Tech EDGE: CS4NE - Cybersecurity with Special Guest, Anthony Kava
Tech EDGE
Author
11/19/2024
Added
1
Plays
Description
CS4NE, Computer Science for Nebraska - Cybersecurity with Special Guest, Anthony Kava. University of Nebraska-Lincoln (UNL) Technology (Tech) Education In Digital and Global Environments (EDGE)
Innovation in Teacher Education
College of Education and Human Sciences | Department of Teaching, Learning and Teacher Education
Searchable Transcript
Toggle between list and paragraph view.
- [00:00:00.401](bright music)
- [00:00:06.180]Hi, and welcome to CS4NE.
- [00:00:08.460]We've got another exciting episode for you.
- [00:00:10.800]I'm Guy Trainin,
- [00:00:11.730]professor at the University of Nebraska Lincoln.
- [00:00:14.015]I'm Kimberly Ingraham-Beck from Gretnaa Public Schools.
- [00:00:16.530]And today we're gonna talk to?
- [00:00:17.571]Anthony Kava.
- [00:00:19.274]He is a Pottawattamie Sheriff's County deputy.
- [00:00:21.675]All right.
- [00:00:22.669]Does some cyber forensics
- [00:00:24.124]and is gonna talk to us about cybersecurity.
- [00:00:26.235]And we haven't talked much about cybersecurity,
- [00:00:29.280]but it is a very important
- [00:00:30.960]and growing sector in computer science.
- [00:00:32.997]And it is something that we need to make sure
- [00:00:35.550]all students know about, whether they're going
- [00:00:36.920]to be a computer scientist, a very small minority,
- [00:00:39.643]or they're just gonna be alive and use technology.
- [00:00:42.635]Having a basic understanding
- [00:00:43.869]of cybersecurity is really essential.
- [00:00:47.169]Absolutely. So let's go
- [00:00:48.269]to the interview.
- [00:00:49.269]Yeah.
- [00:00:50.670]All right, well thanks so much for joining us.
- [00:00:53.130]I'm here with Anthony Kava.
- [00:00:54.466]So tell us a little bit about yourself
- [00:00:56.921]and what your experience in computer science
- [00:00:59.160]and cybersecurity is.
- [00:01:00.306]Sure, my experience in computer science is,
- [00:01:02.886]well it's mostly messy application of computer science.
- [00:01:06.525]Cybersecurity, I've been interested in
- [00:01:09.630]ever since, as long as I've been able to touch a computer.
- [00:01:12.090]So since I was like 10 years old.
- [00:01:14.139]Now, back when this first started, you know,
- [00:01:17.550]they didn't call it cybersecurity back in the eighties
- [00:01:19.650]and the nineties, but I was interested in how to get access
- [00:01:23.185]to systems that I couldn't get access to normally.
- [00:01:25.892]Oh, okay.
- [00:01:26.725]And so the kids like that back then
- [00:01:28.620]found a way to do that.
- [00:01:30.270]Thankfully, that's not necessary anymore.
- [00:01:31.890]Now you can, you can go to YouTube
- [00:01:33.330]and you can learn how to do these things
- [00:01:34.410]and you can, you know, break into virtual machines
- [00:01:35.813]that you run on your own computer.
- [00:01:36.892]But back then, if you wanted to see a type of system
- [00:01:40.080]you didn't normally have access to,
- [00:01:41.160]you had to find other ways.
- [00:01:42.726]I work for the Pottawattamie County Sheriff's Office
- [00:01:45.153]in Council Bluffs, Iowa.
- [00:01:46.800]And so my job is that I do digital forensics examinations.
- [00:01:49.488]I do cyber crime investigations.
- [00:01:51.883]I work on the internet, Crimes Against Children Task Force.
- [00:01:55.140]Wow.
- [00:01:55.973]So I explain it to kids is that we go after bad guys
- [00:01:57.990]on the internet who go after kids.
- [00:01:59.972]The, I guess my interest in cybersecurity
- [00:02:04.320]started when I was a kid, when I was wanting
- [00:02:06.095]to get access to the internet.
