
Do you have the brains for cybersecurity? - pelf
http://www.bbc.co.uk/news/technology-34312697
======
tshadwell
What area of 'cybersecurity' would I be finding myself breaking substitution
ciphers based on wingdings in?

I work in the information security industry, and I feel like I'm missing
something but I really have to ask what these are relevant to.

Cryptography, which this appears to be a reduced form of is mostly tangential
and very nuanced relative to the ciphers in this challenge. I often feel my
line of work is grossly misrepresented by dizzying fields of esoteric numbers
and references to ancient cryptography when I'm happy to find myself many of
my days engrossed in the security characteristics of some powerful technology
used right now in the real world.

I moved from engineering to security, but if this was my only interaction with
security, I'm not sure I'd have been interested.

Edit: if you're interested in real crypto challenges, try
[http://cryptopals.com/](http://cryptopals.com/) and read Cryptography
Engineering, which is a wonderful read that goes over not only the
cryptography but also the principles common across the many specialisations of
the infosec industry

~~~
massemphasis
I think this is geared for kids, and not really adults.

~~~
TheOtherHobbes
It's a recruiting exercise for various companies.

Apparently it's a _serious_ recruiting exercise for various companies - which
is frankly terrifying for anyone who knows anything about infosec but isn't a
cybercriminal, terrorist, or foreign hostile.

------
AdmiralAsshat
I wasn't aware I had to explain _how_ the crypto works in order to advise my
clients that they should be disabling outdated SSL versions on their servers
and returing RC4 ciphers.

Evidently I don't have the brains for cybersecurity. My clients should be just
fine with their telnet-enabled/remote-root-accessible servers until someone
who can descramble Wingdings riddles can save them.

------
patcheudor
I have mixed feelings about this. While being a good puzzle solver is
important, to be really good you need a certain level of creativity in
thinking which goes beyond just the ability to solve puzzles. Thinking like a
criminal as an example is a necessity in a number of cyber-security fields and
can trump the ability to solve puzzles. I see a lot of vulnerabilities get
marginalized because people simply can't correlate how it could be used by a
criminal to make money. Likely for a reason, it's the ability to think like a
criminal which is largely missing & where people do have that ability many
times they are treated by their cyber security peers as a bit suspect.

------
zubspace
If you enjoy this, maybe you will like the challenges of Hacking-Lab
([https://www.hacking-lab.com](https://www.hacking-lab.com)).

Right now there's a Hacky Easter competition running which you can participate
in for free: [http://hackyeaster.hacking-
lab.com/hackyeaster/challenges.ht...](http://hackyeaster.hacking-
lab.com/hackyeaster/challenges.html)

------
AndyMcConachie
This is probably a recruitment operation. Not that there's anything wrong with
that, but I think that's what this is.

~~~
ecma
"They range in difficulty from simple to knotty and fiendish. We will let you
know the answers next week."

It's not a recruitment operation. They're just some fun puzzles which are
accessible to laypeople. It shows the fundamentals of cryptanalysis in a way
that a casual reader can understand and even have a crack at solving.

Someone mentioned in another comment that Simon Singh's "The Code Book" starts
in a similar way and they're dead on. You don't introduce someone to a subject
by posing problems based on constructs they don't yet have the tools or
context understand. The history of the field informs its current state -
cryptography and cryptanalysis have a very rich and fascinating history.

------
Animats
That's not "cybersecurity", that's paper and pencil cryptanalysis. Completely
different skill.

Here's NSA's internal course list.[1] Not much about puzzles.

[1] [https://cryptome.org/0001/ncs-courses.htm](https://cryptome.org/0001/ncs-
courses.htm)

------
merpnderp
This might be the optimal place to start (Khan academy's excellent intro):
[https://www.khanacademy.org/computing/computer-
science/crypt...](https://www.khanacademy.org/computing/computer-
science/cryptography)

------
terminado
No[1], because "cybersecurity" is an open-ended non-static target, with human
adversaries in the loop, who will adapt to circumstantial changes dynamically.

    
    
      [1] https://en.wikipedia.org/wiki/Betteridge's_law_of_headlines

------
Moppers
I can't do one of these. It's the middle one of the last part. The diagram
with the pentagon.

------
mtgx
What's the point if they're just going to ask for backdoors in those systems
later?

~~~
balabaster
I guess if you can crack these, then you're more competent than the current
guard you'll be asked to replace and won't be asked to compel companies to
write code without pay to breach their own security systems... so perhaps
you'd be doing the world a favour by becoming an underpaid cyber security
expert working for peanuts at one of the world's premier intelligence
gathering agencies without needing to ask for sweeping surveillance rights
that are a gross breach of everyone's right to privacy - which there are laws
set in place to protect, unless you're the Government, in which case, the law
doesn't apply to you. ;)

