From AI to deepfakes: How machine learning is affecting cybersecurity | Cyber Work Podcast

From AI to deepfakes: How machine learning is affecting cybersecurity | Cyber Work Podcast

Show Video

We, recently hit yet another huge milestone, here at the cyber work podcast, 25,000. YouTube subscribers thanks. To all of you who watch and listen each week so those of you who watch the YouTube videos go live and chat with each other in comments and everyone. Who is helping us to grow this great community to give, back we're now giving you 30 days of team training, for teams of 10 or more your, InfoSec skills account will help you your entire team develop their skills and learn CPEs through hundreds of IT and security courses cloud, hosted cyber ranges, hands-on, projects, skills assessments, and certification. Practice exams plus, you can easily monitor assign, and track training progress with team admin and reporting features if, you have ten or more people who need skills training head over to InfoSec, institute comm, slash, cyber work or click, the link in the description to take advantage of the special offer for cyber work listeners, and thank. You once again for listening to and watching our podcast, we appreciate, each and every one of you coming back each week and, on that note I've got someone I'd like you to meet so let's begin the episode. Welcome. To this week's episode of the cyber work with InfoSec, podcast, each, week I sit down with a different industry thought leader and we discussed the latest cybersecurity, trends, how those trends are affecting the work of InfoSec professionals, while offering tips for those trying to break in or move up and the ladder in the cybersecurity industry, our. Topic today is AI and machine learning it's gonna be an exciting if possibly, scary one we've. Heard all about deep, fakes and if you haven't go, look it up through, a combination of incredible processing, power and some rudimentary artificial intelligence, technology, and, a lot of ingenuity and deviousness hackers, and others other bad actors are able to curate very realistic, videos of human, beings that, appear to be saying unexpected, scandalous, seemingly. Impossible things so. There are telltale signs that something's up viewers looking to have their biases confirmed may not go through a mental checklist before sharing this type of harmful, and blatantly false info, through social, media this. Type of information could be especially catastrophic. As we move into another election year. Emanuelle. Zukerman is a professor, of data science, and machine learning he's, created several courses for our InfoSec, skills platform, on this very topic we're. Going to talk today about the deep learning applications. Of cybercrime as well, as some of the ways the same types of technologies, can be used to counteract these threats we'll. Also be talking about the data science and machine learning courses, that Emmanuel is created for InfoSec, skills and how they can help your security career, to rise to the next level Emmanuel, welcome to cyber work. Thank. You Chris it's an honor to be here in cyber work thank. You so much for your, time so I want, to start out by asking you a bit about your security journey, how did you first get interested in computers, and tech and cyber security and when did. Your attention turn to topics around AI and machine learning. So. Actually. I started. My journey outside. Of cybersecurity. Focusing. On statistics. Machine, learning, and applied. Math more broadly and then I got into. Cybersecurity. Because. I knew it's a great place. For disruption. And, it's, always, dynamically.