- [00:02:08.130]This is before the days of the worldwide web and so on,
- [00:02:10.290]but I'd heard of the internet and there were ways to do it,
- [00:02:12.865]usually through universities and so on,
- [00:02:14.760]but, you know, a lot of schools didn't have access to it.
- [00:02:16.815]So kids are growing up in a very different situation now.
- [00:02:20.085]Yeah.
- [00:02:20.940]That they're born with bandwidth
- [00:02:22.770]and computers at their feet.
- [00:02:24.240]So it's pretty nice.
- [00:02:25.073]But I started out, my first real job
- [00:02:27.535]is with a telephone company.
- [00:02:29.915]Oh.
- [00:02:31.050]And so I did technical support
- [00:02:31.995]there for a couple of years
- [00:02:33.115]and then I moved over to Pottawattamie County,
- [00:02:35.640]to the IT department there.
- [00:02:37.270]And in the IT department, I spent about 15 years
- [00:02:40.050]doing, you know, administration,
- [00:02:42.930]eventually became a supervisor, which I regretted.
- [00:02:46.020]But it was great.
- [00:02:47.829]It's just, it's easier to manage computers
- [00:02:49.748]'cause you can tell them exactly
- [00:02:51.300]what you want to do and so on.
- [00:02:52.290]Humans are, humans are messy.
- [00:02:55.410]Then the thing is that when I was there
- [00:02:58.320]I wanted to get into cybersecurity.
- [00:02:59.230]I was very interested in it
- [00:03:00.810]and so we didn't have anyone doing the work.
- [00:03:02.970]And so I sort of hacked my job
- [00:03:04.560]where I started doing the work to the point
- [00:03:07.860]where someday later on when they looked at job descriptions,
- [00:03:10.590]I could say, I'm already doing the work.
- [00:03:12.480]Could you put that into my title and my job description?
- [00:03:14.201]Nice. And that worked out.
- [00:03:15.722]I did a lot
- [00:03:17.246]and I still do a lot with application security,
- [00:03:19.586]where I look at the applications
- [00:03:22.530]that we run in local government and in law enforcement
- [00:03:24.820]and try to find vulnerabilities with them
- [00:03:26.743]so that we can report 'em to the vendors
- [00:03:28.500]so they can get fixed
- [00:03:29.550]and we can make our systems more secure.
- [00:03:32.206]I also get to do, with the digital forensic side of things,
- [00:03:35.280]I get to do a little bit of crypt analysis
- [00:03:36.526]'cause occasionally we run into people
- [00:03:38.280]that have tried to do silly or impressive,
- [00:03:40.161]clever things just to cover up evidence.
- [00:03:42.821]And so there's a bit of trying to break codes
- [00:03:44.564]to get into that.
- [00:03:45.397]It's like solving puzzles.
- [00:03:46.230]It's a lot of fun. Nice.
- [00:03:47.370]And then I write code
- [00:03:48.690]and do anything else nerdy that the sheriff requires.
- [00:03:50.850]That's awesome.
- [00:03:52.110]And I do outreach work,
- [00:03:53.580]like you know, this here.
- [00:03:55.230]And I was a mentor with cyber patriot teams
- [00:03:58.071]for about seven years and I've spoken at Bellevue University
- [00:04:03.630]and Metro Community College.
- [00:04:04.950]They do cyber camps in the summer over in Omaha.
- [00:04:07.258]Awesome.
- [00:04:08.091]And I am, anyway, I take part in some other committees
- [00:04:10.830]and that, so on.
- [00:04:11.663]I stay busy.
- [00:04:12.496]All right, so what information do you have for teachers
- [00:04:14.590]to know about cybersecurity?
- [00:04:16.530]Well, for me, one of the big things that teachers can,
- [00:04:19.554]I guess can instill in the students
- [00:04:21.493]is gonna be understanding and appreciation of,
- [00:04:25.410]I think it's called layering sometimes in education
- [00:04:27.555]about abstraction, layers of abstraction.
- [00:04:30.510]Because the thing is that these days,
- [00:04:32.117]a lot of what happens on the internet
- [00:04:34.450]happens out in the cloud.
