Hello, Reddit! We are cybersecurity researchers who wrote a book called Practical IoT Hacking that teaches readers how to hack Internet of Things devices safely and lawfully, with practical hands on examples and proven methodologies. You can buy physical and Kindle copies through Amazon or get the physical copy and DRM-free digital copy through the publisher No Starch Press.

We have spent our careers addressing critical issues in IoT devices that could lead to loss of life or privacy breaches. Our work has influenced people around the world, including manufacturers, hospitals, and public policymakers. We believe that enabling more people to find unforeseen risks in a safe manner and report them in good faith can inoculate against accidents and adversaries causing harm. So we wrote a book to teach others who want to be a part of the solution.

We believe that societal dependence on connected technology is growing faster than our ability to secure it. As we adopt technology stacks in the works around us, we inadvertently import cybersecurity risks that can impact human life, public safety, and national security.

By understanding the threat and vulnerability components of these risks, we can defend against them. Mature manufacturers seek to learn from cybersecurity researchers and take reports of flaws they discover - so they can eliminate them in current and future products.

Ask us anything about some of our past work:

Proof we are authors of the book - No Starch Press Amazon

Comments: 450 • Responses: 61  • Date: 

booyamcnasty154 karma

What are the similarities/differences exploiting the IoT space compared to cyber physical space (like vehicle buses)?

If there was one protocol you wished everyone stop using, what would it be?

beauwoods133 karma

A couple of great questions here.

Depending on how you define IoT, you can include cyber physical devices like vehicles. CAN bus, a 30-year old (give or take) technology is deployed across cars, trains, and planes. Check out the Car Hacking Village and download Craig Smith's excellent Car Hacker's Handbook (or buy the physical copy) for more on CAN bus.

Because CAN bus is pretty insecure I'd love to see the transport industry move to something more modern. Several alternatives are being developed but they aren't widely in place as full replacements. Tesla has done a good job getting rid of the CAN bus and uses an emulator to give access for things like diagnostics where necessary (for example, emissions checks).

flying_mechanic24 karma

As for planes most of the bigger planes use more proprietary communications standards for their data transfers. I'm familiar with boeing and they used the ARINC 429 bus standard on the older aircraft but may be moving/moved to an ethernet based system. The Arinc system is not secure but requires special equipment to interface with it as its a weird +10v and -10v data system and you would need access to the electrical equipment bays. Do able? Maybe. Practical or dangerous? Not really. Also there is no centralized data bus that every system is connected to, there are several data busses for different systems.

beauwoods22 karma

Yeah there are different flavors of CAN in different industries and different busses for different things. You're right 429 is common in Aerospace and it's pretty similar to automotive. Some researchers have demonstrated that you can piggyback off existing wifi/cellular networks to get onto a CAN network then traverse from there. Scary stuff. Check out some of the work by Pentest Partners at the Aerospace Village (disclosure: I'm one of the organizers) and some of the work DHS did a few years ago.

I will say that in the last few years since we started raising some of these issues in the aerospace industry some companies have really come around and are much better about accepting reports of vulnerabilities and starting to fix things. It's a slow process.

rainnz3 karma

Who is doing emission checks on electric cars??

beauwoods3 karma

Lol good catch. OBD II is still required by law and that's one of the frequent uses. My brain autocompleted uses for OBD II without considering context.

woshithrowaway107 karma

I want to switch careers into cyber security. What should I do/know to make me most successful?

hurt41 karma

The podcast darknet diaries interviews a lot of pen testers and tells detailed stories about different hacks. It's really entertaining, and may give you some ideas.

beauwoods38 karma

Jack Rhysider and Darknet Diaries are awesome. The stories there are far from the norm though, so don't aim for that right out of the gate. ;)

beauwoods14 karma

Everyone has their own pathway to success and defines success in their own way. I think most people I know just accidentally fell into this field after having done something else for many years. There are few defined career paths though lots of opportunities to get in and do something you enjoy.

If that feels like a non-answer, it kind of is. Unfortunately, there's not a playbook, we're just making it up as we go. What works for one person won't for another. A specialization that one person excels at might be really difficult for another. And what some people love others hate doing.

