Artwork for podcast Byte Sized Security
Ep18: The Illusion of Expertise: Are YouTube's Security Gurus Really in the Trenches?
Episode 1826th October 2023 • Byte Sized Security • Marc David
00:00:00 00:12:21

Share Episode

Shownotes

Show Notes for Byte-Sized Security Episode: "The Illusion of Expertise: Why YouTube's Security Gurus Aren't in the Trenches"

In this eye-opening episode, host Marc David takes a critical look at the proliferation of self-proclaimed cybersecurity 'experts' on YouTube. We delve into the mechanics of content creation, the business model behind it, and the glaring gap of practical experience. Ready for a reality check? Tune in!

📌 Timestamps

  • 00:00 - Introduction: The Fluff & Stuff of Cybersecurity YouTube Videos
  • 01:46 - Core Argument 1: The Content Mill
  • 03:25 - Core Argument 2: The Business of YouTube
  • 05:28 - Core Argument 3: Missing Practical Experience
  • 07:15 - Counter-Arguments: The Other Side of the Coin
  • 08:58 - Conclusion: A Byte-Sized Reality Check
  • 10:15 - Call to Action & Community Poll: How Do You Vet YouTube Cybersecurity Experts?

🎯 Key Takeaways

  1. Expertise ≠ Popularity: A large subscriber count doesn't necessarily make someone an authority in cybersecurity.
  2. Content Mills: The alarming rate at which some YouTubers churn out content may impact the quality and depth of their advice.
  3. Business Over Authenticity: Learn why monetization models can clash with the ethical considerations of cybersecurity.
  4. The Importance of Practical Experience: There's no substitute for hands-on, in-the-field know-how.

🗳️ Community Poll

Don't forget to participate in our YouTube community poll: "How do you vet the credibility of a cybersecurity expert on YouTube?" Click here to vote!

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

Transcripts

:

Hey there, you incredible humans of the Byte-Sized Security community!

2

:

Marc David here, and have I got

a spicy topic for you today.

3

:

We're turning on the heat and

cooking up some truth bombs about the

4

:

world of YouTube's self-proclaimed

cybersecurity 'experts.'

5

:

Now, let's rewind a few years.

6

:

Picture me, knee-deep in my Information

Tech job, hungry for a shift into the

7

:

dynamic landscape of Information Security.

8

:

What did I do?

9

:

I did what we all do:

went on a YouTube binge.

10

:

Video after video, short after

short, promising the "Top 5

11

:

Essential Skills," or the "Ultimate

Pathway to a Cybersecurity Career."

12

:

And man, these videos had

views ... Like, astronomical numbers!

13

:

But here's where it gets interesting.

14

:

These videos, as flashy and

keyword-stuffed as they were, felt

15

:

like they were all sizzle and no steak.

16

:

The advice was so...

17

:

fluffy.

18

:

You know, the kind of fluff that

makes you go, "Well, that was a good

19

:

show, but what did I really learn?"

20

:

And this got me thinking: When

did cybersecurity get its own

21

:

version of fitness influencers or

arketing gurus from the early:

22

:

You know, the ones who pitch you a

'life-changing' course every two minutes?

23

:

Views and subscribers can

create the illusion of

24

:

credibility, but let's get real.

25

:

Numbers alone don't make you an expert.

26

:

Just because someone can put together

a snazzy thumbnail and recite buzzwords

27

:

doesn't mean they're down in the

trenches, navigating the complex

28

:

terrains of real-world cybersecurity.

29

:

So today, Byte-Sized Security fam,

we're diving deep into the myths, the

30

:

illusions, and the harsh realities of

this YouTube 'expertise' ecosystem.

31

:

Buckle up, because it's going to

be a reality-check rollercoaster!

32

:

Alright, let's dive right

into our first core argument:

33

:

The infamous "Content Mill."

34

:

You know what I'm talking about.

35

:

It's that hamster wheel of content

creation where YouTubers are cranking

36

:

out new videos faster than you

can say "zero-day vulnerability."

37

:

I mean, they're more consistent than my

morning coffee, but is that a good thing?

38

:

Let's lay it out.

39

:

Many of these 'gurus' are pushing out

daily, or heck, even twice-daily videos.

40

:

And here's the million-dollar question:

If they're churning out content at

41

:

the speed of light, when are they

actually practicing cybersecurity?

42

:

When do they have the time to keep

their skills razor-sharp, engage in

43

:

real-world projects, or, you know, sleep?

44

:

Imagine this.

45

:

Say you're a full-time chef.

46

:

If you spent all your time filming

cooking tutorials, when would you actually

47

:

serve customers in a real restaurant?

