Cybersecurity for Beginners | Google Cybersecurity Certificate

Estimated read time: 1:20

Learn to use AI like a Pro

Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

Summary

The Google Career Certificate in Cybersecurity offers a comprehensive introduction to the field, focusing on key concepts, frameworks, and tools essential for budding cybersecurity professionals. Highlights from the course include an overview of cybersecurity's growing demand, the diverse backgrounds suitable for the industry, and the need for rapid skill evolution to counter evolving threats. The course equips learners with practical knowledge on core security concepts, network protection, operating systems like Linux, and programming languages such as Python and SQL. Participants will gain hands-on experience to prepare for entry-level security analyst roles, helping to protect organizations against myriad cyber threats.

Highlights

Cybersecurity roles are growing fast, expecting more than 30% growth by 2030 🚀.
The Google course is tailored for beginners with no prior experience needed, offering flexible online learning 🎓.
Key skills taught include network security, Python programming, understanding Linux OS, and handling security incidents 🔐.
The program highlights the importance of cybersecurity ethics and the ever-evolving nature of threat landscapes 📜.
Real-world examples of security incidents, such as the Equifax breach, are used to teach lessons on prevention and response 🚨.

Key Takeaways

Cybersecurity is an exciting and rapidly growing field, expected to see job growth of over 30% by 2030 🚀.
The course is flexible and designed for people from all backgrounds, with no prior experience needed 🎓.
Participants will learn about programming, network security, information protection, and ethical considerations in cybersecurity 🔐.
Understanding past cyber attacks can help prevent future ones. The course covers historic incidents like the Morris worm and Equifax breach 🐛📉.
Security tools like SIEMs, playbooks, and programming languages such as Python and SQL are essential for today's security analysts 🛠️.

Overview

Cybersecurity is a field on the rise, with workforce demand projected to grow by over 30% by 2030. This Google Career Certificate is perfect for those new to the field, offering insights and hands-on training to prepare for entry-level security roles. Whether you're interested in code-breaking, network fortification, or digital forensics, this course provides the skills and knowledge needed to excel.

The course structure is designed to be accessible and accommodating, allowing learners from various backgrounds to participate. You'll be introduced to essential programming languages like Python and SQL, which are invaluable tools for automating security processes and analyzing large data sets. Additionally, understanding operating systems such as Linux will be key in navigating security environments effectively.

Equally important is the ethical dimension of cybersecurity. The program emphasizes the need for maintaining confidentiality, integrity, and availability of information—encapsulated in the CIA triad. Historical case studies provide context on how cyber threats have evolved and how best to defend against them. By the end, you'll have the foundation to begin your cybersecurity career, equipped to tackle challenges with confidence.

Chapters

00:00 - 00:30: Introduction and Instructor Welcome Introduction and Instructor Welcome: Toni, a Security Engineering Manager at Google, welcomes participants to the Google Career Certificate in cybersecurity. She expresses excitement and introduces herself as the instructor for the course. Toni encourages students by acknowledging their significant step towards skill-building and addresses common perceptions that cybersecurity can be intimidating, hinting at a diverse range of skills and knowledge areas to explore.
00:30 - 01:00: Career Path and Demand for Security Professionals The chapter discusses the diverse backgrounds of individuals entering the security industry, highlighting the instructor's own transition from an intelligence analyst to a security professional. It emphasizes the rapidly increasing demand for security professionals, noting that the U.S. Bureau of Labor Statistics projects a growth rate of over 30% in security roles by 2030, outpacing average occupation growth. Additionally, it acknowledges the global expansion of Internet access, contributing to the rising demand in the security field.
01:00 - 01:30: Importance of Diversity in Cybersecurity The chapter titled 'Importance of Diversity in Cybersecurity' highlights the significance of having a diverse group of security professionals. As more individuals and organizations embrace digital technologies, the need for a varied pool of security experts becomes crucial. Diverse backgrounds and perspectives enhance the ability to protect and serve different markets effectively. The chapter emphasizes that working with a global team of diverse individuals fosters creativity and innovation, leading to more robust and imaginative solutions for cybersecurity challenges.
01:30 - 02:00: Program Overview The 'Program Overview' chapter highlights the primary goal of security, which is to protect both organizations and individuals. The field offers opportunities to interact with a diverse group of people worldwide. There is a high demand for entry-level security analysts, and many employers are seeking candidates with the appropriate expertise. This program is structured to equip individuals with the necessary knowledge and skills to either begin or advance their careers in the security industry. It caters to learners at different skill levels and aims to provide comprehensive training by program completion.
02:00 - 02:30: Role of Security Analysts This chapter provides an overview of the roles and responsibilities of security analysts. It explains how one can prepare for a career in security and the typical tasks involved in the job, such as enforcing password management policies and sending security notifications.
02:30 - 03:00: Importance of Transferable Skills The chapter discusses the significance of transferable skills, emphasizing curiosity and excitement in the context of cybersecurity. With examples like experiencing a security breach and questioning data protection measures, the chapter highlights these skills as crucial for security analysts. These professionals are responsible for risk minimization and proactive protection for organizations by continuously monitoring and defending against potential security incidents.
03:00 - 03:30: Technical Skills Development This chapter delves into the realm of technical skills development within the security industry. It emphasizes the critical role professionals play in investigating and reporting findings when security incidents occur. The narrative highlights their continuous inquiry mindset and quest for solutions. Notably, the chapter underscores the diversity of career paths available in the security field—each path requiring a distinct set of skills and responsibilities. It reassures readers that regardless of their previous experience, they are likely to possess some of the necessary skills to succeed in this industry.
03:30 - 04:00: Why Security Matters This chapter highlights the importance of security, particularly in careers focusing on cybersecurity. It emphasizes that a diverse background can contribute significantly to success in security roles. Strong critical thinking and communication skills are identified as key strengths for those pursuing a security career, regardless of their previous experience. The narrative encourages individuals who enjoy collaboration, problem-solving, and challenges to consider security as a rewarding career path.
