 00:11:42.159 to be aware of the risks right and take steps 237 00:11:42.159 --> 00:11:43.200 to protect our privacy. 238 00:11:43.360 --> 00:11:45.360 So what can we do do we have to get 239 00:11:45.399 --> 00:11:47.120 rid of all our smart devices and go back to 240 00:11:47.159 --> 00:11:47.759 the stone age. 241 00:11:48.279 --> 00:11:51.080 Not necessarily, there are things we can do to lessen 242 00:11:51.080 --> 00:11:54.159 the risks without going totally offline. We'll talk about some 243 00:11:54.200 --> 00:11:57.480 of those and explore other cool aspects of cybersecurity research 244 00:11:57.799 --> 00:11:59.960 when we come back for part two of this deep dive. 245 00:12:00.320 --> 00:12:02.519 Okay, so before the break, we were talking about how 246 00:12:02.639 --> 00:12:05.600 hackers can actually use smart devices to figure out our 247 00:12:05.679 --> 00:12:06.480 daily routines. 248 00:12:07.039 --> 00:12:11.159 Pretty creepy, right, Yeah, a little unsettling, but there's good news. 249 00:12:11.279 --> 00:12:13.759 Cybersecurity folks are coming up with ways to protect on 250 00:12:13.840 --> 00:12:16.480 privacy in this world where everything's connected. 251 00:12:16.679 --> 00:12:16.919 You know. 252 00:12:17.440 --> 00:12:19.519 One of the articles you sent actually talks about a 253 00:12:19.519 --> 00:12:22.080 technique called iotl. 254 00:12:21.840 --> 00:12:25.679 IOTL that sounds like some kind of secret code. What 255 00:12:25.840 --> 00:12:26.639 is it exactly? 256 00:12:26.759 --> 00:12:30.240 Well, it stands for Mitigation of IoT Leakage, okay, and 257 00:12:30.320 --> 00:12:32.720 it's a pretty smart approach. Basically, what it does is 258 00:12:33.360 --> 00:12:36.399 like it introduces fake traffic into your home network. 259 00:12:36.480 --> 00:12:37.200 Fake traffic. 260 00:12:37.320 --> 00:12:40.360 Yeah. Think of it like a digital smoke screen. Oh okay, 261 00:12:40.480 --> 00:12:43.919 that hides what you're really doing. So attackers have a 262 00:12:44.000 --> 00:12:47.559 much harder time getting any useful information from your smart devices. 263 00:12:47.799 --> 00:12:50.399 So if a hacker is watching my network, they'll see 264 00:12:50.440 --> 00:12:53.919 all this fake activity mixed in with my real activity exactly, 265 00:12:53.960 --> 00:12:55.360 and it makes it hard to tell them apart. 266 00:12:55.480 --> 00:12:57.240 Yeah, like trying to find a needle in a haystack, 267 00:12:57.279 --> 00:12:59.480 but a haystack is constantly moving and changing. 268 00:12:59.679 --> 00:13:02.200 That's pretty clever. Are there other things we can do 269 00:13:02.320 --> 00:13:05.000 to protect ourselves without having to give up all our 270 00:13:05.000 --> 00:13:06.200 smart devices? Of course? 271 00:13:06.360 --> 00:13:09.919 Of course, for starters, be careful about what information you're 272 00:13:09.960 --> 00:13:14.200 giving your devices, Like think twice before letting an app 273 00:13:14.840 --> 00:13:15.960 use your location. 274 00:13:15.720 --> 00:13:17.960 Data, Oh yeah. 275 00:13:17.639 --> 00:13:18.960 Or access your contacts. 276 00:13:19.039 --> 00:13:20.039 Yeah, that's a good point. 277 00:13:20.200 --> 00:13:23.879 It's so easy to just click allow without really thinking 278 00:13:23.919 --> 00:13:27.639 about it. Right, but those choices can really affect your privacy. 279 00:13:28.159 --> 00:13:31.399 Of course, you know you strong passwords and turn on 280 00:13:31.519 --> 00:13:32.720 to factor authentication. 