Cybersecurity Math
CM.1 How you can use math to reconcile cybersecurity
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Cybersecurity Math | Cybersecurity
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is the first in a series on Cybersecurity Math. The rest of the posts are at the bottom of the page.
People always think I’m good at math because I work in a field that involves computers, programming, and over the course of my career, a lot of banking, e-commerce, and tax applications. Actually, I’m good at logic. There’s a difference.
I’m also going to show you that, even if you think you are not good at math, perhaps it was not presented to you in a way you could understand and learn. Maybe we can approach problems in a different way.
Additionally, I’ll explain how math and logic help us in cybersecurity in this and upcoming posts.
Challenges with math
If you think you’re not good at math, read this.
When I took the GRE (not to be confused with the GSE) to get into my Master of Software Engineering grad school program, I got almost a perfect score on the logic portion. I think I might have gotten a perfect score except I ran out of time and had to basically quickly fill in answers for the last 2–3 questions without looking at them. As for math, I was only slightly above average.
I always forget mathematical notations. The symbols confused me. Like the squiggly summation backwards E little numbers above the line and below the line and things like that. Does anyone else relate to this? I know that my incredibly smart nephew who is about to become a medical doctor does. He didn’t like that they put letters in math in his algebra class.
I usually understand the lower level logical basis for things that are expressed in symbols at higher levels. I have often wondered if I have some form of learning disability related to those characters (and directions — I am horrible at directions and always think things are the opposite way to what they really are, so I have to figure out directions in some other way besides remembering where I came from with a “sense of direction”).
In my master of software engineering program my professor in a discrete math class had students write a paper on how math is derived from underlying logic. I think all the people who were good at math struggled with that assignment and thought the professor was a bit kooky. He worked in a research lab funded by one of the founders of Microsoft. I loved that assignment because it helped me get through an otherwise difficult subject, unscathed. I knew exactly what he was talking about.
Math was my nemesis. The first B I ever got in a “real” class was advanced math in high school — where I realized that yes, you actually do need to study for math. The concept was foreign to me before that point. Math was something you just did, not something you studied. Once I realized you had to practice the problems and study, I got an A in advanced math from there on out from the same teacher.
Grades don’t always mean much
Now I’m going to vent for a minute. The only other B I got in high school was an annoying piano grade.
Really? My piano teacher almost cost me a 4 point in high school?
I thought of piano as an extracurricular activity or something like P.E. class. My grandmother taught piano lessons until she was 93. And by the way, I went on to get a scholarship for piano when I went to college. I’m not that great and don’t play much anymore but as you can see, I wasn’t terrible at piano. But I digress. It’s just that sometimes grades don’t mean much.
It might not be you — it might be how the material is presented
During my undergrad program at the University of Washington, a professor was explaining mathematical concepts in the most abstract terms imaginable. It is the only class in my life that I stopped attending at all because he was rambling on about formulas in what seemed like a foreign language to me. Attendance was futile.
I instead went only to the TA (teaching assistant) sessions and studied the problems, but did not do well in that class. I think I got a C+. Mind you, I never got a C before in my life or after. But I didn’t get good grades because I cared so much. It’s just that I knew how to study and things mostly and it was easy to get an A.
The rest of this story about business calculus shows you how important the way someone teaches is to the way someone learns. Perhaps there was a reason that was the only math class available when I went to register. And hopefully, this story helps you not give up when you struggle with math — or any other subject for that matter.
Note — don’t blame yourself if you can’t learn something. It might not be your fault. Or at least, the material might not be presented in a manner that aligns with how your brain works.I had to take one more math class so the next time around I chose the summer evening session as I figured there would be less students so I could ask questions if needed. It was brutal. Our instructor gave us quizzes — in every single class.
As it turned out, I didn’t need to ask questions. I could understand what was going on, and I studied my booty off to get around the fact that my brain gets confused by certain aspects of advanced math, equations, symbols, imaginary numbers (what?), and graphs.
By the end of class I had a 4 point (top grade at a US college) but at the very end, I thought, I’ve proved enough. I slacked off a bit because I got a new boyfriend and got tired of the quizzes. I ended up with an A- instead of an A. I don’t love math and was tired of studying so much. Like I said, grades were not really my top priority in life, but I realize you need good grades to achieve certain other objectives.
That whole experience was really more about proving to myself that I could do it, if I really wanted to, rather than getting a good grade. I figured I had proved enough.
Applying math to real world problems
I had similar struggles with a finance class. All the little formulas bored me and got mixed up in my brain. I rarely asked questions in school, but I remember asking the professor a question in that class. I got an A, but I wasn’t really interested in all the mathematical equations at the time.
However, later in life, these formulas have become very important to me. Had they been presented in this manner, I think I would have grasped the concepts more easily — if they had been related to problems I faced later in life when it comes to loans and financing.