- [00:04:35.716]It happens on a virtual machine
- [00:04:37.276]and there's all these layers
- [00:04:39.780]in between you and the actual hardware.
- [00:04:41.610]And so for students to be able to understand
- [00:04:43.080]what's going on when they, you know,
- [00:04:44.730]click a button, what happens behind the scenes,
- [00:04:45.952]they've got to know a little bit
- [00:04:47.700]about how the protocols work
- [00:04:49.392]and things like, I don't know
- [00:04:52.260]if is OSI model still being taught?
- [00:04:54.570]Yeah, yeah. Okay.
- [00:04:55.680]OSI model, so they, that's it.
- [00:04:57.300]An OSI model doesn't map perfectly to the way
- [00:04:59.050]that networking works, but it's pretty close.
- [00:05:01.890]And anyway, they have to understand
- [00:05:03.510]that things get handed off layer to layer to layer to layer.
- [00:05:05.317]And they might be working on a virtual machine
- [00:05:07.716]inside of a docker container,
- [00:05:09.433]on a hypervisor that's in a server,
- [00:05:11.413]you know, data center somewhere.
- [00:05:13.019]So there's all these layers to it.
- [00:05:14.189]And the better that they can peer into those
- [00:05:16.530]and understand how that works,
- [00:05:17.370]I think that's gonna help them if they get into IT work,
- [00:05:19.920]it's gonna help 'em solve problems.
- [00:05:21.150]They can into cybersecurity work,
- [00:05:22.110]it's gonna help them find vulnerabilities,
- [00:05:23.730]that's gonna help them, I guess,
- [00:05:25.290]close the doors before the bad guys can find them.
- [00:05:27.179]Awesome.
- [00:05:28.217]The other thing,
- [00:05:29.373]the other thing I think is important is soft skills.
- [00:05:32.220]Because there are a lot of very nerdy,
- [00:05:35.799]very technically savvy students and professionals,
- [00:05:40.410]adults out there, that just can't carry a conversation.
- [00:05:43.385]You could, you wouldn't want to hang out with them.
- [00:05:45.960]You wouldn't wanna talk to them.
- [00:05:47.070]They're like the trope for an IT guy
- [00:05:49.341]that you would not want to call.
- [00:05:51.500]Right.
- [00:05:52.740]And the thing is that the soft skill,
- [00:05:55.821]the technical skills, how to use a computer,
- [00:05:58.770]how to write code, things like that.
- [00:06:00.210]Almost anybody can be taught that.
- [00:06:01.830]The soft skills, if they haven't,
- [00:06:04.091]if they haven't gotten an introduction to that early,
- [00:06:06.930]I think it's very difficult for an employer later on
- [00:06:08.850]to try to teach that to an adult.
- [00:06:10.830]So for me, being a well-rounded person,
- [00:06:14.610]being a well-rounded, you know, employee or practitioner
- [00:06:17.460]or a researcher, that makes a big difference.
- [00:06:20.346]And so if you can do the technical things
- [00:06:22.355]and you can explain your wizardry to the Muggles,
- [00:06:25.457]and you can, if you can do those sort of things,
- [00:06:28.658]you'll go very, very far.
- [00:06:31.140]Awesome.
- [00:06:32.400]I've always been a big fan
- [00:06:33.360]of vendor agnostic lessons as much as you can.
- [00:06:36.390]Now there are certain things like, you know,
- [00:06:38.070]if you learn Cisco, that's not going
- [00:06:39.870]to hurt you in looking for a job.
- [00:06:41.190]And it is certainly useful,
- [00:06:42.216]but there are so many different makers of software
- [00:06:45.570]and hardware products and networking products
- [00:06:47.219]that I think the best place to start is with the principles.
- [00:06:51.000]So for me, on the cybersecurity side of it,
- [00:06:54.488]I always tell students, read Bruce Schneider.
- [00:06:57.480]Oh yeah? So Bruce Schneider,
- [00:06:59.430]he's been around for decades.
- [00:07:01.241]He's a cryptographer
- [00:07:03.708]or I should say yeah, he's a mathematician
- [00:07:05.820]or cryptographer, computer scientist.