04:00 - 04:30: Data Breaches and Identity Theft The chapter titled 'Data Breaches and Identity Theft' introduces the topic of career directions within the security industry. It reassures learners that it is fine not to have a clear direction initially, as the program offers an overview of various job types and specializations. The Google Career Certificates are highlighted as being designed by industry professionals with extensive experience. These certificates encompass a series of courses, each guided by different Google experts who provide both theoretical knowledge through videos and practical opportunities for skills development.
04:30 - 05:00: Conclusion of First Section The chapter titled 'Conclusion of First Section' wraps up the initial part of the program, summarizing what participants can expect throughout their learning journey. It emphasizes the importance of hands-on activities, providing real-world scenarios to prepare learners for potential job situations.
05:00 - 05:30: History of Security and Malware The chapter "History of Security and Malware" covers the fundamental topics required for a career in the security industry. It explores domains such as network security, computing basics including Linux and SQL, and essential concepts like assets, threats, and vulnerabilities. The chapter aims to prepare individuals for the security sector by teaching incident detection and response techniques, and how to utilize programming languages like Python for common security tasks. Additionally, it provides job search strategies to aid beginners in entering the industry.
05:30 - 06:00: Case Studies: Brain Virus and Morris Worm The chapter discusses two significant case studies in cybersecurity – the Brain Virus and the Morris Worm. These examples serve as historical precedents that highlight challenges and developments in the field.
06:00 - 06:30: Digital Age Threats: LoveLetter and Equifax Breach The chapter titled 'Digital Age Threats: LoveLetter and Equifax Breach' covers the significance of a Google Career Certificate in initiating or advancing a career in cybersecurity. It emphasizes the potential of these certificates to unlock new job opportunities without requiring prior experience in the security field. The transcript suggests support and guidance throughout the course to ensure foundational learning for future success in cybersecurity.
06:30 - 07:00: Understanding Security Domains The chapter titled 'Understanding Security Domains' introduces the flexibility of an online certification program, emphasizing that it can be completed at one's own pace. The program features courses guided by experienced instructors who support the learning journey. One such instructor, Ashley, introduces herself as a Customer Engineering Enablement Lead for Security Operation Sales at Google. The chapter promises to cover topics such as security domains, frameworks, and controls.
07:00 - 07:30: Detailed Look at CISSP Domains In this chapter, we delve into the CISSP domains, beginning with an overview of security threats, risks, and vulnerabilities. The chapter introduces common tools employed by security analysts. Our experts, Chris, the Chief Information Security Officer at Google Fiber, and Kim, a Technical Program Manager at Google, provide insights into the structure of networks, network protocols, and common network attacks. They also discuss methods to secure networks, giving readers foundational computing skills necessary for supporting cybersecurity operations.
07:30 - 08:00: Gardener Analogy: Frameworks, Controls, and Ethics In this chapter titled 'Gardener Analogy: Frameworks, Controls, and Ethics', the focus is on the role of a security analyst. The content covers various crucial areas including operating systems, the Linux command line, and SQL. The instructors, Da’Queshia, a Security Engineer at Google, and Dave, a Principal Security Strategist at Google, guide the readers through the process of protecting organizational assets using different security controls. They also aim to deepen the readers' understanding of the risks and vulnerabilities associated with security systems, along with methods for detecting and responding to security threats.
08:00 - 08:30: Introducing CIA Triad and NIST CSF This chapter introduces the CIA Triad and NIST CSF.
08:30 - 09:00: Frameworks, Controls, and Ethics Recap The chapter, titled 'Frameworks, Controls, and Ethics Recap,' introduces Emily, a Program Manager at Google, who will guide students through the final portion of the program. Emily aims to share methods for engaging with the security community and preparing for job search. The chapter highlights the excitement and opportunities for growth in the field of security, setting the stage for students to embark on their career advancements.
09:00 - 09:30: Common Tools and Programming Languages This chapter introduces the course, focusing on security's role in protecting business operations, users, and devices. It aims to provide foundational security concepts to help contribute to creating a safer internet. The chapter begins with a discussion on the definition of security.
09:30 - 10:00: SIEM and SIEM Tools The chapter titled 'SIEM and SIEM Tools' delves into the common job responsibilities of security analysts and their core skills. It emphasizes the significance of security in safeguarding organizations and individuals. The chapter further explores eight distinct security domains, common security frameworks, and controls. It concludes with a discussion on widely used tools and programming relevant to the field.
10:00 - 10:30: Playbooks and Protocol Analyzers This chapter introduces the concept of playbooks and protocol analyzers for entry-level security analysts. It provides analogies to real-life scenarios, such as preparing for a storm, to help explain how these tools are used to prepare and secure digital environments. The chapter aims to equip learners with the resources needed to maximize the benefits of the security program.
10:30 - 11:00: Linux, SQL, and Python This chapter draws a parallel between preparing for a storm and handling a security incident in an organization. Just as one would gather necessary supplies like a first aid kit, tools, food, and water before a storm hits, organizations must also equip themselves with the appropriate tools to mitigate risks and potential damage from security incidents. The narrative emphasizes the importance of preparedness and quick action—illustrated by the example of noticing and patching water leaks to prevent damage from the storm.
11:00 - 11:30: Review and Conclusion of the Course In this chapter, the course concludes with a focus on the role of a security analyst in swiftly responding to and mitigating external threats. This involves protecting the organization and its stakeholders from various risks and threats. Additionally, it covers developing solutions to resolve situations where threats manage to penetrate defenses. The chapter aims to clarify the definition and scope of security in this context.
11:30 - 12:00: Final Encouragement and Next Steps The chapter 'Final Encouragement and Next Steps' discusses the roles of security professionals within organizations. It begins with definitions, emphasizing the importance of cybersecurity, also known as security, which focuses on maintaining confidentiality, integrity, and availability of information. This is achieved by protecting networks, devices, people, and data from unauthorized access or criminal activities. The chapter includes an example, such as the use of complex passwords for accessing sites and services, as a means to enhance security measures.