281 00:13:33.039 --> 00:13:35.159 Yeah, that's that's cybersecurity one on one, right. 282 00:13:35.279 --> 00:13:37.759 Yeah, but it's always good to be reminded. What about 283 00:13:37.840 --> 00:13:40.440 keeping our software updated? That could be such a pain. 284 00:13:41.000 --> 00:13:44.320 Yeah, I know it's so tempting to ignore those notifications. 285 00:13:44.440 --> 00:13:48.279 I know, but guess those updates often have important security fixes. 286 00:13:48.720 --> 00:13:50.799 Do to address vulnerabilities, right exactly? 287 00:13:51.200 --> 00:13:53.919 Think if I'm like getting a flu shot for your devices, 288 00:13:54.399 --> 00:13:56.840 it helps protect you from the newest threats out there. 289 00:13:57.159 --> 00:13:59.200 Good enough, joy, What if you're not really sure how 290 00:13:59.200 --> 00:14:03.200 to secure your device? Are there like resources people can use? 291 00:14:03.240 --> 00:14:07.519 Oh yeah, definitely. Organizations like o wast O, WASP, the 292 00:14:07.559 --> 00:14:10.799 Open Web Application Security Project, Okay, they have tons of 293 00:14:10.799 --> 00:14:14.360 information and guys on how to secure web applications, including 294 00:14:14.600 --> 00:14:16.600 ones used in a lot of smart home devices. 295 00:14:16.679 --> 00:14:19.000 So there's help out there if we need it. 296 00:14:19.279 --> 00:14:22.440 Yeah, definitely. You don't have to be a cybersecurity whiz 297 00:14:22.480 --> 00:14:23.399 to protect yourself. 298 00:14:23.519 --> 00:14:26.440 That's good to know. So we've talked about a new 299 00:14:26.879 --> 00:14:31.080 mindset for cybersecurity, making education more accessible and even some 300 00:14:31.120 --> 00:14:33.799 ways to protect ourselves in this connected world. Anything else 301 00:14:33.879 --> 00:14:35.879 jumping out at you from these articles. 302 00:14:36.120 --> 00:14:38.039 Yeah, one of the things I'm most excited about is 303 00:14:38.039 --> 00:14:41.960 this move towards hands on learning and using games to 304 00:14:42.039 --> 00:14:45.279 teach these concepts, especially with things like DevSecOps, which we 305 00:14:45.320 --> 00:14:46.120 talked about before. 306 00:14:46.320 --> 00:14:48.480 Yeah, I think a lot of people learn best by 307 00:14:48.519 --> 00:14:50.240 doing so that approach makes a lot. 308 00:14:50.080 --> 00:14:53.080 Of sense, right, and the research shows how effective it 309 00:14:53.080 --> 00:14:56.559 can be. Like, there's this one game it's called Gaming DevSecOps, 310 00:14:56.840 --> 00:14:59.279 and it puts students in the role of software developers 311 00:14:59.559 --> 00:15:02.000 who have to like build a system as fast as 312 00:15:02.000 --> 00:15:04.759 they can, Okay, but at the same time they're facing 313 00:15:04.799 --> 00:15:06.000 all these security challenges. 314 00:15:06.440 --> 00:15:09.279 So it's not just about coding. It's about understanding how 315 00:15:09.320 --> 00:15:11.879 those coding decisions could impact security. Right. 316 00:15:11.960 --> 00:15:15.679 That's it. Students have to think strategically about security investments, 317 00:15:16.039 --> 00:15:19.320 figure out the costs and risks of different approaches, deal 318 00:15:19.360 --> 00:15:22.720 with unexpected stuff like cyber attacks. It makes them think 319 00:15:22.759 --> 00:15:23.279 on their feet. 320 00:15:23.519 --> 00:15:25.279 That's a lot different from just reading a textbook. 