Evolving. So, it's never gonna be a boring field. To work on and, you found that to be true. Yeah. Especially. Yeah. So. Developments. Okay. So um could you give me a sort of a compressed version of the the project's, positions, and training, that took you from your early career to your current. Work as an educator and security, consultant what were some major, educational. Experiences, or project-based touchstones. That you know shall we say made you made you what you are today. Yeah. So, when. I first got out of school I joined a, small start-up, of four, people and the. Startup was focused, on IOT. Security, so at that time IOT. Was exploding. It was kind of early and, we. We. Went on customer, interviews asking. Large. IT. Hospital. IT managers. What. Are their primary, concerns, what, kind of products. Would be best for them what's. Their interest and we. Learned that, they're actually concerned, about all. Of them were concerned about ransomware. Hmm. So. Then we. We. Decided, why. Don't we incorporate its, ransomware, aspects. In our I Oh T suite, and. I. Worked. On this project I, was sort of the new person, so I was assigned this project. And the, first question that I, had was why. Is ransomware. A problem, because, there's antivirus. Right and ransomware, as of ours well. I learned that at that time this, was a few years ago AVS, mostly, relied on signatures. And. Heuristics. So, signatures, are kind of like a catalog, to. Be, very simple, about it and heuristics. Like rules, that, people come up with that, are likely to work. But. The problem was that every. Day you get, like, hundreds. Of thousands of new samples, and there's, no way these techniques, can, keep up and the bad guys are constantly, innovating. With new types of ransomware and new techniques. New ways to penetrate, and it's always a problem, so. We decided, that. Since, these approaches, don't work heuristics, and signatures maybe. This is a perfect, application, for, machine, learning and, having. A data science, background, I decided. Let, me try it out maybe. It'll work I mean, it sounds promising machine, learning should, be able to learn from the data it should be able to learn. From history and then, figure out new. Samples, that we haven't seen before which is the issue we are facing. So. I developed. A virtual. Lab, I collected, samples. Conducted. Experiments. And eventually. We did prototype. A machine, learning product, like a machine learning. Prototype. And we. Tried. It out we demoed it and we, decided we're. Gonna pivot completely. From IOT. To ransomware. Hmm. So. Then we went. Ahead and developed, this product and. It. Was successful. We had. Customers. From large enterprises. We. Got words, and, so, on and that was my first experience. In cybersecurity. Was, like this I didn't, know what to expect I, come in for IOT I shift. Into this experimental, thing ransomware, and, is. Very exciting. Topic. You came here and I worked, Paolo. Oh. I was gonna say it sounds like you came into the. Sort of birth. Of ransomware fairly. Early to like it was that was it was pretty much a newly, developed thing at the time is that was, that sort of part of the the, sort of opportunity was that no one else was really sort of working this area. Yeah. It was right before I wanna cry but, it. Was like after some ransomware, was out there people are afraid, but, it wasn't it, was, before like the really big things happened, like wanna cry and not that yeah mmm. Gotcha. So I want to talk today a little. Bit about deep. Fakes on the intersect blog you wrote about how deep learning and deep fakes are changing the face of cyber security you. Know this is of course a huge subject right now especially this year and, you note that because of the rise of this technology you said quote the, ability of basic human intuition to prevent attacks is an all-time low whereas. The need for training and specialists. In cyber security is at an all-time high. There's obviously scary stuff but you also note, that machine. Learning can be used as a countermeasure and, that to quote you for every tool that utilizes, deep learning for offensive purposes there's, a tool that uses deep learning to, benefit humanity, can, you tell us something about some, of these counter-offensive. Tools that. Use this emerging technology to, bring the fight to the bad actors. Yeah. For sure so let me start by explaining. Why. I think, human. Intuition is, now. At. An all-time low, so. There's, a recent, crime, where, fraudsters. They. Managed, to get, a company's, there's like a, child, company, and, a parent company and they got the child company, to. Transfer. 250. Thousand, dollars. And the, way they did it was they, pretended, to be the CEO of this larger, company. Using.

