twitter facebook rss – a first look

Posted by on June 13, 2015.

A few weeks ago I noted a new account on Twitter, called Cybrary.  This pointed at a Website providing free information security training,

You have to register for the site, but all it asks for is your name, email address, and a password.  I’ve only just registered, so I don’t know how much spam I’ll receive from them.

There is some advertising on the site, particularly in regard to “Recommended Additional Study Material” items, which all seem to be vendor “white papers.” There are also opportunities to donate to the site. (The domain seems to be registered to a “Privacy Protection Service Ltd.” in the UK.)

So far I’ve only looked at a few “lessons” in cryptography. The lessons are fairly short (and relatively low quality) videos showing an instructor and whiteboard.  (Some attempt has been made to edit the videos, possibly to remove goofs or extraneous material.) The video camera placement is sometimes careless, and notes written on the whiteboard may go off screen.

The material is fairly standard, although I do have some concerns. For example, in a basic introduction to cryptography, the key is defined as “instructions” to the cryptosystem. This would seem to be more of a definition of the parameters for parameterized algorithms than the key. In another module, the term nonce is defined, but the similarities to initialization vector, salt, or challenge are not noted. (The instructor also promotes the idea that none of these are ever truly random without making the distinction that there are possibilities for truly random data, but that these cannot be generated by programs.) Overall, the material presented is probably good enough to get through a certification exam (which seems to be a major thrust on the site), but the instructors don’t seem to have a really full understanding of the fields they are “teaching.”

If you can’t be bothered to read a book that can actually teach you the truth, this might be a quick way to learn enough to pass an exam without actually understanding what you are regurgitating. On the other hand, I don’t think that is the type of “training” that I want to promote to those who are working to become security professionals.

I may go back and look at some more of the site. If I have the time to sit through videos that are teaching more slowly than I can read, and if I can’t find a book that does a better job …

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Rob Slade, Security, Social Media |