Go Learn Some Snort (aka learning network protocols and how networks work) …

I was at a talk recently on some funding around cybersecurity and aviation, and one of the presenters outlined that our kids can use technology, but they often don’t know how it works. We thus need to drive our education system to focus on not how to use things, but how things fundamentally work.

I also think — in cybersecurity — that we need to avoid wide and thin knowledge bases and focus on deep knowledge. In this way we will develop people with strong specialisms, and who can be trusted within their areas. Just now, the professional certificates often go wide, and never really dig deep around topics. I often worry about the depth of knowledge of some involved in cybersecurity when you ask how a firewall works, or how public-key encryption is actually used.

When asked about the core things that a student should learn about Cybersecurity, I always come back to the same things … solid networking skills, a good understanding of the protocol stack, command-line usage, operating systems, domain rights, and services. I would now add the ability to script, especially around AWS and with Python and/or Node.js.

So, let’s bring most of these things together around a pig … Snort. With Snort we have one of the most basic building blocks within computer security, and where…