Cybersecurity for Beginners | Google Cybersecurity Certificate Transcription

00:00 - 00:30 Hello—and welcome to the Google Career Certificate focused on cybersecurity! I’m so excited that you’re here! My name is Toni and I am a Security Engineering Manager at Google. I’ll be your instructor for the first course of this certificate program. By starting this course, you've already taken a big step toward building new skills that will help you in your career. Cybersecurity may seem daunting at first, but you'd be surprised by the different
00:30 - 01:00 backgrounds many of us have. I worked as an intelligence analyst before I got my first job in the security industry, and I'm excited to be your instructor as you begin YOUR journey into security. The Demand for security professionals is growing at an incredible rate. By 2030, the U.S. Bureau of Labor Statistics expects security roles to grow by more than 30%, which is higher than the average growth rate for other occupations. Global access to the Internet is expanding.
01:00 - 01:30 Every day more people and organizations are adopting new digital technologies. Having a diverse community of security professionals with unique backgrounds, perspectives and experiences is essential for protecting and serving different markets. Working in security has allowed me to work with people from all around the world. Working with people who have diverse backgrounds ensures that our teams get to ask lots of questions and come up with more creative solutions.
01:30 - 02:00 The main objective in security is to protect organizations AND people. This line of work allows you to support and interact with people across the globe. There are many openings for entry-level security analysts, and employers are struggling to find enough candidates with the right expertise. This program is designed to give YOU the knowledge and skills you need to start or advance in the security profession. No matter your current skill level, by the time you finish this certificate program,
02:00 - 02:30 you'll be prepared to find a security-related job or expand your career in security! You may be wondering, what do security professionals actually DO? Have you ever had to update your password online to include a number or a special symbol? If so, then you’re already familiar with basic security measures, like password management. And, if you've ever received a notification from a service provider about
02:30 - 03:00 stolen data or a software hack, then you have first-hand experience with the impact of a security breach. If you’ve ever asked yourself how organizations safeguard data, then you already have two important traits that are necessary to thrive in this industry: curiosity and excitement. Security analysts help minimize risks to organizations and people. Analysts work to proactively guard against incidents while continuously monitoring
03:00 - 03:30 systems and networks. And, if an incident does occur, they investigate and report their findings. They are always asking questions and looking for solutions. One of the best things about the security industry is the many paths and career options it exposes you to! Each option involves a unique set of skills and responsibilities. No matter what your background is, you’ll probably find that you already have some
03:30 - 04:00 relevant experience. If you enjoy collaborating with and helping others, solving puzzles, and are motivated by challenges, then this is the career for you! For example, my background as an intelligence analyst had nothing to do with cybersecurity. However, having strong critical thinking skills and communication skills provided a solid foundation for my success when I decided to pursue a career in security.
04:00 - 04:30 If you’re not sure what direction you want to take in the security industry, that’s okay. This program will give you an overview of many different types of available jobs. It will also let you explore certain specialized skill sets to help you figure out where you want to take your career. The Google Career Certificates are designed by industry professionals with decades of experience here at Google. You’ll have a different expert from Google guide you through each course in the certificate. We’ll share our knowledge in videos, provide practice opportunities with
04:30 - 05:00 hands-on activities, and take you through real scenarios that you might encounter on the job. Throughout this program, you’ll gain hands-on practice with detecting and responding to attacks, monitoring and protecting networks, investigating incidents, and writing code to automate tasks. The program is made up of several courses that are designed to help you land an entry-level job! You’ll learn about topics like: core security concepts; security
05:00 - 05:30 domains; network security; computing basics - including Linux and SQL; along with understanding assets, threats, and vulnerabilities. Our goal is to help you reach YOUR goal of joining the security industry. You’ll learn about incident detection and response, as well as how to use programming languages, like Python, to accomplish common security tasks. You’ll also gain valuable job search strategies that will benefit you as you begin
05:30 - 06:00 to find and apply for jobs in the security profession. Completing this Google Career Certificate will help you develop skills and learn how to use tools to prepare you for a job in a fast-growing, high-demand field. The certificate is designed to prepare you for a job in three to six months, if you work on the certificate part-time. And once you graduate, you can connect with over 200 employers who are interested in
06:00 - 06:30 hiring Google Career Certificate graduates, like you. Whether you're looking to switch jobs, start a new career, or level-up your skills, this Google Career Certificate can open doors to new job opportunities. You don’t need prior experience or knowledge in the security field because this certificate program will begin with the basics. I’ll be by your side throughout this first course, making sure that you’re learning the foundational knowledge needed to succeed in the field.
06:30 - 07:00 This program is also flexible. You can complete all of the courses in this certificate on your own terms and at your own pace, online. We’ve gathered some amazing instructors to support you on your journey—and they’d like to introduce themselves now: Hi! My name is Ashley, and I'm a Customer Engineering Enablement Lead for Security Operation Sales at Google. I'll take you through security domains, frameworks and controls, as well as common
07:00 - 07:30 security threats, risks, and vulnerabilities. You’ll also be introduced to common tools used by security analysts. I can't wait to get started! Hi there! My name is Chris, and I'm the Chief Information Security Officer for Google Fiber. I’m excited to talk to you about the structure of a network, network protocols, common network attacks, and how to secure a network. Hi there! My name is Kim, and I'm a Technical Program Manager at Google. I will guide you through foundational computing skills that support the work of a
07:30 - 08:00 security analyst. We'll also learn about operating systems, the Linux command line, and SQL. Hi! My name is Da’Queshia, and I'm a Security Engineer at Google. Together we'll explore protecting organizational assets through a variety of security controls and develop a deeper understanding of risks and vulnerabilities. Hi! My name is Dave, and I'm a Principal Security Strategist at Google. In our time together, we'll learn about detecting and responding to security
08:00 - 08:30 incidents. You’ll also have the chance to monitor and analyze network activity using powerful security tools. Hello, I’m Ángel, and I'm a Security Engineer at Google. We’ll explore foundational Python programming concepts to help you automate common security tasks. Hello, I’m Dion, I’m a Program Manager at Google. I’m your instructor for the first portion of the final course of the program. There, we’ll discuss how to escalate incidents and communicate with stakeholders.
08:30 - 09:00 And my name is Emily. I'm a Program Manager at Google. I'll guide you through the final portion of the program and share ways that you can engage with the security community and prepare for your upcoming job search. And, as you already know, I’ll guide you through the first course of this program. This is such a great time to grow your career in the field of security. Sound exciting? Let’s get started!
09:00 - 09:30 Hi again! Now that you have some idea of what to expect from the program as a whole, let's discuss more about what you'll learn in THIS course. This course will introduce you to the world of security and how it’s used to protect business operations, users, and devices so you can contribute to the creation of a safer internet for all. In this section we’ll cover foundational security concepts. First, we’ll define security.
09:30 - 10:00 Then, we’ll explore common job responsibilities of security analysts. Building on that, we’ll cover core skills a security analyst may have. Finally, we’ll discuss the value of security for protecting organizations and people. Later on, we’ll cover eight security domains. Then, we’ll cover common security frameworks and controls. Finally, we’ll wrap up the course by discussing common tools and programming
10:00 - 10:30 languages that entry-level security analysts may use. Coming up, we’ll go over some resources that will allow you to get the most out of this program. I’m really excited for you to start this journey—let’s begin! Imagine that you’re preparing for a storm. You’ve received notification that a storm is coming. You prepare by gathering the tools and materials you’ll need to stay safe. You make sure your windows and doors are secure.
10:30 - 11:00 You assemble a first aid kit, tools, food, and water. You’re prepared! The storm hits, and there are powerful winds and heavy rain. The storm is using its force to try and breach your home. You notice some water leaks and begin patching them quickly in order to minimize any risk or potential damage. Handling a security incident is no different. Organizations must prepare for the storm by ensuring they have the tools to mitigate and
11:00 - 11:30 quickly respond to outside threats. The objective is to minimize risk and potential damage. As a security analyst, you’ll work to protect your organization and the people it serves, from a variety of risks and outside threats. And if a threat does get through, you and your team will provide a solution to remedy the situation. To help you better understand what this means, we’ll define security and
11:30 - 12:00 discuss the roles of security professionals in organizations. Let’s start with some definitions: Cybersecurity, or security, is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation. For example, requiring complex passwords to access sites and services improves