- [00:07:07.308]In any case, smart guy.
- [00:07:09.538]And he's written a number of books on cybersecurity
- [00:07:12.443]and if you look through them, you'd be hard pressed
- [00:07:14.603]to find a lot of very specific examples of a specific,
- [00:07:17.910]you know, software version or something like that.
- [00:07:19.440]Oh yeah. He taught,
- [00:07:20.798]he's going to teach you how to think
- [00:07:22.438]like a security professional,
- [00:07:24.450]how to think about securing systems.
- [00:07:25.623]And for the most part, it doesn't really matter
- [00:07:27.559]what the, you know, version of the software running
- [00:07:30.008]or who made the product or whatever.
- [00:07:32.070]The principles are the same no matter what.
- [00:07:32.917]Yeah. And I think those
- [00:07:34.680]are really good lessons and.
- [00:07:35.610]And finally, what advice or tips do you have
- [00:07:38.790]for any students who are interested in a job
- [00:07:39.940]in law enforcement, specifically digital forensics?
- [00:07:43.680]Well, digital forensics and law enforcement
- [00:07:45.621]and anything nerdy and technical.
- [00:07:48.621]My biggest advice is be a hacker.
- [00:07:52.530]Adopt the hacker mindset.
- [00:07:54.108]What I mean by that is, you know,
- [00:07:55.680]the word hacker usually gets used as a pejorative.
- [00:07:58.350]It gets used as an insult.
- [00:07:59.340]That means, you know, somebody who breaks into banks
- [00:08:01.080]and steals money, whatever.
- [00:08:01.913]That's not what it means.
- [00:08:02.746]I mean, when I came up when I was a kid,
- [00:08:03.883]a hacker meant somebody who was super interested
- [00:08:06.810]in technology and liked taking things apart,
- [00:08:08.910]figuring out how it worked,
- [00:08:09.870]putting it back together in new crazy, creative ways
- [00:08:12.785]to try to find creative uses for technology.
- [00:08:15.388]That's what hacking is to me.
- [00:08:17.040]And so it all, it means being a lifelong learner
- [00:08:19.242]and staying infinitely curious.
- [00:08:21.266]Just being curious about how these things work.
- [00:08:23.670]Because when, one of the things that I've talked
- [00:08:26.258]to some students and they're into IT,
- [00:08:29.490]or they're into cybersecurity or digital forensics,
- [00:08:31.200]whatever, and they're a little bit worried
- [00:08:32.490]about how am I going to find a job?
- [00:08:33.600]'Cause everyone around me grew up with these computers.
- [00:08:36.000]Well the good news is that 90% of them
- [00:08:37.381]don't care how it works under the hood.
- [00:08:39.408]They don't take a look.
- [00:08:40.414]So if you care and you go and find out how these things work
- [00:08:43.182]and learn about the, you know, the technical details,
- [00:08:45.913]then you're gonna have a leg up,
- [00:08:48.420]and you can go get a job doing this sort of thing.
- [00:08:50.068]Don't be afraid of the command prompt.
- [00:08:52.443]Don't be afraid of Linux, Macs.
- [00:08:54.288]These are, in what I do in law enforcement,
- [00:08:56.963]digital forensics, they're kind of a niche
- [00:08:59.088]because there are a lot of people that are afraid
- [00:09:01.260]to open up the command prompt that are afraid
- [00:09:03.180]of Linux and Macs and so on.
- [00:09:04.800]If you, that's fine, then you go out there
- [00:09:06.486]and learn those things and you will have a skill.
- [00:09:08.910]You'll be the wizard.
- [00:09:09.924]Even when you go into a room with people
- [00:09:11.428]that have been doing this for years,
- [00:09:12.750]some of them won't know how to do that.
- [00:09:13.940]My other, I guess the big, one of the biggest things
- [00:09:17.379]that you can do that's gonna help you out
- [00:09:19.022]is learn a scripting language.
- [00:09:20.308]So not everybody wants to program,
- [00:09:22.019]not everybody wants to be a full on programmer.
- [00:09:24.038]That's okay.
- [00:09:25.080]Scripting languages are easy.
