What is cybersecurity?

• A target of intent is specifically singled out due to its high profile or valuable data.
  
• A target of opportunity is defined by an unpatched system or unprotected network.
  

• Phishing: Deceptive emails or messages sent by cybercriminals attempting to trick you into revealing sensitive information, such as passwords, banking details, or personal data.
  
  
• Malware: A broad term for malicious software or code designed to damage, disrupt, or gain unauthorized access to computer systems.
  
  
• Ransomware: A specific and highly disruptive type of malware that works by locking a computer's files, making them completely inaccessible until a ransom payment is made.
  

• Social engineering: Psychological manipulation techniques used to trick people into revealing confidential information or performing actions that compromise security.

• Data breaches: Security incidents when sensitive or confidential information is accessed, stolen, or exposed by unauthorized individuals.
  
  
• Denial-of-service (DOS) attacks: Cyberattacks designed to overwhelm a system, network, or website with excessive traffic, making it unavailable to legitimate users.
  

• Keep your software and operating systems updated regularly.

• Use strong, unique passwords for all accounts, and use a secure digital password manager.
  
  
• Enable multi-factor authentication (MFA) wherever possible for an extra layer of security.
  
  
• Exercise caution with suspicious emails, messages, and links.
  

• Perform regular data backups to an external drive or cloud service, so you can restore your information if it's lost or locked by ransomware.
  
  
• Use reputable antivirus or anti-malware software and keep it updated to detect and remove malicious programs.

• Protect the confidentiality, integrity, and availability of data.

• Layer multiple security controls to create a defense-in-depth strategy.

• Govern: Governance is key to establishing policies, procedures, and processes that manage cybersecurity risks. This function includes defining roles and responsibilities, allocating resources, and ensuring compliance with regulatory requirements.
  
  
• Identify: Identification is the process of determining which assets are most important to protect, such as customer information, financial records, or network infrastructure like company servers. It also involves identifying key threats to those assets, such as cyberattack vectors or physical vulnerabilities.

• Protect: Protection requires implementing safeguards that help secure identified assets from risks. In this stage, the controls might be installing firewalls and antivirus software, training employees on cybersecurity best practices, or putting your servers behind locked doors with CCTV monitoring.

• Detect: Detection promotes a vigilant security posture capable of detecting security incidents as they unfold. The specific controls could be things like monitoring network traffic, analyzing security logs, and setting up alerts for potential security breaches.

• Respond: Response outlines actions to take to contain and mitigate the impact of a security incident. This includes the tools and techniques needed to isolate infected systems, remove malware, and notify affected parties.

• Recover: Recovery focuses on restoring systems to normal working order. This includes specific actions like restoring systems from backups, analyzing the security incident for insight into your own defenses, and making adjustments to be better prepared for the future.

Technical skills

• Security information and event management (SIEM) tools: These tools help collect, analyze, and manage security data to detect and respond to potential threats in real time.
  
  
• Programming languages like Structured Query Language (SQL) and Python: Programming knowledge enables analysts to automate tasks, query databases, and develop custom security solutions.
  
  
• Networking fundamentals: Understanding how networks operate allows professionals to identify vulnerabilities and implement effective security measures.
  
  
• Linux: Many servers and security tools run on Linux, so familiarity with this operating system is often critical for managing and securing systems.
  
  
• General awareness of the threat landscape: Staying informed about emerging threats helps professionals anticipate risks and adapt their defenses accordingly.
  
  
• Cloud security: Knowledge of how to secure data and systems in cloud environments, as many modern organizations rely on cloud computing.
  
  
• Incident investigation and forensics: The ability to analyze data, reconstruct events, and collect digital evidence after a security breach to determine what happened and contain the damage.
  
  
• Network analysis tools: Familiarity with tools like packet sniffers to capture and analyze network traffic for malicious activity or anomalies.
  

Transferable skills

• Problem-solving: The ability to think critically and creatively is key for addressing unexpected challenges and mitigating security incidents.
  
  
• Collaboration: Working effectively with team members across departments helps align security measures with organizational goals.
  
  
• Analysis: Strong analytical skills are necessary for interpreting data, identifying patterns, and making informed decisions to improve security strategies.
  
  
• Continuous learning: The cybersecurity landscape is constantly evolving. A professional must be willing to learn new technologies, tools, and threat tactics to stay ahead of attackers.
  
  
• Attention to detail: Even the smallest detail can be a sign of a major security issue. Being meticulous in analyzing logs, alerts, and reports is crucial for spotting anomalies and preventing incidents.
  
  
• Patience and resilience: Cybersecurity work can be stressful and complex. Professionals need to be patient during investigations and resilient when facing setbacks or navigating difficult challenges.