Karl Barclay

google hq

Google Cybersecurity Professional Certificate (pt.1)

,

by:

Karl Barclay
in ,

Week 1: Hello World!

Getting Started

Security Analysts to proactively guard against incidents while continuously monitoring systems and networks. They also investigate incidents and report findings.

Coursework Includes the following Hands-on Activities:

• Detecting and responding to attacks
• Monitoring and Responding to Attacks
• Investigating Incidents
• Writing Code to Automate tasks

Program Overview

• Core Security concepts
• Security domains
• Network Security
• Computing Basics
• Assets, Threats, and Vulnerabilities
• Incident detection and response
               Python
• Find and Apply for Jobs

Introduction to cybersecurity

Cybersecurity – The Practice of ensuring confidentiality, integrity and availability of information by protecting networks, devices, people and data from unauthorized access or criminal exploitation.

Threat Actor – Any person or group who presents a security risk

Benefits of Security
• Protects against external and Internal threats
• Meets regulatory compliance
• Maintains and Improves business productivity
• Reduces expenses
• Maintains brand Trust

Common Job Titles
• Security Analyst or Specialist
• Cybersecurity Analyst or Specialist
• Security Operations Center (SOC) Analyst
• Information Security Analyst

Instructor Toni – Army Brat, Big Family, Worked for Department Of Defense which helped with college, Started as an intelligence Analyst, Learned Cyber Security on the Job. She had to learn how she learned best. She likes structured learning environments. Ask tons of questions.

Responsibilities of an entry-level cybersecurity Analyst

Security analysts are responsible for monitoring and protecting information and systems. Responsibilities include:
• Protecting computer and network systems
• Installing intrusion prevention software
• Conducting periodic security audits

Nikki – security Engineer, insider threat detection team, first experience was when working at the aquarium, lots a ‘phishing’ which piqued her interest. There are two sides to cyber security; Operations: Responding to detections and doing investigations. Projects: Working with other teams to build new detections or improve the current detections. Analyst, operations Engineer, more project focused but can do both.

Core Skills for Cybersecurity Professionals

Technical skills – Skills that require knowledge of specific tools, procedures, and policies

• Programming Languages – such as Python, Bash, and SQL
• Security incident and Event Management tools (SIEM)
• Digital Forensic Investigation – Being able to identify and protect and analyze evidence

Transferable skills – Skills from other areas that can apply to different careers.

• Communication – in order to communicate to stakeholders with less technical skill
• Collaboration – in order to work with project managers and engineers
• Analysis – In order to identify problems
• Problem solving – in order to find solutions for problems

Personally identifiable information (PII): Any information used to infer an individual’s identity

Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines

Week 2: The Evolution of Cybersecurity

The History of cybersecurity

What you’ll Learn:
Computer Viruses, Malware, Social Engineering, Digital Age, Security domain

Past Cyber-Security attacks

Computer Viruses – Malicious code written to interfere with computer operations and cause damage to data and software
Worms – A type of virus that can duplicate itself without human involvement
Malware – Software designed to harm devices or networks
Brain Virus – In 1986, Alvie Brothers created the Brain Virus, Intended to Track illegal copies of medical software, infected every new disk, spread globally in months
Morris Worm – Robert Morris, developed a program to assess the size of the internet, Intended to Crawl into other computers and tally the number of computers connected to the internet, However it failed to track the tally and installed multiple copies of itself unto every computer until it ran out of memory. About 600 computers were infected, about 10% of the internet at the time.

Attacks in the Digital Age

The Love letter Attack – In the year2000, Noel Deguzman, steal internet credentials, Phishing attack that posed as a love letter from a friend, scanned address boo upon opening and sent a copy of itself to everyone in the address book. Infected over 45 Million people at the time, cause over 10 million dollars in damage.
Social Engineering – A manipulation technique that exploits human error to gain private information, access, or valuables.

Phishing – The use of digital communications to trick people into revealing sensitive data or deploying malicious software

The Equifax Breach – in 2017 attackers infiltrated Equifax, the largest know data breach, during this breach, over 143 million customer records were stolen, and the breach affected approximately 40% of all Americans.

Common Attacks and their Effectiveness

Phishing

Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source

Social Engineering

Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.

USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network. 

Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Social engineering principles 

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people’s data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

Reasons why social engineering attacks are effective include:

Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures. 

Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told. 

Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past. 

Scarcity: A tactic used to imply that goods or services are in limited supply. 

Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.  

Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

Urgency: A threat actor persuades others to respond quickly and without questioning.

Sean – Technical program manager, google workspace, 30 year security veteran, during the first data breach the most important thing you can do is keep your cool, you need to be the coolest person in the room, first thing you do is contain the breach.

