O'Reilly Reports Increasing Interest in Cybersecurity, AI, Go, Rust, and C++ (oreilly.com) 33
"Focus on the horse race and the flashy news and you'll miss the real stories," argues Mike Loukides, the content strategy VP at O'Reilly Media. So instead he shares trends observed on O'Reilly's learning platform in the first nine months of 2021:
While new technologies may appear on the scene suddenly, the long, slow process of making things that work rarely attracts as much attention. We start with an explosion of fantastic achievements that seem like science fiction — imagine, GPT-3 can write stories! — but that burst of activity is followed by the process of putting that science fiction into production, of turning it into real products that work reliably, consistently, and fairly. AI is making that transition now; we can see it in our data. But what other transitions are in progress...?
Important signals often appear in technologies that have been fairly stable. For example, interest in security, after being steady for a few years, has suddenly jumped up, partly due to some spectacular ransomware attacks. What's important for us isn't the newsworthy attacks but the concomitant surge of interest in security practices — in protecting personal and corporate assets against criminal attackers. That surge is belated but healthy.... Usage of content about ransomware has almost tripled (270% increase). Content about privacy is up 90%; threat modeling is up 58%; identity is up 50%; application security is up 45%; malware is up 34%; and zero trust is up 23%. Safety of the supply chain isn't yet appearing as a security topic, but usage of content about supply chain management has seen a healthy 30% increase....
Another important sign is that usage of content about compliance and governance was significantly up (30% and 35%, respectively). This kind of content is frequently a hard sell to a technical audience, but that may be changing.... This increase points to a growing sense that the technology industry has gotten a regulatory free ride and that free ride is coming to an end. Whether it's stockholders, users, or government agencies who demand accountability, enterprises will be held accountable. Our data shows that they're getting the message.
According to a study by UC Berkeley's School of Information, cybersecurity salaries have crept slightly ahead of programmer salaries in most states, suggesting increased demand for security professionals. And an increase in demand suggests the need for training materials to prepare people to supply that demand. We saw that play out on our platform....
C++ has grown significantly (13%) in the past year, with usage that is roughly twice C's. (Usage of content about C is essentially flat, down 3%.) We know that C++ dominates game programming, but we suspect that it's also coming to dominate embedded systems, which is really just a more formal way to say "internet of things." We also suspect (but don't know) that C++ is becoming more widely used to develop microservices. On the other hand, while C has traditionally been the language of tool developers (all of the Unix and Linux utilities are written in C), that role may have moved on to newer languages like Go and Rust. Go and Rust continue to grow. Usage of content about Go is up 23% since last year, and Rust is up 31%. This growth continues a trend that we noticed last year, when Go was up 16% and Rust was up 94%....
Both Rust and Go are here to stay. Rust reflects significantly new ways of thinking about memory management and concurrency. And in addition to providing a clean and relatively simple model for concurrency, Go represents a turn from languages that have become increasingly complex with every new release.
Other highlights from their report:
Important signals often appear in technologies that have been fairly stable. For example, interest in security, after being steady for a few years, has suddenly jumped up, partly due to some spectacular ransomware attacks. What's important for us isn't the newsworthy attacks but the concomitant surge of interest in security practices — in protecting personal and corporate assets against criminal attackers. That surge is belated but healthy.... Usage of content about ransomware has almost tripled (270% increase). Content about privacy is up 90%; threat modeling is up 58%; identity is up 50%; application security is up 45%; malware is up 34%; and zero trust is up 23%. Safety of the supply chain isn't yet appearing as a security topic, but usage of content about supply chain management has seen a healthy 30% increase....
Another important sign is that usage of content about compliance and governance was significantly up (30% and 35%, respectively). This kind of content is frequently a hard sell to a technical audience, but that may be changing.... This increase points to a growing sense that the technology industry has gotten a regulatory free ride and that free ride is coming to an end. Whether it's stockholders, users, or government agencies who demand accountability, enterprises will be held accountable. Our data shows that they're getting the message.
According to a study by UC Berkeley's School of Information, cybersecurity salaries have crept slightly ahead of programmer salaries in most states, suggesting increased demand for security professionals. And an increase in demand suggests the need for training materials to prepare people to supply that demand. We saw that play out on our platform....
C++ has grown significantly (13%) in the past year, with usage that is roughly twice C's. (Usage of content about C is essentially flat, down 3%.) We know that C++ dominates game programming, but we suspect that it's also coming to dominate embedded systems, which is really just a more formal way to say "internet of things." We also suspect (but don't know) that C++ is becoming more widely used to develop microservices. On the other hand, while C has traditionally been the language of tool developers (all of the Unix and Linux utilities are written in C), that role may have moved on to newer languages like Go and Rust. Go and Rust continue to grow. Usage of content about Go is up 23% since last year, and Rust is up 31%. This growth continues a trend that we noticed last year, when Go was up 16% and Rust was up 94%....
