Cybersecurity "Experts" suck at coding. It's a problem.

แชร์
ฝัง
  • เผยแพร่เมื่อ 5 ม.ค. 2025

ความคิดเห็น • 721

  • @drinductor8150
    @drinductor8150 11 หลายเดือนก่อน +1790

    Laurie I'm not sure if you're aware but this video has an ear-piercing squeak around 16kHz (likely caused by the flyback transformers in those CRTs). Most people won't hear it but it's unwatchable for those who can.

    • @lvsd
      @lvsd 11 หลายเดือนก่อน +166

      yea my ears are hurting

    • @snbv5real
      @snbv5real 11 หลายเดือนก่อน +84

      I thought it was just me!

    • @quantuminfinity4260
      @quantuminfinity4260 11 หลายเดือนก่อน +61

      Yeah it’s quite strong 😅

    • @markcoren2842
      @markcoren2842 11 หลายเดือนก่อน +85

      I thought that was my tinitus kicking into a new level of overdrive. Glad you mentioned it 😁

    • @shadowpenguin3482
      @shadowpenguin3482 11 หลายเดือนก่อน +36

      Yeah it seems to be in other videos as well. Makes them unwatchable for me, even though the topics are super interesting. If TH-cam allows you to edit the audio track I would also very much appreciate if you fixed older videos as well (eg the plist one has the noise as well, although not as bad as here)

  • @neilclay5835
    @neilclay5835 11 หลายเดือนก่อน +860

    As a software engineer, a video titled in such a way as to suggest that other people aren't as good as me at something I do professionally is clearly a good thing and must be completely correct.

    • @ducodarling
      @ducodarling 11 หลายเดือนก่อน +135

      Her next video will be titled "Software engineers suck at coding"

    • @jacobenders1213
      @jacobenders1213 11 หลายเดือนก่อน +16

      Someone can be good at programming, and you can still be better than them.

    • @nelsonjanusson7278
      @nelsonjanusson7278 11 หลายเดือนก่อน

      lol fair

    • @xnexgax2477
      @xnexgax2477 11 หลายเดือนก่อน

      You talk like a redditor

    • @rawallon
      @rawallon 11 หลายเดือนก่อน +26

      Tell me you got your ego hurt withou telling me you got your ego hurt

  • @mikerollin4073
    @mikerollin4073 11 หลายเดือนก่อน +343

    I've always assumed that programming skills were a prerequisite for getting into this field

    • @jameezybreezy9030
      @jameezybreezy9030 11 หลายเดือนก่อน +67

      “This field” is huge with tons of different jobs, so this entirely depends on your goals

    • @cravenmoorehead5657
      @cravenmoorehead5657 11 หลายเดือนก่อน +21

      Not at all pentesters can write scripts at most trust me. I’m a penetration tester, and I had to spend time with the development security operations and had to code 24 seven I failed miserably and I begged to go back to testing.

    • @mofogie
      @mofogie 11 หลายเดือนก่อน +39

      it is if you want to be actually good at the job. Unfortunately the industry is notoriously nepotic. Half the jobs are for people with clearence, which mean they'll take military over private citizen. The military doesn't really train their personnel well in computer technology. Cybersecurity has a very severe bureaucratic problem. That's why many don't know how to code.

    • @Tomahawkist_
      @Tomahawkist_ 11 หลายเดือนก่อน +10

      tech skills are prerequisite, as well as a willingness to learn, any other points in the video are very specific to her field. she has a very narrow view of cybersec, and if she was a goldsmith she'd make a video about how it's a problem that blacksmiths can't make rings as intricate as her

    • @zellfaze
      @zellfaze 11 หลายเดือนก่อน +6

      I feel like a lot of cyber security folks spend their time chasing down alerts, but idk, I am a software engineer not a security analyst.

  • @LukeAvedon
    @LukeAvedon 11 หลายเดือนก่อน +166

    This gives me a lot of hope as a software developer with reversing / security research dreams.

    • @bobbobson6290
      @bobbobson6290 11 หลายเดือนก่อน +5

      I also suck at coding and hope to get a cybersecurity job.

    • @kayakMike1000
      @kayakMike1000 11 หลายเดือนก่อน +1

      ​@@bobbobson6290 You could practice a lot and get better at writing code. What do you hope to do in Cyber security?

    • @beginanewt
      @beginanewt 5 หลายเดือนก่อน +3

      ​@@kayakMike1000 your mom

    • @orbitalair2103
      @orbitalair2103 3 หลายเดือนก่อน

      @@bobbobson6290 its ok, 9 out of 10 cyber people ive run into dont know squat about coding, they are all button pushers. its fubar.

  • @DroneMothership
    @DroneMothership 11 หลายเดือนก่อน +229

    Yeah it is an issue. When I was starting out so many "popular" security experts told me you dont need to code to use tools. In hindsight it did a lot of damage later on when you get into very advanced topics that require you to do it yourself. You reach a upper limit in skill if you dont learn how to code or develop software early on.

    • @gergelykalman9822
      @gergelykalman9822 11 หลายเดือนก่อน +29

      these hackfluencers are the worst

    • @orlandocarranza7187
      @orlandocarranza7187 11 หลายเดือนก่อน +15

      This is why I went to a coding boot camp and did a computer science degree before starting cyber. It's just like most things, you need to have a solid foundation. Otherwise you are just building a house of cards.

    • @reed6514
      @reed6514 11 หลายเดือนก่อน

      ​@@orlandocarranza7187I've seen soke really impressive houses of cards

    • @Yorick257
      @Yorick257 11 หลายเดือนก่อน +12

      I think it's the same in many fields. I have two colleagues, one is a chemist and another is a physicist. And both can code at a basic level because many tools require some programming. They are far from me, but they're also way above anyone who can't code at all.

    • @jakdaxter6033
      @jakdaxter6033 11 หลายเดือนก่อน

      What languages would you suggest learning and how much of a grasp should someone have?

  • @Nyocurio
    @Nyocurio 11 หลายเดือนก่อน +167

    Extremely anecdotally, the people at uni in my CS course who were gunning for the cybersec track absolutely hated anything related to programming and just did the bare minimum to pass. I could never quite understand how one could be interested in the former while having an aversion to the latter; to me, they seem intrinsically entangled.