Voice. Transfer. Artificial. Technology, artificial intelligence. Technology, so. It's like deep, fake, but. For, voice like maybe I, take, your voice Chris, and I. Say, something, using your voice and now, I convince people, who, know you that, you're, saying it and therefore it, must, be this way and they, indeed, managed to do this and I. Think the, most disturbing part is that I mean. This. Person the, the victim was the CEO of the child company he knew the. CEO, of the parent company it's not like completely complete, strangers, and you'd, think that. Maybe. Intuition. Would work here but no so. I think, that if he was more aware. Of this possibility, I mean maybe had some nagging. Doubts like is it, does, that make sense for the CEO to ask to, transfer. To 50,000. Into this unknown place well. No, but, it is his voice right, so I, guess. It's him but, if he knew that now. We have technology that allows, you to imitate, someone's, voice then. Presumably, he would be much. More cautious you double check if that really makes sense maybe call up the CEO of the parent. Company and see that. It's not him. So. Now there are are, a lot of tools out there almost. For, every, I. Guess I'll call it like a forgery, technology, there. Is a like. A counter. Counter. Technology. That can detect when it's forgery so there is for instance. Technology. Before, detecting. Defects, I guess. We haven't defined the fakes yet but basically, the. Most, common. Instance. Is when you, take a video of someone let's say a video of me talking and, you replace my, face with someone, else so it can be a political, figure it. Can be. Maybe. You replace the criminals face with. Like someone, else and then you you're. Now. House. Basically. Getting, someone else to, take default, and. It's. Shockingly. Convincing. I mean I've seen, videos of this and I can't tell is it the fake or is it the real person, I don't know yeah. So. This is the the fake technology. But. Yeah there is technology, for, countering. It like you feed it into a neural. Network and it can tell you is this fake or is it real and the. Same applies for a lot of other things, are becoming more. Affordable like, fishing. Voice. And. So. On and so forth, so there are these technologies, are out there and. Another. Approach is. Also. Reputation. Scoring, there's. A lot of rising, reputation, score like, risk scoring, using. AI that. Can tell you if, it's likely, to be a scam or something like that. Okay. Now, can, we talk about some ways that that deep learning could affect. Cyberattacks. Whether to enhance social. Engineering or stock market manipulations, for example since so, I was gonna say since we don't know what we don't know. You. Know could we talk a little bit about some of the different, possible, types of deep fake enhanced, attacks that we should be watching out for like what are some of the areas that. Deep fakes are most likely to be used in I mentioned, you, know that you could you could get a voice saying, you know sell off the stocks or you could get you, know social engineering thing saying hey it's Chris, you know I mean I'm in trouble send me money dad you know or whatever but like, what are the sort of like main areas, where. Deep fakes could really sort of do a lot of damage that you see. Yeah. So you mentioned. I. Think, one of the most important ones is fishing. So, this is for the common person everyday. Life you can be concerned about voice. Impersonation. Some. Maybe, if, someone is, conferencing. You you don't really know what's, happening behind, the screen if it's so. There. Has been demos. Where people do it D, fakes live so, for instance for, all we know this isn't my face maybe right, I'm like anonymous, where I put on different faces or something like that there. Is another area, of huge, concern for for. I guess, everyone and which is the elections, so you can imagine a. Broadcast. Of one. Of the candidates, or someone, related saying. Something, and. People. Wouldn't know that it's, a fake and. I've. In, the blog post I show a short. Video where they have the. Former President, Barack Obama, saying. Some nonsense. But, until, he says the nonsense. Like he starts out very formal. And you think that looks real and then, you see a different, person was like a puppet master, who's. Talking. In his stead, so. Those. Are a few of these critical. Ones right. Do. You have any sort of tips for, people sort of watching out for this kind of thing like I say I know most people are gonna. Want to you know use. Their confirmation, bias and say well you, know this person says it I didn't like it I don't like this person so therefore they probably said it but like I've seen for example people say that, like like.