12:00 - 12:30 confidentiality by making it much more difficult for a threat actor to compromise them. A threat actor is any person or group who presents a security risk. Now that you know the definition of security, let’s discuss what security teams do for an organization. Security protects against external and internal threats. An external threat is someone outside of the organization trying to gain access to private information, networks, or devices.
12:30 - 13:00 An internal threat comes from current or former employees, external vendors, or trusted partners. Often these internal threats are accidental, such as an employee clicking on a compromised link in an email. Other times, the internal actor INTENTIONALLY engages in activities such as unauthorized data access or abusing systems for personal use. Experienced security professionals will help organizations mitigate - or reduce the impact
13:00 - 13:30 of - threats like these. Security teams also ensure an organization meets regulatory compliance, or laws and guidelines, that require the implementation of specific security standards. Ensuring that organizations are in compliance may allow them to avoid fines and audits, while also upholding their ethical obligation to protect users. Security teams also maintain and improve business productivity. By establishing a plan for business continuity, security teams allow people to do
13:30 - 14:00 their jobs even in the case of something like a data breach. Being security conscious can also reduce expenses associated with risk, such as recovering from data loss or operational downtime, and potentially avoiding fines. The last benefit of security that we'll discuss is maintaining brand trust. If services or customer data are compromised, this can lower trust in the organization, damage the brand, and hurt the business in the long term.
14:00 - 14:30 Loss of customer trust may also lead to less revenue for the business. Now, let’s go over some common security-based roles. After completing this certificate program, here are some job titles you may want to search for: Security analyst or specialist, Cybersecurity analyst or specialist, Security operations center or SOC analyst, And Information security analyst. You'll also learn more about the responsibilities
14:30 - 15:00 associated with some of these job titles later in the program. As you may now realize, the field of security includes many topics and concepts. And every activity you complete in this program moves you one step closer to a new job! Let's keep learning together! Technology is rapidly changing, and so are the tactics and techniques that attackers use. As digital infrastructure evolves, security professionals are expected to
15:00 - 15:30 continually grow their skills in order to protect and secure sensitive information. In this video, we’ll discuss some job responsibilities of an entry-level security analyst. So, what do security analysts do? Security analysts are responsible for monitoring and protecting information and systems. Now, we'll discuss three primary responsibilities of a security analyst, starting with protecting computer and network systems.
15:30 - 16:00 Protecting computer and network systems requires an analyst to monitor an organization's internal network. If a threat is detected, then an analyst is generally the first to respond. Analysts also often take part in exercises to search for weaknesses in an organization's own systems. For example, a security analyst may contribute to penetration testing or ethical hacking. The goal is to penetrate - or hack - their own organization's internal
16:00 - 16:30 network to identify vulnerabilities and suggest ways to strengthen their security measures. Think of it like this. After you lock your car, you check the door handles to make sure no one can access any valuables you keep inside. Security analysts also proactively work to PREVENT threats from happening in the first place. One way they do this is by working with information technology - or I-T - teams to install prevention software for the purposes of identifying risks and
16:30 - 17:00 vulnerabilities. Analysts may also be involved in software and hardware development. They’ll often work with development teams to support product security by setting up appropriate processes and systems to meet the organization’s data protection needs. The last task we’ll discuss is conducting periodic security audits. A security audit is a review of an organization’s security records, activities, and other related documents. For example, an analyst may examine in-house security issues such as making sure that
17:00 - 17:30 confidential information, like individual computer passwords, isn't available to ALL employees. Phew, that was a lot to cover! But hopefully you have a general idea of what entry-level security analysts do on a day-to-day basis. Security analysts are an important part of any organization. Their daily tasks protect small businesses, large companies, non-profit organizations, and government agencies.
17:30 - 18:00 They also help to ensure that the people served by those organizations remain safe. For any job, you need certain skills to be successful, and many of these core skills are transferable from one role to the next. No matter what job you currently have, you likely have many core skills already. Having a diverse background enhances your core skills, which means your personal experiences and perspectives are especially valuable! In this video, we’ll discuss both transferable and technical skills that are
18:00 - 18:30 particularly useful for a security analyst. Transferable skills are skills from other areas that can apply to different careers. Technical skills may apply to several professions as well, however at times they may require knowledge of specific tools, procedures, and policies. Let’s discuss some core transferable skills you may already have that will benefit you in a career as a security analyst. Communication is a transferable skill for a security analyst.
18:30 - 19:00 They will often need to describe certain threats, risks or vulnerabilities to people who may not have a technical background. For example, security analysts may be tasked with interpreting and communicating policies and procedures to other employees. Or analysts may be asked to report findings to their supervisors, so the appropriate actions can be taken to secure the organization. Another transferable skill is collaboration.
19:00 - 19:30 Security analysts often work in teams with engineers, digital forensic investigators, and program managers. For example, if you are working to roll out a new security feature, you will likely have a project manager, an engineer, and an ethical hacker on your team. Security analysts also need to be able to analyze complex scenarios that they may encounter. For example, a security analyst may need to make recommendations about how different tools can support efficiency and safeguard an organization’s internal network.
19:30 - 20:00 The last transferable skill that we'll discuss is problem solving. Identifying a security problem and then diagnosing it and providing solutions is a necessary skill to keep business operations safe. Understanding threat actors and identifying trends can provide insight on how to handle future threats. Okay, now that we've covered some important transferable skills, let's discuss some technical skills that security analysts need to develop.
20:00 - 20:30 A basic understanding of programming languages is an important skill to develop because security analysts can use programming to automate tasks and identify error messages. Like learning any other language, learning a programming language may seem challenging at first. However, this certificate program assumes no prior programming experience, so we'll start at the very beginning and provide several opportunities for hands-on practice with
20:30 - 21:00 languages like Python and SQL! Another important technical skill is knowing how to use security information and event management, or SIEM, tools. Security professionals use SIEM tools to identify and analyze security threats, risks, and vulnerabilities. For example, a SIEM tool may alert you that an unknown user has accessed the system. In the event of an unknown user accessing the system you may use computer forensics to
21:00 - 21:30 investigate the incident. Now, let’s discuss computer forensics. Similar to an investigator and a forensic scientist working in the criminal justice system, digital forensic investigators will attempt to identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices. Keep in mind that you may already have some of the core skills we’ve discussed. And if you don’t have the technical skills, that’s okay! This program is designed to support you in learning those skills.
21:30 - 22:00 For example, over the past seven years working in cybersecurity I've learned that security analysts need to have intellectual curiosity and the motivation to keep learning in order to succeed. Personally, I dedicate time on a regular basis towards learning more Python and SQL skills in order to meet the demands of the projects I'm working on. You'll get to learn about Python and SQL later in this program. As you continue this journey, you’ll build the knowledge and skills you need to enter
22:00 - 22:30 the security field! As we've discussed, security professionals protect many physical and digital assets. These skills are desired by organizations and government entities because risk needs to be managed. Let’s continue to discuss why security matters. Security is essential for ensuring an organization's business continuity and ethical standing. There are both legal implications and moral considerations to
22:30 - 23:00 maintaining an organization’s security. A data breach, for example, affects everyone that is associated with the organization. This is because data losses or leaks can affect an organization's reputation as well as the lives and reputations of their users, clients, and customers. By maintaining strong security measures, organizations can increase user trust. This may lead to financial growth and ongoing business referrals.
23:00 - 23:30 As previously mentioned, organizations are not the only ones that suffer during a data breach. Maintaining and securing user, customer, and vendor data is an important part of preventing incidents that may expose people’s personally identifiable information. Personally identifiable information, known as P-I-I, is any information used to infer an individual’s identity. PII includes someone’s full name, date of birth, physical address, phone number, email
23:30 - 24:00 address, Internet Protocol, or I-P, address and similar information. Sensitive personally identifiable information, known as S-P-I-I, is a specific type of P-I-I that falls under stricter handling guidelines and may include social security numbers, medical or financial information, and biometric data, such as facial recognition. If S-P-I-I is stolen, this has the potential to be significantly
24:00 - 24:30 more damaging to an individual than if P-I-I is stolen. P-I-I and S-P-I-I data are key assets that a threat actor will look for if an organization experiences a breach. When a person’s identifiable information is compromised, leaked, or stolen, identity theft is the primary concern. Identity theft is the act of stealing personal information to commit fraud while