321 00:15:25.399 --> 00:15:27.799 Uh oh, yeah. It really brings the concepts to life, 322 00:15:27.879 --> 00:15:30.519 you know. The researchers found that students who played this 323 00:15:30.679 --> 00:15:34.399 game actually did way better on tests about dev secops. 324 00:15:34.759 --> 00:15:38.000 Oh wow, compared to students who learned the traditional way. 325 00:15:38.159 --> 00:15:41.639 Interesting. It seems like games could really change the game 326 00:15:41.720 --> 00:15:43.320 for cybersecurity education. 327 00:15:43.600 --> 00:15:46.320 I think so. And it's not just dev secops either. 328 00:15:46.639 --> 00:15:49.639 They're using games to teach all sorts of cybersecurity topics, 329 00:15:49.919 --> 00:15:53.080 from network security to incident response. 330 00:15:53.240 --> 00:15:56.279 Makes sense. Games are engaging, They pull you in and 331 00:15:56.320 --> 00:16:01.039 you can experiment without any real world consequences, you know, exactly. 332 00:16:00.759 --> 00:16:04.200 And this whole idea of hands on interactive learning it 333 00:16:04.279 --> 00:16:08.039 goes beyond games too. Some researchers are using things like 334 00:16:08.279 --> 00:16:12.039 single board computers and micro controllers to create cool learning experience. 335 00:16:12.159 --> 00:16:13.679 Oh yeah, I remember reading about that. 336 00:16:13.720 --> 00:16:16.840 It's like those old chemistry sets, but instead of mixing chemicals, 337 00:16:17.039 --> 00:16:19.120 students are building and hacking devices. 338 00:16:19.159 --> 00:16:23.399 So they're like becoming cybersecurity tinkerers exactly. 339 00:16:23.240 --> 00:16:26.279 And they're given the tools and knowledge to explore an 340 00:16:26.360 --> 00:16:29.039 experiment in a safe environment. That's how you build the 341 00:16:29.080 --> 00:16:31.519 next generation of cybersecurity pros. 342 00:16:32.320 --> 00:16:34.559 We've talked a lot about the educational side of things, 343 00:16:35.000 --> 00:16:37.799 but what about the research, like the actual work being 344 00:16:37.879 --> 00:16:41.919 done to secure all this new tech. We touched on drones, 345 00:16:42.279 --> 00:16:45.240 but where else are researchers focusing their energy. 346 00:16:45.600 --> 00:16:48.399 Well, one big area is communication security, especially for the 347 00:16:48.399 --> 00:16:51.399 Internet of things, right. Researchers are looking at all sorts 348 00:16:51.399 --> 00:16:53.840 of ways to protect the data that's flowing between all 349 00:16:53.879 --> 00:16:55.879 these devices and the networks they're. 350 00:16:55.679 --> 00:16:58.879 Connected to, right, because if that communication channel is compromised, 351 00:16:58.919 --> 00:17:01.879 then it's game over, exactly. And they're looking at everything 352 00:17:01.960 --> 00:17:06.440 from the traditional encryption to more advanced techniques like using 353 00:17:06.559 --> 00:17:10.640 multiple drones to create interference so attackers can't eavesdrop. They're 354 00:17:10.680 --> 00:17:14.359 also exploring ways to like authenticate devices so you can 355 00:17:14.400 --> 00:17:17.480 be sure you're actually talking to your smart thermostat, right 356 00:17:17.519 --> 00:17:20.640 and not some hackers' device exactly. Sounds like they're really 357 00:17:20.680 --> 00:17:22.359 pulling out all the stops. 358 00:17:22.000 --> 00:17:25.519 They are, and it's not just about protecting the devices themselves. 