You Can check like the hairline sometimes, is a little off or the way the eyes move or stuff like that do you have any kind of sort. Of aesthetic tips in terms of watching out for this kind of thing. Yeah. So two, thoughts on this so one is yeah. Is, usually, at. Least in the, technology. That's been, commonly, used in the past few years you, could see like the face like. Place, here, and then there might be a tiny bit of problems in the connection here like that's where you would see right. It's a different, things but. Nowadays it's, becoming much more convincing and there. Are even I, forgot. To mention that you can have deep fakes that aren't, just the face so that you can have the fakes to the whole body. Right, you can have D fakes for colors. Like car. Color the. Color of the shirt I'm wearing, you. Can replace license. Plates. Titles. And so on and so forth I think that's, also an area to, keep an eye out for it's, not just the, technology, itself, becoming better like easier. To generate the, fake and, the, little. Artifacts. Often fake being, harder. To see, but. Also, the. Applications, people coming. Up with very clever ones where. You. Wouldn't know that they're doing it yeah, so. Yeah, so I mean what are your thoughts on how to combat. This because, I mean it sounds very. Apocalyptic. In, the sense that I can't really think of any way in which you. Know we're, going to sort of be able to shut this down so what what, are your sort of tips or advice coming, into this election year, whether. Legislative. Or just you know individual. Person, you know like what. Do you what do we do. Yeah. It's a good quiet when I think about this it feels kind of like I'm, writing almost like a science, fiction not model, YA, novel. It's. Like so. In the future all. Videos. Will, be. Deep. Fakes you know you won't be able to tell if it's real or not your, audios will be. But. Then so, it's kind of like this, sort, of like Blade Runner thing but. I think that so. This is just my thoughts, is that in, the future we're, gonna cryptographically. Sign. Videos. Okay, so, there will be like a certifying. Authority, just like you know you have for the internet or something like that mm-hmm. Would. Be C trust. Someone, so, maybe. If it's you. Know the US government, that's releases, a candidate's. Introduction. Or whatever it is and there's, like a cryptographic. Signature. That you can verify for yourself and, say okay. That is the US government, no one is fooling me whereas. If. It's a different, country that's, really easing, account, the video. For that candidate, you want you'll have they. Won't be able to verify it that's. My thinking, about that, but, I think there'll be like two types, of media. Like the, certified. With. Crypto. Cryptographic. Signatures. And then stuff. That you can't verify then, no, one knows what. If it's true or not maybe, it's more for entertainment. Right. Dude, use force I think we will get over it Dobby. Yeah. I was gonna say I think there will be a time, where, there, will be confusion. Some. Some, fear and, a. Need for people to step in and and come. Up with solutions, which I suggested. One we'll see if it's viable, why not right, that was gonna be my question was, whether or not such. A such, a device, is currently on the market or, whether it's something that we're still sort of speculating, about at this point. Yeah. I think the technology is there it's, more of the desire, to do, it right, the rollout but. Remains. To be seen, yeah. So. You also mentioned a you, know interesting, blog post on our site about using, machine learning applications. To intercept, in the gate rain, somewhere before the worst happens and you mentioned a little bit start of the show could we talk, more about that technology what, exactly is are, these sort of machine learning enhanced, tools doing. To sort of stave. Off ransomware, before the worst happens. Yeah. Sure let me start with maybe, how you don't. You. Don't detect ransomware, so, on like. A naive approach is. To. Come up with some rules like you study ransomware, and you see looks. Like ransomware, likes to change extensions. So. Maybe I'm gonna come up with a rule where if a, process. Changes, the, extensions, of five files saying, and. These. Extensions, are not known then. Let, us you. Know kill this process quarantine. The file that produced it and declared. To be ransomware, and this is like your rule this is my rule. A but, then the problem is what, if this, ransomware, for. Instance takes the files. Copies. Them. Encrypts. A new, thing and encrypts, the copy and then erases, the original, then now I got through your heuristic.

Or What, if it, encrypts a bunch of them at once and again you have a problem and you. Have to keep, and keep, an account that you. Don't, produce, false, positives, like, legitimate. Applications, that you've flagged. So. Then you, think of ways that are better and. The. Solution. Is machine. Learning which I would, say the definition is like. Automatic. Production of. Rules. Using. Large data and, at scale so, we came we came up with like one rule that then. Quite work but, we can let the data come up with rules itself, and at scale and then, we have a solution for ransomware. So. In that sense, you. Basically, let. The data come up with the rules instead, of trying to keep up and having many, people, try. Various, rules that, and then they, get out of date a month, later because, hackers are privy to what people are up to and, then. You have a solution. That's also able to catch future. Attacks. Like zero day attacks. Because. The. Yeah. Okay. So, um, moving. On to the heart of the talk today I want to talk, to you about your work with InfoSec, skills are skills based platform could you tell us about. Your cybersecurity data science skills, courses and how they relate to this very, current security, concern. Yeah. So. I'm. Often, keeping. An eye out on the market and what's, going on and I. See a lot of, disruption. And innovation coming. From machine, learning in particular for. In cybersecurity. So. For instance you'll see like a start-up. That's the, claim self we have a solution to phishing, and it. Relies on machine, learning to. Maybe, create a reputation score or maybe it's. An, amalgamation, of different, solutions. Altogether, and I. Think. For. For. For I. Guess for job, applicants, and, other. People, in cyber security. When. You're applying and, if you have a machine, learning, or data science, experience. Then. You. Are an asset because, the. The. Hiring manager, looks at it and maybe, imagine, we have like two candidates, one with the, machine learning skills, and one without and they, see like, the person the machine learning skills, could, be potentially. Helpful, in designing this new solution. That we are working on and this. Doesn't only apply I to startups. There's also a lot of disruption in larger. Enterprises, because, they. Are aware that there. Are all these startups coming up that are disrupting. So they need to disrupt themselves, and they are also hiring, a lot of data scientists. And machine learning. Practitioners. In. Order to develop, these new products. Soon, that that was my. Reasoning, from a market, perspective why. I think it is very, useful to have these skills. Asides, from the, practical, usage, of create, better solutions. To, cybersecurity, problems. Now. Going, in more details, to. The learning paths. The. Goal is to basically give people the. Fundamentals. The background, so that they, can afterwards, specialize. In what they need because, you. Never know like maybe you need to specialize in fishing, and that's. Something. You have to research, but if you have the basic tools machine. Learning you, will apply, your domain knowledge from fishing and you. Apply your tools to the domain of fishing. Right. So. I cover a, lot of things but in particular, I cover how which. Learning. Is used for. Malware. Detection I go in a lot of deaf hear, on the. Feature engineering, the. Collection, of the data, I, talked, about end to end machine. Learning, which is basically. Where you just let the neural network, figure. Everything out by, itself so. That's kind of like an amazing new. Thing and. I. Talk about how. To use machine, learning for intrusion. Detection okay. So that is things like IDs. Is that rely on, data. Science, and data and, I. Talked about social. Engineering so that's like D, fakes. Performing. Assent. Automatically. For. Instance like having your. Machine. Learning system extract, the, text from videos, and then searching through the text to find what you're looking for for instance maybe you want to know someone's. Let's. Say twitter twitter. Account, and. Then you perform and. You utilize, this text, extraction to, find the keyword Twitter and then, that helps you automate, the, search through all all the person's videos which, could be like thousands. Okay. And then that's the that's. The cyber security data science, Learning, Path there. Is a more advanced, learning path which is machine. Learning for Red Team hackers, so. Here I go in depth. Pentesting. And I view it from both, sides of, the equations, though how, to use machine, learning to, attack and how, to use machine learning to, prevent attacks.

