¶ Security Skills and Quantum Computing
Welcome to the Cables to Clouds podcast , your one-stop shop for all things hybrid and multi-cloud networking . Now here are your hosts .
Tim , chris and Alex .
Hello and welcome back to another episode of the Fortnightly News on the Cables to Clouds podcast . I'm your host this week , Tim , as always , at JuanGolbez on Twitter , and with me , as usual , is my co-host at BGP Maine on Twitter as well . There's no X and there never was . All right , let's jump right into it .
For our first article , we have an article from businesswirecom , but it's about the O'Reilly 2024 State of Security Survey , which , I'd be honest , I didn't know this was a thing , I didn't know this existed , but apparently there is an O'Reilly State of Security Survey and the big finding from here honestly shouldn't really be a surprise to anyone who is in the
industry at this point . The main findings from this industry survey , by the way . So , O'Reilly being the , the publication company , like O'Reilly textbooks , they also have , you know O'Reilly , the online you know training platform where you can take classes , read books .
So , there , this is their survey , and so it's focused on skills , certifications and whatnot throughout the industry , and the biggest finding they have again not a surprise is that there's a severe lack of AI security skills .
They didn't mention AI development skills , which is kind of interesting , because I would have thought that would be low as well , or you know any other . I don't even know what other AI roles there are at this point . Right , and probably because this thing was so focused on security , it uh specifically mentions that ai security is a huge gap .
Like what did they say ? They 30 34 percent of tech professionals uh surveyed report a shortage of ai security skill gap . Now that , honestly , I thought it would be a lot higher . Ai security is even newer than ai . All the other ai skills , right , We've only started getting into security around things like prompt injection and you know things like that .
Where you can , you know , fix your prompt in such a way that you can pull out data that wasn't necessarily intended to be shared as part of the large language model and stuff like that .
So , honestly , I thought that number would be a lot higher With it , though , interestingly , 38 , despite the fact that cloud computing has been around for quite a long time at this point , comparatively , the 39% of respondents identified cloud security as their most significant skill shortage .
Now , that one was a bit of a surprise to me , given that cloud is , I won't say , like super mature , right , I mean , compared to the rest of networking tech , especially pretty new , but I mean it's been around like two decades by this point , and so a huge amount of people are saying cloud security skill gap is still just gigantic .
Now it's not clear if they mean cloud security skills in terms of people using cloud native services for security or just how to design probably it's probably all of the above honestly how to design security for the cloud , yeah , so so again , two , two the one was surprising , One was not surprising . Interesting survey .
What do you have to say about that , Chris ?
Yeah , so I actually did download the report and went through a little bit and yeah , but I was surprised like well , what one note that they made in here was actually fishing seems to be the top concern , uh , which is , you know , I mean interesting you know it was like fishing and then network intrusion , ransomware , etc . But you know , like I would .
A lot of times it seemed like fishing is what led to network intrusion in the first place . So that makes sense Kind of go hand in hand . Yeah , I'll be honest , the thing about cloud security being a top concern , I actually didn't find that surprising at all .
I think what I've seen in , at least in my line of work , from people moving into cloud and adopting security practices in the cloud they're kind of opening the kimono a bit and showing their ass , I feel like , because they don't get the implied security of a walled garden that they got in their traditional networks .
And it's a bit jarring to see some of the security practices that are not being followed in the cloud just because they don't have the skills or the knowledge to do it . So I actually didn't find that surprising at all .
I think there's I talked to a lot of people on a daily basis where they're like , yeah , we're not doing half this stuff just because we we , we simply haven't had the time to try to implement it . And you know there was this big push to move to cloud and you know we did that .
But now that we've kind of taken a step back from a security perspective and we're , you know , not doing the ideal things , and you know there was even a comment in here that you know it said 81 , 88 percent of people have adopted MFA . That's that seems . That seems correct . But it also said 49 percent have adopted a zero trust model .
