Cybersecurity 101 Beginner guide to cybersecurity

Cybersecurity 101 Beginner guide to cybersecurity

Cybersecurity became one of the top fields in IT and also one of the top-paying jobs in IT. Beginner guide to cybersecurity is o introduce students who want to study and find a job in the cybersecurity field.

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.

It’s also known as information technology security or electronic information security.

The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.

Red VS Blue teams

In a red team/blue team exercise. the red team is made up of offensive security experts who try to attack an organization’s cybersecurity defenses. The blue team defends against and responds to the red team attack.

You can check an old blog that I’ve mentioned basic and some advanced skills to master to be a cybersecurity professional. FROM HERE

1- Network security

Network Security protects your network and data from breaches, intrusions, and other threats. Network Security involves access control, virus and antivirus software, application security, network analytics, types of network-related security (endpoint, web, wireless), firewalls, VPN encryption, and more.

2- SOC – Security operational center

The function of SOC is to monitor, prevent, detect, investigate, and respond to cyber threats around the clock.

SOC teams are charged with monitoring and protecting the organization’s assets. Including intellectual property, personnel data, business systems, and brand integrity.

3- Penetration Testing

Penetration testing is a form of ethical hacking. It describes the intentional launching of simulated cyberattacks by “white hat” penetration testers using strategies and tools designed to access or exploit computer systems, networks, websites, and applications.

Although the main objective of pen testing is to identify exploitable issues so that effective security controls can be implemented. So Security professionals can also use penetration testing techniques using testing tools to test the robustness of an organization’s security policies. Also, its regulatory compliance, its employees’ security awareness, and the organization’s ability to identify and respond to security issues and incidents such as unauthorized access, as they occur.

4- Vulnerability management

Vulnerability management is the process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and the software that runs on them. And every security vulnerability has a risk rating out of 10. And severity, low, medium, high, critical & emergency.

5- GRC – Governance Risk & Compliance

GRC stands for governance, risk & compliance. This function ensures that all security controls are applied and implemented in the organization. And all security risks are tracked and recorded.

6- Threat intelligence

Threat intelligence is data that is collected, processed, and analyzed. To understand a threat actor’s motives, targets, and attack behaviors.

Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors.

7- Reverse Engineering

In the field of cyber security. Reverse engineering can be used to identify the details of a breach that how the attacker entered the system, and what steps were taken to breach the system.

8- Malware Analysis

Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL.

The output of the analysis aids in the detection and mitigation of the potential threat.

9- Cloud security

A cloud security engineer is responsible for securing data in the public cloud. Like AWS, Azure & GCP.

Cloud security engineers are responsible for securing data online, building secure infrastructure, and configuring different security platforms. You can check AWS Security services as an example.

Every cloud provider has a certification program and AWS provide a security certificate (AWS security specialty)

10- DevSecOps

To know more here, please read what is DevOps.

DevSecOps is the process and culture of implementing the security controls inside the DevOps lifecycle.

DevSecOps automatically bakes in security at every phase of the software development lifecycle, enabling the development of secure software at the speed of Agile and DevOps.

DevSecOps—short for development, security, and operations. Automates the integration of security at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery.

To understand and relate this topic to software development you can check the Gitlab solution and how it’s integrated with the software lifecycle.

Solve CTFs

CTF stands for capturing the flag.

CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on Wikipedia to basic programming exercises. To hack your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage.

CTF websites to explore

Mandatory starter courses

If you are lost and not sure yet from where to begin and what is your next step. you have to start with the below courses.

  • Security basics CEH
  • Linux administration RHCSA 8
  • Networking basics CCNA
  • Software (Any programming language to master)

Join ITI (for fresh graduates)

ITI has a 9 months program in cybersecurity. Moreover, They also have programs in software, cloud, data science, and other specializations.

Check the cybersecurity program details from here and join the Facebook group.

Leave a Comment