And. Also, how to attack machine learning, systems. So. I thought I show, how to do defects, from, beginning, from A to Z I, show. How to. Attack. Machine, learning systems. For. The purpose, of red, teaming. And. I. Show how to do smart fuzzing, so I think you had a guest. Not too long ago discussing. Fuzzing, so. I show how to use machine, learning to take, it to the next level so that your father is learning. From what it's seeing so. These are really powerful techniques. And I, think I cover such a broad, range. Of topics that. Anyone. Who's done. These learning, paths has like a very good background they, can probably. Find. Similarity. Between whatever, problem, they are working on and something, that you learn in the course. Okay. So, I want to talk a little bit about something whenever we talk about AI and machine learning and the showing we've had a couple, other guests that have talked, in similar areas we get comments and questions, about. The possibility, that improved, automation, process, will replace low-level, cybersecurity careers. That a real fear or should professionals, in the cyber security ladder, be considering, these factors, when. Choosing their, career in the long term or is it more of a sort of an add-on to the, sort of human element. So. I think this has been a fear that's, kind. Of always been with us in the sense that we've. Always been concerned of getting automated. Out of our jobs and I think that applies to everyone but. I don't, see it as a problem I think machine. Learning is gonna be more of a tool that enhances. Your. Ability kind. Of like a computer like you can do whatever computer, does like if you are. Filling. Out data, you. Can do it on, pen. And paper but, in computer, in a computer it's faster, sure, so, I think the same would apply for let's say security, analysts like if they come up with rules, that they're looking at the sim or something, like that well, they can like 10x. Or 100x what. They're doing by, letting a machine learning system come, up with more, rules better, rules or check the rules that they have and. Similarly. If you are looking at a sim, or sock. You. Might use a machine learning system to. Focus. Your attention so you don't have to look at so many events but maybe the, system will tell you these, are like the top hundred events focus. Your attention here because the machine learning system is obviously not as intelligent as, humans, are we. Are aware of many, more things the context the background, and so on and so forth, so it makes sense to, use, it to kind of Whittle, whittle. Down the easy. Stuff and bring. Into our attention, the, important, stuff that requires humans. To, solve yeah, that's that's worth really worth noting in the sense that you, know a lot of people think that it's gonna take away sort of humans. But it can't, only take away human intuition all I can do is add more computing, power to power but you, know a lot of the sort of problem. Solving is sort of having, a human. Interpreting. What another human is doing on the other side and, that's, always going to be necessary. Yeah. Definitely. So. What can students. Taking these machine learning and data science courses expect, to learn that you talked about a little bit but what types of, career.