And I wonder , what do they mean by that ? Yeah , like that must mean anything under the sun .
They've done with zero trust . They now have a zero trust model because like it must we were talking about this just a couple weeks ago like we've never seen a full zero trust implementation like to date . At all like it I don't know if it exists .
Yeah , I mean the term zero trust , of course , is so broad anyway . So you kind of wonder if the real answer to that is have you implemented any zero trust , like some small piece of the zero trust model or something right ? Or the people surveyed just didn't know what they meant by zero trust , one of the two ?
Because there's no I , you , from all the people that we talk to in our line of work , it's there's just no way that any I don't know of a single place that has a full zero trust implementation right from any of the companies I've worked at . So , yeah , totally agreed , it must be like one piece of it or some small part of it , all right .
Um , the other thing that I wanted to bring up here from that , they're saying that O'Reilly is saying there's still a certification gap , which is interesting because and this is you know , this has to do with the company you keep . I'm in a lot of networking discords and a lot of networking focused .
You know , communities and certification is a huge thing there , like people are always chasing certifications . So , again , a company you keep , I guess I just I find myself in a place where there's a lot of people looking for certifications .
I honestly thought it was quite a lot , but here they're saying at least for security team members , and maybe this is the difference . Right , I'm in networking discords . This article , again from the survey , mentions that there are about 40% of security team members that remain uncertified with any kind of certification .
Now I thought cybersecurity was even more into the certification requirements lane than networking , because with security you usually require very strict guidelines , compliance and all of this stuff , but apparently on the certification side maybe that's not the case .
Yeah , it was funny because in here it said , like , of the of the obvious respondents to the survey , the incident responders , 70% of them claim that they were uncertified in in , you know , in their day-to-day role , whereas the CISOs only like 33 , like a third of them , were classified as uncertified , so they have some level of certification , whereas the responders
did not . But yeah , that's weird . That took me by surprise completely . Like you said , just as networking is , cybersecurity is also a place where , like everyone's like , certifying seems to be the immediate kind of bar of entry to get into something . Like everyone needs to get certified . I mean , I think you and I have been in this game long enough .
We can easily make the argument that certification does not imply any kind of implementation , or , like you know it doesn't .
It doesn't apply to anything .
Yes , yeah , A hundred percent .
So yeah that was a very surprising number . All right , yeah , that was a very surprising number , all right .
So up next we have an article from CSO Online titled Chinese researchers break RSA encryption with a quantum computer . To break RSA encryption , which is a very common and widely adopted encryption method for many of the things that we use day-to-day in network security , cybersecurity , et cetera . Right , so it's one of the most popular out there .
So the article kind of gets into the fundamentals of how quantum computing can do this stuff in a matter of sections where a matter of seconds , whereas you know normal computational um methods would take , you know , potentially years um to break you know a single single encryption .
So there's , uh , obvious , obvious concerns with this being something that happens specifically within China , um , about the um global context and ramifications from that Um , and you know kind of talks about the , you know the threat to data security and privacy for enterprises , etc .
I mean , the fact of the matter is that you know they call out this need for quantum safe encryption . I don't know how far off we are from getting to that , because that seems like my brain can barely even understand the absolute basics of quantum computing , the absolute basics of quantum computing .
So quantum safe encryption sounds like also something that's just completely it's going to be way too much math that I need to understand because I am not smart enough . So I don't know how far off we are from that , but obviously there's . You know , the need is rapidly approaching with things like this .
I mean , the bar of entry to do things like this is is also relatively high , right ? So , like , quantum computers are not cheap .
Like we're , we're taught , we're still in those days where we're talking about these , things cost either low millions or at least hundreds of thousands of dollars , right , so your , your common attacker , is not going to have access to this stuff . But I don't know . I mean , you know it's , it's , it's not a commodity until it is right .
So you know , we , we obviously need to meet it at the head in some capacity . But , yeah , very , very interesting thing to think about . So I don't know what your take Tim .