The eight  CISSP Security Domains

  1. Security and Risk Management – Defines security goals and objectives, risk mitigation, compliance, business continuity and the law. For example security analyst may need to update company policy with regard to sensitive information, and all of its effected software based on updates to HIPAA
  2. Asset Security – Secures digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data. Security analyst may be tasked with destroying equipment to protect sensitive information
  3. Security Architecture and Engineering – Optimizes data security by ensuring effective tools, systems and processes are in place. As an analyst you may be tasked with setting up a Firewall.
  4. Communications and Network Security – Focuses on managing and securing physical networks and wireless communications. Create network policies or VPNs to mitigate exposure to unsafe networks.
  5. Identify and Access Management – Identity and access management keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. Validating the identity of employees and documenting access roles are essential for security, as analyst you may be tasked with setting up employee keycard access to buildings.
  6. Security Assessment and Testing – Conducting security control testing, collecting, and analyzing data & conducting security audits to monitor for risks, threats, and vulnerabilities. Security analysts may conduct regular audits of user permissions to make sure that users have the correct level of access.
  7. Security Operations – Conducting investigations and implementing preventative measures. Security Analysts would follow up on unauthorized access of data etc.
  8. Software development Security – Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services. A Security analyst may work with a software development team to ensure that password data and user data is properly secured and managed.

Week 3: Protect Against threats, Risks and vulnerabilities

Frameworks and Controls

Security Frameworks – Guidelines used for building plans to help mitigate risk and threats to data and privacy.

General Data Protection Regulation (GDPR) – EU data protection and privacy law.

Purpose of Security Frameworks
• Protecting PI
• Securing Financial Information
• Identifying Security Weaknesses
• Managing Organizational Risks
• Aligning Security with Business Goals

Components of Security Frameworks

  1. Identifying and documenting security goals
  2. Setting guidelines to achieve security goals
  3. Implementing security processes
  4. Monitoring and communicating results

Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual

Security Controls – safeguards designed to reduce specific security risks, for example, requiring employees to complete a new data privacy training program each year to reduce the risk of a data breach.

CIA Triad – A Foundational model that helps inform how organizations consider risk when setting up systems and security policies. CIA stands for Confidentiality Integrity and Availability.
Confidentiality – Only authorized users can access specific assets or data. Account Privileges
Integrity – refers to the authenticity, reliability and correctness of assets or data. Data Encryption
Availability – Data is accessible to those who are authorized to access it. Hierarchical, ease of access?

NIST Cybersecurity Framework (CSF) – A voluntary framework that consists of standards, guidelines and best practices to manage cybersecurity risks. Important for managing short an long term risk.

Heather, Vice president of security engineering, We need to become increasingly more careful about how data is handled, more and more customers are inquiring about how their data is handled and suing companies for mishandling their data.

Ethics in cybersecurity

Security Ethics – Guidelines for making appropriate decisions as a security professional. For example if you as an analyst have access to payroll data, you should not abuse that privilege.

Ethical Principles in security
Confidentiality – Keep PII safe, for example a co-worker may want access, however this not allowed.
Privacy Protections – safeguarding personal information from unauthorized use. Imagine if you receive an email after hours and they need a colleague’s phone number, as a security analyst is your duty to ensure that the security guidelines be followed and in this case is against company guidelines to share any information with anyone outside of an office environment were  the employee database is accessible
Laws – Rules that are recognized by a community and enforced by a governing entity.
Open Web Application Security Project (OWASP): A non-profit organization focused on improving software security

Holly, Cloud Security Architect, The certificates, really helped her gain credibility with potential employers when she didn’t have the experience in that particular field yet.

Week 4: Cybersecurity Tools and Programming Languages

SIEM Tools

Playbooks

Network Protocol Analyzers

Linux Operating System

Programming Languages
• Python
• SQL

Common Cybersecurity Tools

Log – a record of events that occur within an organizations system

Security and Information Management Tool – An application that collects and analyzes log data to monitor critical activities in an organization. They collect real time information and allow analysts to identify potential breaches as they happen. Common SIEM Tools Include; Splunk and Google Chronicle.

Splunk – SEIM Tool – https://www.splunk.com/en_us/data-insider/what-is-siem.html

Google Chronicle – SEIM Tool –  https://chronicle.security/contact-us/

Other Key Tools

Playbook – A manual that provides details about any operational action

Network Protocol analyzer (Packet Sniffer) – A tool designed to capture and analyze data traffic within a network. Common Network Protocol analyzer tools include TCPDump and Wireshark.

Antivirus software: A software program used to prevent, detect, and eliminate malware and viruses

Database: An organized collection of information or data

Data point: A specific piece of information

Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions

Linux: An open-source operating system

Log: A record of events that occur within an organization’s systems 

Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network

Order of volatility: A sequence outlining the order of data that must be preserved from first to last

Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks

Protecting and preserving evidence: The process of properly working with fragile and volatile digital evidence

Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization

SQL (Structured Query Language): A programming language used to create, interact with, and request information from a database

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *