Skip to main content

Becoming Daedalus


Today, I want to look at soft skills; more precisely, one soft skill in particular, namely problem solving. Yes, that old chestnut, the one everyone seems to need to put on their CV, from janitorial staff and burger flippers to IT practitioners of all flavours. But why am I writing about it now? Because it’s not a very well understood skill, and it is only half of what a CyberSec pro needs. Confused? I’ll explain.

As I’ve mentioned previously, one way for CyberSec personnel to test themselves and keep their skill sharp, while learning or while actively engaged in a position, is wargames (you can find a good list of them here). Hack boxes, CTF’s (Capture the Flag) and so on are a great way to introduce you into thinking about the issue faced and the problems that need solving in context. It helps build your problem-solving skills by presenting you with common, and not so common, challenges, which you must overcome with your wits and technical know-how. Problem solving as we know it is a largely regimented process, usually an exercise in remembering a trick you learned way back when. At its best, problem solving is a melding of the creative and the scientific: unusual solution arrived at through logical means.

But a lot of this can be either remembering a known solution, or hours spent jerry-rigging something together until you can fix it properly. It’s as if problem solving is only half the skill. And that’s because it is. Because we forgot Daedalus. Daedalus, for those you who don’t know, was a craftsman and inventor of ancient myth, a puzzle-maker who created the Labyrinth. We have forgotten that we need to learn how to build puzzles and problem scenarios, so we can know better how to solve them. If I were to give you a map of room, at the centre of which was a box, and marked the locations of the doors, lights, cameras, alarms etc, it would be reasonably easy to plot your infiltration route (or routes, if you pay particular attention), path to box, and exfiltration route. But if I were to give you the box and tell you that you needed to build the room to protect it, would it be so simple? Could you build the room that avoided the problems of the room I gave you to break into?

This is increasingly an important skill to develop, with easy to use tools, readily available, that are designed to trick and mislead investigators into believing one thing, whilst being another. If nothing else, the Vault 7 leaks of last year showed us that these tools have been in use for some time now. As Cyber Security practitioners, we must have the mindset to see these things, but also to design systems that are labyrinthine to malicious actors, make puzzles of our own systems that they cannot be easily cracked, and that we can find them in return. We have made shifts in this direction, with honeypots and canary tokens, but as always, more can be done.

What I’m driving at here is that everyone wants to be the ace hacker, or CyberSec Architect extraordinaire, but do they really know their skill set? It’s fine learning coding and networking by rote, and Googling for the fix to that problem is all good and well, but are you actively keeping your problem-solving skills sharp by testing yourself from the other side? If you aren’t sure, give it a try. An increasing number of CTF and wargame sites are allowing and requesting new challenges, so why not give it a go?

Labels:

Comments

Post a Comment

Popular posts from this blog

Logical Fallacies - Why do they matter?

I came across a wonderful poster image by a talented artist, Michele Rosenthal , which depicts a robot debate: Granted, these aren't all the logical fallacies that exist, but it covers the most obvious, and most abused ones. But why are they important? We currently live in an age where we have access to more information that at any other point in history, and yet somehow we still think that arguing from emotion, or with our cognitive dissonance blinders on, is both right and acceptable: it isn't, not by any stretch of the imagination. Postmodernism may have a place, but not here. Yes, you absolutely are allowed to feel they way you want to, but debates are places for facts and ideas that need to be scrutinised rigorously, not with playground threats and character assassinations. "I feel" is not an argument that belongs in a debate - your feelings are valid for you, yes, but you can not simply refute the evidence-based assertion of vaccinations work with the st...
Post a Comment
Read more

The Ancient and Venerable Art of Google-fu

Other titles considered for this post: How Not To Piss Off Entire Forums and Facebook Groups; Avoiding the Banhammer; Stop Being Lazy and Look it Up Yourselves. Before you can embark on a career in, well, anything even vaguely IT related (or do practically anything), you must master one crucial skill: information searching. In the days of yore, and even rumoured to still exist despite budget cuts, there were in of cult of specialists in this area, who guarded their domains jealously: the librarians. These knowledge-fanatics could divine what you were looking for from the ridiculously poor and mumbled explanation you gave them, then translated that into a secretive code which led you to a shelf in a library, and then to the book you were after. Just like magic. These days, while librarians are still a vitally important part of cataloguing knowledge, we also have another, less mystical, tool at our fingertips: the Search Engine. Unfortunately, very few people have bothered to le...
Post a Comment
Read more

It's all about the angles

I could describe the surroundings for you perfectly, down to the way the grain went on each of the wood panels on the floor, I could talk to you at great length concerning the cobwebs knocking at my door or the baying crane flies attacking the windows, baying for the bleeding luminescence seeping from the screen. I could go so far as to describe each and every instrument playing on the track I was listening to, the perfectly clear Irish lung-pipes of Cara Dillon’s songbird vocals. But I won’t, because none of that matters, at least not in this context, or perspective. It all comes down to angles you see. Not the angles of everything around us, but our angles. The tilt of the head to listen more intently, the hunch, or straightening of the back to become comfortable. The adjustment of glasses to see an image properly, or in this instance, to see the image no-one else may have seen. It doesn’t take much to shift your physical perception of anything, but it opens up a myriad new worlds, ...
Post a Comment
Read more