Both Rust and Go are here to stay. Rust reflects significantly new ways of thinking about memory management and concurrency. And in addition to providing a clean and relatively simple model for concurrency, Go represents a turn from languages that have become increasingly complex with every new release.
Other highlights from their report:
- "Quantum computing remains a topic of interest. Units viewed is still small, but year-over-year growth is 39%. That's not bad for a technology that, honestly, hasn't been invented yet...."
- "Whether it's the future of finance or history's biggest Ponzi scheme, use of content about cryptocurrency is up 271%, with content about the cryptocurrencies Bitcoin and Ethereum (ether) up 166% and 185% respectively...."
- "Use of JavaScript content on our platform is surprisingly low — though use of content on TypeScript (a version of JavaScript with optional static typing) is up.... Even with 19% growth, TypeScript has a ways to go before it catches up; TypeScript content usage is roughly a quarter of JavaScript's..."
- "Python, Java, and JavaScript are still the leaders, with Java up 4%, Python down 6%, and JavaScript down 3%...."
- "Finally, look at the units viewed for Linux: it's second only to Kubernetes. While down very slightly in 2021, we don't believe that's significant. Linux has long been the most widely used server operating system, and it's not ceding that top spot soon."
Good for O'Reilly, but... (Score:3)
...until the give-a-shit level about cybersecurity exceeds CEO Greed who doesn't want to waste their quarterly bonus on your unproven hacker FUD, nothing will change except book sales.
But hey, enjoy the hype. Again.
Re:Good for O'Reilly, but... (Score:5, Interesting)
We're actually getting there. After running against walls forever, I've found that in the past decade or so upper management more and more understands that cybersecurity is a thing. The budgets are there now. They still think they can outsource it and hire consultants instead of recruiting competent people, but that's one part to standard management stupidity, one part big consulting companies telling them that works (with absolutely no interest of their own, of course), and one part the current job market making it difficult to find good people who haven't already been snatched up by aforementioned consulting companies.
That cybersecurity investments need to be sensible should be obvious. You don't buy a $1000 safe to put your $100 watch inside. That's the job of risk management. Sadly, most risk management is complete bullshit. Hubbard put it well: "the level of astrology". Makes me sad, especially because so few people see what complete nonsense they're sold (quick hint: Anyone telling you to rate your impact and your likelihood on a scale of 1-5 and then multiply those two numbers is full of shit and doesn't even understand the simple math of scales). But hey, it also makes me good, with the books I sell and the courses I give. So it's a mixed bag. :-)
No, seriously, I wish we'd drop the nonsense and be more serious about the whole risk management and cybersecurity stuff. Less snakeoil and astrology - and the CEO could get his wish of not spending nonsense money while still making sensible investments.
But too many snake-oil sellers and even well-meaning but under-educated people profit from the status quo.
Re: (Score:3)
I definitely saw it at a very large financial institution where I once worked seven years ago. About a year before I left, they created a whole new department around security and got tons of leverage across multiple levels and departments. Security-related upgrades trumped regular changes. And any discovered vulnerabilities were given high priority for devs to drop whatever they're doing to fix. In forming their group, they recruited people from different teams throughout the IT field, including devs, bu
Re: (Score:1)
Re: (Score:2)
Stupidity exists, and nowhere more than around IT. One part is that IT is literally magic to those who don't understand it. Try to explain a moderately complex SQL query with two or three joins to a non-IT person. Seriously, grand mother's good luck charm is closer to something that makes sense to them.
But yeah, extreme examples like yours exist and they make us wonder how someone ever qualified for any job, much less one that requires decision making.
Now here's the question: Does that bank still exist? If
Re: (Score:2)
Now here's the question: Does that bank still exist? If so, how do you think they managed THAT? Maybe these idiots are the real magicians.
Speaking of magicians, remember the the criminals running the banks not only stayed in business in 2008, but got bailed out by taxpayers with the dumbest fucking excuse to ever actually work: Too Big To Fail.
I wouldn't be surprised if that bank is ignorantly sponsoring IT scholarships with COVID money by now.
Quantum computing remains a topic of interest. (Score:2)
Can't wait for the first article:
"Quantum computer creates bitcoins 10.000 times faster!"
And the article:
"Bitcoin worth 10.000 times less overnight."
Here's what I see (Score:3)
A lot of people who lost their jobs, stuck at home because of fucking COVID, and considering reconverting in IT, security and pentesting / redteaming because they see it as a promising career move and a low-hanging fruit. I can't count the number of acquantances who mention this to me.
The trouble is:
!/ It's not a good career move if everyone does it and floods the market. Not to mention, computer security issues aren't new, aren't getting better, and those in that field haven't gotten massively richer out of it in the oast 3 decades as far as I know.