    • @MajorHomeless
      @MajorHomeless 11 หลายเดือนก่อน +20

      money

    • @dekumutant
      @dekumutant 11 หลายเดือนก่อน +21

      There are huge advertising campaigns right now pushing for cybersecurity specialists to get 100k jobs out of uni. People are jumping in who don't care about IT with the promise of big bucks

    • @DavidMitchellisover9000
      @DavidMitchellisover9000 11 หลายเดือนก่อน +11

      @@MajorHomeless a similar gold rush happened with CS majors during various tech booms, it never pans out well for them.

    • @一本のうんち
      @一本のうんち 11 หลายเดือนก่อน +2

      @@dekumutant that's true. i'm doing my second degree in maths now and a lot of first year math classes are shared between cybersec/comp sc./data science. students. 50%!!! of students on our math classes are doing cybersec and they ALL vocally hate maths and don't want to be there. i spoke to some friend whos doing comp sc. and he told me they also hate data structures and alg classes and always complaining why they need it/it's too hard etc... cybersec. "grads" gonna be a shitstorm in few years lol

    • @sleep-lx4by
      @sleep-lx4by 10 หลายเดือนก่อน

      weirdly, along with the projected salary advertised alongside the degree, the lack of coding yet being a technology oriented field attracts a lot of people for some reason.

  • @josephowens4654
    @josephowens4654 11 หลายเดือนก่อน +129

    I’m at the late career stage of cybersecurity and fully agree. When I started out security was at best an afterthought so my early tech career was back in the days of assembly language the original C before OO was a thing. I was always into the idea of security and some of my employers humoured my paranoia when I could articulate risks well. The reason I could do this was I not only had a technical grasp to get support from that side of the company but also quantitative business understanding that could put a monetary value to risk for the suits. These days I see far more emphasis on talking to suits than understanding the deep technical aspects of risk. Both are vital to the security role. It is more than anything else a translators role that requires fluency in both domains.

    • @ayoCC
      @ayoCC 11 หลายเดือนก่อน +3

      fluent in the language of money, and fluent in the language of ways that people can steal

    • @Tomahawkist_
      @Tomahawkist_ 11 หลายเดือนก่อน +1

      exactly, expecting every security professional to be an expert in every programming language is delusional, there are many different ways to be a good cybersec expert, and not all of them require extensive programming knowledge. some of them do, but by far not all of them.

    • @ZekuTokairin
      @ZekuTokairin 11 หลายเดือนก่อน +6

      @@Tomahawkist_ It's not about language knowledge IMO, it's that whether you're doing monitoring, reverse engineering binaries, or pentesting, at some point you're probably going to want to automate something. And at that point, you can benefit its development and maintenance by applying software eng. best practices like source control, continuous integration, and regression testing. Every single person I've seen in security who said, "It's just a bunch of scripts" eventually had to deal with the tech debt of trying to build and maintain software that didn't have the benefit of software development.

  • @salazar1554
    @salazar1554 11 หลายเดือนก่อน +38

    As someone who is a programmer primarily but does know a bit of cybersecurity. It is okay to have non-programmers on the team, a lot of attacks are social or psychological and in addition a managerial social butterfly type is useful for convincing executives that it worth the cost to implement defences or running stuff like spear-fishing simulations.
    Also it is well and good to have a mathematically verified authentication algorithm but sometimes we forget about big picture stuff like what happens if there is a black out or how the procedure of employees getting ID cards to use. In addition not having non-programmers on the team might lead to making procedures too difficult or annoying for regular people which means they'll just skip or get around them ie (Neville Long-bottom in Harry Potter keeping a list of future passwords on a sheet of paper because they changed too often) if this happens you make things even more insecure.
    You do need a good amount programmers on the team but fundamentally people with different backgrounds are going to discover completely different types of vulnerabilities and four geniuses who spot the same thing are less useful than 4 competent people who spot different things.

    • @retagainez
      @retagainez 11 หลายเดือนก่อน +9

      In an age where teams are siloed and specialized, reading this was like a breath of fresh air.

  • @saintgermain6967
    @saintgermain6967 11 หลายเดือนก่อน +18

    « Cybersecurity » itself is a broad term it’s like saying that you work in "IT", there are so many jobs Involved in it that some things are just not your responsibility. Most of the stuff discussed here mostly apply to like software security,bug bounty, web app pen testing which are different from like network security. I do agree obv you gotta know how to read and understand code but it really depends on what you’re specializing in. How can you be a reverse engineer if you don’t know the language that you’re trying to break apart? it doesn’t make sense, obv you should learn the language. But like a network security engineer doesn’t necessarily have to worry about that. that’s why reverse engineering is it’s own thing but they’re all under the umbrella of “cybersecurity” correct me If im wrong

    • @thelaughinghyena8082
      @thelaughinghyena8082 6 หลายเดือนก่อน +5

      ur right, but computers are run on software, and software is written in code. But calling yourself a security expert when you cannot even read code or understand how exploits work under the hood is just hilarious. The whole industry is built around the idea of software vulnerabilities and misuse.

  • @OctagonalSquare
    @OctagonalSquare 11 หลายเดือนก่อน +39

    This is also a concern in other fields. Generally, the developers of a software have never worked in the field the software is for, and the users it have never been developers (neither have their managers).
    Without revealing too much, that’s why I have my job. I’m basically a liaison for our customers, as I’ve got a degree in computer science and worked as a dev for a few years, but also worked in the field we develop for and have a passion for it. So I’m in charge of meeting with customers and potential customers about their needs and helping plan our path forward with my knowledge of what the industry as a whole needs and what is possible in the timeframe given.

    • @SirCutRy
      @SirCutRy 11 หลายเดือนก่อน

      Did you work in the domain before becoming a developer? Do you want to expand a bit on how you got to where you are?

  • @xaza8uhitra4
    @xaza8uhitra4 10 หลายเดือนก่อน +1

    I really appreciate you making this video Laurie, it was the wake up call I needed to push myself further than the goals I had previously set for myself.

  • @filiplaubert5001
    @filiplaubert5001 11 หลายเดือนก่อน +46

    We can hear the high tone of a CRT monitor.