Yeah , so back in 2019, ? I was yeah , actually I might have been . No , it was 2019 because that was the year I spoke at Cisco Live . We went to training for presentation , presentation training .
I went to San Diego or San Jose for presentation training and one of the speakers in that cohort she was giving a talk on quantum computing , breaking cryptography like that , and how simple it would be , essentially , for math based encryption to be broken by quantum computing . So this is back in 2019 , right , and so this isn't surprising .
However , there is one thing , one small ray of light yes , it was broken , but this was a 22-bit integer , right . So this is like the very low , like that's not to say it't mean right . With enough time and enough resources , all things are possible .
And , like you said , probably the only people that are going to have access to the kind of computing power to really , really slog at a powerful encryption model are going to be states like nation states , like China , for example , or , you know , the U ? S or whatnot . Yeah , it's a matter of time , but all encryption is a matter of time , right .
Every everything that's ever been encrypted is is a matter of time before somebody can break it , all the way back to Caesar cipher . So , yeah , it's interesting , it's , it's a milestone which probably bears paying attention to , especially who's doing it .
You know we're not out of the wood or we're not into the woods yet , but neither are we going to be out of the woods yet , like you said . Uh , I I asked about quantum safe encryption . Like what does ? What does quantum safe encryption look like ?
And uh , I forget who I was talking to , but somebody said , basically it's actually kind of dumbing down like using like different kinds of encryption that aren't , that aren't um , advanced math based , like , and that actually defeats a lot of quantum encryption .
Because the point of quantum encryption is how quickly it can do the math required to break the encryption , right ? So if you're not using math or something I don't know this has been a couple of years now since I asked about this , I have to go look it up but there are quantum encryption . My understanding is that there are quantum safe encryption methods .
They're not just going to be bigger and bigger numbers , right ? Because at some point that would become computationally painful for anyone your Cisco router , your anything that does encryption . It would become too computationally painful to move packets , as an example , from a networking perspective . So , yeah , interesting , good milestone .
Not that worried yet we're talking about a 22-bit integer , but yeah , definitely worth paying attention to because that's what China's working on .
Yeah , I mean , I think obviously , if you think about a 22 bit integer , that's like , oh , like we're , we're thinking of cracking passwords , right , that's that's probably the easiest line to draw there .
But , um , you know , I think this is probably much more , like you said , uh , focused on the real threat , which is like nation States , like you know , I'm sure , department of defense , things like that . That's where these things kind of become relatively serious .
But I'm curious , like I'm this is just in my own head , but I'm thinking like quantum safe encryption , if the method is to kind of dumb it down and not use this in you know , insane level of mathematical computation . Um , I wonder how that pairs with ai and how easy it is for generative ai to solve the kind of dumb human part of it .
You know what I mean and factor that in . I mean I could be oversimplifying it for sure . But I wonder if those two things going together make it also even more difficult .
Yeah , that's a really good question , but I mean , I've heard that generative AI , specifically , is extremely bad at like it's decently good at explaining how math works , but apparently it's quite bad at actually doing math . So I'm curious yeah , now that one could cover the other .
I don't actually know , it's a good question , but it's moving in a direction that's a little it's all moving in a bit of a concerning direction .
Yeah , a hundred percent . Only time will tell .
All right , yeah , 100% . Only time will tell . All right Next , yeah , so this next episode , next article comes from CIO Dive and it's enterprises are clinging to mainframes as the cloud expands .
¶ Mainframe Persistence and Zero Click Internet
This is an interesting article Not surprising , especially if you listen to the show for a while but it's a combination of a few things right . First of all , IBM and other mainframe developers are still developing mainframes Like mainframes .
There's actually still new mainframes coming out , new mainframe models coming out , and a lot of enterprises are basically at the point where they need to start doing tech refresh on this stuff . Or they need to start doing tech refresh stuff on this , or just migrating away or refactoring or whatever .