I guess another way of saying it is it's a jungle out here, bring a machete. ;)

Leatherwreck53 karma

With the world becoming ever more interconnected, one would have to guess it's a matter of when, not if there is a major attack of some sort without proper protections in place. How soon do you think it will be before that happens, a few years...a decade? Thanks for your work in the field I just hope it's not like Cassandra of ancient Greece.

beauwoods51 karma

This is a great question! When the initiative [I Am The Cavalry](https://iamthecavalry.org) started our problem statement was (and remains) that dependence on connected technology is growing faster than our ability to defend it, in areas impacting human life, public safety, and national security. We also hope we aren't Cyber Cassandras and can raise the alarm without being alarmist to catalyze action that prevents the kind of disasters you're thinking of.

Josh Corman's TEDx talk, Swimming with Sharks might be of interest.

Bruce Schneier distilled and expanded on this work in his book, Click Here to Kill Everybody.

TakeTheWhip23 karma

Well, Stuxnet blew up some nuclear centrifuges in Iran. That was almost a decade ago. When the NHS was taken down (in 2016?) by a GCHQ/NSA cyber weapon some people died.

This has been here for a while.

beauwoods54 karma

Kim Zetter's book, Countdown to Zero Day, is an excellent read on Stuxnet. It didn't blow anything up, just degraded their ability to enrich nuclear material.

The WannaCry ransomware in 2017 took out something like 40% of the UK's ability to deliver healthcare for a day to a week and yes, people likely succumbed to preventable/treatable conditions as a result of this outage.

cldrn53 karma

Howdy,

Paulino Calderon here, co-author of Practical IoT Hacking, I got late to the party and it seems we can't edit the post at the moment but here is my proof: https://imgur.com/BEQAaoW

beauwoods30 karma

can confirm

jrdubbleu45 karma

What kinds of protection should we use for our home network? Is it worth it to get a higher-end firewall (Fortinet, or the like?) or is it generally a lost cause?

beauwoods54 karma

This is a great question to ask and a hard one to answer. It will depend on your threat model (for more, check out Adam Shostack's books and courses) and your capabilities. Most people share common threats - unsophisticated, untargeted adversaries like criminals or what we call 'skript kiddies'. For that, most of the higher end commercial routers will do what you need. In fact, enterprise-grade technology is tuned for enterprise-grade needs which may not be well suited for the types of adversaries you face.

If you have a different threat model, like high profile individuals or security researchers who often provoke adversaries, your needs will differ.

freelanceredditor40 karma

when you try to hack a computer do you also just push random buttons like they do on tv and after 2 seconds you go "i'm in!"?

beauwoods42 karma

Yes that's exactly what it looks like! :D /s

If you want to see how hackers view these kinds of clips, check out Samy Kamkar and Keren Elazari breaking down famous scenes.

TheNewJasonBourne12 karma

What can a tech-savvy consumer do to protect our smarthome devices (e.g. wifi-connected cameras, appliances, thermostats) from the public Internet and threats? Meaning, what consumer-grade firewalls or devices are good protective solutions?

beauwoods9 karma

I gave a similar answer elsewhere in the thread.

Call4God11 karma

Are you aware of any APT groups developing/focusing on IoT? What general direction would you foresee attackers going? Is it going to remain as mostly compromising recording devices for extortion purposes and nation-vs-nation OT disruption attacks like stuxnet?

beauwoods12 karma

It would shock me if any of the top 10 nation states don't already have these types of capabilities. As you mentioned, Stuxnet was an example of just such a thing when Iran's nuclear material enrichment program was derailed by a hack. Kim Zetter's excellent Countdown to Zero Day reveals more.

As for home IoT, many of these devices are trivially hackable. For instance, in 2016 the Mirai botnet) took over hundreds of thousands of IoT devices and used them to take down a large portion of the US Internet through a DDoS against DynDNS.

Justkiddingapple10 karma

What are some advices you would give to an incoming CS freshman?

beauwoods19 karma

Hopefully your university is one of the few that offers even a single secure/defensive coding class. If not, see if you can join or start a club around it, check out the Rugged Manifesto, join the Open Web Application Security Project (OWASP), and let your curiosity drag you down rabbit holes. :)

LeStiqsue9 karma

Hey guys. I'm halfway through my MS in Cybersecurity, and spend a ton of time these days combing through NIST publications. What is the biggest shortfall or blind spot in cybersecurity policy that you know of?

beauwoods6 karma

I believe we have a lot of evidence of what works and what doesn't. We lack the institutional/political/organizational will to apply what works and abandon what doesn't. As an industry, we fetishize exotic threats and high tech approaches, when a lot of effective practices start with....well practices rather than software. If the problem we have is indefensible code, how likely is it that adding more code on top of that stack will fix the problem?

Captainhackbeard8 karma

How do you think the FDA cyber guidances have been doing with IoMT? What's the next steps for critical IoT security?

When will I be able to get an SBOM for my toaster?

beauwoods5 karma

Ooh now you're speaking my language! For context, the US Food and Drug Administration has published two guidances to industry for how they interpret the rules by which medical devices are approved/cleared to come onto the market (Pre-Market Guidance) and how manufacturers must monitor/address potential safety and effectiveness issues (Post-Market Guidance). I think these are pretty great steps to set the preconditions to improve medical device security, but then again I helped inform them so I would say that. ;) A lot of what they're doing in enforcement is opaque so we don't know much. But they've said publicly that they have pushed back on some new devices and required them to hit a higher bar before going onto the market, which is a good sign. And they've taken some actions on the post-market side to get manufacturers to address security issues, which is another good sign. As for the Software Bill of Materials (SBOM) for your toaster...give it a minute. Wait, is your toaster a medical device? ;)

IAreAEngineer7 karma

In the future, will we have to jailbreak our own appliances to get more control of them?

beauwoods6 karma

I hope not! Some people on both sides of the right to own/repair debate perpetuate a false choice between two polar extremes. But it's not really that way, We can have secure devices that also allow people to get more control over them. Take, for instance, the way Apple and Google secure their mobile devices. Two different approaches, both give different levels of control over the hardware and software.

Isogash7 karma

Hi there, I've been interested in this space recently.

It seems like you guys are focused on creating an IoT security industry around white/grey-hat hacking of devices to uncover vulnerabilities, but isn't a more important course of action to develop the standards and tools relevant to implement security correctly? The web was not safe until the standardisation of SSL and TLS, and implementations such as OpenSSL. I don't see how we can expect IoT to be safe, as it will inevitably run at a similar scale as the web, until a similar level of standardisation in device-to-device security is achieved, and SSL certificates don't really solve access control issues.

beauwoods7 karma

why-dont-we-have-both.gif

These are common questions, thank you for raising them! Each security researcher may have a different set of motivations, such as Puzzle, Protect, Pride/Prestige, Profit, or Patriotism.

Different security researchers take up different roles that are all helpful. For instance some of those we cover in the book include:

Standards reduce transactional friction - financial or technical - allowing different technologies, individuals, and organizations to communicate and collaborate. Those are great when the principles are well understood and objectives are shared, since they change infrequently. Cybersecurity is still generating emerging issues.

As IoT is still developing their standards, it would be great to see security baked into them from the start. Sadly, it's not. And sadly many IoT manufacturers don't follow the standards and known effective practices that do exist.

Rob_T_Firefly6 karma

What are some of the stupidest IoT implementations you've seen, the "Internet of Shit" type devices that made you ask "why the hell would anyone think putting an Internet-connected computer in this was a good idea?"

beauwoods10 karma

Haha everythign! If it exists, someone will connect it to the Internet (maybe call this Beau's law?). Toilets, mirrors, umbrellas, window shades, shower heads, water bottles...the list is nearly endless.

Compact885 karma

Do you salt the water before boiling pasta?

beauwoods8 karma

Yes! It's the best way to get some flavor into the pasta while cooking. Also oil to help keep the noodles from sticking together.

frank_the_tank695 karma

Any tips on how to protect against ransomware?

beauwoods3 karma

In addition to Evangelos' response, The US Cybersecurity and Infrastructure Security Agency (CISA) has some tips and there's lots of other information online.

Zilreth5 karma

How familiar are you with the IOTA foundation and their vision for the internet of things?

beauwoods8 karma

joakims5 karma

Do you own smart home devices? Or do you consider it too risky?

beauwoods4 karma

I have a few. I like some of the convenience of, say, automating the process of turning on several lights at once. But if those broke I'm not sure I'd get more. For me the novelty is nice but it's not enough to drive me to invest heavily.

If you want to see some of the benefits of going all in, check out Stacey on IoT - she does a great job of covering the sector from the perspective of someone who has invested a lot in IoT.

joakims4 karma

Do you think Hypponen's Law ("If it's smart, it's vulnerable") is accurate? How would you formulate a law regarding IoT security?

beauwoods7 karma

I don't think I've heard that called Hypponen's Law before, but yes. In I Am The Cavalry we've sometimes said: when you hear software, think hackable; when you hear connected, think exposed. See Josh Corman's Swimming With Sharks TEDx talk.

sephstorm4 karma

When is the physical book coming out?