    • @TehPwnerer
      @TehPwnerer 11 หลายเดือนก่อน +25

      Wait a few years you won't notice

    • @filiplaubert5001
      @filiplaubert5001 11 หลายเดือนก่อน +3

      @@TehPwnerer Oh, that's true :D

    • @xaza8uhitra4
      @xaza8uhitra4 10 หลายเดือนก่อน +5

      Make your own video then, im so sick of people complaining about the smallest of things. This video is excellent.,

    • @filiplaubert5001
      @filiplaubert5001 10 หลายเดือนก่อน +3

      @@xaza8uhitra4 It is a constructive criticism. I just stated why I won't subscribe to her. I looked at number of subs before posting this comment, so I know she is on the realistic road to make living with youtube. The top comment is literally stating the same thing, so I am not alone. And that change could seriously help her. I am sick off these SJW not using logic but emotions.

    • @JDoe-gf5oz
      @JDoe-gf5oz 8 หลายเดือนก่อน +1

      You got a mouse in your pocket?

  • @Levelworm
    @Levelworm 11 หลายเดือนก่อน +35

    The problem is that the industry is hiring people with "certificates" instead of people with a lot of developer experiences. If you are not asking for that and if you are only making them click checklists then that's what you are getting. I always feel Cybersecurity should be a VERY senior position -- you should never hire people with no developer experience into the field.

    • @hackvlix
      @hackvlix 11 หลายเดือนก่อน +19

      The problem is that they need _a lot_ of cybersecurity people, and there simply aren't enough with developer + infosec skills.

    • @Levelworm
      @Levelworm 11 หลายเดือนก่อน

      AFAIK IT people (including security) are usually amongst the first to be cut whenever there is a cut. I also see a trend to outsource as much IT as possible to foreign contractors. I guess they just want the numbers of people and certificates so they can declare being innocent whenever a hit occurs. The more I think about, the more I believe it makes sense to be someone in the red team@@hackvlix

    • @aurilllium
      @aurilllium 8 หลายเดือนก่อน +1

      In some regard it should definitely be a more senior area because of its importance, but it does kind of have to be at all levels anyway. Every developer should have cybersecurity knowledge to develop secure software and everyone dealing with the technical side of cybersecurity should also have a lot of deeper knowledge about computing and software, and unfortunately even if you study in university for years you still wouldn’t have the real-world experience you need for any position

    • @squirlmy
      @squirlmy 7 หลายเดือนก่อน +2

      Companies also don't want to pay people with more skills and CS degrees. Heck, they don't even want to hire credentialed coders to code! There's old Java code and even Visual Basic out there to prove it. The problem isn't certificates, it's that employers don't want to put up money to properly train people, or spend the money once they have beyond minimal credentials. "Cybersecurity should be a VERY senior position" 😂🤣🤣😂🤣😂🤣😜

    • @Levelworm
      @Levelworm 7 หลายเดือนก่อน

      @@squirlmy I don't really think training can do the thing though. Some trainings do have value but none can compete with actual multiple years of experience of, say, reverse engineering malwares. Trainings are good for bootstrapping oneself though.

  • @jojosthenewblack
    @jojosthenewblack 11 หลายเดือนก่อน +5

    There's a horrible high pitched sound playing throughout your video and it makes it painful and difficult to focus on the informative aspect of the video

  • @randommoosebrains
    @randommoosebrains 11 หลายเดือนก่อน +44

    Agreed. Originally it was we were told programming is for scripts but for many aspects in cybersecurity it’s important. Heck look at web app pentesting, you NEED an understanding of JavaScript to communicate findings to the web devs. Also secops is a must.
    With the amount of free resources out there for coding, it’s a must for anyone doing infosec.

    • @camelotenglishtuition6394
      @camelotenglishtuition6394 11 หลายเดือนก่อน

      Would you say javascript would be better to learn than say, python or c?

    • @randommoosebrains
      @randommoosebrains 11 หลายเดือนก่อน

      ​@@camelotenglishtuition6394 it really depends. Python and Javascript are common languages to learn. For data analysis or anything involving AI python is used a lot. For web dev/ pentesting javascript. Game development? Malware Analysis? C, C++ and others are used. It really comes down to what your goals are.....

    • @taggerung_
      @taggerung_ 11 หลายเดือนก่อน +3

      @@camelotenglishtuition6394 depends what youre trying to do.

    • @standoutfoly8913
      @standoutfoly8913 11 หลายเดือนก่อน

      I am also studying Web security. Sometimes I am often unable to conduct accurate code audits because I have not experienced Web front-end and back-end development. My understanding of code is not very good, so during the code audit process, there are some parts of the code that I cannot read. Affects my ability to mine white-box vulnerabilities😢😢

    • @hackvlix
      @hackvlix 11 หลายเดือนก่อน +1

      @@camelotenglishtuition6394 No.

  • @brookswift
    @brookswift 11 หลายเดือนก่อน +33

    I'm fond of combining dev ops, security, and dev tools into a single team/scrum group as I scale up a company and start assembling engineering teams. the best way to get devs to use security best practices is to build tooling and workflows that encourage it. poor security tooling or security by fiat usually just results in frustrated users and devs circumventing the security or avoiding working with security because of how much friction it adds to their daily workflows.

    • @retagainez
      @retagainez 11 หลายเดือนก่อน +1

      Silos also cause the same problem, but this is organizational.

  • @abaan404
    @abaan404 11 หลายเดือนก่อน +13

    theres a really strong audio frequency in the intro by the way, its hard for me to tell if its in the rest of the video but just letting you know

    • @blubblub3786
      @blubblub3786 11 หลายเดือนก่อน +5

      Its there the entire time, might be from one of the CRTs., but it gets weaker throughout the video.
      And on another note I just learned that my right ear can hear higher tones than my left ear...

  • @kickthesky
    @kickthesky 11 หลายเดือนก่อน +3

    It really depends on which branch of cybersecurity you are working in. This will be less necessary for people working in incident response and some entry level network pentesting. I work in appsec and it is absolutely necessary to have a programming background. I worked in software development for over twenty years before I got into appsec six years ago. A lot of my time is spent in code review and exploit creation and thus I have to be fluent in a lot of languages, or at the very least types of languages. When I talk to some of our network security guys I talk above their head most of the time when it comes to coding. The very most they would have to do, most of the time, is write a python or bash script.

