Just six months ago, I started a YouTube channel, What is cybersecurity?, to provide short videos (most are under 4 minutes and all are currently well under 10 minutes) discussing topics and issues in cybersecurity. I’ve spent 25+ years in the field (well before anyone called it “cybersecurity”) and had been wondering how people get into it these days. In particular, I’m aware that not everyone processes information in the same way, and that for many people, short video content is there preferred way of gaining new knowledge. So I decided that this was what I’d do: create short videos, publish frequently and see how it went.
Today, the 100th video was published: What is data privacy?
To celebrate this, here’s a post describing various aspects of the process.
Methodology
I thought it might be interesting to people to understand how I’ve gone about choosing the topics for videos. When I decided to do this, I created a long list of topics (the initial list was over 150) and realised very early on that I was going to have to start with simple issues and build up to more complicated ones if I wanted to be able to address sophisticated concepts. This meant that I’ve started off with some of the basic building blocks in computing which aren’t specifically security-related, just because I wanted to be able to provide basic starting points for people coming to the field.
I was slightly concerned when I started that I’d run out of ideas for topics: this hasn’t been a problem, and I don’t expect it to be any time in the future. Currently, with 100 videos published, I have over 250 topics that I want to cover (which I haven’t recorded yet). Whenever I come across a topic or concept, I add it to the list. There are few books that I mine for ideas, of which the most notable are:
- Trust in Computer Systems and the Cloud – Mike Bursell (my book!)
- Security Enginineering (3rd edition) – Ross Anderson
- CISSP Exam Guide (9th edition) – Fernando Maymi, Shon Harris
As mentioned above, the videos are all short, and, so far, they’re all single-takes, in that each is a single recording, without editing pieces together. That doesn’t mean that I don’t have to re-record quite frequently – I’d say, on average, that 50% of videos require two or more takes to get right.
Audience
Who do I expect to be my audience? These are the personae that I’ve targeted to start with:
- undergraduates reading Computer Science or similar, with an interest in cybersecurity
- masters students looking to move into cybersecurity
- computing professionals wanting more information on specific cybersecurity topics
- managers or professionals in non-computing roles looking for a definition or explanation of a particular term
- (after looking at UK students) A level students in Computer Science
Playlists
YouTube encourages you to create playlists to help people find related topics on your channel. These are the playlists that I currently have (I expect to create more as I get into more complex topics):
- A level topics
- Basic cybersecurity concepts
- Cybersecurity architecture and design
- Cybersecurity concepts compared
- Cybersecurity in practice
Cybersecurity concepts compared takes two or more topics and draws out the differences (and similarities). There are so many complex topics in cybersecurity which are really close to each other and it’s not always easy to differentiate them.
Equipment and software
Here’s the equipment and software I’m using.
Equipment
System: AMD Ryzen 9 3900X 12-Core Processor, 32GB RAM
Camera: Razer Kiyo Pro (though currently I’m trying out a Sony ZV-E10, which provides lovely video, but requires a 175ms audio delay due to USB streaming processing performance)
Microphone: audio-technica AT2035
Pre-amp: Art Tube MP-Studio V3
Software
Operating system: Fedora 39 Workstation
Studio: OBS Studio
Transcription: Buzz
Audio stripping: ffmpeg and some very light bash scripting
Thumbnails: Canva
Alice, Eve and Bob - a security blog 