Do you have the brains for cybersecurity?

What area of &#x27;cybersecurity&#x27; would I be finding myself breaking substitution ciphers based on wingdings in?<p>I work in the information security industry, and I feel like I&#x27;m missing something but I really have to ask what these are relevant to.<p>Cryptography, which this appears to be a reduced form of is mostly tangential and very nuanced relative to the ciphers in this challenge. I often feel my line of work is grossly misrepresented by dizzying fields of esoteric numbers and references to ancient cryptography when I&#x27;m happy to find myself many of my days engrossed in the security characteristics of some powerful technology used right now in the real world.<p>I moved from engineering to security, but if this was my only interaction with security, I&#x27;m not sure I&#x27;d have been interested.<p>Edit: if you&#x27;re interested in real crypto challenges, try <a href="http:&#x2F;&#x2F;cryptopals.com&#x2F;" rel="nofollow">http:&#x2F;&#x2F;cryptopals.com&#x2F;</a> and read Cryptography Engineering, which is a wonderful read that goes over not only the cryptography but also the principles common across the many specialisations of the infosec industry

I wasn&#x27;t aware I had to explain <i>how</i> the crypto works in order to advise my clients that they should be disabling outdated SSL versions on their servers and returing RC4 ciphers.<p>Evidently I don&#x27;t have the brains for cybersecurity. My clients should be just fine with their telnet-enabled&#x2F;remote-root-accessible servers until someone who can descramble Wingdings riddles can save them.

I have mixed feelings about this. While being a good puzzle solver is important, to be really good you need a certain level of creativity in thinking which goes beyond just the ability to solve puzzles. Thinking like a criminal as an example is a necessity in a number of cyber-security fields and can trump the ability to solve puzzles. I see a lot of vulnerabilities get marginalized because people simply can&#x27;t correlate how it could be used by a criminal to make money. Likely for a reason, it&#x27;s the ability to think like a criminal which is largely missing &amp; where people do have that ability many times they are treated by their cyber security peers as a bit suspect.

If you enjoy this, maybe you will like the challenges of Hacking-Lab (<a href="https:&#x2F;&#x2F;www.hacking-lab.com" rel="nofollow">https:&#x2F;&#x2F;www.hacking-lab.com</a>).<p>Right now there&#x27;s a Hacky Easter competition running which you can participate in for free: <a href="http:&#x2F;&#x2F;hackyeaster.hacking-lab.com&#x2F;hackyeaster&#x2F;challenges.html" rel="nofollow">http:&#x2F;&#x2F;hackyeaster.hacking-lab.com&#x2F;hackyeaster&#x2F;challenges.ht...</a>

This is probably a recruitment operation. Not that there&#x27;s anything wrong with that, but I think that&#x27;s what this is.

That&#x27;s not &quot;cybersecurity&quot;, that&#x27;s paper and pencil cryptanalysis. Completely different skill.<p>Here&#x27;s NSA&#x27;s internal course list.[1] Not much about puzzles.<p>[1] <a href="https:&#x2F;&#x2F;cryptome.org&#x2F;0001&#x2F;ncs-courses.htm" rel="nofollow">https:&#x2F;&#x2F;cryptome.org&#x2F;0001&#x2F;ncs-courses.htm</a>

This might be the optimal place to start (Khan academy&#x27;s excellent intro): <a href="https:&#x2F;&#x2F;www.khanacademy.org&#x2F;computing&#x2F;computer-science&#x2F;cryptography" rel="nofollow">https:&#x2F;&#x2F;www.khanacademy.org&#x2F;computing&#x2F;computer-science&#x2F;crypt...</a>

No[1], because &quot;cybersecurity&quot; is an open-ended non-static target, with human adversaries in the loop, who will adapt to circumstantial changes dynamically.<p><pre><code> [1] https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Betteridge&#x27;s_law_of_headlines</code></pre>

I can&#x27;t do one of these. It&#x27;s the middle one of the last part. The diagram with the pentagon.

What&#x27;s the point if they&#x27;re just going to ask for backdoors in those systems later?