  • @monad_tcp
    @monad_tcp 11 หลายเดือนก่อน +17

    To reverse engineer it helps when you know how to engineer things.

  • @Hypnotically_Caucasian
    @Hypnotically_Caucasian 11 หลายเดือนก่อน +4

    CompTIA doesn’t determine your aptitude for coding or programming- it just tests you on your memorization skills of useless information. CompTIA’s website even runs like ass.
    It’s why the industry has became so stagnant- we prioritized useless certifications from a random certification company over people who used more than two operating systems (looking at you, Windows 10, Android and iOS).

    • @orbitalair2103
      @orbitalair2103 3 หลายเดือนก่อน

      Because the gov is the biggest employer and driver of cyber, and they say you have to have the certs, or go to the army cyber school, in order to get a job. I agree with you , its poorly setup, and really designed to fail. but then, thats the usa gov for you.

  • @oohkumar
    @oohkumar 8 หลายเดือนก่อน

    Thanks Laurie. I’m learning a lot. I work front-end mostly but trained in machine and assembly many years ago. Your videos are a nice refresher. Keep up the good work.

  • @ayoCC
    @ayoCC 11 หลายเดือนก่อน +12

    changing the camera angle occasionally is really smart to bring back the viewer attention on a long monologue, without having to make complex visualisations or finding relevant other video material

    • @mikicerise6250
      @mikicerise6250 11 หลายเดือนก่อน +7

      I find it distracting, actually, especially since she's not looking at the camera in one of the views. 🤷

  • @reductor_
    @reductor_ 11 หลายเดือนก่อน +12

    Knowing the programming language and common idioms is extremely important. Programming languages continue to evolve the decompiler isnt decompiling to those languages but translating the compiled version of it into something like C or C#
    Sometimes these new language freatures can lead to more security issues, if security researches dont keep on these things and programmers ignore security then we are in a constant bad state, as someone who is a programmer I see this all the time.
    You also miss offering the actual best advice, when you understand programming and the language along with its features you can offer design patterns and approaches which are more secure and fit developers needs.

  • @fanelise19
    @fanelise19 11 หลายเดือนก่อน +18

    Without an understanding of the structure of the target applications code , i don't think you can really "research its security"
    Cant break it if you cant build it

    • @robersniper
      @robersniper 11 หลายเดือนก่อน +5

      One thing is understanding code, and the other thing is being able to code. very different

    • @camelotenglishtuition6394
      @camelotenglishtuition6394 11 หลายเดือนก่อน

      1 million percent agree

    • @irrelevant_noob
      @irrelevant_noob 11 หลายเดือนก่อน +4

      > Cant break it if you cant build it
      _Sledgehammers have left the chat._

    • @squirlmy
      @squirlmy 7 หลายเดือนก่อน +1

      @@sn5806 the OP's comment is actually a social engineering attack. He's trying to convince us that people who can't code pose no threat. Probably a Russian hacker 😜

  • @GoldenBeholden
    @GoldenBeholden 11 หลายเดือนก่อน +2

    I do amateur pentesting for fun based on responsible disclosure policies -- I have no formal training in cyber security, but I have been able to get very far just with my knowledge as a software engineer. Sure, I may lack specialised knowledge, but learning how to make systems teaches you how to break them as well.

  • @raphaelprinz9944
    @raphaelprinz9944 7 หลายเดือนก่อน

    Super cool video! Your video description reads like the abstract of a paper, your academic background definitely shows through. :)

  • @Jcewazhere
    @Jcewazhere 8 หลายเดือนก่อน +1

    Can confirm.
    My bachelors was in programming, but I sucked at and hated writing new code so switched to security. It clicks for me far better.
    I was far better at QA/bug hunting and helping others with their code than writing my own.
    Malware analysis would be fun eventually, get some use out of all those classes I paid for, but for now I'm happy just being an analyst.
    It seems plain to me that the reverse is also true though, coders don't know (or aren't given the time for) security.
    The amount of times I've found websites with no input validation is scary.

  • @kurtmueller2089
    @kurtmueller2089 11 หลายเดือนก่อน +9

    9:00 see, the trick that most malware authors use is this: They don't actually encrypt your files. They just delete them and replace them with randomly generated data nonsense of equal size.

    • @tent405
      @tent405 11 หลายเดือนก่อน

      people who engineer malware are authors, but there are also developers and engineers? i've never seen the distinction.

    • @Elizabeth-hv4po
      @Elizabeth-hv4po 11 หลายเดือนก่อน +1

      they don't make a copy of it? when the infected indv pays them off dont they get the files back

    • @kurtmueller2089
      @kurtmueller2089 11 หลายเดือนก่อน +2

      @@Elizabeth-hv4pono, not always at least. Sometimes they do, but the lazy ones just delete the data.

    • @chrislowe6926
      @chrislowe6926 11 หลายเดือนก่อน

      Encrypting files can take a long time, so it seems plausible that they would delete and replace with noise.

    • @Isaacool
      @Isaacool 17 วันที่ผ่านมา

      @@tent405I’ve seen software engineers and developers referred to as authors it’s not uncommon nor unique to malware developers

  • @hadibq
    @hadibq 7 หลายเดือนก่อน

    I like the intro! and so true about many of security researchers I know and mostly who hire them :)

  • @alexpelee
    @alexpelee 11 หลายเดือนก่อน +4

    WTF is that noise in the back?

    • @retagainez
      @retagainez 11 หลายเดือนก่อน +2

      Speculation says the CRTs in the back emitting that noise.

  • @orlovskyconsulting
    @orlovskyconsulting 11 หลายเดือนก่อน +10

    Lets think for a moment , what purpose of Cybersecurity specialists? They main purpose to identified security vurnabilities at the given company, they responsible for identifing potential data leakage, they understand access control. Now on software side, there they must audit software for any security problems, but this is not theirs major responsibility, they should find problems, but make aware developers to fix the code which must be refactored. So Cybersecurity job to maintain security in the company, its always beneficial to know very good programming language, but at first its not necessary.

    • @andrew_moon
      @andrew_moon 11 หลายเดือนก่อน +2

      Keep in mind this is a video made by a researcher who has no idea what it's like in the trenches as an analyst. I value her overall message, but a distinction must be made, network security is not the same as web app security or secure software design. There are talented netsec professionals who rarely if ever need to touch coding at their day job.