24:30 - 25:00 impersonating a victim. And the primary objective of identity theft is financial gain. We’ve explored several reasons why security matters. Employers need security analysts, like you, to fill the current and future demand to protect data, products, and people while ensuring confidentiality, integrity, and safe access to information. This is why the U.S. Bureau of Labor Statistics expects the demand for security professionals to grow by
25:00 - 25:30 more than 30% by the year 2030. So keep learning, and eventually you’ll be able to do your part to create a safer and more secure environment for organizations and people alike! Congratulations on completing the first section of this course! Let’s quickly review what we’ve covered so far, before moving on. We defined security and introduced the benefits of implementing security in an
25:30 - 26:00 organization. Then, we discussed different job responsibilities, such as managing threats and installing prevention software. We also introduced some important core skills, like collaboration and computer forensics. We finished by discussing the value of security and how it supports critical business functions. I hope you've gained a greater understanding of security. If you feel like you need a refresher before moving on, you can always go back and review any content you’re unsure about.
26:00 - 26:30 By learning the basics, you’re laying the foundation for the rest of your security career. Coming up, we'll explore some well-known attacks that shaped the security industry. I'm excited to continue this journey with you! Welcome back! When it comes to security, there is so much to learn, and I'm thrilled to be part of your career journey. This is such an exciting time to be learning about security! When I learned about international hacks that impacted both private companies and
26:30 - 27:00 government organizations, I was inspired to want to work in security because I realized how dynamic and important this field is. One reason there are so many jobs in the security field today is because of attacks that happened in the 1980s and 1990s. Decades later, security professionals are still actively working to protect organizations and people from variations of these early computer attacks. In this section of the course, we’ll discuss viruses and malware, and introduce the
27:00 - 27:30 concept of social engineering. Then, we'll discuss how the digital age ushered in a new era of threat actors. Knowing the evolution of each attack is key to protecting against future attacks. Lastly, we’ll provide an overview of eight security domains. I hope you are as eager as I am to learn more! Next up, we’ll travel back in time to explore some of the viruses, data breaches, and malware attacks that have helped shape the industry as we know it today.
27:30 - 28:00 The security industry is constantly evolving, but many present-day attacks are not entirely new. Attackers often alter or enhance previous methods. Understanding past attacks can provide direction for how to handle or investigate incidents in your job as a security analyst. First, let’s go over a couple of key terms that will support your understanding of the
28:00 - 28:30 attacks we’ll discuss. A computer virus is malicious code written to interfere with computer operations and cause damage to data and software. The virus attaches itself to programs, or documents, on a computer. Then spreads and infects one or more computers in a network. A worm is a type of computer virus that can duplicate and spread on its own without human involvement. Today, viruses are more commonly referred to as malware, which is
28:30 - 29:00 software designed to harm devices or networks. Two examples of early malware attacks that we’ll cover are the Brain virus and the Morris worm. They were created by malware developers to accomplish specific tasks. However, the developers underestimated the impact their malware would have and the amount of “infected” computers there would be. Let’s take a closer look at these attacks and discuss how they helped shape security as we
29:00 - 29:30 know it today. In 1986, the Alvi brothers created the Brain virus. Although the intention of the virus was to track illegal copies of medical software and prevent pirated licenses, what the virus actually did was unexpected. Once a person used a pirated copy of the software, the virus infected that computer. Then, any disk that was inserted into the computer was also infected. The virus spread to a new computer every time someone used one of the infected disks.
29:30 - 30:00 Undetected, the virus spread globally within a couple of months. Although the intention was not to destroy data or hardware, the virus slowed down productivity and significantly impacted business operations. The Brain virus fundamentally altered the computing industry, emphasizing the need for a plan to maintain security and productivity.
30:00 - 30:30 As a security analyst, you will follow and maintain strategies put in place to ensure your organization has a plan to keep their data and people safe. Another influential computer attack was the Morris worm. In 1988, Robert Morris developed a program to assess the size of the internet. The program crawled the web and installed itself onto other computers to tally the number of computers that were connected to the internet. Sounds simple, right?
30:30 - 31:00 The program, however, failed to keep track of the computers it had already compromised and continued to reinstall itself, until the computers ran out of memory and crashed. About 6,000 computers were affected, representing 10% of the internet at the time. This attack cost millions of dollars in damages, due to business disruptions and the efforts required to remove the worm. After the Morris worm, Computer Emergency Response Teams, known as CERTs®, were
31:00 - 31:30 established to respond to computer security incidents. CERTs® still exists today, but their place in the security industry has expanded to include more responsibilities. Later in this program you'll learn more about the core functions of these security teams and gain hands-on practice with detection and response tools. Early attacks played a key role in shaping the current security industry. And coming up, we’ll discuss how attacks evolved in the digital age!
31:30 - 32:00 With the expansion of reliable high-speed internet, the number of computers connected to the internet increased dramatically. Because malware could spread through the internet, threat actors no longer needed to use physical disks to spread viruses. To better understand attacks in the digital age, we’ll discuss two notable attacks that relied on the internet: The LoveLetter attack and the Equifax breach.
32:00 - 32:30 In the year 2000, Onel de Guzman created the LoveLetter malware to steal internet login credentials. This attack spread rapidly and took advantage of people who had not developed a healthy suspicion for unsolicited emails. Users received an email with the subject line “I Love You.” Each email contained an attachment labeled, “Love Letter For You.” When the attachment was opened, the malware scanned a user’s address book.
32:30 - 33:00 Then, it automatically sent itself to each person on the list and installed a program to collect user information and passwords. Recipients would think they were receiving an email from a friend, but it was actually malware. The LoveLetter ended up infecting 45 million computers globally and is believed to have caused over $10 billion in damages. The LoveLetter attack is the first example of social engineering. Social engineering is a manipulation technique that exploits human error to gain
33:00 - 33:30 private information, access, or valuables. After the LoveLetter, attackers understood the power of social engineering. The number of social engineering attacks is increasing with every new social media application that allows public access to people's data. Many people are now prioritizing convenience over privacy. The trade off of this evolving shift is that these tools may lead to increased
33:30 - 34:00 vulnerability, if people do not use them appropriately. As a security professional, your role is to identify and manage inappropriate use of technology that may place your organization and all the people associated with it at risk. One way to safeguard your organization is to conduct regular internal trainings, which you as a future security analyst may be asked to lead or participate in.
34:00 - 34:30 Today, it’s common for employees to receive training on how to identify social engineering attacks. Specifically, phishing through the emails they receive. Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software. Now let's discuss the Equifax breach. In 2017, attackers successfully infiltrated the credit reporting agency, Equifax.
34:30 - 35:00 This resulted in one of the largest known data breaches of sensitive information. Over 143 million customer records were stolen, and the breach affected approximately 40% of all Americans. The records included personally identifiable information, including social security numbers, birth dates, driver’s license numbers, home addresses and credit card
35:00 - 35:30 numbers. From a security standpoint, the breach occurred due to multiple failures on Equifax's part. It wasn’t just one vulnerability that the attackers took advantage of, there were several. The company failed to take the actions needed to fix multiple known vulnerabilities in the months leading up to the data breach. In the end, Equifax settled with the U.S. government and paid over $575 million to resolve customer complaints and cover
35:30 - 36:00 required fines. While there have been other data breaches before and after the Equifax breach, the large settlement with the U.S. government alerted companies to the financial impact of a breach and the need to implement preventative measures. These are just a couple of well-known incidents that have shaped the security industry. Knowing about them will help you in your security career. Understanding different types of malware and social engineering attacks will allow you to
36:00 - 36:30 communicate about security risks during future job interviews. As a future security professional, constantly adapting and educating yourself on threat actors’ tactics and techniques will be a part of your job. By noticing similar trends, patterns, and methodologies, you may be able to identify a potential breach and limit future damage.
36:30 - 37:00 Finally, understanding how security affects people's lives is a good reminder of why the work you will do is so important! As the tactics of threat actors evolve, so do the roles of security professionals. Having a solid understanding of core security concepts will support your growth in this field. One way to better understand these core concepts is by organizing them into categories, called security domains.