Or Professional, specializations, will be best utilized by, learning about machine learning is you'll be teaching it what what, you know where where would you start once you sort of have this information. Under your belt. So. I, was I thought about this question and I think that it. Is. Especially, these, skills are especially useful for, practitioners. People are developing, things. Like. For instance security, analysts, who need to come up with better, rules or, maybe people who were looking to catch, malware, to, improve the malware detection capabilities. In their, organization. But. I think another. Section. Of people that, benefits, a lot from this, understanding. Is actually, the decision makers because. They're. The ones who will decide what. Should we invest in should we purchase, this tool should. We do. This, training should, we develop. This new machine learning, tool, like, how difficult, would it be is it practical. Can. It perform, better than, what, we have and these. Types of questions I think can only be answered by, getting, this. Type of knowledge, by, going, through the course and seeing, what, does it take to create a machine learning classifier. Is it 10. Years or is, it something can be done with what in one year how much data and so, on is the force I think decision-makers. Are really, important. People. To learn this and another. Section. Of people who would benefit, is I think, kind. Of the general public, in the sense, of being aware of the dangers, out there like we mentioned the, fake and. Voice. Transfers, so maybe I. Imagine. They wouldn't need to go into as much detail, like they don't need to go. Through creating. A malware classifier. But, it sure doesn't hurt for them to see how, the fakes, are made how easy it, is I can make Adi fake in one. Day like. Take, your video and bam. Be fake so it would be very useful, for, anyone in general to be aware of how. Machine learning is being used in cybersecurity. So. In your opinion what are the cybersecurity, skills, that are currently most in demand and most likely to accelerate your career there are, their skills either the ones in your class or just that, you see out in the world that people are overlooking in their studies and preparations. So. From my perspective I'm. Looking. I look a lot at lot like the disruptive, disruptive, elements. And for me it's. Things. Like machine learning and. Various. Applications, of it but. I also keep try like I watched the I, look, at the cybersecurity, news, very frequently, on the daily basis, and, I.

Keep, Seeing. Patterns. Like, ransomware. Is still. An issue and. It's. Actually attacking hospitals. Of this dark, time which, is pretty, sad but, that suggests to me that there is I mean obviously, there. Is an e since an attack has occurred at a hospital, there. Is a need for someone to have prepared, better to, prevent it or to at least be able to remediate it to better so. Maybe, auditing. Better. Auditing. Seems to be required. Maybe. Just more. People. In cybersecurity. So, I want to talk a little bit on, sort. Of the platform, of what we're doing here is on online trading becomes more ubiquitous what, are your thoughts on unskilled, focused training versus bootcamp, or for your academic subjects you, know for like for your institution what are the what are the benefits and disadvantages to, each type of training especially, to you. Know the difference between skills based, education. And training versus, you know the other methods, that people might be normally. Thinking of as sort of the default. So. I think. It. Depends on your current. Where. You are currently in your career so, if your store first, just. Starting out I think it makes the most sense to, do either a bootcamp, or a, four-year. Degree and. The. Reason I think boot, camp actually might be better especially. In cybersecurity, is. I mean. It's gonna be faster, you have guarantees, and you. Can focus, you. Can get job, skills as opposed to in a four-year degree where it's a little, more roundabout, a little less direct, um. Perhaps, more expensive, and. Yeah. And this way you are able to basically. Solve, this, need. Experience, to get experience, paradox, so a lot of people have difficulty entering, cybersecurity. Despite. The fact that we have a huge demand which is very. Ironic and I think if you do a boot camp that places, you in a position we have experienced and now you, are off to a great start you can get more experience now. I think once, you are already. In cybersecurity, and, you are pretty, stable and, you. Have specific, requirements, and I think it makes sense to look at skills based so, let's say hypothetically, that, I am a malware.

