Embrace the Oxymorons
Let’s talk about oxymorons, those annoying little things they keep trying to teach in network security and computer security and, well …. Cybersecurity. I have a Bachelor’s in cybersecurity, am working toward my Master’s, and I have been officially (as in professionally) working in the field for just under 8 years. Before that I had been into the dark arts (computer hacking) since I was 11 or 12, right about when the internet appeared, so that is about 23 years give or take, that I have been in some form or fashion involved in cybersecurity.
That paragraph was not to toot my own horn, I have plenty to learn, cyber security is such a constantly changing and large field, for example in all that time I did not REALLY understand false positives, and true negatives etc. until the last few years. Learning the concept is relatively easy and logically they all make sense a false positive is an alarm that goes off for the wrong reason. A true positive is a proper alarm that went off for the right purpose. A false negative is the bad guy getting through because the alarms think that he is perfectly acceptable. And finally true positives are what happen when the defenses actually catch the bad guy and sound the alarm.
Regardless of how annoying and, well, kind of ridiculous these things sound, someday (if you really go into security) they will be something you care about. They are important to me in my current job as an offensive security professional because I want to get past the alarms. They were important to me as a defensive security professional because I wanted to alarm to catch the bad actors. And someday, maybe right now, they will matter to you too. So, embrace the oxymorons.
Thank you for reading, check back next week for more.