37:00 - 37:30 As of 2022, C-I-S-S-P has defined eight domains to organize the work of security professionals. It’s important to understand that these domains are related and that gaps in one domain can result in negative consequences to an entire organization. It’s also important to understand the domains because it may help you better understand your career goals and your role within an organization. As you learn more about the elements of each domain, the work involved in one may appeal
37:30 - 38:00 to you more than the others. This domain may become a career path for you to explore further. C-I-S-S-P defines eight domains in total, and we'll discuss all eight between this video and the next. In this video, we’re going to cover the first four: Security and risk management, asset security, security architecture and engineering, and
38:00 - 38:30 communication and network engineering. Let’s start with the first domain. Security and risk management focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law. For example, security analysts may need to update company policies related to private health information if a change is made to a federal compliance regulation such as the
38:30 - 39:00 Health Insurance Portability and Accountability Act - also known as HIPPA. The second domain is asset security. This domain focuses on securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data. When working with this domain, security analysts may be tasked with making sure that old equipment is properly disposed of and destroyed, including any type of
39:00 - 39:30 confidential information. The third domain is security architecture and engineering. This domain focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. As a security analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks that could affect
39:30 - 40:00 productivity. The fourth security domain is communication and network engineering. This domain focuses on managing and securing physical networks and wireless communications. As a security analyst, you may be asked to analyze user behavior within your organization. Imagine discovering that users are connecting to unsecured wireless hotspots. This could leave the organization and its employees vulnerable to attacks.
40:00 - 40:30 To ensure communications are secure, you would create a network policy to prevent and mitigate exposure. Maintaining an organization’s security is a team effort, and there are many moving parts. As an entry-level analyst, you will continue to develop your skills by learning how to mitigate risks, to keep people and data safe. You don’t need to be an expert in all domains.
40:30 - 41:00 But, having a basic understanding of them will aid you in your journey as a security professional. You’re doing great! We have just introduced the first four security domains, and in the next video we’ll discuss four more! See you soon! Welcome back. In the last video we introduced you to the first four security domains. In this video, we’ll introduce you to the next four security domains: identity and
41:00 - 41:30 access management, security assessment and testing, security operations, and software development security. Familiarizing yourself with these domains will allow you to navigate the complex world of security. The domains outline and organize how a team of security professionals work together. Depending on the organization, analyst roles may sit at the intersection of multiple domains or focus on one specific domain. Knowing where a particular role fits within the security landscape will help you prepare
41:30 - 42:00 for job interviews and work as part of a full security team. Let’s move into the fifth domain. Identity and access management focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. Validating the identities of employees and documenting access roles are essential to
42:00 - 42:30 maintaining the organization’s physical and digital security. For example, as a security analyst, you may be tasked with setting up employees' keycard-access to buildings. The sixth domain is security assessment and testing. This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. Security analysts may conduct regular audits of user permissions,
42:30 - 43:00 to make sure that users have the correct level of access. For example, access to payroll information is often limited to certain employees, so analysts may be asked to regularly audit permissions to ensure that no unauthorized person can view employee salaries. The seventh domain is security operations. This domain focuses on conducting investigations and implementing preventative
43:00 - 43:30 measures. Imagine that you, as a security analyst, receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization's policies and procedures to quickly stop the potential threat. The final, eighth domain is software development security. This domain focuses on using secure coding practices - which are a set of recommended guidelines that are used to create secure applications and services.
43:30 - 44:00 A security analyst may work with software development teams to ensure security practices are incorporated into the software development lifecycle. If, for example, one of your partner teams is creating a new mobile app, then you may be asked to advise on the password policies or ensure that any user data is properly secured and managed. That ends our introduction to C-I-S-S-P’s eight security domains.
44:00 - 44:30 Challenge yourself to better understand each of these domains and how they affect the overall security of an organization. While they may still be a bit unclear to you this early in the program, these domains will be discussed in greater detail in the next course. See you there! This concludes our brief introduction to some of the most influential security attacks throughout history and C-I-S-S-P’s eight security domains!
44:30 - 45:00 Let’s review what we’ve discussed. First we covered viruses, including the Brain virus and the Morris worm, and discussed how these early forms of malware shaped the security industry. We also discussed how many attacks today are variants of these early examples. Understanding previous attacks is critical for security professionals who are working to protect organizations and people from possible future variants. We also discussed social engineering and threat actor motives by learning about the
45:00 - 45:30 LoveLetter attack and the Equifax data breach. These incidents showed the widespread impacts and associated costs of more recent security breaches in the digital age. Finally, we introduced C-I-S-S-P’s eight security domains and how they can be used to categorize different areas of focus within the security profession. I hope you are feeling confident about your foundational security knowledge!
45:30 - 46:00 Learning the history of security can allow you to better understand the current industry. C-I-S-S-P’s eight security domains provide a way to organize the work of security professionals. Remember, every security professional is essential. Your unique point of view, professional background, and knowledge are valuable. So, the diversity you bring to the field will further improve the security industry as you work to keep organizations and people safe.
46:00 - 46:30 Hi there—glad to have you back! You’re half way done with the first course, so you’re making great progress. In this section, we’ll discuss how organizations protect themselves from threats, risks, and vulnerabilities by covering key principles such as: frameworks, controls, and ethics. To help you better understand how this relates to the role of a security analyst, we’ll use an analogy. Imagine you want to plant a garden.
46:30 - 47:00 You research, plan, prepare and purchase materials while considering all the things that could potentially present a risk to your garden. You establish a plan to pull weeds, spray for bugs, and water your plants regularly to prevent issues or incidents. But as the days go by, unexpected problems arise. The weather has been unpredictable, and pests have been aggressively trying to infiltrate your garden. You start implementing better ways to safeguard your garden by installing a surveillance camera, building a fence, and covering your plants
47:00 - 47:30 with a canopy to keep your garden healthy and growing. Now that you have a better idea about the threats to your garden and how to keep your plants safe, you establish better policies and procedures to continuously monitor and safeguard your garden. In this way, security resembles a garden. It’s an evolving industry that will challenge you to make continuous improvements to policies and procedures that help protect your organization and the people it serves.
47:30 - 48:00 To that end, we’ll introduce security frameworks and controls and explain why they’re important. We’ll also cover core components and specific examples of frameworks and controls, including the Confidentiality, Integrity, and Availability Triad, or C-I-A Triad. We’ll end with a discussion about the ethics of security, and share a few notable ethical concerns in the security field. Evolving security practices may seem a little abstract, but many of us use them every day.
48:00 - 48:30 For example, I use security keys, which are a type of security control, as a second form of authentication to access my accounts. The keys ensure that only I can access my accounts, even if a password has been compromised. By improving confidentiality, they also assure me that the integrity of my accounts is intact. Having processes and procedures in place to organize security efforts and make informed
48:30 - 49:00 decisions is important for any organization. I’m so excited to get started—and I hope you are too! Imagine you’re working as a security analyst and receive multiple alerts about suspicious activity on the network. You realize that you’ll need to implement additional security measures to keep these alerts from becoming serious incidents. But where do you start? As an analyst, you’ll start by identifying your organization’s critical assets and risks. Then, you’ll implement the necessary frameworks and controls.
49:00 - 49:30 In this video, we’ll discuss how security professionals use frameworks to continuously identify and manage risk. We'll also cover how to use security controls to manage or reduce specific risks. Security frameworks are guidelines used for building plans to help mitigate risk and threats to data and privacy. Security frameworks provide a structured approach to implementing a security lifecycle. The security lifecycle is a constantly evolving set of policies and
49:30 - 50:00 standards that define how an organization manages risks, follows established guidelines, and meets regulatory compliance - or laws. There are several security frameworks that may be used to manage different types of organizational and regulatory compliance risks. The purpose of security frameworks includes protecting personally identifiable information - known as P-I-I - securing financial information, identifying security
50:00 - 50:30 weaknesses, managing organizational risks, and aligning security with business goals. Frameworks have four core components and understanding them will allow you to better manage potential risks. The first core component is identifying and documenting security goals. For example, an organization may have a goal to align with the E.U.'s General Data Protection Regulation law, also known as G-D-P-R.