Analyst. And. We. Are. Maybe. Having trouble with, I don't know Trojans, say hypothetically. Then. It, makes sense. In terms of time commitment, to, focus. On Trojans. As my skill understand. How children's work reverse. Them and just. Dedicate, to, that skill as opposed to taking. Malware. Analysis course, more generally, which is not gonna go as in-depth and it's, gonna take longer and you probably know it if you're in malware analysis it's too general for you so, I think like, once you're are you. Have a job or you. Have a project you're working on, then. You know what you need to drill into and then it makes sense to go skills based skills. Based training, okay. So of course it never hurts to keep keep, keep up the boot camps right, yeah. Absolutely yeah, and I never stop learning so so. Regarding, the skills platform, I mean just to sort of people who aren't quite sure what we're talking about this is you, know you, you get you know access, to X. Number of skill training. Courses that are sort of just they're kind of like podcasts or just sort of floating out there and you choose them choose them as you need and work, on them in your own pace so you. Know without a professor, or you know boot camp instructor assigning, weekly tasks, some, find that it might be hard to stay on track and meeting your learning objectives you many tips to, help lifelong, learners stay focused on training accomplish, their goals. When their aren't necessarily hard deadlines at the end of them. That's. A tough one so. My. Thinking was. It. Reminds me of this. Jerry. Seinfeld. Advice. So. He has this advice, for, when. He was trying to work. On his comedy. Skills so he wanted to make sure that he writes a joke each day so. What he did was set up a calendar behind, him on the wall and each. Day that he wrote a joke he would mark it a big red, X mhm, and basically. As he kept doing it he had like a chain of these big red X's, yep, and at, that point. He. Had this, internal. Motivation, not to break the chain like, don't, skip a day because, then you will see that, you broke oh you see on the calendars I think that could be. Yes. I think this is a good good advice for anyone. Learning. Skills maybe try, to chop up your work into. Practical. Chunks, that you can, finish. Each day and then just don't break the chain yeah. So. What. Should you be shopping for when seeking out skills based training I mean there's a lot of education, programs out there but what do you think distinguishes. You. Know the best ones what are the sort of products, or services or the, way they're you know handled. Or whatever what, constitutes the best ones. So. I think. The best, so. It's really important, that the. Education. Provider. Gives you a good experience. So I think this is like. A follow-up on a previous, question in the sense that if, you have a good experience in your, course, or. In your skills, based training then, it's more likely that you will keep going that, you keep. Coming back and you'll keep learning whereas. If you had problems like. Customer. Service was bad or. The. Platform. Crashed. Or, whatever it is then. You kind of have this bad experience and, you're less likely to keep going and you, will break the chain so I think you want to make it easier for yourself to not, break the chain and, get quality. Education. So somewhere we get good customer service a good experience, and a good platform. So. For people who might want to sign up for your class and of course listeners. Of this podcast can use, promo code cyber work to get a free month what. Tips do you have for anyone, who wants to get in the most out of your classes, specifically, and also once they've you. Know completed, the coursework what are their areas of study would you recommend within, the skills platform to sort of build on it. Yes. So I would start with, cybersecurity. Data, science, there's two learning paths like mentioned, early cybersecurity, data, science and then get machine learning for Red Team Packers, okay, and the.

