EP 111: SDP 8 Open Design

https://www.yourcyberpath.com/111/

In this episode, Kip and Jason delve into the specific security design principle of Open Design.

Open Design does not equate to open-source software but refers to transparency in revealing the mechanisms and inner workings of security controls.

The hosts discuss the misconceptions surrounding Open Design, emphasizing that it does not require disclosing source code but rather the transparency of security mechanisms. They also stress that Open Design encourages outsiders to review and provide feedback, ultimately enhancing the security of the system.

Kip shares an example of an inadequate disclosure of a company’s security architecture which prompted him to switch to another vendor, which offered more transparency.

Jason mentions the concept of "security by obscurity," and explains that while obscurity can provide some level of protection, it is not sufficient, as attackers can easily bypass such measures with scanning tools.

The hosts suggest that getting involved in Open Design initiatives can help individuals break into the cybersecurity field and gain recognition, urging interested parties to participate in open standards development processes, such as the creation of industry certifications, to establish credibility and build their careers.

What You’ll Learn

●    What is open design?

●    What are the common misconceptions surrounding open design?

●     What does the concept of “security by obscurity” mean?

●     How can you break into cybersecurity with open design?

Relevant Websites For This Episode

●    Akylade Certified Cyber Resilience Fundamentals (A/CCRF)

●  Your Cyber Path

●  IRRESISTIBLE: How to Land Your Dream Cybersecurity Position

●  The Cyber Risk Management Podcast

Other Relevant Episodes

●   Episode 92 - Password Managers

●   Episode 89 - Getting My First Job in Cybersecurity

●   Episode 82 - From Truck Driver to Cybersecurity Analyst