359 00:17:26.079 --> 00:17:29.400 Researchers are also figuring out how to secure the data 360 00:17:29.759 --> 00:17:31.279 those systems collect in store too. 361 00:17:31.359 --> 00:17:33.759 Oh yeah, that's important. I mean, we've seen how valuable 362 00:17:33.799 --> 00:17:35.880 that data can be and how it can be used 363 00:17:35.920 --> 00:17:37.640 in good and bad ways exactly. 364 00:17:37.720 --> 00:17:42.680 So they're exploring things like data encryption, access controls, even 365 00:17:42.720 --> 00:17:46.160 ways to securely delete data. The goal is to make 366 00:17:46.160 --> 00:17:48.400 sure that even if a hacker gets their hands on 367 00:17:48.440 --> 00:17:52.039 your data. It's either completely useless or way too hard 368 00:17:52.079 --> 00:17:52.480 to use. 369 00:17:52.920 --> 00:17:55.359 So even if someone gets into my smart home system, 370 00:17:55.599 --> 00:17:57.759 they won't be able to access my info or mess 371 00:17:57.799 --> 00:17:58.640 with my devices. 372 00:17:58.960 --> 00:18:01.200 That's the idea. Yeah, And even if they can get 373 00:18:01.240 --> 00:18:03.079 to the data, they might not even know if it's real. 374 00:18:03.680 --> 00:18:06.920 Some researchers are working on ways to sneak fake data 375 00:18:06.960 --> 00:18:09.799 into these systems. Oh wow, just to mess with the attackers. 376 00:18:09.880 --> 00:18:12.079 It's like a digital game of cat and mouse, with 377 00:18:12.200 --> 00:18:14.720 researchers always trying to stay one step ahead. 378 00:18:15.039 --> 00:18:17.640 That's a great way to put it. Yeah, cybersecurity is 379 00:18:17.640 --> 00:18:21.319 a field that's constantly changing. As new technology comes out 380 00:18:21.400 --> 00:18:24.039 and new threats pop up, the researchers have to keep 381 00:18:24.079 --> 00:18:26.839 adapting and coming up with new strategies to fight back. 382 00:18:27.240 --> 00:18:29.599 Sounds like it takes a certain kind of person to 383 00:18:29.680 --> 00:18:31.839 work in cybersecurity. You got to be able to think 384 00:18:31.880 --> 00:18:34.920 like an attacker, predict their moves, and then come up 385 00:18:34.960 --> 00:18:36.839 with creative ways to outsmart them. 386 00:18:37.200 --> 00:18:39.160 It does take a special set of skills and a 387 00:18:39.160 --> 00:18:42.160 certain way of thinking. But the cool thing about cybersecurity 388 00:18:42.200 --> 00:18:44.599 is that it's not just about technical stuff. It's also 389 00:18:44.599 --> 00:18:48.200 about psychology, human behavior, even economics. 390 00:18:48.400 --> 00:18:52.000 Really. Yeah, So it's not just about building unbreakable systems, 391 00:18:52.039 --> 00:18:54.880 it's about understanding the people who are trying to break 392 00:18:54.880 --> 00:18:56.160 in exactly. 393 00:18:56.559 --> 00:18:58.519 Cybersecurity is a field where you got to know a 394 00:18:58.559 --> 00:19:01.079 lot of different things. Yea, not just tech. It's about 395 00:19:01.119 --> 00:19:03.440 people and how they use tech. That's what makes it 396 00:19:03.519 --> 00:19:04.839 so challenging and so rewarding. 397 00:19:05.039 --> 00:19:09.200 Okay, so we've talked about education, the research, even ways 398 00:19:09.240 --> 00:19:13.000 to protect ourselves, But what about the people doing these attacks? 399 00:19:13.039 --> 00:19:15.279 Who are these hackers and what do they want? 400 00:19:15.799 --> 00:19:18.599 That's a tough question and the answer kind of depends 401 00:19:18.599 --> 00:19:21.839