48

:

See where I'm going with this?

49

:

We all know that cybersecurity

is an ever-evolving field.

50

:

I mean, the threat landscape changes

faster than the YouTube algorithm itself!

51

:

So how can someone who is constantly

feeding the content beast stay

52

:

up-to-date on the latest threats,

solutions, and technologies?

53

:

And here's another kicker: The

YouTube algorithm loves frequency.

54

:

The more you post, the

more visibility you get.

55

:

But let's not confuse

visibility with credibility.

56

:

It's a myth, a dangerous myth.

57

:

So, the next time you come across a

'Cybersecurity Guru' on YouTube who has

58

:

a new video out every day, ask yourself:

Are they an expert in cybersecurity, or

59

:

are they an expert in content creation?

60

:

Because, those are two

very different skill sets.

61

:

Now that we've disarmed the Content

Mill trap, let's slide into the next

62

:

hot topic: The Business of YouTube.

63

:

Yep, you heard that right.

64

:

YouTube isn't just a platform; it's

a full-blown, money-making machine.

65

:

We're talking AdSense, affiliate

links, sponsorships, and the pièce de

66

:

résistance, courses and merchandise.

67

:

Ever noticed how many of these

'Cybersecurity Gurus' will interrupt their

68

:

"10 Best Security Practices" video to

pitch you a VPN service or an exclusive

69

:

"Master Cybersecurity in 30 Days" course?

70

:

It's like we've gone from

learning about ransomware to

71

:

participating in a live infomercial.

72

:

And let's be honest, who can blame them?

73

:

If you've got thousands, or dare I

say, millions of subscribers hanging on

74

:

your every word, why not monetize it?

75

:

After all, clicks lead to cash.

76

:

But here's the crux of it all: How much of

that content is tailored to meet Google's

77

:

algorithmic demands versus meeting the

actual educational needs of the audience?

78

:

Are they being paid to say what they

say or do they work for the company?

79

:

This is the point where we have to

separate the YouTuber from the expert.

80

:

Being good at SEO, keywords,

and thumbnails—that's marketing,

81

:

my friends, not cybersecurity.

82

:

And hey, there's nothing wrong with

being a brilliant marketer, but don't

83

:

dress it up as expertise in a field as

critical and evolving as cybersecurity.

84

:

So here's my mic-drop moment for this

segment: While YouTube might be a

85

:

business for these 'gurus,' cybersecurity

is a livelihood for many of us.

86

:

It's a responsibility.

87

:

And that responsibility should

never, ever be overshadowed by

88

:

the glitz and glamour of high view

counts and affiliate commissions.

89

:

When it comes to genuine expertise,

revenue is not the most reliable KPI.

90

:

It's like saying the most expensive

antivirus software must be the

91

:

best, spoiler alert, it's not.

92

:

So, the next time you're engrossed

in a YouTube video pitching the next

93

:

"game-changing" cybersecurity tool,

ask yourself: Is this for me, or

94

:

is this for the YouTuber's wallet?

95

:

Let's get into our final core

argument, and it is it a big one.

96

:

Missing Practical Experience.

97

:

If you've been nodding along so

far, this is where you'll want to

98

:

turn up the volume because we're

going straight for the jugular.

99

:

So you've watched a dozen tutorials on

how to set up a firewall, configure a

100

:

VPN, or even conduct a penetration test.

101

:

Fantastic, right?

102

:

Wrong!

103

:

Anyone can follow a script, but how

many of these YouTube gurus have

104

:

actually set up an enterprise-grade

firewall or led a red-team operation?

105

:

See, there's a chasm as wide as

the Grand Canyon between talking

106

:

the talk and walking the walk.

107

:

Cybersecurity is more than a listicle

of "Top 10 Best Practices"; it's

108

:

about solving real-world problems,

often under tremendous pressure.

109

:

You won't learn incident

response from a 10-minute video.

110

:

You won't understand the

intricacies of risk management

111

:

from a neat slideshow presentation.

112

:

Heck, you can't even grasp the

complexity of ethical hacking

113

:

from a '5 Easy Steps' guide!

114

:

And yet, many of these YouTubers

present themselves as all-knowing gurus.

115

:

Why?

116

:

Because practical experience is

hard to verify on a platform where

117

:

the loudest voice often drowns

out the most knowledgeable one.

118

:

Rewind and listen to that again.

119

:

So here's my challenge to you.

120

:

The next time you stumble upon

a video that claims to have all

121

:

the answers, dig a little deeper.

122

:

What's their real-world experience?

123

:

Have they been in the trenches,

or have they been too busy

124

:

building their YouTube empire?

125

:

Let's stop mistaking presentation

skills for practical skills.

