Cybersecurity: The Beginner's Guide电子书

Acknowledment

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Importance of Cybersecurity

The history of data breaches

Scenarios for security

Understanding the attack surface

The threat landscape

The importance of securing the network and applications

The history of breaches

1984 – The TRW data breach

1990s – Beginning of computer viruses and worms

The years 2000-2010

How security helps to build trust

Summary

Security Evolution — From Legacy to Advanced, to ML and AI

Legacy cybersecurity systems

Signature-based security systems

Network cyber attacks

Network security tools

Transformations in cybersecurity

Layered security

New security threats

Responses to the new threats

Advancements in security technology to security 2.0

Anomaly-based security systems

How ML and AI will play a larger role in cybersecurity

Summary

Further reading

Learning Cybersecurity Technologies

Mobile security

Loss or theft

Software-related security issues

Advanced data security

Cloud security

Modern day regulations

Incidence response and forensics

Enterprise security at scale

Penetration testing

TruSec training

CQURE Academy

Training with Troy Hunt

Have I Been Pwned ?

DevSecOps

IoT security

User behavior analytics (UBA)

Endpoint detection and response (EDR)

Summary

Further reading

Skills We Need for a Cybersecurity Career

General cybersecurity roles

Penetration testers and vulnerability testers

Cybersecurity consultants

Cybersecurity managers

Cybersecurity analysts

Cybersecurity engineers

Chief Information Security Officers (CISOs)

Chief Security Officers (CSOs)

Computer system administrators

Cryptographers

Computer forensic experts

Network security engineers

Information assurance technicians

Data security analysts

IT security compliance analysts

System security specialists

Skills to acquire in cybersecurity

Foundation skills

Risk management

Networking

Situational awareness

Toolkits

Security analyst skills

Threat assessment

Vulnerability assessment

Log collection and analysis

Active analysis

Incidence response

Disaster recovery

Forensics

Penetration testing skills

Intelligence gathering

Incidence reporting

Restraint

Security architecture skills

Identity and access management

Network configuration

System hardening

Choosing skills to pick up based on current professional experience and skills

Ethical hacking skills

Application security skills

Cloud security skills

DevSecOps skills

Threat and vulnerability assessment skills

Information security management skills

Cybersecurity litigation support skills

Regulatory compliance and auditing skills

Summary

Further reading

Attacker Mindset

The category of hackers

The traits of hackers

They are patient

They are determined

They are insensitive

They are risk-takers

They are careful

They are deviant

Social characteristics of hackers

Lack of social skills

They have an inferiority complex

They are radical

They are rebellious

They lack social support

How hackers think (motivators)

Getting money (monetary gain)

Greed

Political power

Religious extremism

Curiosity

What can be learned from the psychology of hackers?

Summary

Further reading

Understanding Reactive, Proactive, and Operational Security

Proactive cyber defense

Small and medium-sized enterprises

Large organizations

Worrying attack trends

Implementing proactive security

Vulnerability assessment

Penetration testing

Social-engineering assessment

Web-application security assessment

Reactive cybersecurity

Implementing a reactive security strategy

Monitoring

Response

Disaster-recovery

Forensic investigations

Overview of operational security

Implementing operation security

The significance of the three security pillars

Security operations and continuous monitoring

Captive SOC (self-managed SOC)

Co-managed SOC

Fully managed SOC

Proactive versus reactive security

The threat intelligence system and its importance

Digital forensics and real-time incident response with SIEM

Getting started with security automation and orchestration

Step 1 – start small

Step 2 – learn to analyze (incidents)

