The Cyber Skills Gap | Chris Silvers | TEDxElonUniversity

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] when most people think of technological advances they think of the things that make life better right invention of the smartphone I mean what what what has that done to your life I mean it's amazing right well security people like me in the cybersecurity business we think of technology advances a little bit differently okay and let me explain what what I do for a living is I am what's known as a penetration tester okay and it's kind of a funny sounding name for a career but what my wife likes to say and how she likes to explain it is that I'm a hacker for hire all right simply put companies hire me and people like me to break into their web sites or networks or sometimes even their buildings to identify where the weaknesses are and give them advice on how to shore up those weaknesses so that people with so we say alternate ethics aren't able to break into those places okay and steal money or whatever resources all right so I want to give you a quick example of to kind of drive home what I really do and how it relates to to technology and and how I view advances in technology kind of the the skewed perspective if you will so to start with is anybody recognize what this device is behind me hid okay this is what's known as a radio frequency identification device abbreviated RFID and typically companies make badges employee badges into this and they'll print your picture on it and that kind of stuff but more importantly than identifying you as an employee you know visually it identifies you as an employee electronically and it actually opens the door and let you in the building or your office area or some restricted area okay very important a piece of protection right so in fact I believe you have these here at Elon right you have RFID cards and you have to kind of badge into buildings and things like that right so another piece of technology that I want to introduce you to is this device here listed and and I actually I'm running out of pockets here I actually have one of these devices with me alright and this is a a field programmable gate array right hopefully nobody recognizes what that is right otherwise known as an FPGA it's basically a small computer that has the ability to emulate other devices okay so imagine let's say something like a music box some you know just a simple device that that that plays either recorded music or music that it picks up from a microphone this device could be configured to do that but it could also be configured to be a simple display like an LCD display for for a small computer or even programmed to play a simple computer game like what some of you might recognize is pong here that's the game pong so one of the first computer games out there right now in my world the these technologies we look at look upon these technologies as how could it possibly be weaponized all right and that's where my story begins because using using these these proximity cards for access using this device that can be a music player right it can be configured to emulate or pretend to be that door card reader that black box that's next to the door that lets you in the door so that if you could get this device close to the card itself it could pretend to be the door reader and record the digital signature that's on this card right and it's a process called cloning then it can be turned around and turned into play mode taken up to the door and the door thinks that this device is now the card hence allowing someone in the door make sense perfect you're with me okay great all right so this company hires me to test their RFID system or actually the test is to get in their building I found out they were using these type of cards so I go and I and in true fashion you know I cased the joint right I go out and I stand outside and I'm watching for employees walking in and out and I find an employee walking out now this this young woman and by the way that's not really her picture oh this woman walks out and and the reason I say a woman is because women are by and large more perceptive than men are right we freely admit that right guys that they just they have eyes in the back of their heads amazing right and I usually don't do this exercise um with with female targets because well number one that's a little creepy and number two women are just you know they're perceptive right because to clone this card I have to get this device very close to the badge like literally touch it but in this case this woman was carrying her badge in her hand instead of putting it in her purse which I thought was kind of interesting and she's walking down the street you know swinging her arms like this right so Oh Chris broke it okay Ben help please um why can't I just go back okay okay sorry so anyway so she's walking down the street and I walk up behind her but not directly behind her to the side where she's swinging that there you go perfect where she's swinging the badge and she bumps into my device so instead of me bumping into her it's more like her bumping into me right well I get ready to apologize right as well as a Southern gentleman oh sorry she doesn't say a word she doesn't even look back and I'm just kind of befuddled right so I keep following her right I follow her for a couple blocks she bumps into me several times and she never looks back now the point of that is not only that like I'm just kind of creepy sometimes but the the real point of that is that she saw no value in that card now had I been on the other side and if I would have touched her purse you better believe she would have noticed she might have called the police she might have maced me right she didn't see the value because her perspective on the technology is just not there like my twisted sense of of what the technology can be used for okay so what I'm hoping to do is to kind of raise some awareness today about the technology and and what it kind of means so who here has an iPhone Wow is there anybody here without that has a different kind of phone like three or four people wow that's amazing okay so we're going to do a quick little experiment so everybody take out your iPhone all right wonderful right we got we got guy roll here all right so unlock your iPhone because I imagine it was locked right look on the the the main screen and there should be an icon there called settings kind of looks like a gear alright so click on settings and when it comes up it should look something like this obviously with your name not mine but down toward the bottom if you scroll down a little bit yeah scroll down a little bit and you should see one of the choices says general okay everybody with me click on general and when you click on general it should come up with this looking screen it says general the top and it says about right so click on about and I'm doing this with you so I make sure I get it timed right so at the top it's got the name of your phone and if you scroll down just a little bit you may not have to actually scroll down but at the bottom you'll see the word version let's see yeah I've got it in the middle of screen there version now mine says 10.3 dot one right now updates to software typically SiC when Julie numbered is anyone not running 10.3 wine Wow so I'm assuming that you're running 10.3 or 10.2 dot something possibly 10.32 but that means that you're connected to the developers network and maybe we should talk later about a job okay all right but so so some of you don't have 10.3 dot wine okay that's a little scary because in April or earlier this month i app allanne update for the iphone that addressed some serious vulnerabilities in the iphone that would allow someone to take over your computer I mean take over your phone with a text message seriously with a text message