50:30 - 51:00 G-D-P-R is a data protection law established to grant European citizens more control over their personal data. A security analyst may be asked to identify and document areas where an organization is out of compliance with G-D-P-R. The second core component is setting guidelines to achieve security goals. For example, when implementing guidelines to achieve G-D-P-R compliance, your organization
51:00 - 51:30 may need to develop new policies for how to handle data requests from individual users. The third core component of security frameworks is implementing strong security processes. In the case of G-D-P-R, a security analyst working for a social media company may help design procedures to ensure the organization complies with verified user data requests. An example of this type of request is when a user attempts to update or delete their
51:30 - 52:00 profile information. The last core component of security frameworks is monitoring and communicating results. As an example, you may monitor your organization's internal network, and report a potential security issue affecting G-D-P-R to your manager or regulatory compliance officer. Now that we’ve introduced the four core components of security frameworks, let’s tie them all together. Frameworks allow analysts to work alongside other members of a
52:00 - 52:30 security team to document, implement, and use the policies and procedures that have been created. It’s essential for an entry-level analyst to understand this process because it directly affects the work they do and how they collaborate with others. Next, we’ll discuss security controls. Security Controls are safeguards designed to reduce SPECIFIC security risks. For example, your company may have a guideline that requires all employees to
52:30 - 53:00 complete a privacy training to reduce the risk of data breaches. As a security analyst, you may use a software tool to automatically assign and track which employees have completed this training. Security frameworks and controls are vital to managing security for all types of organizations and ensuring that everyone is doing their part to maintain a low level of risk. Understanding their purpose and how they are used allows analysts to support an organization’s security goals and protect the people it serves.
53:00 - 53:30 In the following videos, we’ll discuss some well-known frameworks and principles that analysts need to be aware of to minimize risk, and protect data and users. Hi, welcome back! Previously, we discussed frameworks and controls in general. In this video, you'll learn about SPECIFIC frameworks and controls that organizations can voluntarily use to minimize risks to their data and to protect users. Let’s get started! The C-I-A triad is a foundational model that helps inform how
53:30 - 54:00 organizations consider risk when setting up systems and security policies. C-I-A stands for confidentiality, integrity, and availability. Confidentiality means that only authorized users can access specific assets or data. For example, strict access controls that define who should and should not have access to data must be put in place to ensure confidential data remains safe.
54:00 - 54:30 Integrity means the data is correct, authentic, and reliable. To maintain integrity, security professionals can use a form of data protection like encryption to safeguard data from being tampered with. Availability means data is accessible to those who are authorized to access it. As an example, a director may have more access to certain data than a department manager because directors usually oversee more employees.
54:30 - 55:00 Let’s define a term that came up during our discussion of the C-I-A triad: asset. An asset is an item perceived as having value to an organization. And value is determined by the cost associated with the asset in question. For example, an application that stores sensitive data, such as social security numbers or bank accounts, is a valuable asset to an organization. It carries more risk and therefore requires tighter security controls in comparison to a
55:00 - 55:30 website that shares publicly available news content. As you may remember, earlier in the course we discussed frameworks and controls in general. Now, we’ll discuss a specific framework developed by the U.S.-based National Institute of Standards and Technology: the Cybersecurity Framework, also referred to as the NIST C-S-F. The NIST Cybersecurity Framework is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
55:30 - 56:00 It’s important to become familiar with this framework because security teams use it as a baseline to manage short and long-term risk. Managing and mitigating risks AND protecting an organization's assets from threat actors are key goals for security professionals. Understanding the different motives a threat actor may have, alongside identifying your organization’s most valuable assets is important. Some of the most dangerous threat actors to consider are disgruntled employees. They’re the MOST dangerous because they often have access to sensitive information
56:00 - 56:30 and know where to find it. In order to reduce this type of risk, security professionals would use the principle of availability, as well as organizational guidelines based on frameworks, to ensure staff members can only access the data they need to perform their jobs. Threat actors originate from all across the globe, and a diverse workforce of security professionals helps organizations identify attackers' intentions.
56:30 - 57:00 A variety of perspectives can assist organizations in understanding and mitigating the impact of malicious activity. That concludes our introduction to the CIA triad and NIST CSF framework, which are used to develop processes to secure organizations and the people they serve! You may be asked in an interview if you know about security frameworks and principles. Or you may be asked to explain how they’re used to secure organizational assets. In either case, throughout this program you’ll have multiple opportunities to learn
57:00 - 57:30 more about them and apply what we’ve discussed to real-world situations. Coming up, we’ll discuss the ethics of security. See you soon! In security, new technologies present new challenges. For every new security incident or risk, the right or wrong decision isn’t always clear. For example, imagine that you’re working as an entry-level security analyst and you have received a high risk alert.
57:30 - 58:00 You investigate the alert and discover data has been transferred without authorization. You work diligently to identify who made the transfer and discover it is one of your friends from work. What do you do? Ethically, as a security professional your job is to remain unbiased and maintain security and confidentiality. While it’s normal to want to protect a friend, regardless of who the user in question may be, your responsibility and obligation is to adhere to the policies and
58:00 - 58:30 protocols you’ve been trained to follow. In many cases, security teams are entrusted with greater access to data and information than other employees. Security professionals must respect that privilege and act ethically at all times. Security ethics are guidelines for making appropriate decisions as a security professional. As another example, if you as an analyst have the ability to grant yourself access to payroll data and can give yourself a raise, just because you have access to do
58:30 - 59:00 so, does that mean you should? The answer is no. You should never abuse the access you’ve been granted and entrusted with. Let’s discuss ethical principles that may raise questions as you navigate solutions for mitigating risks. These are confidentiality, privacy protections, and laws. Let’s begin with the first ethical principle, confidentiality. Earlier we discussed confidentiality as part of the C-I-A triad; now let's discuss how
59:00 - 59:30 confidentiality can be applied to ethics. As a security professional, you’ll encounter proprietary or private information, such as P-I-I. It’s your ethical duty to keep that information confidential and safe. For example, you may want to help out a coworker by providing computer system access outside of properly documented channels. However, this ethical violation can result in serious consequences including reprimands,
59:30 - 60:00 the loss of your professional reputation, and legal repercussions for both you and your friend. The second ethical principle to consider is privacy protections. Privacy protection means safeguarding personal information from unauthorized use. For example, imagine you receive a personal email after hours from your manager requesting a colleague’s home phone number. Your manager explains that they can’t access the employee database at the moment, but they
60:00 - 60:30 need to discuss an urgent matter with that person. As a security analyst, your role is to follow the policies and procedures of your company, which in this example, state that employee information is stored in a secure database and should NEVER be accessed or shared in any other format. So, accessing and sharing the employee’s personal information would be unethical. In situations like this, it can be difficult to know what to do.
60:30 - 61:00 So, the best response is to adhere to the policies and procedures set by your organization. A third important ethical principle we must discuss is the law. Laws are rules that are recognized by a community and enforced by a governing entity. For example, consider a staff member at a hospital who has been trained to handle P-I-I, and S-P-I-I for compliance. The staff member has files with confidential data that should never be left unsupervised,
61:00 - 61:30 but the staff member is late for a meeting. Instead of locking the files in a designated area, the files are left on the staff member’s desk, unsupervised. Upon the employee’s return, the files are missing. The staff member has just violated multiple compliance regulations, and their actions were unethical and illegal since their negligence has likely resulted in the loss of private patient and hospital data. As you enter the security field, remember that technology is constantly evolving and so
61:30 - 62:00 are attacker's tactics and techniques. Because of this, security professionals must continue to think critically about how to respond to attacks. Having a strong sense of ethics can guide your decisions to ensure that the proper processes and procedures are followed to mitigate these continually evolving risks. You are now better prepared to understand and help make decisions regarding assessing and managing risk. Let’s review what we’ve covered.
62:00 - 62:30 We discussed security frameworks and controls and how they’re used to develop processes and procedures that protect organizations and the people they serve. We also discussed core components of frameworks, such as identifying security goals and establishing guidelines to achieve those goals. Then, we introduced specific frameworks and controls, including the C-I-A triad and the NIST C-S-F, and how they are used to manage risk. And finally, we discussed security ethics, including common ethical issues to consider,