126

:

Cybersecurity is a field that

demands both theoretical knowledge

127

:

and hands-on experience, and you

can't fake the latter, no matter how

128

:

charismatic or SEO-savvy you are.

129

:

I can already hear the keyboards

clicking away, drafting up some

130

:

passionate counter-arguments.

131

:

And hey, that's what Byte-Sized Security

is all about, open, honest dialogue.

132

:

So let's take a moment to address some

of the arguments that you might be

133

:

formulating in your heads, or you know,

already posting in the comments section.

134

:

First up, the Value of

Educational Content.

135

:

Look, I get it, not every

YouTuber claiming expertise in

136

:

cybersecurity is a charlatan.

137

:

Some are genuinely committed to educating

the public, and that's commendable.

138

:

These platforms can be excellent

starting points for people who

139

:

are curious about the field.

140

:

After all, who doesn't

love a good how to video?

141

:

Next, we've got what I like to call

The Digital Age of Self-Made Experts.

142

:

The internet has democratized education,

and YouTube is a big part of that.

143

:

It's entirely possible for someone

to become highly knowledgeable

144

:

in a subject like cybersecurity

solely through online resources.

145

:

I mean, some of our brightest

minds are self-taught, so let's

146

:

not completely dismiss that route.

147

:

And hey, let's not forget the Platform

for Networking and Community Building.

148

:

YouTube can be a wonderful place

to connect with like-minded

149

:

individuals, share ideas, and even

get that elusive foot in the door.

150

:

Many YouTubers collaborate with

industry professionals, bringing

151

:

multiple perspectives to the table.

152

:

But here's the kicker.

153

:

None of these counter-arguments negate

the need for practical experience,

154

:

nor do they make up for the potential

conflicts that arise when content

155

:

creation becomes a business model.

156

:

The point is, while YouTube can

supplement your cybersecurity education,

157

:

it shouldn't replace real-world

experience or formal training.

158

:

We've navigated the labyrinthine

world of YouTube cybersecurity

159

:

gurus, from content mills to business

models, and the all-important missing

160

:

element of practical experience.

161

:

If you've stuck with me till now,

give yourselves a pat on the back

162

:

because this, my friends, is the type

of conversation that needs to be had!

163

:

Now, it's easy to get swept up in the

allure of quick tips and catchy titles.

164

:

Hey, we're only human.

165

:

But let's remember: cybersecurity isn't

a game; it's a discipline that impacts

166

:

every facet of our digital lives.

167

:

The next time you click on a video

claiming to offer 'Expert Cybersecurity

168

:

Advice,' let's be discerning consumers.

169

:

Ask questions, demand

qualifications, and most importantly,

170

:

cross-reference that info.

171

:

Don't just take it at face value

because it's presented with slick

172

:

graphics and a charismatic host.

173

:

I'll leave you with this:

expertise isn't defined by

174

:

subscriber counts or ad revenue.

175

:

It's defined by a commitment to

learning, practical experience, and

176

:

a genuine desire to make the cyber

world a safer place for everyone.

177

:

Thank you for being a

part of today's deep-dive.

178

:

If you've got something to

say, you know the drill.

179

:

Leave a comment, share this

episode, and let's keep this

180

:

crucial conversation going!

181

:

But the conversation doesn't end here.

182

:

We're launching a community poll right

on our YouTube channel at byte sized

183

:

security dot show, forward slash, youtube.

184

:

Look for the Community section.

185

:

I want to hear your take.

186

:

The question we're posing is:

187

:

"How do you vet the credibility of

a cybersecurity expert on YouTube?"

188

:

Your options are:

189

:

1: Subscriber Count.

190

:

Does a big following mean

they know their stuff?

191

:

2: Content Depth.

192

:

Are you swayed by the level

of detail in their videos?

193

:

3: Real-world Experience.

194

:

Do you look for signs

they've been in the trenches?

195

:

4: Community Engagement.

196

:

Does their interaction with the

community influence your view?

197

:

5: Other.

198

:

Got a different yardstick?

199

:

We're all ears!

200

:

Head on over to the poll right

now on our YouTube channel at byte

201

:

sized security dot show, forward

slash, youtube and cast your vote.

202

:

I'll be diving into the results

in an upcoming episode, and

203

:

who knows, your input might

just spark our next big debate!

204

:

So go ahead, click on that poll, and

let's keep this cyber-dialogue buzzing!

205

:

I'll drop some links and

resources mentioned in this

206

:

podcast into the show notes.

207

:

Until next time, stay safe, stay

informed, and remember: the best

208

:

firewall is a critical mind.

Links

Chapters

Video

More from YouTube