_ioannis_5 karma

It has been already shipped out from the printer!

molested_mole5 karma

Can I hack your printer and get a free copy of the book from my own printer?

beauwoods31 karma

My printer's IP address is 127.0.0.1

zer0moto3 karma

I feel intimidated to even try to enter the industry because people seem so smart and I feel dumb. You think reading your book would definitely boost my confidence?

beauwoods3 karma

Understandable. It's some sense material. Keep chipping away! Find others who are similarly curious and team up. You'll learn a lot faster and can have someone else you can share with.

DeathMagnum73 karma

Thanks for the AMA!

I am a teacher at a technical high school teaching IT and starting a cyber security course next year.

Are there any specific IoT device brands you would recommend for use with your book?

Which other books would you recommend for their practicality and hands on content over just theoretical knowledge?

beauwoods4 karma

In the book we tried to select physical devices that are common enough that you'd be able to find them even several years after the book comes out. We also recognized that this won't always be possible so we created the free OWASP IoT Goat project - a deliberately insecure IoT firmware that you can use for this exact use case!

Iron_Skin3 karma

Whats the most common mistakes you see IT professionals make when working with industrial networks vs normal office networks? Who do your think will win the the OEM remote online liscence verfication vs super locked down megacorp "never talks to internet ever" industrial networks? Do you think smaller real time data OSs will become more common between industial machines and the windows based controls systems and hinder or help?

beauwoods3 karma

Not exactly what you asked - I Am The Cavalry has a good framework outlining differences between IoT and enterprise systems.

Icy-Chemist-12543 karma

When you perform an IoT pentest, do you attempt side-channel and fault attacks? Or do you find them not relevant?

beauwoods3 karma

Sometimes! It depends on the scope of the test. Start with a threat modeling exercise to help understand whether those would be relevant attacks or not.

bluebassy13063 karma

I’m trying to enter the cyber security field to ultimately be a pen tester on IoT devices. Any training courses or specific certs you’d recommend getting? Security and network + are already in the bag.

Edit: besides obviously buying the book! It looks awesome.

beauwoods3 karma

Check out the (identically named but unrelated) Practical IoT Hacking training course, run by the folks who put together hardwear.io, Nullcon, and the ExplIOT framework.

And look for IoT Village events at DEF CON and elsewhere.

SciresM3 karma

IDA or GHIDRA?

More seriously, I do a lot of hobby hacking work in the video game console space (I develop a custom firmware for the Nintendo Switch, having previously developed total control exploits for it). One of the things we're seeing in that is that software vulnerabilities are basically drying up -- newer devices look like they'll only be hackable via hardware attacks, like voltage glitching.

Have you been observing a similar trend in the IoT/other embedded devices space? Do you think that's the endgame, or that things will end up being around-this-insecure for the foreseeable future?

beauwoods3 karma

IDA or GHIDRA?

Trying to start a holy war? :D

There are some fairly solid frameworks that set high bars for IoT security, such as the UK Code of Practice for Consumer IoT, and the state of the art keeps getting better. There's always new manufacturers coming into the market and they'll keep making rookie mistakes, so I don't foresee your skills going to waste anytime soon.

That said, there are ways to allow people to get more control over their devices without sacrificing security. For instance, Apple makes available special phones to security researchers with more control, and the iOS and Android developer kits allow you to run your own code on devices.

Prismeus3 karma

Is Kali on Windows WSL effective for pentesting?

beauwoods5 karma

Depending on what you're testing, it can be. Different testers like different tools, and those preferences change over time. Try it out and see if it works for you!

DaDacheBack3 karma

Favorite movie?

beauwoods8 karma

Are you trying to build a wordlist to crack our passwords? ;)

I'm a huge fan of the movies War Games and Sneakers, because they're technically pretty accurate and they portray some of the hard choices/circumstances we have to deal with. I've also started enjoying Hackers more and more, as it does a great job of portraying the hacker community.

LeftOnQuietRoad3 karma

Any favorite methods for hiding yourself during pentesting?

Also I’m finding thinking about the “story” behind the implements is helpful because ultimately people decide what goes where. Are there any mental frameworks/mindsets/constructs that are helpful in pentesting?

beauwoods5 karma

Are there any mental frameworks/mindsets/constructs that are helpful in pentesting?

