EP 111: SDP 8, Open Design

About Episode 111: SDP 8, Open Design

Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, LLC, and Jason Dion, former College Professor and Lead Instructor at Dion Training Solutions.

In this episode, Kip and Jason delve into the specific security design principle of Open Design.

Open Design does not equate to open-source software but refers to transparency in revealing the mechanisms and inner workings of security controls.

The hosts discuss the misconceptions surrounding Open Design, emphasizing that it does not require disclosing source code but rather the transparency of security mechanisms. They also stress that Open Design encourages outsiders to review and provide feedback, ultimately enhancing the security of the system.

Kip shares an example of an inadequate disclosure of a company’s security architecture which prompted him to switch to another vendor, which offered more transparency.

Jason mentions the concept of “security by obscurity,” and explains that while obscurity can provide some level of protection, it is not sufficient, as attackers can easily bypass such measures with scanning tools.

The hosts suggest that getting involved in Open Design initiatives can help individuals break into the cybersecurity field and gain recognition, urging interested parties to participate in open standards development processes, such as the creation of industry certifications, to establish credibility and build their careers.

• What is open design?
• What are the common misconceptions surrounding open design?
• What does the concept of “security by obscurity” mean?
• How can you break into cybersecurity with open design?

EP 111 Transcript

Relevant Websites for this episode:

• Akylade Certified Cyber Resilience Fundamentals (A/CCRF
• Your Cyber Path
• IRRESISTIBLE: How to Land Your Dream Cybersecurity Position
• The Cyber Risk Management Podcast

?Other Relevant Episodes

• Episode 92 – Password Managers
• Episode 89 – Getting My First Job in Cybersecurity
• Episode 82 – From Truck Driver to Cybersecurity Analyst

Tags: Bug Bounty, Cybersecurity, Encryption, IT, Open Design, Open Source, Security Design Principles

We help people like you transform into cybersecurity professionals by teaching them the proven methods we've used ourselves. We share our best tips, tricks, and stories by email.

Subscribe to our Mentor Notes for free today to stay in the know

We started the?Your Cyber Path?podcast with a clear mission in mind.

That mission is to help close the cybersecurity skills gap by helping you land?your?dream cybersecurity job, even if you have been rejected previously. Our commitment to you is that if you follow our guidance, take the hiring process seriously, and make it a priority in your life, we will do everything we can to help you succeed.

Your dream cybersecurity job is not?a fantasy. There’s a?position out there unfilled and waiting for you right now.

Are you ready to embark on?Your?Cyber Path?and take that position?

Reaching over from the other side of the hiring desk,

Kip Boyle, vCISO with Cyber Risk Opportunities, LLC, and Jason Dion, Lead Instructor with Dion Training Solutions