Welcome to Cybears!

This platform was created to spotlight the growing field of cybersecurity and to orient students, alumni, and friends to all things cybersecurity at UC Berkeley.

Three quick suggestions to inform your journey as a Cybear: 

  • Check out our FAQ below
  • Meet others in the Cybears community by attending the CyberMētis Speaker Series and hear from inspiring and insightful cyber professionals. Upcoming Fall 2023 talks are scheduled for September 11th and October 2nd
  • Sign up for the UC Berkeley Center for Long-Term Cybersecurity newsletter for regular updates on other relevant activities and research.

What is cybersecurity?

Traditional cybersecurity focused on the confidentiality, integrity, and availability (the “CIA” triad) of computers, data, and networks. But today a larger set of interests are often included in the concept of cybersecurity. Security can come from many efforts, ranging from traditional technical interventions to procedural ones, policies, design, and social norms. Cybersecurity is a social and political field as much as a technical one. Read more.

Below we’ve assembled the questions students frequently ask us in class and in office hours. We are indebted to the students in the Future of Cybersecurity Reading Group (FCRG) and in particular to Arika Verma for assembling these materials.

I’m new to cybersecurity. What should I read and listen to?

Peter W. Singer and Allan Friedman’s Cybersecurity and Cyberwar: What Everyone Needs to Know, is a great place to start. Although already a bit dated, the National Academies’ report At the Nexus of Cybersecurity and Public Policy explains why cybersecurity is important, why it is a wicked problem, and the public policy issues in cybersecurity. And it’s free. A more recent, advanced, and law and policy focused self-study can be pursued by working through UT-Austin Professor Bobby Chesney’s cybersecurity ecasebook.

What websites should I check out?

There are so many. Here are just a few of our favorites that have a focus on policy: LawfareJust SecurityKrebs on SecurityCSO Online, and Schneier on Security.

What resources for improving my skills are available to me as a Berkeley student?

Campus has several fantastic resources for learning many of the skills we recommend that you develop.

  • LinkedIn Learning is available to the entire Berkeley community and it has good quality online, go-at-your-own-pace courses in the Bash command line, in cybersecurity management, the technical domains of cybersecurity (computer networking, endpoint, application, cloud, operating system), security testing, penetration testing, machine learning, python, statistics, and statistical management software, such as R.
  • D-Lab is another valuable resource. D-Lab regularly teaches bootcamps in technical fields such as Bash, R, and Python. Courses are free but they fill quickly.
  • Berkeley’s “DeCals” can also be a source of skill building. These are courses organized by students (and with faculty oversight, for credit, on a P/NP basis) on specific topics.

What Berkeley courses and labs are focused on cybersecurity?

Many faculty members at Berkeley teach privacy and cybersecurity related courses. Because there is no one single source for course information, you may have to do some digging to find the right match for you. We recommend that you focus on faculty members and investigate their webpages. Keep in mind that in addition to their courses, these professors may also have opportunities in their labs. Read more.

What is Cybersecurity in Context and should I take it?

Cybersecurity in Context is a three-credit course housed in the School of Law and Information. As such, it is open to law and graduate students, and undergraduates by permission. Based on a course in the I School’s online Masters of Information and Cybersecurity (MICS) program, Cybersecurity in Context is a podium lecture course (with discussion) that explores the broad range of social-political-economic-legal-ethical-military and other considerations that characterize the cybersecurity landscape. Thus, it is a wide-ranging introduction to cybersecurity that explains why cybersecurity is such a difficult policy challenge. One needs no technical background or background in law to take it. The course has modules to introduce non-technical students to core internet technologies such as routing and BGP.

What is the Future of Cybersecurity Working Group and why should I take it?

The Future of Cybersecurity Working Group (FCWG) assembles students, researchers, and faculty from across the campus with a shared interest in security. We read and discuss the current cybersecurity scholarship and workshop projects related to cybersecurity. Our goal is to support critical inquiry into security and explore how it relates to political science, law, economics, the military, and intelligence gathering. Students are required to participate in weekly sessions, present short papers on the readings, and write response pieces. Read more.

Are there non-Berkeley skills tools available to me?

There are many options available for technical training. Here are a few suggestions.

  • TryHackMe has excellent labs to build skills.
  • Jetbrains offers free access to its coding and other teaching modules to those who have a university email account.
  • The Federal Virtual Training Environment (FedVTE) provides free online cybersecurity training to U.S. government employees, Federal contractors, and veterans. There are free courses available to the public here as well.
  • Many boutique services now focus on penetration testing, such as Hack the Box and Cryptopals Crypto Challenges. There is also a vibrant “capture the flag” community tracked here.
  • Services such as Immersive Labs offer simulations to show off your skills, and often give access to a demo test.

Is there a place for me in the cybersecurity field?

We hear this question regularly and we are certain that many other students don’t even ask because they do not see cybersecurity as a field with a place for them. The answer is yes! There is a place for you. At the same time, a number of barriers can make the cybersecurity field unwelcoming to some.  We are devoted to identifying these barriers, understanding them, and helping erode them. Read more.

How can I network in cybersecurity in the Bay Area?

  • WISP: Women in Security & Privacy has many Berkeley alumna and provides meaningful mentoring opportunities and interesting programming
  • The Mozilla Foundation has a major commitment to privacy and security of its users, and sponsors a mailing list of privacy events.
  • The Bay Area chapter of the Open Web Application Security Project (OWASP) organizes meetups.
  • SF Legal Hackers is a global movement of lawyers, policymakers, technologists, and academics who explore and develop creative solutions to some of the most pressing issues at the intersection of law and technology.

How can I find externships and internships?

Crunchbase lists over 450 Bay Area cybersecurity companies. You can also start with a resource like Momentum Partner’s Cyberscape to understand the ecosystem of companies. The School of Information also offers an internship grant for MIMS students who pursue internships with non-profit organizations. In addition to the standard tools provided by your career services department, we recommend a direct-approach strategy. That is, if you find a cybersecurity company that deeply interests you, directly approach them and ask about opportunities. Many startups and smaller companies are too busy to run formal externship programs. They’ll be delighted to hear from you if you explain your interest and if it is well matched to the company. Read more.