    • @orlovskyconsulting
      @orlovskyconsulting 11 หลายเดือนก่อน

      @@andrew_moon Yes i agree with you, some people expect from IT professionals very big knowledge wheel, but its impossible atleast when the neuranal link not at mass production and people with chip do not exist yet. Learning programming is always beneficial, you just keep adding ne tool to you belt, cloud is something different story , in the recent years i see more and more client which prefer to run in hybrid mode, its cost effective and you dont "loose" control over your enterprise completly to a cloud vendor.

  • @Whatthellisthisthing
    @Whatthellisthisthing 11 หลายเดือนก่อน +2

    While we’re on the topic… how many things have you learned & forgot because you don’t utilize them frequently enough?

  • @nomad-1776
    @nomad-1776 10 หลายเดือนก่อน

    Thanks for the perspective. I just started a CS program at my uni, and I'll keep this in mind as I go.

  • @christopheroliver148
    @christopheroliver148 10 หลายเดือนก่อน +5

    I hope this doesn't come across as just piling on, but I did take the audio of this and sent it into a frequency analyzer. There is a definite peak at 15.7KHz. I don't know if running your audio track through a sharp notch filter tuned around there would help. I'm an old fart, so I'm not bothered, but I figured I'd try to help.
    Edit: I loaded the sound track into Audacity and processed with the built in notch filter at 15737Hz and quality 5, and the peak is gone. One might be able to use an even sharper filter, but I think this removes the sound the young'uns are noticing, and it does so without any meaningful reduction in audio quality.
    Keep on keepin' on!

  • @blu3h4t
    @blu3h4t 9 หลายเดือนก่อน +1

    you forgot to put linux/developer coloured sox on :D

  • @davejoseph5615
    @davejoseph5615 4 หลายเดือนก่อน

    I was a programming tutor at a school with both programs and I agree that many of the students in the cyber security program were wholly focused on getting their cyber security credentials while barely understanding basic programming or having any interest in it.

  • @JPEaglesandKatz
    @JPEaglesandKatz 11 หลายเดือนก่อน +1

    Very well put together, clearly explained and makes a lot of sense... I just found your channel.. Subbed ofc... Keep up the great videos! :)

  • @AnonymousApexio
    @AnonymousApexio 8 หลายเดือนก่อน +2

    Okay, a bit of information in this video, first off, any reverse engineer of course knows coding, like that's basics, especially C and assembly. But I am sorry, most SOC analysts won't EVER need to use programming as a SOC analyst, or an auditor or a manager...
    App security is a VERY small part of cybersecurity, security operations, governance, network security, web security, laws, all of those are much much more likely to fall into cybersecurity than app security, it's completely different things... Now if you work in offensive security, I can see it, but most teams have a dedicated programmer for the creation of tools, that's why everybody does its job, you are in a team, not alone. Also...
    Cybersecurity experts? Seriously? You mean specialist right? Cause there ain't more than 50k cybersecurity experts in the world, max, and that's an estimation, it's incredibly hard to be an expert, you need to either know one of the categories of cybersecurity among those to the perfection, or know all of them at an intermediate level at least (Also there is like 10 subcategories for each of them which also have sub categories):
    Computer Security
    Network security
    Vulnerability Management
    Cryptography
    Malware analysis
    Application Security
    Identity and Access Management
    Operating System Security
    Digital Forensics/OSINT
    Data Security
    Intrusion Testing
    Cloud Security
    Wireless Network Security
    Threat Monitoring and Detection
    Physical and Social Security
    Cyber Risk Management
    Compliance and Security Standards
    Critical Infrastructure Security
    Financial Transaction Security
    So yeah, clearly your video isn't titled correctly... You might know what you're talking about but let's not make it a generality, 80% of people working in cybersecurity will never need to learn how to program things considering cybersecurity is mostly defensive security.

  • @vriff2688
    @vriff2688 11 หลายเดือนก่อน +6

    So I'm getting a bit confused at your point. You talk about security researchers but then at other points you talk like you're speaking about all jobs within cybersecurity. I think the difference is pretty important. Most people within the field as a whole would never touch anything you mentioned except maybe YARA.

  • @johndunlap1143
    @johndunlap1143 11 หลายเดือนก่อน +3

    The problem with this angle is that "cyber security" isn't one job. A Vulnerability Researcher isn't a penetration tester isn't a red teamer and etc... There are people's whose job is simply compliance stuff where all they allowed to do is run scans. On the other hand, some people literally do security code review all day, so it'd be pretty impossible for them to not know software engineering. So a lot of the people who don't know coding are ending up in jobs that aren't requiring it, because they are essentially running scanners for a living.
    I would not say that "cybersecurity experts suck at coding" covers that complex reality.

    • @theofficialmbc
      @theofficialmbc 6 หลายเดือนก่อน

      Yeah I mean learning Linux commands and managing a Linux server or network is a job within itself...automating certain processes etc.

  • @Saleca
    @Saleca 11 หลายเดือนก่อน +2

    At this point why dont you make your own software business? You can make your own top tier software and keep all the money instead of just a salary

  • @w4gap
    @w4gap 7 หลายเดือนก่อน +1

    Yes, the fact that one can even get into cybersecurity without having first having been a senior engineer in one of the four IT domains (compute/sysadmin, network engineer, storage engineer, software engineer) is crazy. They think they can secure environments composed of those 4 domains however, they've never mastered any one of them. Little has changed in that realm since they were ruthlessly trolled by GOBBLES in the early 2000's...

  • @Fudmottin
    @Fudmottin 11 หลายเดือนก่อน +2

    I'm not a security expert. I just hope my compiler produces good code! That said, there was a time when assembler was something one would typically know. So you could just "disassemble" the machine code into assembly and read that. But what would you do if the code vulnerability is in a script that is run by an interpreter?

    • @iraniansuperhacker4382
      @iraniansuperhacker4382 5 หลายเดือนก่อน

      A bit problem with doing assembly stuff today is any type of gui. I have spent the last couple of months messing around with x86 just to look at the actual structure of code and just to display a hello word program in x11 was like 800 or 900 lines of assembly. Its not hard to understand its just so much information to all try and keep in your head so I think it turns a lot of people off from any type of assembly.