- [00:09:26.103]You don't have to compile, you just put the commands in
- [00:09:28.830]and you run them and they're super powerful.
- [00:09:30.628]And so all, every computer you open up these days
- [00:09:33.348]has a scripting language already installed.
- [00:09:35.376]Windows is gonna have PowerShell,
- [00:09:36.982]Linux is gonna have a whole bunch of a Python, especially.
- [00:09:40.315]My recommendation is to learn Python.
- [00:09:42.240]So I know a handful of scripting languages.
- [00:09:45.330]My favorite is Pearl, but that's because I'm old.
- [00:09:47.653]And so I don't recommend that kids learn Pearl necessarily,
- [00:09:50.940]although it's amazing if you wanted
- [00:09:53.040]to learn a really good language that works in Windows,
- [00:09:54.614]it works in Linux, works on Macs, Python.
- [00:09:57.218]Not only that, but a lot of the forensic tools
- [00:10:00.090]that we use in criminal law enforcement, you know,
- [00:10:03.060]working criminal cases, our tools have plugin capabilities
- [00:10:06.780]where you can extend the functionality.
- [00:10:08.035]Those plugins are written in Python.
- [00:10:09.688]And so, and I've written some of those.
- [00:10:11.250]And so that lets you extend the capability
- [00:10:12.915]of what your tool can do.
- [00:10:15.000]So if you can script,
- [00:10:16.650]if you can write some code to automate things,
- [00:10:18.900]you can automate out the boring,
- [00:10:20.453]repetitive parts of your job
- [00:10:21.919]so that you can focus on the more interesting,
- [00:10:25.290]the more difficult things.
- [00:10:26.123]And so that's what I do.
- [00:10:27.690]I like some of, there's, I get a case in
- [00:10:28.677]and there might be 10 or 20 things that I do
- [00:10:30.729]on every case that's all automated.
- [00:10:32.275]I run a script. Nice.
- [00:10:33.483]It generates a report and I have all that done.
- [00:10:36.150]And now I can move on to the things that are unique
- [00:10:37.607]to this particular case.
- [00:10:38.612]So it'll help you out
- [00:10:39.852]and you can, I also, I think it's important.
- [00:10:44.778]I guess I'll give you three more things.
- [00:10:46.890]Always carry a pen.
- [00:10:48.280]Okay.
- [00:10:49.620]Always have a flashlight.
- [00:10:50.517]Especially in law enforcement,
- [00:10:51.557]you don't know when you're gonna need it,
- [00:10:52.612]and try to find role models and heroes.
- [00:10:57.900]And so it's usually gonna be your teacher.
- [00:10:59.220]That's who it's gonna be.
- [00:11:00.282]But if you're looking for other ones,
- [00:11:02.460]like for me, one of my example is, is Dr. Cliff Stoll.
- [00:11:05.196]So I don't know, are you familiar with him?
- [00:11:07.585]I'm not, no.
- [00:11:08.418]So Cliff Stoll, he's retired now,
- [00:11:11.520]but he was an astronomer out in Berkeley, California.
- [00:11:14.910]And back in the eighties
- [00:11:15.852]because he knew a little bit about computers and that,
- [00:11:18.479]he kind of got, he ended up in charge
- [00:11:21.720]of their computer system out there
- [00:11:22.890]because he said, okay, you know something about computers,
- [00:11:24.570]now you're in charge of it.
- [00:11:25.403]And so like, I think happens to a lot
- [00:11:26.910]of academic in institutions.
- [00:11:27.896]So anyway, part of his job was billing,
- [00:11:31.318]trying to track the billing,
- [00:11:33.000]'cause back then you had to pay
- [00:11:33.960]for the time you spent on the computer.
- [00:11:34.885]I guess we've gone full circle
- [00:11:35.982]'cause now we do it with Amazon Web Services.
- [00:11:37.235]But any case, he had a billing discrepancy of 75 cents
- [00:11:41.340]and being a scientist, that bugged him
- [00:11:43.080]and he couldn't put up with it.
- [00:11:44.333]So he started looking into it.
- [00:11:46.500]And then there's a long story short, this turns into a book.
