Google Cybersecurity Certificate Course 1 - Foundations of Cybersecurity

This is the first course of the Google Cybersecurity Certificate Course on Coursera. Again it’s a mix of my notes and definitions from the course.

Here is a link to my main page for the course.

Module 1: Welcome to the exciting world of cybersecurity

Being a cybersecurity analyst is like preparing for a storm: you minimize risk and potential damage.

Benefits of cybersecurity:

Protect against internal and external threats
Maintain and improve business productivity
Reduce expenses
Maintain brand trust
Keep the business compliant with laws

Common job titles:

Security analyst / specialist
Cybersecurity analyst / specialist
Security operations center analyst
Information security analyst

Tip: ask lots of questions

Responsibilities of an entry level cybersecurity analyst:

Protect computer and network systems
Install prevention software
Security audits

Day in the life of an entry level cybersecurity analyst:

Operations: respond to detections and investigate
Projects: work with other teams to build new detections or improve current detections.

Tip: make a playbook for how you solved a problem.

Core skills for cybersecurity professionals:

Communication
Collaboration
Analysis
Problem solving
Time management
Growth mindset

Technical skills for cybersecurity professionals:

Programming languages (e.g., Python, SQL)
SIEM tools
Computer forensics

Tip: you don’t have to check all the boxes (i.e., comp. sci degree); perfectionism can be an obstacle.

To recap, you should be able to speak on these topics:

Define security
Job responsibilities
Core skills
Value of security

Definitions

Cloud security: The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users.

Compliance: The process of adhering to internal standards and external regulations.

Cybersecurity: The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

External threat: Anything outside the organization that has the potential to harm organizational assets.

Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk.

Network security: The practice of keeping an organization’s network infrastructure secure from unauthorized access.

Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks.

Security frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy.

Security controls: Safeguards designed to reduce specific security risks.

Security posture: An organization’s ability to manage its defense of critical assets and data and react to change.

Threat actor: Any person or group who presents a security risk.

Module 2: The evolution of cybersecurity

Contents:

Viruses
Malware
Social engineering
Digital age
Security domains

Early attacks:

Brain virus
Morris worm

Later big attacks:

LoveLetter
Equifax breach

Tip: Adapting and learning new techniques is part of the job.

Why social engineering is so effective:

Authority: people have been conditioned to respect and follow authority figures.

Intimidation: threat actors use bullying tactics.

Consensus / social proof: they use others’ trust to pretend they’re legitimate.

Scarcity: they imply that goods or services are in short supply.

Familiarity: they exploit fake emotional relationships.

Trust: they build a relationship over time.

Urgency: they implore the victim to ack quickly.

Tip: During a breach, keep your cool. Stop / contain the breach, then investigate.

The eight CISSP security domains:

Important to understand.

Security and risk management: This domain covers the fundamental aspects of security, such as governance, compliance, ethics, business continuity, and risk assessment.

Asset security: This domain focuses on the identification, classification, protection, and disposal of information assets, such as data, devices, and systems.

Security architecture and engineering: This domain deals with the design, implementation, and evaluation of security architectures, models, principles, and controls.

Communication and network security: This domain addresses the security of data transmission and network infrastructure, such as protocols, components, and services.

Identity and access management: This domain relates to the establishment and maintenance of user identities, credentials, and access rights, such as authentication, authorization, and accountability.

Security access and testing: This domain involves the verification and validation of security controls, such as audits, assessments, tests, and reviews.

Security operations: This domain encompasses the operational aspects of security, such as incident response, investigations, monitoring, logging, and recovery.

Software development security: This domain pertains to the integration of security into the software development lifecycle, such as methodologies, practices, and tools.

Tip: Learning the history can help you understand the current state of the industry.