First, One is the, fundamentals. So. It's. Pretty. Hands-on, and I think that's essential, in, cybersecurity that, you, work with, real. Things like, you get, real samples, you create a real lab you. Create an actual class farm because just, reading about it is not. Gonna help you you're not gonna be, able to do it in real time when you need to so. I would suggest working. With it all, the, assignments, are pretty handy. None of it is tedious, and by. The end of it you'll have experience, with most. Of the, important aspects, of. Cybersecurity. Like, you will have worked with malware. You, will have work with phishing. Who have work with intrusion, detection and. Pentesting. Social, engineering and now, you're you're. Pretty comfortable. You have a broad base. Afterwards. If you're, still. Motivated, to. Focus. On machine learning in particular then. You can go on to machine learning and creatine Packers which. Is, I, think really, interesting I mean I personally think it's freaking. So interesting, to. See how machine, learning seems for offensive purposes and, then. You can learn you, can go in dev so this is this assumes, that you've, finished, our security, data science, and here, you do things like deep fakes, fuzzing. Using, machine learning and, even. Attacks on like actual, machine. Learning systems. So. That's if, you want to take your tools. And your techniques to like, the next level this is like the cutting edge of technology. So. Once, you're there and you have these skills then you, focus, on what, you're specializing. In, but. You now have like a broad foundation from, cybersecurity data science, and then you, know the cutting-edge tools so. Now it's just applying, what, you've learned okay, so one last question before we go where do you see deep fake technology, going in the coming years do you think this is something. That's gonna be with us for the immediate future do, you know or is this something that legislative. Agencies, will eventually crack down on or, is, this. You, know like, where do you see it going do you see it getting sort of more, efficient. More, more used or you, know do. You see like an end point for this sort of thing so. I. Think it's. Actually. Sort, of like the. Way cybersecurity. Proceeds. In a lot of ways so you. Kind of have like the hackers. Trying. Out like fringe, new, technologies, and then, they use it to like cause trouble, and, then the, security. People catch, up they. Learn about these technologies, and then they kind of fuse them for, defense so. I think there's gonna be a similar thing with defects so right now most. Government, agencies, police. And so on it's for our not, really. Employing, deep, learning technology, too much, but. Your see we see like hackers, utilizing. The these, sort of tools, to. Cause trouble, like for instance I mentioned, the, audio. Impersonation. That, led. To defrauding, by. $250,000. So, recently. Motivated. By these sorts of problems. The. Police mr., Carling to employ, deep neural, deep. Learning technologies. Ok so they're, using this, tool. To. Basically figure, out who a suspect is so. Like let's say that you.

Are Caught on camera. Burglarizing. A car or whatever it is right and just because. We have you on camera doesn't. Mean that we know who it is, it's. It's hard to tell right yes, so they are now using deep, neural networks to solve, these sorts, of crimes so they look at the, footage, that we have of, the person committing the crime correlate. It with your, social networks and other oesn't. And maybe. Close. Information. Like government. Databases. And. Then we figure out oh it's, Chris he's burglarizing, cars again it was me you know something like that. So. I think so. I think in in the near future, the, government agencies, and the, police force I'm gonna start utilizing. The, tools for, defense right. Do, you ever see a. Equalise. Do you see a point where the technology, will catch up sufficiently, in the defense department that, it will make the. Concept of deep fakes obsolete, I think. So I think a lot of it is. Gonna. Require other tools like crypto, and, awareness. Just that yes. Fake things exist, and then, it's gonna become like just. The special. Effects tools just, like we have a plenty in Hollywood. It's. Not that big of a concern we know you can add in, all sorts, of like. Ways. To beautify, someone's, face right it doesn't, warn, us like we can Photoshop faces, there. You go. Okay so one last question for today if listeners want to know more about Emmanuel, Tuckerman where, can they go online to find out about you. For, sure so you can find me by, adding, me on LinkedIn, okay you can add you, can find my youtube. Channel okay. And I think more interesting is, I. Myself. And my team we write a monthly. Newsletter about. Cybersecurity. Data, science. So. We basically. Find the most interesting, new things are happening in, cybersecurity, and, data, science, the intersection, of the two and you can find it a newsletter form, so, to sign, up you can go to. Ml4. See. Escom. So just the letters the, number four and then, a comm, me. And. You know spam it's. Machine learning stores, giving, computer. Security okay alright, the manual thank you so much for your time today I really appreciated, this this was very lumen ating. Is. The pleasure I appreciated, and. Thank you all today for listening and watching if, you enjoyed today's video you may find many more on our YouTube page just go to and, type in cyber work with InfoSec, to, check out a collection of tutorials, interviews, and past webinars, if, you'd rather have us in your ears during your workday all of our videos are also available as audio podcasts, just search cyber, work with InfoSec, in your podcast catcher, of choice if, you wouldn't mind please, consider rate rating, and reviewing and liking our videos and, so forth it really does help out give us a bump let people know for. A free month of the InfoSec, skills platform, that we discussed in today's show just go to InfoSec. Institute, dot-com. Slash. Skills, and sign up for an account there'll.

Be A coupon code there and podcast. Listeners can type in the word cyber, work all one word all small, letters and no spaces and you'll, get a free month thank. You once again to Emanuel superman' and thank you all for watching and listening we'll speak to you next week.

2020-05-23 12:16

Show Video

Other news