    • @Fudmottin
      @Fudmottin 5 หลายเดือนก่อน

      @@iraniansuperhacker4382 Hopefully people will persevere. It doesn't matter what programming language you use. The computer only understands machine code. So there needs to be people who can write the programs that convert high level program code into machine code.

  • @ducodarling
    @ducodarling 11 หลายเดือนก่อน +25

    As a programmer, hearing her sweet voice talk casually about breaking software by reverse engineering binaries elicits a special kind of terror.

    • @eqprog
      @eqprog 3 หลายเดือนก่อน

      It’s like Aerith is teaching me

  • @moralfuxery
    @moralfuxery 11 หลายเดือนก่อน +4

    Im studying CompSci/InfoSec and they really DO NOT put a heavy enough focus on programming. Ive had 2 classes all year and thats it with respect to just coding with some language. So i taught myself most on the side to learn more than just the web trio, which js what they focus on the most (other than Python). Definitely learn some C (i started with ++). You cant do any of this ish (at least the really heavy duty stuff) withoit knowing how to AT LEAST read most languages. You have too, and you definitely have to be good at scripting. If you cant read the code and understand whats its accomplishing you cant really at the core understand the threat. Especially in the pentest field. They definitely need to make it way more of an importance to learn at the very least how to do a good bit of the entire stack.

  • @HumbleHustle-Up
    @HumbleHustle-Up 5 หลายเดือนก่อน

    I striving to be on that level. For real. So many technical terms I have to look up, but I am getting there.

  • @humanbeing2282
    @humanbeing2282 11 หลายเดือนก่อน +1

    Never encountered this channel before but I have to say I love the serial experiments lain aesthetics of this video.

  • @slicer95
    @slicer95 11 หลายเดือนก่อน +1

    Awesome insights and even a cooler background!

  • @basilefff
    @basilefff 11 หลายเดือนก่อน +4

    The video is very nice! Also, could you please get rid of the annoying high frequency noise? I think it's one of your CRT monitors.

  • @Nebulous6
    @Nebulous6 5 หลายเดือนก่อน

    I actually can't believe that there are cybersecurity companies that actually hire analysts with no programming experience. It's like hiring a plumber with no soldering experience. A buddy of mine used to T.A. assembly language courses at the university here (and now does encryption coding). He said that the general familiarity with how computers actually work under the hood was becoming less and less with each year's roster of students. It was to the point where he said he'd be sure to avoid any mission-critical project that those students eventually worked on (e.g. hospitals, high-speed transit systems, etc...).

  • @tomekk.1889
    @tomekk.1889 11 หลายเดือนก่อน +5

    Pls reupload without the squeak my ears hurt

    • @TheLucidDreamer12
      @TheLucidDreamer12 5 หลายเดือนก่อน

      The squeak is a side channel

  • @TheBardicDruid
    @TheBardicDruid 4 หลายเดือนก่อน

    I've been in IT since 1990, as the CyberSecurity specialists came to be, it amazed me that I understood programming better than they did.

  • @InsertHere
    @InsertHere 11 หลายเดือนก่อน +1

    there's a lot of high piched noise from thos old tvs, for a moment i though my tinnitus sudenly worsened :/
    Found the title interesting but it's really uncorfotable to listen to this with headphones...

    • @FlashGamer521
      @FlashGamer521 11 หลายเดือนก่อน

      My thoughts exactly... Just without the headphones.

  • @silverly0
    @silverly0 4 หลายเดือนก่อน

    Apologies for being off topic, but what did you use to code up the animations on the screen? Is there a repo somewhere that I could read? They are so lovely and mesmerizing.

  • @mofogie
    @mofogie 11 หลายเดือนก่อน +3

    hah you think that's the biggest issue? (it is big, but there's bigger). The biggest issue is bureaucracy!! There's a whole big business around compliance, litigation, and consulting. A lot of it is LARPing cybersecurity. Take for example OpenAI's board member that got fired. She was a 'director of Cybersecurity' at Georgetown University, at age 30, with ZERO technical skills. She was a liberal arts major! A pentester starts around $90k, and is incredibly difficult. Consultants get paid $150-200k and they only talk! No wonder China and Russia keep hacking us! We're a paper tiger. Another huge reason is cybersecurity prioritizes pipelining military because they have active clearence. Sorry but, the military doesn't train their personnel in programming and cybersecurity. That's why many of them can't code! Another bureaucratic problem.

    • @retagainez
      @retagainez 11 หลายเดือนก่อน +2

      I would think whats even worse than what you describe as "LARPing" around compliance bureaucracy is how businesses form silos and then the engineers themselves are trying to get around security implementations because of a bad organization structure, everyone's too specialized.

    • @mofogie
      @mofogie 10 หลายเดือนก่อน

      @@retagainezalso agreat point

  • @elwan-l1
    @elwan-l1 11 หลายเดือนก่อน +1

    I'm sorry to leave this comment, but there is an 'ultrasound' sound throughout the entire video, and it's quite annoying. It might be more noticeable to me because I'm young and can hear high frequencies better.

  • @kamma9264
    @kamma9264 11 หลายเดือนก่อน +5

    I know that there is a practice of engineering managers (I know two personally) that hire pretty woman as security experts on big paychecks because they enjoy having them around even if they have zero experience in IT. This is not the case for software engineering generally, as some knowledge is expected.

  • @rescyy2235
    @rescyy2235 11 หลายเดือนก่อน +5

    Your video emits a very high frequency sound, and even though I wanted to watch the video, I can't because it hurts my ears

  • @jamesisntmexican
    @jamesisntmexican 10 หลายเดือนก่อน +1

    i love how your channel is Lain themed

  • @tonym5857
    @tonym5857 11 หลายเดือนก่อน +1

    As a developer with a master in network and telecom. working at Cyber Security, it was really easy for me go thru 7 layers network. My advice is programming then follow your Cyber career.

  • @soldierforrester2401
    @soldierforrester2401 11 หลายเดือนก่อน

    there is a very high pitched sound in some parts of this video, noticed right away in the first 15-25s, you might want to have a look at the spectrum and fix your audio with a equalizer

  • @MeyerEbert-u9b
    @MeyerEbert-u9b 2 หลายเดือนก่อน

    There are lot's of jobs in Cybersecurity you can get without knowing coding. For example managing firewalls, doing certain pentesting tests and disinfecting computers. Coding skills are only mandatory for exploit hunting and creating and reverse engineering malware. What is mandatory, though, is knowing how to use command shells.