okay so by the way to to update your phone you just have to go back to that general tab and click on updates and it'll take you to this software update but don't do it now because because you need to be connected to a charger and you're going to need about 15 minutes to do without your phone alright so anyway we'll get back to that alright so um quit another quick story about iPhones the the last time I updated this iPhone wants you to use Siri right so I went ahead and enabled it don't know why I Nabal it later that night I'm watching a basketball game and I get upset about it and I went seriously all the sudden Siri said I'm sorry I don't understand you what I mean I wasn't even touching my phone so very scary I disabled Siri and haven't read it since all right so what is a security person to do right this is scary technology we should just say no just you know don't don't implement this new technology until we get plenty of time to vet it out right well that doesn't work today that does not work in today's society you Millennials don't want to wait and not uses the technology I get it I understand and businesses don't either they want to be cool they want to they want to use the technology so instead of just saying no security professionals have to apply the slogan here which thinking we have to be curious we have to push ourselves to learn the new technology before the user community comes to us and needs it right it's a real challenge it is it is a super challenge and the big problem is the bad guys they don't have rules to follow they can learn this stuff on their own time they don't have to worry about the ethical constraints that constrain security people about learning things in fact we have to spend years gathering a whole host of certifications and and study hard and make good relationships with honest good hard-working people who are experts in the field so that to prepare ourselves in fact there's a study out from the National Crime Agency in the UK that had that that found that the average age of a cyber criminal is 17 years old they've arrested 12 year olds in the UK for hacking for online cybercrime right it just really and truly doesn't take much to become a cyber criminal and this has has prompted a huge increase in the number of data breaches right in sit in 2016 the number of data breaches were almost double what they were in 2015 which was a record year and there are predictions that 2017 is going to be even worse now what really causes this is it the lack of technological advances in the protection mechanisms the you know security technology I submit that no it's not it's something that we call a skills gap a skills gap is basically the the lack of existence of skilled employees to perform a task at an employer or at a business and security is suffering from this gravely right now it's predicted that within two years there will be 2 million unfilled security jobs in cybersecurity 2 million right so if you're thinking about changing a career good good place to get there right and another another impetus to get into this business is the wages right security and technology pretty much any technology related industry has been experiencing growth in wages of the the top performers the top skilled people in those professions right if you're on a manufacturing floor don't expect a raise but if you're a knowledge worker in the IT space expect something because you'll be able to demand it you are in demand this is also affecting education right my my wife is a math teacher in high school and she encounters this all the time with students being able to use technology to cheat on tests right it used to be that they would use some special feature on their calculator now they just whip out their cell phone or their watch I mean really their watch their watch has the power to solve calculus problems okay how do you defend against that right how do we how do we protect and I realize I'm standing on a college campus and I'm a proud graduate of the Georgia Institute of Technology go jackets but our education system is just not really cutting it right a recent study showed that the top 50 out of the top 50 computer science programs only three of them required cyber security coursework at all it's just not being recognized and the real challenge here is that even if academia were to teach budding cybersecurity experts what they know by the time they create the lesson plan what they're teaching them may be obsolete because of the advances of technology it's a it's a heck of a time we live in right so what is the solution well in security the solution is to learn to think like a hacker right it's that old thing and in law enforcement how do you catch a crook you learn to think like a crook so that you can anticipate their next step and that's that's how it is in security but this doesn't just apply to security it really applies to any type of knowledge driven or specially technology driven industry because if you're learning if you're worried about learning to use the tools the PowerPoint or Microsoft Word don't worry so much about that because by the time you graduate or certainly within five years those applications may be obsolete you may be needing to learn to use some other application so the key is learn how to learn right I know that sounds really weird but learn how to learn that's the key to be to remaining relevant and certainly to leading any technology focused industry so some suggestions on how you might learn how to learn alright some people are doing some amazing work out there a good friend of mine Dave Schwartzberg created this organization called hack for kids and basically hack for kids they're trying to change the definition of the word hack right the the perception because it's not always negative when you hack something sometimes you improve it you improve its functionality the big thing the key there is it's the curiosity about the thing how does it work so that I can take it and apply it over to this other new technology and so then I can I cannot become obsolete when the new technology comes because I understand how technology in general works right the whole system's approach and what they've come up with is this hacker mindset that the idea of just viewing the world that way and dissecting it so they had these things called capture the flag events and I love these because they're competitive and and you know kids kids just eat it up I mean they're just so creative with it right other organizations that are doing things and I have to have a shout-out to my to my Georgia Tech roots there they have a student-run organization called grey hat right then and they meet weekly and basically they just meet to talk about technology and about sent about clever things that people do with technology they compete in these capture-the-flag contests all the time I mean it's international no in fact they even host one it's called hungry hungry hackers right I guess when you're a university copyright does suit you know you don't have to worry about it but but yeah I mean they're just they're like they're out there right so hungry hungry hackers is a great event there's another organization called Odyssey of the mine which not only applies this thinking this this hacker mindset to technology but to other fields as well so with the last couple of seconds of my talk I have a challenge for you go home tonight update your iPhone and then think about your field of study and what field you're going into and how you might apply the concept of the hacker mindset to that industry I thank you for your time [Applause]

Info

Channel: TEDx Talks

Views: 105,752

Rating: 4.8961864 out of 5

Keywords: TEDxTalks, English, United States, Technology, Security

Id: AvPsukNLENc

Channel Id: undefined

Length: 18min 47sec (1127 seconds)

Published: Tue Jun 13 2017