More definitions

Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software

Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient

Hacker: Any person who uses computers to gain access to computer systems, networks, or data

Malware: Software designed to harm devices or networks

Password attack: An attempt to access password secured devices, systems, networks, or data

Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed

Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables

Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Virus: refer to “computer virus”

Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Module 3: Frameworks and controls

Security frameworks and controls
Ethics

Like planning, growing, and maintaining a garden. Security is like that. You need to make continuous improvements.

First you identify your organization’s critical assets and risks. Then you implement the necessary frameworks and controls.

Security frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy.

Purpose of security frameworks:

protecting PII
securing financial information
identifying security weaknesses
aligning security with business goals

Components of security frameworks:

identifying and documenting security goals, e.g. align with GDPR
setting guidelines to achieve security goals, e.g. may need to develop new policies
implementing strong security processes, e.g. user updates or deletes data
monitoring and communicating results, e.g. report it to management

Security controls: Safeguards designed to reduce specific security risks
E.g. track which employees are using protocols.

CIA triad: A foundational model that helps inform how organizations consider risk when setting up systems and security policies.

Confidentiality: Only authorized users can access specific assets or data. E.g. role management.

Integrity: Data is correct, authentic, and reliable. E.g. encryption.

Availability: Data is accessible to those who are authorized to access it.

Asset: An item perceived as having value to an organization. E.g. an app that handles SSN’s.

NIST Cybersecurity Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Important to know these and how they’re used. I.e., you might get questions about cybersecurity frameworks in an interview. Also, it’s an important part of the analyst’s job to keep informed about common frameworks, controls, and compliance regulations.

Ethics: right or wrong answer isn’t always clear. Remain unbiased. Security professionals often have greater access to data, so they have a higher obligation to follow the appropriate guidelines.

Security ethics: Guidelines for making appropriate decisions as a security professional.

Ethical principles

Confidentiality. E.g. you might see PII. It’s up to you too keep that confidential and safe.
Privacy protection. E.g. a manager asks you for someone else’s phone number. That would be unethical.
Law. E.g. data that should never be left unsupervised.

More definitions

Hackivist: A person who uses hacking to achieve a political goal.

Privacy protection: The act of safeguarding personal information from unauthorized use.

Security architecture: A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats.

Security governance: Practices that help support, define, and direct security efforts of an organization.

Module 4: Important cybersecurity tools

SIEM tools (e.g. Splunk, Chronicle)
Playbooks
Network protocol analyzers (packet sniffers)
Linux operating system
Programming languages - Python, SQL

Log: A record of events that occur within a organization’s systems. E.g. each time an employee signs into their computer.

Security Information and Event Management (SIEM) tool: An application that collects and analyzes log data to monitor critical activities in an organization. (Pronounce it ‘sim’ or ‘seem’.)

E.g. Splunk Enterprise or Google Chronicle

Playbook: A manual that provides details about any operational action.

Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network.

E.g. tcpdump or Wireshark

Programming: Used to create a specific set of instructions for a computer to execute tasks.

Structured Query Language (SQL): A programming language used to create, interact with, and request information from a database.

Database: An organized collection of information or data.

Python: Used to perform tasks that are repetitive and time-consuming, and that require a high level of detail and accuracy.

Every toolkit might be different, but most of the functions are the same. E.g., who cares what colour a bucket is, if its purpose is to collect or transport water.

Ideas for projects to add to your portfolio (in my case, this website):

Drafting a professional statement
Conducting a security audit
Analyzing network structure and security
Using Linux commands to manage file permissions
Applying filters to SQL queries
Identifying vulnerabilities for a small business
Documenting incidents with an incident handler’s journal
Importing and parsing a text file in a security-related scenario
Creating or revising a resume

Resources

Google Cybersecurity Certificate

NIST Glossary

CISA - Free Cybersecurity Services and Tools

Google Cybersecurity Action Team Check out their ‘Threat Horizon’ publication, where they explain threats to cloud services and how to mitigate them.

OWASP Top Ten - It’s good to be stay up-to-date on the most critical risks to web apps.