Step 3 – learn to monitor wisely

Three common security orchestration, automation, and response use cases

Phishing emails

Malicious network traffic

Vulnerability management

Summary

Further reading

Networking, Mentoring, and Shadowing

Mentoring

They provide knowledge and wisdom

They give insights on where you should improve

They give encouragement

Mentors create boundaries and ensure discipline

Mentors give unfiltered opinions

They are trustworthy advisers

They can be good connectors

They have lengthy experience that you can learn from

Mentors are satisfied by your success

How to choose a mentor

Compatibility

The mentor's strengths and weaknesses

Contrast

Expertise

Trust

Networking

Job opportunities

Career advice and support

Building confidence

Developing personal relationships

Access to resources

Discovery

Tips for establishing a professional network

Build genuine relationships

Offer to help

Diversify your events

Keep in touch

Shadowing

Regular briefings

Observation

Hands-on

Preparing for job shadowing

Preparing questions beforehand

Taking notes

Picking an appropriate time

Gratitude

Summary

Further reading

Cybersecurity Labs

ILT

VILT

Self-study

Self-study cybersecurity labs

The cross-site scripting (XSS) lab

The Secure Socket Layer (SSL) configuration lab

Acunetix Vulnerability Scanner

Sucuri

Valhalla

F-Secure Router Checker

Hacking-Lab

The Root Me password generator

CTF365

Mozilla Observatory

Free online training providers

IT master's degrees and Charles Sturt University

Microsoft Learn

edX

Khan Academy

Cybersecurity: Attack and Defense Strategies

Building your own test lab

Summary

Further reading

Knowledge Check and Certifications

The need to get a certification

They show employers that you take initiative

They reflect your abilities in a specific niche

They equip you with knowledge for a specific job

They can kickstart a career in cybersecurity

They give your clients confidence

They market you

Choosing certifications and vendors

The reputation of the vendor

The length of the course

Feedback from former learners

Support for learners

The credibility of the certification

Job market demands

Effective cybersecurity requires participation from all

What's in it for me?

A culture of continuous monitoring

CompTIA Security+

CompTIA PenTest+

CompTIA Cybersecurity Analyst (CySA+)

CompTIA Advanced Security Practitioner (CASP+)

EC-Council, Certified Ethical Hacker (CEH)

EC-Council, Computer Hacking Forensic Investigator (CHFI)

EC-Council cybersecurity career pathway

Certified Information Systems Security Professional (CISSP)

Certified Cloud Security Professional (CCSP)

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

Which (ISC)² Certification is right for you?

Global Information Assurance Certification (GIAC) Certifications

GIAC Information Security Fundamentals (GISF)

GIAC Security Essentials Certification (GSEC)

GIAC Certified Perimeter Protection Analyst (GPPA)

GIAC Certified Intrusion Analyst (GCIA)

SANS certifications

Cisco certifications

Cisco Certified Entry Networking Technician (CCENT)

CCNA Routing and Switching

Offensive Security Certified Professional (OSCP)/Offensive Security's Penetration Testing with Kali Linux (PwK)

Offensive Security's Penetration Testing with Kali Linux (PwK)

CertNexsusCybersec first responder (CFR)

The NIST cybersecurity framework

Identify

Protect

Detect

Respond

Recover

Summary

Further reading

Security Intelligence Resources

Checklist resources

Security Checklist

Cybersecurity advice and reliable information sources

Cybersecurity courses

SlashNext

Springboard

Cybrary

US Department of Homeland Security

Cybersecurity threat-intelligence resources

Structured Threat Information Expression (STIX)

Trusted Automated Exchange of Intelligence Information (TAXII)

OASIS Open Command and Control (OpenC2)

Traffic Light protocol (TLP)

Cyber Analytics Repository by MITRE (CAR)

IntelMQ by ENISA

Recorded Future

Anomali STAXX

Cyberthreat-intelligence feeds

Summary

Further reading

Expert Opinions on Getting Started with Cybersecurity

Ann Johnson

Dr. Emre Eren Korkmaz

Robin Wright

Ozan Ucar and Dr. Orhan Sari

Chaim Sanders

Yuri Diogenes

Dr. Ivica Simonovski

Dr. Mike Jankowski-Lorek

Judd Wybourn

Onur Ceran

Neil Rerup

Girard Moussa

Kaushal K Chaudhary

Will Kepel

Martin Hale

Ahmed Nabil Mahmoud

Deepayan Chanda

Gary Duffield

Dr. Erdal Ozkaya

How to Get Hired in Cybersecurity, Regardless of Your Background

Getting into cybersecurity from a technical background

Cybersecurity jobs to target

Hard versus soft skills

Getting started in cybersecurity with a non-technical background

Transitioning from your current technical role

Demonstrate your worth – before you apply

Read, listen, watch, and talk

What should be in your CV?

Checklist for what to include in a CV

Your journey from first contact to day one at work

Job interview types

Structured interviews

Unstructured interviews

Semi-structured interviews

Common cybersecurity interview questions

The general interview process

Commonly asked cybersecurity interview questions

Personal questions

Communication skills

Problem solving and judgement skills

Motivation and passion

Common tips

Consider these points before accepting a job

The view from a hiring manger or recruiter

What is the hiring process for recruiters?

How to get hired at Microsoft

How to get hired at Cisco

How to get hired at Google

How Google's CEO did his interview when he was first hired in 2004!

How to get hired at Exxon

Popular job search websites you should know

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think