Difference between revisions of "Security"

Security with computers is its own profession. In an honest world, none of this would be necessary as people wouldn't trespass onto other people's computers. By using electricity to access someone else's computers, you are physically (literally trespassing) on their property by virtue of electrons on a wire. It is a sin. It is evil. That is with regards to Offense.

I prefer to focus on architecture of electronics / computers and how things work more than security. But it's impossible to avoid it completely, so I see some of it in my work and study.

One thing to keep in mind with computer security, is that if you become a full time security consultant in any type of a government position (either directly or indirectly - as a consultant), you are essentially part of your nations military. And this means other nations may attack you (either in war or terrorism). Modern warfare is going to be largely computer based, and this means that computer security employees are soldiers. Being a soldier means you are a target. This is another reason, not to participate in computer security as a full time occupation. Computer security researchers will be prime targets if there is ever a World War 3.

The final reason to avoid computer security, is that it is miserable work, and there is always someone that holds higher keys than you. You can't beat the surveillance state.

If there is a reason to do security, it is because you can get rich. But that's greedy. And there is high demand for computer security researchers, because there is always high demand for soldiers. You can't be the world's number one military without having the world's best computer security forces. Such is modern warfare. All of that is ugly. The only viable reason to do computer security these days is to reinforce your own defenses. I.e. vulnerability management. Or to remove malware from computers, which is a type of antivirus occupation.

All that being said, here are some resources on security, since someone asked me.

Computer Security Job Paths

Online computer security job path images are 80% nonsense. They are general and vague. They repeat too much.

Here are some potential roads in the Computer Security Industry:

• Hardware Researcher
  • Power Supply / IO Glitching to beat encryption (see https://theamphour.com/552-shouting-at-chips-with-colin-oflynn/)
  • RF hacking and security (HackRF and related Radio devices)(GNU Radio)
  • BIOS hacking (https://www.coreboot.org/)
  • Hardware Hacker by Bunnie Huang https://nostarch.com/hardwarehackerpaperback (he covers a number of different items which you could deep dive into, e.g. onboard SD Card microcontrollers. Less job paths, but things/tools to have in a portfolio).
  • TV Satellite Security - If you can find a way to get free TV from satellites, beating the existing encryption, they will hire you to improve it. Somewhat obsolete with the internet. (I can't find the amp hour episode at the moment, because search engines are trash).
  • Anything with regards to Internet of Things hacking

• Software Researcher
  • Antivirus Company (basically a job with any antivirus company is computer security related)
  • Become an expert with Vulnerability Management Software (https://en.wikipedia.org/wiki/Vulnerability_management) (this can be either defense, or offense - as a penetration tester)
  • Fundamental vulnerabilities with Computers and Operating Systems: Google Project Zero (https://googleprojectzero.blogspot.com/)
  • Bug Bounty Researcher (you could be freelance with this and make an income) https://en.wikipedia.org/wiki/Bug_bounty_program
  • Computer Encryption Expert (this is where if quantum computers ever become viable, there will be significant change) https://en.wikipedia.org/wiki/Encryption
  • Military Computer Security - Just join any army in a computer security profession. Maybe you would join the Ukraine or Russian army as they are in active war at the moment.
  • Anything that appears in the Black Hat or maybe the https://en.wikipedia.org/wiki/RSA_Conference conference.
  • Reverse Engineering Software Binaries (https://en.wikipedia.org/wiki/Ghidra or https://en.wikipedia.org/wiki/Interactive_Disassembler)
  • Become an expert with relevant software in Kali Linux https://www.kali.org/.
  • Computer Forensics Expert - https://en.wikipedia.org/wiki/List_of_digital_forensics_tools I think I've read about Aw top see before: https://en.wikipedia.org/wiki/Autopsy_(software)
  • Any good software security researcher, will be deep diving into code and re-engineering it, breaking or fixing it. Which is not really all that interesting. The interesting part was making the software, and someone has probably already been there, done that.

With any 'computer security consultant' the fact is that it will take 5-10 years of study before you become competent and you will probably need to know a little bit about all of the above (i.e. be somewhat of a generalist). This kind of a profession, where you are guaranteed a high paying income is something you have to seriously dedicate yourself to. However, you probably don't have to work as hard as a programmer, because the military wants computer researchers - there is demand for computer soldiers.

I would say it's probably easier to get a job paying six figures in security than it is to get one paying six figures in programming, but I would also say that programming is more rewarding as it is more about building functional tools, rather than patching them or trying to break them.