When I see a bunch of loan offers with different points — the way banks try to trick you into paying more for the money — I use these formulas to calculate the true cost of each loan, regardless of all their fancy numbers and sleight of hand.
If I need 10,000, how much am I going to pay for it in the end? That’s what I want to know. Banks always try to say, “well your payment will be less if we do this and that.” Or maybe, “your interest rate will be lower if we extend the loan by a few more years.”
Why thank you, Mr. Banker. How kind of you. You just made the cost of my loan 30% higher while reducing my payment $50 per month. I’ll end up paying you $2500 more in the end.
If you want to calculate the cost of a loan use the formulas below to compare interest irrespective of points and rates. The loan that charges you the most money overall is most expensive — whether those costs are by way of the total interest you pay over the life of the loan or the amount you pay up front. Add the points you need to pay plus the total amount of interest you are going to end up paying to get the total cost of the loan.
Once you know the total cost of each loan offer, you can compare them accurately and concretely. You know who’s giving you the best deal — you don’t have to guess. Some bankers hate it when I tell them I want the total cost of the loan. Stop talking to me about monthly payments.
I also used this equation to my advantage to get the price I wanted on a car. I said I could not pay over x per month or over y interest rate and I only wanted an n year loan. In order to do the deal, the car dealer had to give me the price I wanted. :-D
On asking questions
Side note on asking questions. I took another class I didn’t love in college because it was the only science class left when I registered at a small college— chemistry. This subject also did not align with my brain, and I am not so much of a hands on science person. I was afraid I was going to cause an explosion in the lab with the Bunsen burner.
I asked the professor some questions in class about things I didn’t understand. My roommate rebuked me for asking the questions. There were things I just couldn’t wrap my brain around for some reason so I drilled down into the material until I understood it. For some reason, that annoyed her.
Well, as it turns out — she got a B+ and I got an A. Needless to say, that annoyed her even more. :) Don’t be afraid to ask questions.
Reconciliation — math and logic
Math becomes easier for me to understand when I have context and a purpose. But also, I always say, why am I going to sit there and do the math? That’s what computers are for! Of course you have to be able to do enough math to be absolutely certain that your numbers reconcile.
When building a financial system processing billions of dollars of assets under management, as I have, you need to build the formulas such that there are no mistakes in the equation. In some cases, you may be processing blocks of numbers that need to add up in the end. You’ll likely be doing some math to make sure your program is correct.
You’ll also need to understand system logic as numbers flow from one system to another and through multiple processes. I’ve seen some pretty strange reconciliation errors with what felt like obvious logic flaws and gaps to me — which I’ve fixed.
I think that reconciliation process and the ability to prove all your numbers add up is one of my favorite things about writing banking software — and the logic you need to concern yourself with to ensure there are no gaps. I wrote about one such gap I discovered in my book at the bottom of this post. I always wondered if it was intentional.
When it comes to computers and networks, the same reconciliation process applies, but in a different way. I think that’s why I also like dealing with network packets. Things need to add up. With network packets, you basically perform math to determine when something is off in many cases. I’ll show you what I mean in upcoming posts.
Mathematical Concepts in Cybersecurity
The concepts are perfectly logical to me. But the lower-level math and formulas do not come easy to me — converting hex to binary and decimal for example. And yet, I got a 93 on the SANS 503 network intrusion test if you are familiar with that. I had never worked in networking role where I had to understand the details in packets prior to that.
My motivation was not the score — what I really wanted was to be able to understand how to dissect network packets. I wanted to use that information. The score was a byproduct of attempting to understand the material.
In the upcoming posts, I’ll explain some of the basic concepts you need to understand related to bits and bytes and the math involved with network packets in a way that works for me. I’m going to call this series cybersecurity math (CM).
I’ve discovered some ways to explain and understand things that help me, personally. I got mixed up on a few things the way they were explained to me and thought perhaps I can explain the concepts in a different way. I found an online source that helped me understand these concepts that I will reference if I can find it again.
I’m not telling you anything secret or proprietary. All this information is freely available online. I’m just trying to explain it in a different way that makes sense to me, a person who struggles to fit logarithms and exponentials into my brain for whatever reason. Maybe it will help someone else. If you struggle with a concept, don’t give up — find another way to learn it that works for you.
If you check out the upcoming posts, you will understand why this low level math matters when it comes to application security and network packets and why you should care. And by the way, when you are dealing with encryption, you are essentially dealing with math and logic as well. Math — and logic — abound in cybersecurity and computer programming.
In addition, I am looking at ways we can use math to describe cybersecurity in my post on cybersecurity metrics where I’m building a cloud environment from the ground up and we’ll consider how we can measure security in that environment.
By the way, 01001101 01100001 01110100 01101000 is “Math” in binary.
The rest of the posts:
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