An excellent question! My favorite mindset is "I wonder what would happen if..." - create a hypothesis and go test it. We offer a methodology in the book that can be helpful for you to get started testing IoT devices.

GimmickNG3 karma

How realistic are threats to Industrial IoT / control systems? All of the papers I see use the exact same examples which are at least half a decade ago.

beauwoods6 karma

Many of the security issues from half a decade ago (and longer) still exist and haven't been fixed. There's a paradox in the devices we know are highly vulnerable and exposed to adversaries, which have not apparently been used as vectors to do widespread harm in a mass catastrophe event. There could be several reasons for this: 1) the vulnerabilities do not exist, 2) adversaries don't want to cause harm, 3) other failsafes have kicked in, or 4) that it just hasn't happened YET.

  1. There have been several public reports of serious vulnerabilities in some of these systems, from medical devices to airplanes to electrical systems.
  2. Different adversaries have different motivations, and there are certainly some who want to do us harm - hostile nation states, terror organizations, criminals who would extort us.
  3. In some cases disaster has been averted because people have discovered the hack in time and reversed it, or where mistakes in the adversary's approach halted the attack before it got far enough. In other words, we have accidentally averted harm.
  4. As we learned from Fight Club, on a long enough timeline the survival rate for everyone drops to zero.

None of these should make us feel comfortable with the dependability of these systems we depend on. Which is why efforts like these to help find and fix issues in a safe and lawful manner are so critical.

imagine_amusing_name3 karma

Whats the weirdest IoT device you've hacked?

beauwoods4 karma

Personally? Medical devices. Webcams. Electrical turbines. Nothing too exotic. But check out the Internet of Dongs(possibly NSFW), Pentest Partners(NSFW), and the IoT Village. there's some interesting stuff there!

RobinDoughnut3 karma

This could be a dumb question but how accurate is Mr Robot (tv-series) and is there any movies/books/tv shows etc. That you think portraits hacking/hacker culture accurately? (Sry for bad English)

beauwoods5 karma

In addition to Mr. Robot, War Games and Sneakers are technically pretty accurate and they portray some of the hard choices/circumstances we have to deal with. I've also started enjoying Hackers more and more, as it does a great job of portraying the hacker community.

beauwoods3 karma

This is a great question! Mr. Robot is very realistic. Hackers advise the producers on technical details and plot points, which is amazing. They also bury Easter Eggs) in the show so it's kind of a game to play while you're watching. :D

REALLYANNOYING3 karma

Im trying to imagine digital warfare currently. Stuxnet, solaris, etc. What would be the equivalent? Are we at Vietnam, WWI wars? or skirmishes with deadly weapons but more formal, like British gun powder battles, men lining up and blind firing? Like are we in the infant stages or closer to modern warfare? What would be a good analogy? Reason why im asking is if you look at Afgan/Iraq war, extremely expensive and a PR nightmare. I can only see the trend increasing if not parabolic in cyber battles between nation states.

Another question.

One day, i imagine public traffic will be like how your network handles data with switches. Less congestion, All 1’s and 0’s, preconfigured. Also traffic happens because of the waves of brakes for example on highways. How far off are we from that? 100-200 years? Not FSD, but more advance?

beauwoods6 karma

To steal a quote from someone else, all analogies are wrong, some analogies can be helpful. I find warfare analogies are only helpful in a narrow Clausewitzian sense - any interaction can be seen through a lens of "policy by other means."

MbahSurip3 karma

I work in a small hospital in Southeast Asia, is it possible to turn the medical devices into IoT? The goal is to monitor the whole radiology, EKG, etc. in a dashboard.

What should I assess from those devices to ensure its capabilities to connect?

beauwoods3 karma

Fotis and I have worked a lot with medical devices. Many of these devices were threat modeled and designed to be isolated, then there was a drive to connect it to a hospital network for some very good reasons. However, the security model wasn't updated and it has left a large number of highly vulnerable devices out there that can cause patient harm.