- [00:11:49.620]The book is called "The Cuckoo's Egg."
- [00:11:51.192]Oh yeah, okay.
- [00:11:52.469]But in any case, that 75 cent discrepancy
- [00:11:55.736]leads down a rabbit hole that leads to a KGB,
- [00:11:58.339]you know, operation and it's international intrigue.
- [00:12:01.983]And so it was amazing.
- [00:12:03.480]My point is that A, he was a hero of mine
- [00:12:06.600]because there was digital forensics involved.
- [00:12:08.220]Like he was, he wasn't, that wasn't his job.
- [00:12:09.622]His job was astronomer.
- [00:12:10.622]But he ended up doing a bit of forensics and investigation
- [00:12:14.294]and looked into cyber crime
- [00:12:15.725]before the word cyber crime existed.
- [00:12:18.030]All right, well thank you so much for joining us.
- [00:12:20.533]I really appreciate having you on.
- [00:12:22.133]Thank you for having me.
- [00:12:23.736]It was great.
- [00:12:24.996]All right, that was a lot of information
- [00:12:27.792]and great information.
- [00:12:29.493]I'm running to fix all my passwords.
- [00:12:31.479]Yes, I will have to be taking some additional steps
- [00:12:35.023]to make sure everything's private
- [00:12:37.226]and two factor authentication.
- [00:12:39.870]Definitely a good thing to have on.
- [00:12:41.278]Yes. Annoying but necessary.
- [00:12:43.698]It's not that annoying.
- [00:12:45.300]I've gotten used to it,
- [00:12:46.230]Ours, we are all in two factor authentication,
- [00:12:48.660]and it makes me feel better about most of the ways
- [00:12:51.188]that I communicate, especially private information
- [00:12:54.180]about students, which we need to protect,
- [00:12:56.490]but also our information.
- [00:12:57.720]So I'm very comfortable with that piece.
- [00:12:59.230]Yeah.
- [00:13:00.090]But password on old website,
- [00:13:01.516]that is something to think about because I've been,
- [00:13:04.620]I've had password literally hundreds of profiles
- [00:13:08.277]on different things from the time
- [00:13:10.501]that I was doing iPads in the classroom and all that.
- [00:13:13.920]I think I've had a password for everything so yeah.
- [00:13:18.131]Yep. Clean that up.
- [00:13:20.294]Mhm.
- [00:13:21.600]All right, what else did we learn?
- [00:13:22.976]Oh man, we learned a whole lot of stuff, yeah.
- [00:13:26.850]Yeah. So I teach cybersecurity.
- [00:13:29.430]So there were a few things that I'm a little familiar with.
- [00:13:31.470]So if you are unfamiliar
- [00:13:32.794]with some of the things that he mentioned,
- [00:13:34.359]we'll have some links that you can click on.
- [00:13:37.173]But definitely go to his website.
- [00:13:39.755]We'll have the link down here too.
- [00:13:42.681]He's got tons of information and yeah, really good stuff.
- [00:13:46.753]Yeah, so we will make sure
- [00:13:48.960]that we revisit cybersecurity once in a while.
- [00:13:51.097]It isn't kind of the top, top of mind thing,
- [00:13:55.650]but this is exactly what everybody
- [00:13:57.240]that breaks into your accounts is counting on.
- [00:13:58.937]So we will come back to this occasionally
- [00:14:01.879]and we'll see you next time on CS4NE.
- [00:14:06.221](bright music)
The screen size you are trying to search captions on is too small!
You can always jump over to MediaHub and check it out there.
Log in to post comments
Embed
Copy the following code into your page
HTML
<div style="padding-top: 56.25%; overflow: hidden; position:relative; -webkit-box-flex: 1; flex-grow: 1;">
<iframe
style="bottom: 0; left: 0; position: absolute; right: 0; top: 0; border: 0; height: 100%; width: 100%;"
src="https://mediahub.unl.edu/media/23604?format=iframe&autoplay=0"
title="Video Player: Tech EDGE: CS4NE - Cybersecurity with Special Guest, Anthony Kava"
allowfullscreen
></iframe>
</div>
Comments
0 Comments