Google Cybersecurity Professional Certificate

Course 1 - Foundations of Cybersecurity

This first course was full of great foundational information. Some key points of what I learned during this course were…

• What Cyber Security is

• What is a Threat Actor

• The benefits of having good security

• Common Job Titles and Their Functions

• Common terminology

• Types of attacks and vulnerabilities

• History of past breaches

• Basics of NIST Cybersecurity Frameworks and the CIA Model

• Ethic Principles in Security

• Basics of SIEM applications

• How Programming can be used in security

What is Cybersecurity and why is it necessary for organizations to apply these fundamental practices to their companies? In this course, I learned that Cybersecurity at its core is “The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access” which on paper sounds simple but as I’ve dug deeper into the topics of this course found that there are many things that can prevent that from being the case. In the world of Cybersecurity, we have threat actors, this is any person or group who presents a security risk. These threat actors could use any of the following to disrupt an origination security…

• Social Engineering – Using human error of someone within the company who might have access to privileged information commonly done through things like

  • Phishing – Using digital communications to trick people into revealing sensitive information/data or deploying malicious software.

In this course, I learned about the Equifax breach where over 147 million American customers were affected, due to a Malware attack that exploited a vulnerability In the Equifax Credit dispute website. This attack ended up allowing these threat actors to gain access to the PII (Personal Identifiable Information) which included customers' names, birthdates, SSNs, driver’s license numbers, and Payment information. All this information was very valuable to anyone attempting further criminal activities.

To prevent attacks organizations should have “Security and Risk Management” which defines security goals and objectives, risk management, compliance, business continuity, and the law. This protects assets (information) within an organization. This course taught me that there are several different categories for managing this information such as

• Asset Security – Secures digital and physical assets it also relates to storage, maintenance, retention, and destruction of data.

• Security Architecture and Engineering – Optimizes data security by ensuring effective tools, systems, and processes are in place.

• Communication and Network Security – Managing and Securing physical networks and wireless communications.

• Identity and Access Management – Keeps Data secure by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

• Security Assessment and Testing – Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

• Security Operations – Conducting Investigations and implementing preventative measures.

• Software Development Security – Uses secure coding practices which are a set of recommended guidelines that are used to create secure applications and services.

These are all great things to mitigate risk in an organization and while it seems like we’ll never be able to 100% secure assets within an organization, these are a great foundation to assist in the prevention of malicious attacks against our data.

Practices and frameworks can prevent attacks like “Password Attacks” which attempt to access password-secure devices or applications using brute force, rainbow tables, etc. The purpose of these frameworks that I learned from this course is to mainly Protect PII, identify security weaknesses, manage an organization's risk, and align security with business goals. I learned that the components of Security Frameworks are…

1. Identifying and documenting security goals.

2. Setting guidelines to achieve security goals.

3. Implementing strong security processes.

4. Monitoring and communicating results.

We can do this by implementing Security Controls which are safeguards that are designed to reduce specific security risks. This can be done by using models like the CIA Triad which is defined as “A fundamental model that helps inform how organizations consider eish when setting up systems and security policies.”

• C = Confidentiality (Only authorized users can access)

• I = Integrity (The data is correct)

• A = Availability (Access to those allowed)

A framework that was introduced to me was the NIST Cybersecurity Framework (CSF) this is a voluntary framework that consists of standards, guidelines, and best practices to maintain and manage cyber security risk.

A foundational part of Cybersecurity is Ethics principles, this allows for guidelines as to what information we should be keeping confidential and adds a bit of a “Best Practices” aspect to what anyone with secured information should be following. This allows for confidentiality as well as privacy protocols as well as adherence to the Law. Privacy Protection means safeguarding personal information from unauthorized uses, meaning that if someone who has authority over you at an organization is attempting to cut corners and get private information (that they might even have access to themselves) you can deny that request to maintain the ethical practices that are set in place.

SIEM (Security Information and Event Manager) is an application used by Cybersecurity professionals that collects and analyses Log (A record of events that occurred within an organization’s systems) data to monitor critical activity in an organization. This tool in combination with a “Security Playbook” (A manual that provides details about an operational action) and several other tools and skills like...

• Network Protocol Analyzer (Packet Sniffer) - A tool designed to capture and analyze data traffic within a network.

• Programming - Used to Create a Specific set of instruments for a computer to complete a task.

• Linux – Open-Source Operating System

• SQL - Structured Query Language for databases

• Phyton – Common Programming Language

All come together to create a good fundamental structure to be able to protect security assets and mitigate security risks.

This is the first course in a series of eight of the “Google Cybersecurity Professional Certificate” While a lot of this information I already had a basic knowledge of this course so far has proven to show a great structured path into really driving this knowledge home and hopefully providing some hands-on experience in implementing some of these tools. I look forward to completing this course as well as completing my first certification with CompTIA’s Security+ so that I will be able to move into my dream career in the cybersecurity field.