Skip to main content

Becoming Daedalus


Today, I want to look at soft skills; more precisely, one soft skill in particular, namely problem solving. Yes, that old chestnut, the one everyone seems to need to put on their CV, from janitorial staff and burger flippers to IT practitioners of all flavours. But why am I writing about it now? Because it’s not a very well understood skill, and it is only half of what a CyberSec pro needs. Confused? I’ll explain.

As I’ve mentioned previously, one way for CyberSec personnel to test themselves and keep their skill sharp, while learning or while actively engaged in a position, is wargames (you can find a good list of them here). Hack boxes, CTF’s (Capture the Flag) and so on are a great way to introduce you into thinking about the issue faced and the problems that need solving in context. It helps build your problem-solving skills by presenting you with common, and not so common, challenges, which you must overcome with your wits and technical know-how. Problem solving as we know it is a largely regimented process, usually an exercise in remembering a trick you learned way back when. At its best, problem solving is a melding of the creative and the scientific: unusual solution arrived at through logical means.

But a lot of this can be either remembering a known solution, or hours spent jerry-rigging something together until you can fix it properly. It’s as if problem solving is only half the skill. And that’s because it is. Because we forgot Daedalus. Daedalus, for those you who don’t know, was a craftsman and inventor of ancient myth, a puzzle-maker who created the Labyrinth. We have forgotten that we need to learn how to build puzzles and problem scenarios, so we can know better how to solve them. If I were to give you a map of room, at the centre of which was a box, and marked the locations of the doors, lights, cameras, alarms etc, it would be reasonably easy to plot your infiltration route (or routes, if you pay particular attention), path to box, and exfiltration route. But if I were to give you the box and tell you that you needed to build the room to protect it, would it be so simple? Could you build the room that avoided the problems of the room I gave you to break into?

This is increasingly an important skill to develop, with easy to use tools, readily available, that are designed to trick and mislead investigators into believing one thing, whilst being another. If nothing else, the Vault 7 leaks of last year showed us that these tools have been in use for some time now. As Cyber Security practitioners, we must have the mindset to see these things, but also to design systems that are labyrinthine to malicious actors, make puzzles of our own systems that they cannot be easily cracked, and that we can find them in return. We have made shifts in this direction, with honeypots and canary tokens, but as always, more can be done.

What I’m driving at here is that everyone wants to be the ace hacker, or CyberSec Architect extraordinaire, but do they really know their skill set? It’s fine learning coding and networking by rote, and Googling for the fix to that problem is all good and well, but are you actively keeping your problem-solving skills sharp by testing yourself from the other side? If you aren’t sure, give it a try. An increasing number of CTF and wargame sites are allowing and requesting new challenges, so why not give it a go?

Comments

Popular posts from this blog

This is not a New Year’s Resolution

I'm not a one for resolutions or anything, I prefer to at least try to be a bit more practical than that. Instead, now that I've had time to consider what I want to do this year, here my list of upcoming projects. Let me know what yours are: 1) Re-evaluate the website and blog, and actually keep to a posting schedule. Might help if I started using artwork/photos. 2) Social Media application for my desktop: I'm getting a bit sick of having and average of 20 browser tabs open at a time, so lets see if I can't design an app, even if it's just a fixed browser thing, I can use to track my SM activity in one place so it's not clogging up my precious browser memory. 3) Stop wasting time with my writing projects: My biggest issue here is that while I can write some flowery prose or engage in worldbuilding like I'm Slartibartfast, I don't actually have a tale to tell. I need to adjust my focus here, and maybe I'll get something out of it. 4) Top Secre...

The Cultural Value of Algorithms

I am aware that there are misgivings amongst the musical community about Spotify's business model, and from the bits I know, these are perfectly reasonable. Unfortunately, it is useful and productive consumer model, and it's this I want to briefly write at you about. Spotify's catalogue is huge, an ever-expanding horizon that seems to want to engulf the soundscape in totality. It's easy to use, and you can usually find the album or artist you want to listen to. But it's true genius is in its algorithms, specifically the ones it uses to create the playlist it constantly nudges you to listen to. Now, because of how pushy it seemed, I avoided my Discover Weekly and Release Radar playlist like the plague for ages. This was a mistake. Or maybe, because I hadn't listened and followed enough, they just weren't right for me yet. Now, however, I spend a good two days paying attention to them, and then expanding my aural sphere to at least 3 of the recommend...

You and who’s party?

“I don’t care to belong to any club that will have me as a member” Groucho Marx Much of the past 17 years has been dedicated to fighting fundamentalist extremism, largely of the religious persuasion. This is understandable, as the religious mindset, certainly in those areas of the globe where faith is a majority holding, affects and informs the cultural values of society, and certainly in the West we have found ourselves at odds with extremist Islamic groups. Fundies of the Muslim persuasion have been at the forefront f these combative efforts, although we have also seen the dangers of the looming Christian theocratic state. It is fair to say while this will be an ongoing struggle, it is one we are coming to understand very well and are able to combat. But what of other types of fundamentalist creeds? What of political fundamentalism? This is, I fear, something we are neglecting to talk about, instead preferring to remain steadfastly tribalised to the point where discuss...