  • @SixTough
    @SixTough 11 หลายเดือนก่อน +2

    What kind of psyop is this? And for what purpose? I don't know how to deal with this video

  • @jozsiolah1435
    @jozsiolah1435 4 หลายเดือนก่อน

    By default, a card deletes the files, when bought it is on a blacklist. When you play android car games, you make achievements, car upgrades, choose the best car and upgrade it to the highest level. Your card will turn on its Physx, and the car will start flying jumps. When done, your card will not delete the files anymore.

  • @Wellington-je9nx
    @Wellington-je9nx 8 หลายเดือนก่อน

    just remembered I’ve started learning programming because one Brazilian hacker guy said hackers needed programming to be a good one and now I’m a web developer

  • @Spractral
    @Spractral หลายเดือนก่อน

    You do an excellent job explaining things.. Very articulate.

  • @andratek
    @andratek 10 หลายเดือนก่อน +1

    Hello
    Maybe you can do a video about credential stuffing and Selenium

  • @HowardARoark
    @HowardARoark 5 วันที่ผ่านมา

    I always found it surprising that many very expert people in the computer field have virtually no coding knowledge at all. It seems to me the most fundamental thing you would want to learn, even just some basic Python scripting for example with which you can do so many useful things. With less than 20% of a programming language you can write a great deal of software in that language - its kind of like your Hi-Fi system which has all of these settings on it that you never need.

  • @pyp2205
    @pyp2205 11 หลายเดือนก่อน +1

    Interesting, I didn't think people in cyber security suck at programming. Because before I considered cyber security as a career, I learned programming because gaming got me into it. Now I've been a developer for 4 years and I have a good understanding of several programming languages. This has been very helpful for the courses I have in my university.

  • @george-broughton
    @george-broughton 7 หลายเดือนก่อน

    Stop using noise gate and instead actually filter out the coil whine since the flybacks in all those CRT screens switch at a relatively specific frequency. You need a notch filter for it. Audacity has one.
    Generate a spectrum analysis of your sound ( Load it into Audacity, Press CTRL+A -> Go to Analyze -> Plot Spectrum), find the silly high pitched squeak from those CRT screens. It'll probably be in the 12KHz range. Take note of the frequency peak (at the bottom right when you hover over the peak), then go into (Effects -> EQ and filters -> Notch filter) and then punch that number you just noted in.
    Also, placing all of this stuff on soft materials, and placing soft materials on the walls will cut down on reverb/echo. Best budget option that many people building their own studios would be things like tacking towels to the walls. Carpet tiles also work surprisingly well for getting rid of reverb and looks more professional.

  • @wcg66
    @wcg66 9 หลายเดือนก่อน

    Some cybersecurity researchers are more interested in notoriety than solving the underlying vulnerability. In my previous dealings with them and a discovered vulnerability in our product, they weren’t even interested in communicating with us vs making a name for themselves. In this particular case, this wasn’t a code vulnerability but rather a configuration issue, something that needs communication with end users to resolve.

  • @phillipgilligan8168
    @phillipgilligan8168 8 หลายเดือนก่อน +4

    There is an inverse issue where most devs don’t understand networking, security, infrastructure architecture, etc.
    Once you know both sides of the house you become a magical unicorn in the field.

    • @Rockyzach88
      @Rockyzach88 8 หลายเดือนก่อน +1

      Sounds like the position you want to be in.

    • @phillipgilligan8168
      @phillipgilligan8168 8 หลายเดือนก่อน +1

      @@Rockyzach88 it is indeed.

  • @user-tw2kr6hg4r
    @user-tw2kr6hg4r 11 หลายเดือนก่อน

    You should use an equalizer or notch filter to remove the CRT horizontal scan noise, it hurts.

  • @Krmpfpks
    @Krmpfpks 3 หลายเดือนก่อน

    You do not need to write your exploit in the target language, thats actually pretty uncommon. An as for the reverse engineering: Do you really have to disassemble to the original language? The question mark is because it might make sense in some situations because of references to runtime libs might look better in the correct language, but I personally would definitely prefer to look at assembly or plain-C over decompiled objective C.

  • @Splarkszter
    @Splarkszter 5 หลายเดือนก่อน

    I had to place the video at 1.30x speed for the voice to have a normal speed for me. Still too many pauses.
    Don't be discouraged, it's something to improve on!

  • @ElektrischInkorrekt
    @ElektrischInkorrekt 11 หลายเดือนก่อน

    Why is the oscilloscope in the Background in XY-Mode? Very unusual.
    Looks like there's sound inputted and both inputs (channel 1 and 2) are exactly the same (only a single line, which is diagonally across the display)
    There are much nicer figures you can create with just one or two function generators, so called Lissajous figures.

  • @o11k
    @o11k 11 หลายเดือนก่อน +9

    Laurie: the original developer was focused on performance 5:02
    JS devs:

    • @no_name4796
      @no_name4796 11 หลายเดือนก่อน +7

      Or also python devs (beware of for loops!)

    • @nlnu1337
      @nlnu1337 11 หลายเดือนก่อน

      As a JavaScript professional I can write your 20 line function in a single line. And that will make it twenty times faster.

    • @o11k
      @o11k 11 หลายเดือนก่อน +3

      ​@@nlnu1337 But how much time does the entire app (not just a single pure function) spend in GC / DOM manipulation?
      Btw I'm a Python dev so glass houses etc.

    • @halorx9863
      @halorx9863 11 หลายเดือนก่อน

      ​@@o11k so you think everything in js is a dom Manipulation?

    • @retagainez
      @retagainez 11 หลายเดือนก่อน +1

      @@halorx9863 One of the most common uses for the language, and its initial purpose.. so why not? Even the most popular frameworks are built on/coupled to different methodologies of DOM manipulation.