Most enterprises probably 99% of them have not gotten to the point where they can refactor an app away from a mainframe . Either they don't have the skills to do it , they don't have the money to do it . Refactoring is actually extremely expensive . It's often more expensive than just starting over with a new off-the-shelf or developed app .
So , anyway , the point is the these enterprises basically well , you've got old mainframes and they're out of tech , they're out of support , just like all hardware gets , so they actually have to start paying money to refresh .
We'd probably consider it to be ancient tech at this point , but they're doing it because those apps cannot be refactored or it makes no sense to migrate them to the cloud for like the kind of app they do .
So you have companies like Accenture and IBM and whatnot doing things like mainframe as a service , like offering , like managing the mainframe for these companies is very popular as well . You know , if they don't want to just go buy new rainframes , they could do mainframe as a service .
But the mainframes the point is , the mainframes are not going away , Despite the fact that a lot of enterprises are still trying to move ahead with modernizing apps and moving some of it to the cloud .
And the good , the good news , I think , is enterprises are learning which apps belong in the cloud and which apps don't belong in the cloud , and that's part of what this article touches on as well is that there are apps that , first of all , can't be refactored you can't do anything about that but also there's just some apps that just don't work well in the
cloud , and the article mentions this . So what we're seeing is kind of a weird thing where , you know , originally CIOs and above were sold this bill of goods that you know we're going to be able to close your data centers , and it never was that simple .
But yeah , so it's like we've said from the beginning right , Some apps belong in the cloud , Some apps don't .
Yeah . So I mean I don't really find this overly surprising . Like you said , you know there's a lot of existing mainframes that are out of support now and you know the adoption of these mainframe as a service offerings .
If people can do things as a service to avoid their own kind of fixing their own skeletons in their own closet , that's usually what they'll do . So I'm not surprised by that . Especially I haven't been hearing a lot of rumblings lately about how valuable it is to actually be like an operator skilled in maintaining mainframes .
I feel like I hear about that way more often now for some reason . So this , this kind of , does make sense . I mean , I guess the , the mainframe operator , is just the you know developer of the of today , right , I guess Like you become this like very specialized unicorn that you know people and , like you said , these apps can't be refracted . It's not .
It makes more sense to pay someone an exuberant amount of money to maintain the existing infrastructure rather than to um pay to to refactor it or , you know , kind of rewrite the application from scratch , right .
So yeah , not surprising at all to me yeah , and the cobalt thing is is right on right , like there's this anachronistic thing where old technology that is just part of either infrastructure or finance or something that just simply cannot ever have downtime or never fail , simply persists forever .
Right , and then so and the skillset goes away as people move on to other technologies and there's a tiny little niche for people that want to make exorbitant amounts of money knowing dead technologies , that I don exorbitant amounts of money knowing dead technologies . I kind of wonder what that looks like .
Do you just start a contracting company and just say , hey , I know mainframes and then shop yourself around to enterprises that need that service ? Maybe that's one way to make money , just put mainframe in the name .
We're not a consulting company , make sure it says mainframe , the mainframe consulting .
Mainframe consulting . We consult mainframes .
Nice , okay , all right . So to wrap up , today we last have an article . This one's quite it's got an ominous tone to it , so it's published on techspotcom and it's about this concept of a zero click internet .
So what that means is , you know , it starts by pointing out that the web is kind of changing the way that , or the web is changing in a way , and how content is presented and how it's accessible to those that are viewing it .
So , talking about things like Facebook , linkedin , twitter and all that , you know they don't really promote posts that have , you know , links in them to external things . So they're they're more focused on generating the content in inside of their own platform and they promote that just to kind of keep you locked into the platform as long as possible .
And now , kind of , with this concept of Gen AI being brought into the mix , you know there's this . You know that content is just going to grow exorbitantly because it can . It can automatically . You know anything that you're putting in can automatically be pulled from the existing platform .
