CS338 Computer Security
Wednesday, 1 June 2022

+ Happy 66th anniversary to Jeff's mom and dad!

+ Notes on videos
- Loved them!
- Audience
    - essential to be clear who they are
    - generally good choices on this
- Slides
    - Keep word counts low
        (avoid complete sentences)
    - I prefer lots of narrowly focused
        slides instead of fewer broader slides
    - Slides should support the listener's listening,
        not distract from speech
    - Reduce audience's cognitive load!
    - Combo of outlines (before, between, after subtopics)
        and tight focus
    - [Caveat: are your slides intended to be read
        apart from an oral presentation? That's different.]
- Hacker images, text, vibe
    [Pexels, Unsplash -- stock photos that might help]
- Recap: lots of great work on a tight timeline!

+ This term: very short intros to...
- Security mindset
- Threat modeling
- Cryptography overview
- Network protocols
- Information security conceptual frameworks
- Social, ethical, legal contexts
- Pen testing
- Web security

+ What next?
- Ask questions, dig deeper, try stuff! (safely, ethically)
- Cryptography
    - Schneier: "Applied Cryptography"
        and "Cryptography Engineering"
    - Math: number theory, algebraic geometry,...
    - Math is a small part of it; implementation is hard
    - Pragmatics: openssl, international standards,...
    - Tons more resources
- Information Security professional tracks
    - Creating/maintaining secure computers and
        networks for organizations
    - Courses, certification programs
    - Entry-level jobs (CS major sufficient in
        many cases)
- Pen testing
    - Courses, certification programs
    - Self-study of all the stuff installed on Kali
    - Hacking practice websites
    - Set up your own experiments
- Web security (esp. if you plan to do web development)
    - Courses, certification programs
    - Learn about all the OWASP top ten
    - Practice attacks and defenses
- A million specialties
    - endpoint protection
    - intrusion detection & mitigation
    - forensics & incident response
    - governance, risk assessment, compliance
    - ...
- Read and listen!
    - bleepingcomputer.com, arstechnica.com,
       krebsonsecurity.com, schneier.com,...
    - themarkup.org
    - Risky Business podcast (risky.biz)
    - so many books!
    - (Keep a list of jargon. Hang in there.
        APT, CSO cee-so, .......)

+ Questions about exam

+ Questions about anything else