  • @bassmunk
    @bassmunk 11 หลายเดือนก่อน

    I wholeheartedly agree with your approach! I'm not great at computers. I do well with the little I learn but that's it. But the concept is something that I've always tried to do in every part of my life. Like my job selling car parts.
    When people come in and they don't know the name of the part they need I can still help cuz I know how cars work cuz I work on them myself. So after a few probing questions I can figure out the exact part, sometimes even the problem, and get them what they need. I couldn't imagine doing what I do without the knowledge I have. But many of my coworkers don't and it really shows sometimes...
    So ya, trying to advise other people on how to improve what they made without having an understanding of how it's made or an idea of how to rewrite it?... That's a recipe for embarrassment and conflict. Just like my job lol
    This is going into my favorites btw lol I love how my approach to life is illustrated :P

  • @_erayerdin
    @_erayerdin 11 หลายเดือนก่อน

    oh boy, i haven't started watching yet but that lain intro suggests i'm for a treat.

  • @lleo371
    @lleo371 11 หลายเดือนก่อน

    why is there a high pitvh noise in the background?

  • @chewico3d133
    @chewico3d133 11 หลายเดือนก่อน +1

    There is some noise in the background like very acute.

  • @blockshift758
    @blockshift758 8 หลายเดือนก่อน +1

    It's not painful like how people tend to comment about it but it's mildly infuriating hearing the CRT and I was still at the first minute.

  • @binbadende
    @binbadende 6 หลายเดือนก่อน

    In my opinion, the core problem of interaction between developers and IT sec lies in the inequality of incentives that management creates. Often developers (or devops) and IT sec are set up as adversaries in a project or even in the entire infrastructure. They are not encouraged to work together to develop a secure and efficient solution.

  • @jackgude3969
    @jackgude3969 8 หลายเดือนก่อน

    I'm sure there's a few other videos on the topic but I'd be interested to see your interpretation of "how to learn a new language". You mentioned learning how to develop in a language. Can you break that down at all?

    • @surfingbilly9654
      @surfingbilly9654 8 หลายเดือนก่อน

      learn the basics of a new language up to creating for loops, if loops, etc. Then develop something using that language, best, quickest and most engaging way to learn.

  • @patrick1020000
    @patrick1020000 11 หลายเดือนก่อน +5

    I agree with the statement in the title of the video, but the content doesn't address the point.

    • @tiranito2834
      @tiranito2834 11 หลายเดือนก่อน +1

      exactly this tbh.

    • @retagainez
      @retagainez 11 หลายเดือนก่อน

      Totally agreed, its just reading from a script.

    • @retagainez
      @retagainez 11 หลายเดือนก่อน

      It's too abstract. There are a lot of concepts to talk about, but some actual examples would help because it just comes off as "feel good" kind of video with hypotheticals rather than something grounded in facts.
      Actual statistics on reverse-engineered malware/vulnerable software to determine the most accessible and important avenues to consider for people interested in this sort of thing. Statements like 10:25 aren't really helpful without also reflecting on how this ties into poorly coded malware.

  • @ronerrodrigues8600
    @ronerrodrigues8600 11 หลายเดือนก่อน +1

    Basically, today you only need to buy a bunch of "certificates" to become a "cybersec expert".

  • @tommyovesen
    @tommyovesen 9 หลายเดือนก่อน

    Laurie, you are incredible knowledgeable. Impressed!

  • @alfiecollins5617
    @alfiecollins5617 11 หลายเดือนก่อน +1

    Love the Lain reference at the beginning!

  • @nonamewizard8000
    @nonamewizard8000 11 หลายเดือนก่อน +4

    how much have you spent on CRTs?

    • @jansustar4565
      @jansustar4565 11 หลายเดือนก่อน +1

      she probably spends more on electricity than the displays themselves.

    • @bobbobson6290
      @bobbobson6290 11 หลายเดือนก่อน

      not enough

  • @tyrantfox7801
    @tyrantfox7801 8 หลายเดือนก่อน

    I left my software engineering job , now enrolled into a cybersecurity programme at a local University

  • @mzg147
    @mzg147 11 หลายเดือนก่อน

    Congratulations, this video just won the youtube algorithm lottery! Good luck, hope you a million subs 😇

    • @Michael-rn1mo
      @Michael-rn1mo 11 หลายเดือนก่อน

      What? No it didn’t.

  • @kayakMike1000
    @kayakMike1000 11 หลายเดือนก่อน +1

    So.... Reverse engineering some code? Like decompiling the binary? I hope you like assembly.

  • @culmord
    @culmord 9 หลายเดือนก่อน

    i love the serial experiments lain aesthetics in your channel

  • @smanqele
    @smanqele 11 หลายเดือนก่อน

    In my opinion new projects need to be built with security from the get go, with well documented design intents (they might change over time). If you need to plug-in security features without any historical context except code, that is some mountain. That's not to dispute any points from this excellent video.

  • @silentblackhole
    @silentblackhole 6 หลายเดือนก่อน

    I would have thought that programming/coding Would be the first prerequisite for any career type of security. If they can't breathe light and understand complete code how can they possibly be on the same level of the people who create security problems.

  • @lashlarue59
    @lashlarue59 10 หลายเดือนก่อน

    This is also a big issue with people doing data science. People who were never programmers who create programs by stringing together code snippets they got from Stack Overflow, ChatGPT etc. and the code may work but it's a mess. Something happens and they can't explain anything because they never really understood how it worked in first place.

  • @bearwolffish
    @bearwolffish 9 หลายเดือนก่อน

    It has become like being a magician, learn some slight of hand early on, to then spend a career buying gimmicks that mechanically perform the tricks for you.
    How do these companies offer monthly subscriptions in the several thousands, for tooling you could create yourself in a matter of days (if targeted for your project).
    They can do it because most *devs* don't know how to code, they know how to use frameworks and UI's

  • @JonDisnard
    @JonDisnard 7 หลายเดือนก่อน

    I've noticed "Cyber Security" being offered at a bunch of community colleges at the BS level, and they do seem to require a heavy math track leading into cryptography. To me they look like filters for people who can do Calculus-2 level math, with entry level computer science leaning more towrds sys-dmin level proficiency. The thing is, these folks can earn serious money with those certificates and degrees.

  • @oztheglitch
    @oztheglitch 11 หลายเดือนก่อน +3

    *obnoxious music*
    *vine boom*
    *consistent ear scratching electrical whining noise that you think won't bother you enough to stop watching*

  • @DennisGentry
    @DennisGentry 11 หลายเดือนก่อน

    Did you put the last chapter at 1337 on purpose?