So it talks about how you know there's a future where you know you're consuming things on Google and TikTok and like you don't have to actually leave those right To to get all the answers and all the content that you need . Um , and it's it's funny like there's no , there's no speculative uh tone to this article whatsoever . It's all like , it's always like .
Domain names will no longer have any value , um , since visiting uh , this is a quote since visiting websites will no longer be significant force in the most internet traffic . Web hosting businesses are pretty much done for . It says the independent internet advertising business is also done for . Seo industry is also doomed . He just kind of runs down the game .
This is fucked .
This is fucked . He calls out that there's , you know , the end of digital publishers like the . Their days are pretty much numbered on this kind of thing . But you know , tim and I you were , you were , uh , or yeah . Yeah , tim and I were kind of riffing on this before we hit record and like I don't understand how that's even possible .
Because you know , as you pointed out , tim , like the , if the current publishing businesses are the source of the content , if they go away , where is AI going to pull the existing content ?
Well , I guess , eventually , I guess it'll all be on the existing platform that it's pulling it from right , so maybe it will start to kind of eat its own tail or something . I don't know where that comes in .
Yeah , that's what it is . It ends up eating its own tail , I mean , like it's already doing there's already work to try to keep AI from sexually ingesting its own content and lowering and lowering the resolution .
Yes , yeah . So I don't know . You know it kind of gets . He even calls out this . We didn't cover this on the show , but we kind of talked about . He makes reference to this ongoing feud with WordPress and he's like you know , he's like the actual .
I don't know why they're even having this argument , because WordPress doesn't have a place in this zero click internet . So it's like it's not a worthwhile fight to have which is funny , very interesting read . I'll give it that .
Yeah , I mean so . I hate articles that present the future as a foregone conclusion . Like I'm the prognosticator of prognosticators . And this is the future and thou shalt Because it's so , I don't know what to say . It's just arrogant , I don't know .
Also , I have to point out the irony that he's talking about how digital publishers are going away , and this is a Techspot article . It's posted on Techspot . No digital publishers , it's all gone forever . By the way , this is a Techspot article , so I don't know what else to say about it . The claim is a little bit ridiculous . I think there will be .
I mean , we're already seeing it . When you do Google search results , right , ai is trying to answer your question . Before you ever hit a link , it'll give you the links after , right ? But anybody who's done a Google search recently sees that the first thing that Google tries to do is answer your question based on some large language model .
But where do you think that answer is coming from ? Google's not cutting it from whole cloth , right that someone out there has answered this question on the internet , somewhere in a content piece and a blog and a fricking stack overflow Like these things go away . And now what ? Now , where does AI get its content from . It's absolutely ridiculous .
So I think we'll see more closer . I think we'll see more of a zero-click internet on the platforms that want to keep you tied to them . They will try to do that , but the idea of a completely zero-click internet is absolutely ridiculous . All right , and with that , that wraps up our news episode . We didn't have a .
Yeah , it was a bit of a slow two-week period , but it'll be getting a lot faster as we get a lot more , probably as we get closer to November and to December for reInvent . So thanks for joining us today . Make sure that you subscribe to our newsletter that we don't have . Make sure you follow us on Twitter and LinkedIn and TikTok .
Make sure you follow us on TikTok as well . Yes , the most important one Buy our cereal . Buy the home game you can play at home with your family . One of you can be Chris and one of you can be me .
Join us on the Zero Click Internet yeah the Zero Click Internet .
That's where I'm migrating to actually .
I'm migrating my blog to Zero Click Internet .
So make sure you find it on there as well . All right , and with that , we'll go ahead and let it go . Have a good uh week guys . Hi everyone , it's tim and this has been the cables to clouds podcast . Thanks for tuning in today .
If you enjoyed our show , please subscribe to us in your favorite podcast catcher , as well as subscribe and turn on notifications for our youtube channel to be notified of all our new episodes . Follow us on on socials at Cables2Clouds . You can also visit our website for all the show notes at Cables2Cloudscom . Thanks again for listening and see you next time .