2/ It's NOT a low-hanging fruit: from a developer's point of view, it takes a lot of experience to produce safe code. From a third-party security auditor's point of view, it also takes a lot of experience, quite a lot of dedication, and probably talent too. People who think they can start a career in that field at > 40 years of age have no idea what they're talking about.
Re:Here's what I see (Score:5, Insightful)
"> 40 years of age "
What an ignorant statement. It is precisely the >40 crowd who understand the issues because they have lived them. Meanwhile the younger crowd continues to produce shoddy code and will bend to whatever flavor-o-month management is pushing. And few of the >40 crowd who are not already in IT are unlikely to move into it.
Re: (Score:2)
I agree - for those who've been in that industry since day one. I'm talking dudes who lost their convenience store to COVID, or former accountants, who think IT security is the next big thing and they should get in on the act.
Re: (Score:3)
To be fair he was referring to people who got that far in life without touching code (no particular interest/affinity) and went for the advertising of one of the diploma mills saying "make gob tons of money by just switching on over to IT".
Of course, while I recognize that sentiment, I will say that it's not exclusive to those over 40, *plenty* of gold-digging college students too that are big on wanting the money, short on affinity of the job. So either way it's a good news/bad news to hire when the job is
Re: (Score:1)
and went for the advertising
"Learn to code" was not advertising. It was liberal verbal diarrhea, yet another posing event, where the liberals virtue signal to each , while censoring everyone that even hints that they are just empty fucking virtual signaling fuck bags.
Re: (Score:2)
I don't think this can be laid at the feet of liberal thinking. You have big companies trying to increase the labor pool through aggressively trying to shape the educational landscape toward their benefit combined with fly-by-night diploma mills all too happy to exacerbate things to get their piece of the pie. The liberal thinking may come into play with some things like some minority-exclusive programs, but in the grand scheme of things I think those are smaller scale and not particularly harmful compare
Re: (Score:1)
But learning Flavor of the Month is favored by management. Each framework has new idiosyncrasies that must be learned mostly from scratch. Overhauling your head every seven years will favor youth. Doctors don't have learn a new alien species every seven years, and thus their experience builds; in IT your are thrown under the bus.
Re:Here's what I see (Score:4, Insightful)
Both of those are true and false at the same time.
Right now, the market is so hot, anyone who knows how to spell "Nessus" can land a job as a pentester. Every company I know is looking for IT and especially IT security people. It's unlikely that a couple thousand more people will change the market, and it IS a low-hanging fruit with standards dropping more and more the longer positions can't be filled.
It also means that a lot of incompetent or very low-skilled and/or low-experience people will cause a whole lot of trouble that us more experienced people will then be paid large amounts of money to fix.
One thing I disagree with is that it's an age thing. I've met very capable people in all age ranges, and complete idiots in all age ranges. It's more a matter of mindset. Do you understand (or at least care) how a computer actually works? Do you have a "hacker mind", one that things outside the box? Do you have a talent for spotting the obvious flaw everyone else somehow missed? Can you think your way through complex systems?
A lot of young people have none of that. Even those who studied IT security. A lot of old people don't have any of it, either. Even some who've been working in the industry for 20 years. I've run circles around people allegedly more experienced than me, and I've been humbled by people considerably younger than me. It's not an age thing. It's totally a mind game.
Re: (Score:1)
> it takes a lot of experience to produce safe code
If that experience accumulates, that's a good thing. Other types of coding throw away the Framework of the Year every 7 years or so and you are then back to Square One on learning all its idiosyncrasies. Throw-Out-And-Start-Over favors youth.
Captain Obvious (Score:2)
Seriously, they're just now noticing that AI is a thing (well, more specifically, neural nets)? And why would anyone think security is a current topic, given the complete absence of data leaks, ransomware, botnets, etc? /s
O'Reilly needs to find something useful to do.
I predicted it! (Score:1)
I always said there would be a rise in Chinese board games one day, and here it is! The year of Go on the desktop!
Why this obsession with popularity (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Bud Light beer is popular, but it is not good.
To someone who doesn't know better, it might actually be "good." Similar to a loud, blustering blowhard of a "politician." To educated people, he may seem like an awful candidate. To those who don't know better, he's a demi-god. Shrug.
Re: (Score:2)
Re: (Score:2)
A society run by scientists would be better.
There are dozens if not hundreds of ruling systems that are better.
The only thing that needs to be done is to separate:
judicature
executive
legislative
Does not really matter if executive is a dictator/tyrant as long as he is benevolent and has no control over the other two branches.
Re: (Score:2)
Rust and Go not going away? (Score:2)
Haven't seen these languages ever used for anything of import in general business. Aside from popularity any sign they're even being used?
Interest in Bitcoin is up... (Score:2)
The report says interest in Bitcoin is up 166%. I hear that it dropped by 281% the next day.
O'Reilly Reports Increasing Interest in Cybersecur (Score:1)