Do you have the brains for cybersecurity?
bbc.co.ukWhat area of 'cybersecurity' would I be finding myself breaking substitution ciphers based on wingdings in?
I work in the information security industry, and I feel like I'm missing something but I really have to ask what these are relevant to.
Cryptography, which this appears to be a reduced form of is mostly tangential and very nuanced relative to the ciphers in this challenge. I often feel my line of work is grossly misrepresented by dizzying fields of esoteric numbers and references to ancient cryptography when I'm happy to find myself many of my days engrossed in the security characteristics of some powerful technology used right now in the real world.
I moved from engineering to security, but if this was my only interaction with security, I'm not sure I'd have been interested.
Edit: if you're interested in real crypto challenges, try http://cryptopals.com/ and read Cryptography Engineering, which is a wonderful read that goes over not only the cryptography but also the principles common across the many specialisations of the infosec industry
This looks like it could have been inspired by the Cipher Challenge[1] from The Code Book[2], which starts with monoalphabetic substitution problems.
1. http://simonsingh.net/cryptography/cipher-challenge/the-ciph...
2. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/...
If anyone is looking for a seriously great introduction to cryptography check out the Art of the Problem series on YouTube, don't have a link right now because mobile but it is probably the best easily accessible explanation of real world cryptography I've ever seen.
EDIT: https://m.youtube.com/playlist?list=PLB4D701646DAF0817
It's more a rough aptitude test for creative problem-solving and persistence than anything else. Of course you need the strong technical background as well. But enjoying these sort of puzzles can be an indicator of sorts. I also work in cybersecurity, and most of my colleagues and I get a kick out of these sort of challenges.
I think this is geared for kids, and not really adults.
It's a recruiting exercise for various companies.
Apparently it's a serious recruiting exercise for various companies - which is frankly terrifying for anyone who knows anything about infosec but isn't a cybercriminal, terrorist, or foreign hostile.
Yes, as the title says it's "cybersecurity", not infosec. :)
Must be pretty smart kids. One of the last puzzles is very hard.
> I often feel my line of work is grossly misrepresented by dizzying fields of esoteric numbers and references to ancient cryptography when I'm happy to find myself many of my days engrossed in the security characteristics of some powerful technology used right now in the real world.
Have you never worked a custom written crypto algo in your line of work ? For example, countries' army are the bane of sysadmins since they implement about every standard of networking since computer exists.
Working in infosec, you hardly have to crack an akbash cipher, but I'm pretty sure you'd had to understand a closed source algorithm.
I wasn't aware I had to explain how the crypto works in order to advise my clients that they should be disabling outdated SSL versions on their servers and returing RC4 ciphers.
Evidently I don't have the brains for cybersecurity. My clients should be just fine with their telnet-enabled/remote-root-accessible servers until someone who can descramble Wingdings riddles can save them.
I have mixed feelings about this. While being a good puzzle solver is important, to be really good you need a certain level of creativity in thinking which goes beyond just the ability to solve puzzles. Thinking like a criminal as an example is a necessity in a number of cyber-security fields and can trump the ability to solve puzzles. I see a lot of vulnerabilities get marginalized because people simply can't correlate how it could be used by a criminal to make money. Likely for a reason, it's the ability to think like a criminal which is largely missing & where people do have that ability many times they are treated by their cyber security peers as a bit suspect.
If you enjoy this, maybe you will like the challenges of Hacking-Lab (https://www.hacking-lab.com).
Right now there's a Hacky Easter competition running which you can participate in for free: http://hackyeaster.hacking-lab.com/hackyeaster/challenges.ht...
This is probably a recruitment operation. Not that there's anything wrong with that, but I think that's what this is.
"They range in difficulty from simple to knotty and fiendish. We will let you know the answers next week."
It's not a recruitment operation. They're just some fun puzzles which are accessible to laypeople. It shows the fundamentals of cryptanalysis in a way that a casual reader can understand and even have a crack at solving.
Someone mentioned in another comment that Simon Singh's "The Code Book" starts in a similar way and they're dead on. You don't introduce someone to a subject by posing problems based on constructs they don't yet have the tools or context understand. The history of the field informs its current state - cryptography and cryptanalysis have a very rich and fascinating history.
That's not "cybersecurity", that's paper and pencil cryptanalysis. Completely different skill.
Here's NSA's internal course list.[1] Not much about puzzles.
This might be the optimal place to start (Khan academy's excellent intro): https://www.khanacademy.org/computing/computer-science/crypt...
No[1], because "cybersecurity" is an open-ended non-static target, with human adversaries in the loop, who will adapt to circumstantial changes dynamically.
[1] https://en.wikipedia.org/wiki/Betteridge's_law_of_headlinesI can't do one of these. It's the middle one of the last part. The diagram with the pentagon.
What's the point if they're just going to ask for backdoors in those systems later?
I guess if you can crack these, then you're more competent than the current guard you'll be asked to replace and won't be asked to compel companies to write code without pay to breach their own security systems... so perhaps you'd be doing the world a favour by becoming an underpaid cyber security expert working for peanuts at one of the world's premier intelligence gathering agencies without needing to ask for sweeping surveillance rights that are a gross breach of everyone's right to privacy - which there are laws set in place to protect, unless you're the Government, in which case, the law doesn't apply to you. ;)