Cybears

Traditional cybersecurity focused on the confidentiality, integrity, and availability (the “CIA” triad) of computers, data, and networks. But today a larger set of interests are often included in the concept of cybersecurity. Security can come from many efforts, ranging from traditional technical interventions to procedural ones, policies, design, and social norms. Cybersecurity is a social and political field as much as a technical one. Read more.

Below we’ve assembled the questions students frequently ask us in class and in office hours. We are indebted to the students in the Future of Cybersecurity Reading Group (FCRG) and in particular to Arika Verma for assembling these materials.

Peter W. Singer and Allan Friedman’s Cybersecurity and Cyberwar: What Everyone Needs to Know, is a great place to start. Although already a bit dated, the National Academies’ report At the Nexus of Cybersecurity and Public Policy explains why cybersecurity is important, why it is a wicked problem, and the public policy issues in cybersecurity. And it’s free. A more recent, advanced, and law and policy focused self-study can be pursued by working through UT-Austin Professor Bobby Chesney’s cybersecurity ecasebook.

There are so many. Here are just a few of our favorites that have a focus on policy: Lawfare, Just Security, Krebs on Security, CSO Online, and Schneier on Security.

Campus has several fantastic resources for learning many of the skills we recommend that you develop.

• LinkedIn Learning is available to the entire Berkeley community and it has good quality online, go-at-your-own-pace courses in the Bash command line, in cybersecurity management, the technical domains of cybersecurity (computer networking, endpoint, application, cloud, operating system), security testing, penetration testing, machine learning, python, statistics, and statistical management software, such as R.
• D-Lab is another valuable resource. D-Lab regularly teaches bootcamps in technical fields such as Bash, R, and Python. Courses are free but they fill quickly.
• Berkeley’s “DeCals” can also be a source of skill building. These are courses organized by students (and with faculty oversight, for credit, on a P/NP basis) on specific topics.

Many faculty members at Berkeley teach privacy and cybersecurity related courses. Because there is no one single source for course information, you may have to do some digging to find the right match for you. We recommend that you focus on faculty members and investigate their webpages. Keep in mind that in addition to their courses, these professors may also have opportunities in their labs. Read more.

Cybersecurity in Context is a three-credit course housed in the School of Law and Information. As such, it is open to law and graduate students, and undergraduates by permission. Based on a course in the I School’s online Masters of Information and Cybersecurity (MICS) program, Cybersecurity in Context is a podium lecture course (with discussion) that explores the broad range of social-political-economic-legal-ethical-military and other considerations that characterize the cybersecurity landscape. Thus, it is a wide-ranging introduction to cybersecurity that explains why cybersecurity is such a difficult policy challenge. One needs no technical background or background in law to take it. The course has modules to introduce non-technical students to core internet technologies such as routing and BGP.

The Future of Cybersecurity Working Group (FCWG) assembles students, researchers, and faculty from across the campus with a shared interest in security. We read and discuss the current cybersecurity scholarship and workshop projects related to cybersecurity. Our goal is to support critical inquiry into security and explore how it relates to political science, law, economics, the military, and intelligence gathering. Students are required to participate in weekly sessions, present short papers on the readings, and write response pieces. Read more.

There are many options available for technical training. Here are a few suggestions.

• TryHackMe has excellent labs to build skills.
• Jetbrains offers free access to its coding and other teaching modules to those who have a university email account.
• The Federal Virtual Training Environment (FedVTE) provides free online cybersecurity training to U.S. government employees, Federal contractors, and veterans. There are free courses available to the public here as well.
• Many boutique services now focus on penetration testing, such as Hack the Box and Cryptopals Crypto Challenges. There is also a vibrant “capture the flag” community tracked here.
• Services such as Immersive Labs offer simulations to show off your skills, and often give access to a demo test.

We hear this question regularly and we are certain that many other students don’t even ask because they do not see cybersecurity as a field with a place for them. The answer is yes! There is a place for you. At the same time, a number of barriers can make the cybersecurity field unwelcoming to some.  We are devoted to identifying these barriers, understanding them, and helping erode them. Read more.

• WISP: Women in Security & Privacy has many Berkeley alumna and provides meaningful mentoring opportunities and interesting programming
• The Mozilla Foundation has a major commitment to privacy and security of its users, and sponsors a mailing list of privacy events.
• The Bay Area chapter of the Open Web Application Security Project (OWASP) organizes meetups.
• SF Legal Hackers is a global movement of lawyers, policymakers, technologists, and academics who explore and develop creative solutions to some of the most pressing issues at the intersection of law and technology.

Crunchbase lists over 450 Bay Area cybersecurity companies. You can also start with a resource like Momentum Partner’s Cyberscape to understand the ecosystem of companies. The School of Information also offers an internship grant for MIMS students who pursue internships with non-profit organizations. In addition to the standard tools provided by your career services department, we recommend a direct-approach strategy. That is, if you find a cybersecurity company that deeply interests you, directly approach them and ask about opportunities. Many startups and smaller companies are too busy to run formal externship programs. They’ll be delighted to hear from you if you explain your interest and if it is well matched to the company. Read more.