|
|
|
|
|
|
by OpenSecTraining
2020 days ago
|
|
|
Hi Thomas. Xeno here. Perhaps some background is in order. OST was started a decade ago when I was at MITRE and had zero public profile. So I didn't exactly have the luxury of running around and asking people to go do free work for me by making free classes. But I did have the luxury of turning to my colleagues like Kerry, who I could get into the MITRE program which paid bonuses for making classes. Kerry obviously has an academic background, and thus she created material with an academic slant. Now that I'm going to be working on the site full time over many years and trying to find a way to make it so that instructors can get paid more than $2k per class (which is what we were getting at MITRE, but which at the time was plenty of motivation for me to make many classes :)), I hope we can go much broader and much deeper on crypto material this time around, both from the academic and applied perspective (though the latter is the priority.) But the problem of course is that I don't consider myself in any way qualified to create or judge crypto content. Thus I have to rely on whatever I can convince folks to contribute. I hear great things about cryptopals (and I got to work with both Sean and Alex at Apple until I recently quit), but I haven't ever looked at it in detail since it's outside of my primary area of interest (though if I'm correct in believing it's primary about crypto-implementation-vulnerabilities, I find it intellectually interesting as it's own unique bag of tricks which some, but not most, vulnerability hunters end up adding to their larger bag of tricks, depending on whether they choose to (or have to) audit crypto or not (I very literally just outsourced it to Sean for multiple audits)). But while things like cryptopals can serve as an important component of both crypto and exploits learning paths, it's only a small part of the overall curriculum which is needed to get people into jobs that actually use/audit crypto on a regular basis. And that's what I think is needed now, the full set of classes which are needed for people to start off in jobs (because that's what OST2 is going to be about when I relaunch it - vocational classes that lead directly to jobs.) So who do you think I should reach out to in order to find people who are passionate and willing to help craft such a curriculum? |
|
|