62:30 - 63:00 such as confidentiality, privacy protections, and laws. You’re almost there, only one more section to go in this course! Coming up, you’ll learn about common tools and programming languages used by security analysts to protect organizational operations. Hope you’re as excited as I am to keep going! Welcome to the final section of this course! Here, we’ll be introducing tools and programming languages that are commonly used
63:00 - 63:30 in the security field. They are essential for monitoring security in an organization because they enhance efficiency by automating tasks. Although we’re only introducing these concepts and tools at this point, later in the program you’ll have opportunities to use them in a variety of hands-on activities. In the following videos, you’ll learn about security incident and event management, or SIEM, tools. You’ll also be introduced to other tools such as playbooks and network protocol
63:30 - 64:00 analyzers. Then, you’ll learn about the Linux operating system and security related tasks that are initiated through programming languages such as SQL, and Python. For me, SQL is one of the most useful tools. It allows me to explore all the different data sources we collect, and it allows my team to analyze the data for trends. Take your time going through the videos and if you need to, rewatch them. Also know that these tools will be discussed in much more detail, and you will be able to
64:00 - 64:30 practice them firsthand, later in the certificate program. While every organization has their own set of tools and training materials that you’ll learn to use on the job, this program will provide you with foundational knowledge that will help you succeed in the security industry. Let’s get started! As mentioned earlier, security is like preparing for a storm. If you identify a leak, the color or shape of the bucket you use to catch the water doesn’t matter. What IS important is mitigating the risks and threats to your
64:30 - 65:00 home, by using the tools available to you. As an entry-level security analyst, you’ll have a lot of tools in your toolkit that you can use to mitigate potential risks. In this video, we'll discuss the primary purposes and functions of some commonly used security tools. And later in the program, you’ll have hands-on opportunities to practice using them. Before discussing tools further, let's briefly discuss logs, which
65:00 - 65:30 are the source of data that the tools we’ll cover are designed to organize. A log is a record of events that occur within an organization’s systems. Examples of security related logs include records of employees signing into their computers or accessing web-based services. Logs help security professionals identify vulnerabilities and potential security breaches. The first tools we’ll discuss are Security Information and Event Management
65:30 - 66:00 tools, or SIEM tools. A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization. The acronym S-I-E-M may be pronounced as sim or seem, but we'll use sim throughout this program. SIEM tools collect real-time - or instant - information and allow security analysts to identify potential breaches as they happen.
66:00 - 66:30 Imagine having to read pages and pages of logs to determine if there are any security threats. Depending on the amount of data, it could take hours or days. SIEM tools reduce the amount of data an analyst must review by providing alerts for specific types of risks and threats. Next, let’s go over examples of commonly used SIEM tools: Splunk and Chronicle. Splunk is a data analysis platform, and Splunk Enterprise provides SIEM solutions.
66:30 - 67:00 Splunk Enterprise is a self-hosted tool used to retain, analyze, and search an organization's log data. Another SIEM tool is Google’s Chronicle. Chronicle is a cloud-native SIEM tool that stores security data for search and analysis. Cloud-native means that Chronicle allows for fast delivery of new features. Both of these SIEM tools, and SIEMs in general, collect data from multiple places,
67:00 - 67:30 then analyze and filter that data to allow security teams to prevent and quickly react to potential security threats. As a security analyst, you may find yourself using SIEM tools to analyze filtered events and patterns, perform incident analysis, or proactively search for threats. Depending on your organization's SIEM setup and risk focus, the tools and how they function may differ, but ultimately they are ALL used to mitigate risk.
67:30 - 68:00 Other key tools that you will use in your role as a security analyst - AND that you’ll have hands-on opportunities to use later in the program - are playbooks and network protocol analyzers. A playbook is a manual that provides details about any operational action, such as how to respond to an incident. Playbooks, which vary from one organization to the next, guide analysts in how to handle a security incident before, during, and after it has occurred.
68:00 - 68:30 Playbooks can pertain to security or compliance reviews, access management, and many other organizational tasks that require a documented process from beginning to end. Another tool you may use as a security analyst is a network protocol analyzer, also called packet sniffer. A packet sniffer is a tool designed to capture and analyze data traffic within a network. Common network protocol analyzers include t-c-p-dump and Wireshark.
68:30 - 69:00 As an entry-level analyst, you don’t have to be an expert in these tools. As you continue through this certificate program and get more hands-on practice, you’ll continuously build your understanding of how to use these tools to identify, assess, and mitigate risks. As we discussed previously, organizations use a variety of tools - such as SIEMs, playbooks, and packet sniffers - to better manage, monitor, and analyze security threats. But those aren’t the only tools in an analyst’s tool kit.
69:00 - 69:30 Analysts also use programming languages and operating systems to accomplish essential tasks. In this video, we’ll introduce you to Python and SQL programming, and the Linux operating system. All of which you’ll have an opportunity to practice using later in the certificate program. Organizations can use programming to create a specific set of instructions for a computer to execute tasks. Programming allows analysts to complete repetitive tasks and processes with a high
69:30 - 70:00 degree of accuracy and efficiency. It also helps reduce the risk of human error, and can save hours or days compared to performing the work manually. Now that you’re aware of what programming languages are used for, let’s discuss a specific and related operating system called Linux, and two programming languages: SQL and Python. Linux is an open-source - or publicly available - operating system. Unlike other operating systems you may be familiar with, for example macOS or Windows,
70:00 - 70:30 Linux relies on a command line as the primary user interface. Linux itself is not a programming language, but it does allow for the use of text-based commands between the user and the operating system. You’ll learn more about Linux later in the program. A common use of Linux for entry-level security analysts is examining logs to better understand what’s occurring in a system. For example, you might find yourself using commands to review an error log when
70:30 - 71:00 investigating uncommonly high network traffic. Next, let’s discuss SQL. S-Q-L stands for structured query language. SQL is a programming language used to create, interact with, and request information from a database. A database is an organized collection of information or data. There may be millions of data points in a database. So an entry-level security analyst would use SQL to filter through the data points to
71:00 - 71:30 retrieve specific information. The last programming language we’ll introduce is Python. Security professionals can use Python to perform tasks that are repetitive and time-consuming, and that require a high level of detail and accuracy. As a future analyst, it's important to understand that every organization's tool kit may be somewhat different, based on their security needs. The main point is that you're familiar with some industry standard tools because that will show employers that you have the ability to learn how to use THEIR tools to
71:30 - 72:00 protect the organization and the people it serves. You're doing great! Later in the course you'll learn more about Linux and programming languages, and you'll practice using these tools in security-related scenarios. That completes the introduction to security tools and programming languages! In this section of the course, we covered SIEM tools such as Splunk and Chronicle. We also discussed how SIEM tools are used by security analysts to complete different
72:00 - 72:30 tasks. Then, we discussed other tools such as playbooks and network protocol analyzers, also called packet sniffers. Finally, we introduced the Linux operating system and the programming languages SQL and Python. Remember, the tools we discussed take time to understand completely. But having a basic understanding of these tools can help you get a job in the security field and progress in your career! Congratulations on completing the first course!
72:30 - 73:00 We’ve come so far and covered so much about a really exciting industry. I find cybersecurity to be exciting because it's dynamic, there are always new puzzles to solve, and the work of protecting our users is worthwhile. Before we move on, let’s take a moment to celebrate and reflect on what we’ve covered: First, we introduced core security concepts, including what security is and why it matters. We also discussed what an entry-level security analyst does, and some skills related to the role.
73:00 - 73:30 Then, we transitioned to eight security domains, which include security and risk management, asset security, and security operations. Next, we highlighted security frameworks and controls. Specifically, the CIA triad model and the NIST Cybersecurity Framework. Finally, we explored common tools and programming languages used by security analysts, such as SIEMs, playbooks, SQL, and Python. I hope you’re proud of the work you’ve done so far.
73:30 - 74:00 No matter what direction you take in the security industry, everything you’ve learned lays the foundation for the next phase of your career. And, as you move through this program, you’ll have the chance to develop your skills further. In the next course, my colleague will provide more details about several of the topics introduced in this course. Hi! I'm Ashley and I will be guiding you through the next course of this certificate program. We’ll discuss security domains and business operations in greater detail.
74:00 - 74:30 I’m so glad I was able to be here for the beginning of your journey. You’re off to a great start. I'm excited for you to reach your goal of joining the security industry!