Have a look at the Hippocratic Oath for Connected Medical Devices to understand some of the considerations that need to be built into the design, implementation, and operation of connected medical devices.

r3dditor2 karma

When is the audio book version coming out?

beauwoods4 karma

Ha. Love this idea! Who should we get to voice it?

parikuma2 karma

What are your insights regarding IoT "teledildonics"? I'm thinking for example about the work the community at buttplug.io (which, for readers, is SFW/serious - although it does show a cropped image of a sex toy)

It's a funny subject at first, but as shown during DEFCON 27 (video of the 45mins talk here) there's an obviously huge potential for various kinds of issues like exposing information about sex workers, ransomware attacks in those industries and physical dangers to just any user in that IoT space.
Seems like it is a worthwhile subject in the second year of a world pandemic where those subjects have likely gotten a lot more attention.. and looking at a future where between that and VR the subject might become more prevalent.

beauwoods5 karma

Thanks for the question! I personally find this work incredibly interesting. It brings up some new conversations that can be concerning, like if it's a sex crime to hijack somone's sex toy when in use. I know that Renderman and Pentest Partners have done some work in this area. Also check out Andrea Matwyshyn's work on the Internet of Bodies, pondering the new legal frameworks we will need as the convergence approaches.

At the first Biohacking Village: Device Lab I invited a participant who had a lot of old "quack" medical devices from the late 1800s and early 1900s, including some sex toys. Interesting stuff!

WalterDiazV2 karma

As someone who is into cybersecurity, do you trust software or tec devices? Or are you with the fear of being hacked?

beauwoods2 karma

I have a few IoT devices and generally I don't fear that they can be hacked. Part of that is because I select more reputable manufacturers that update frequently, part of that is I understand the consequences of getting hacked and have come to peace with the idea that it's when not if that happens - while still doing everything I can to prevent it.

In some sense, you don't have a choice whether you trust them or not - your car, the A/C on top of your apartment building, medical devices, and even elevators are all software controlled. The mission of I Am The Cavalry is to ensure that connected technology is worthy of our trust.

Dan-in-Va2 karma

How long until the singularity?

beauwoods2 karma

KingofSheepX2 karma

What do you guys typically use for your testbeds? My research advisor refuses to build a lab himself so it's been left up to me to build testbeds for my ideas and papers.

beauwoods5 karma

We have a chapter on methodologies in the book and go into a lot of detail on how we test. We also created the free OWASP IoT Goat project - a deliberately insecure IoT firmware that you can use for a testbed.

lordkitsuna2 karma

How many of security problems in the world would be avoided by proper policies being in place and actually upheld. I decided to not join the IT sysadmin world and leave it a hobby because it looked like everything was done as wrong as possible because "that's how it's always been done" or what "people are used to" and they were just begging for a security breach of various kinds. But maybe i just got unlucky what's your perspective?

beauwoods6 karma

We know a lot about effective practices and failures. We seem to lack the institutional/political/organizational will to apply what works and avoid what doesn't.

Some of our observations are accurate. You know the worst way to change them? Sitting on the sidelines. Get in here and help! ;)

racecarthedestroyer2 karma

I have 2 books by no starch press, unfortunately this aint one of em, so whats the most interesting thing you discovered?

beauwoods4 karma

The most interesting thing we discovered is that you can own 3 books by No Starch Press! So go pick up your third. ;)

TADragonfly2 karma

Any tips to protect your network against the smart light bulbs?

beauwoods4 karma

Most of the smart bulbs I have seen use RF protocols that are not Internet-addressable, which means the adversary would have to be pretty nearby. That limits your risk quite a bit already. Some of the smart plugs, on the other hand, speak WiFi so they can be reached across the Internet (but usually not directly when attached to your home network).

The surest way to avoid cybersecurity risks is to give up the benefits of connected technologies. So plain old non-software-enabled bulbs might be a better pathway in that case.

pres822 karma

Is DEFCON canceled?

beauwoods6 karma

For the 28th year in a row!

For a laugh, send your friends this fake site http://defcon.ws/

togrul2003232 karma

What kind of tasks do cybersecurity workers see on daily basis? Thanks in advance

beauwoods2 karma

That depends totally on what they do. Cybersecurity has a lot of specialization. You might be able to get an idea by looking through job descriptions and the National Initiative for Cybersecurity Education (NICE) Framework.

Huck842 karma

Did they ever free Kevin?;)

beauwoods5 karma

I heard he's expensive idk

dave7231 karma

What are your thoughts on electronic voting? Also, what do you think about IOTA crypto?

beauwoods2 karma

Electronic voting covers a lot of ground and gets incredibly complex. There are tradeoffs between the risks of electronic vs traditional voting. Verified Voting is a great place to get well-balanced information and Voting Village is a lot of fun!