What Cybersecurity Is and Why You Should Make It Your Life
Chaos is all around us. Can you feel it? It’s the still-running toilet, the drip in your sink. It’s the package that still hasn’t arrived, the text message that won’t send. It’s the credit card that won’t go through on the first swipe, but works on the second. Chaos creeps behind every—there it is now! Just out of the corner of your eye.
Yet order prevails. The cars stop at stoplights, which cycle on regular cycles. The garbage truck comes and takes away the garbage. The toilets flush, water comes out of faucets, the grocery stores are stocked with food. Any breakdown in this order elicits concern, action, a remedy.
Thanks for reading elsehow! Subscribe for free to receive new posts and support my work.
Why is our world as well-ordered as it is? Because professionals keep it that way. At every corner of our world, there is an area of professional concern dedicated to keeping the chaos at bay. Civil engineers keep our streets in order. Whole disciplines deal with the waste, the water, the stocking of grocery shelves. And all these professions collaborate, in a delicate interlinking, to make our world as ordered as it is. (How would the people who stock grocery stores do their job if the roads didn’t work?).
Where this world intersects with the digital (which is, as we’ll soon see, almost everywhere), it is cybersecurity professionals who keep chaos at bay. And that chaos can be substantial.
Imagine this: you try to use your credit card, but it doesn’t work. In fact, no one’s credit card works. You try to go to some news websites to find out why—but you can’t access any of those, either. Neither can anyone else. Panic-buying ensues. People smash ATMs and empty them of cash. Cargo ships don’t know where to dock. The shelves of grocery stores go empty.
What stands between you and this world? Not much. A small group of people. Too small. For years, employers (companies, governments, and beyond) have been looking for cybersecurity specialists to fill necessary jobs. The shortage of jobs has been so severe and pervasive that, in 2021, the World Economic Forum took to estimating exactly how many cybersecurity professionals the world would need in order to meet employer demand. Their answer? 2.72 million. Imagine that! If we trained the entire population of Toronto, theoretically, we could get them all jobs in cybersecurity.
And there is no indication the need for cybersecurity professionals will abate anytime soon. As tensions between the U.S. and its rivals heighten, so does the risk of more extreme and severe cyber conflict. Indeed, I believe the scenario of a complete internet outage I painted above is all too likely during wartime. As I’ll discuss in this series, I’ve spent years detailing how our digital world is more fragile than most expect—much more. The only path to safety is to get more hands on deck. I hope you will bring two of those hands.
Cybersecurity is work you can get involved with—no matter how “technical” you think you are. This is the case I’ll make to you. To make that case, I’ll have to explain what cybersecurity is—and I will. But all of that explaining is in service of this simple truth. Whether you’re an aspiring engineer, policymaker, manager, communicator, or even an artist, there is room for you in cybersecurity. This is a job that you can do. We need all the help we can get.
Who you are
I mentioned above the notion that chaos is always on the fringes of our well-ordered reality. After all, chaos is nature's way—entropy, the second law of thermodynamics, condemns everything to eventual dust. When I think about society, I think of a city surrounded by water. What protects the city from flood is a tall dike, and the dike is constantly breaking. People need to tend to it, to repair it.
I can only be so useful on the frontlines, repairing that dike. I call on you to give us a hand. As you can see from the description above, this is a dire situation. We need help.
Some of you will put this post right down. "None of this is for me." That's fine. It isn't for most people. Read on. Learn what it is we do. This is a primer.
For the rest—this work will become you. It will become your life. You will see, as I see, how close we are to chaos, and how desperately the world needs us. This series is your launch pad. It is a vantage point, from which you can better see where you might want to head. A first step.
For some of you—I estimate 1 or 2% of the population—this will be more than a calling. In my depiction of order and chaos, you saw a portrait of yourself in the chaos. Perhaps you already know some of what this series contains. Perhaps you’ve already used that knowledge to do things you shouldn’t quite have done. You are welcome here. We need you, and there is room for you to do good and have fun doing it. In this series, I will test you, and help hone your devious intuition.
For the other 98 or 99% of readers: the people I addressed above exist. The good news is: there aren’t that many of them. The bad news is: they won’t all join our cause, at least not 100% of the time. The worst news is: it takes (by my estimate) about three of us to defend against every one of them. Of course, they make our life fantastically fun. A good adversary is a lot more interesting than the indifferent rot of entropy, and in this job, we get to spar against the best. As I speak to those agents of chaos, I will help you understand them better. I will help you build an intuition about how they behave. You’ll need it.
Before we go further, I have a warning for you. Powerful interests lie here, and if you go far in these pursuits, you will encounter them.
There will more than likely come a time when you hear a knock at your door. When it comes, this knock will not be unexpected. When you come to greet it, it may elicit in you a range of feelings. Pride–of your importance, that you've been “chosen.” Fear—of power, and what it might do to you and your family to be so near it. Perhaps anger—of the injustice power has done to you and the people you love in the past.
I cannot tell you how to greet this knock. All I can offer you is this: how you greet this knock is a reflection of who you are. Are you someone who fights? Who conquers others? Or someone practical; who works with, when it makes sense to, and not when it does not?
Whatever you do, remember that this work is bigger than any of us. Do good where you can.
Finally, for some of you, playing with power was the goal all along, an end to itself. To you: good luck. There is only suffering in power.
To do good, work well, and lie low
is the way of the blessing.
—Tao Te Ching (Ursula K. Le Guin translation)
Where to go from here?
That’s why you should get involved in cybersecurity.
The rest of this series will tell you how. I’ll cover all the topics I think you’ll need to become conversant in security. For each, you’ll be well-positioned to continue learning about any area in particular.
I’ll update these with links as I complete the series:
Attacker & defender. These conceptual archetypes give form and structure to our trade. I give some examples of social engineering—your first introduction to an attack.
What does it mean to “be secure?”. I discuss the notion of reasonable security, the impossibility of perfection, and how we determine what constitutes a reasonable "barrier" to attack.
Computers. What they are, where they are (everywhere), and what they do (everything). I give a few examples of good old-fashioned computer hacking.
The internet. The internet is a mechanism for connecting computers together. Drawing on my own research, I discuss how the internet works and why it's more fragile than you might expect.
Artificial intelligence (AI). I discuss what AI is, what security means in the context of AI, and how AI is tightly intertwined with the internet.
Crypto(graphy). “Crypto” and cryptography are not the same thing. I’ll discusses both—what cryptography is, what web3 is, how the two relate to each other, and what both of these things can (and cannot) do for cybersecurity. I focus my attention in particular on Decentralized Autonomous Organizations (DAOs).
The public interest. I delve into policy: what it is and where it happens. I also discuss a topic near my heart: art. how we represent cybersecurity, and how those representations affects the way people think about it. I highlight some examples of people pushing the boundaries of how people think about cybersecurity.
Remember: a lot of this material is difficult, but more than that, some of it is boring. Its boringness repels smart people, who are often drawn to interesting things. That's why the chaos hides there: because we're not looking. I've done my best to make this as interesting as it can be. You bring the rest. Push through. It matters.
Thanks for reading elsehow! Subscribe for free to receive new posts and support my work.