Skip to main content

Search Shelves Books Log in

Details

Revision #1

Created 1 year ago by naruzkurai

Updated 1 year ago by naruzkurai

Actions

Revisions

Export

Contained Web File.html
PDF File.pdf
Plain Text File.txt
Markdown File.md

Book Navigation

[Completed] Professional Google Cybersecurity Specialization C6/8; Sound the Alarm: Detection and Response
Introduction to Course 6
Terms and definitions from the certificate
Dave: Grow your cybersecurity career with mentors
Welcome to week 1
Introduction to the incident response lifecycle
Incident response teams
Fatima: The importance of communication during incident response
Roles in response
Incident response plans
Incident response tools
The value of documentation
Intrusion detection systems
Overview of detection tools
Alert and event management with SIEM and SOAR tools
Wrap-up; Terms and definitions from Course 6, Week 1
Welcome to week 2
Casey: Apply soft skills in cybersecurity
The importance of network traffic flows
Maintain awareness with network monitoring
Data exfiltration attacks
Packets and packet captures
Learn more about packet captures
Interpret network communications with packets
Reexamine the fields of a packet header
Investigate packet details
Packet captures with tcpdump
example tcp dump activity
Activity: Research network protocol analyzers
Wrap-up; Terms and definitions from Course 6, Module 2
Welcome to module 3 ; The detection and analysis phase of the lifecycle
Cybersecurity incident detection methods
MK: Changes in the cybersecurity industry
Indicators of compromise
Analyze indicators of compromise with investigative tools
Analyze indicators of compromise with investigative tools
The benefits of documentation
Document evidence with chain of custody forms
Best practices for effective documentation
The value of cybersecurity playbooks
Generic Phishing Playbook Version 1.0
The role of triage in incident response
Robin: Foster cross-team collaboration
The triage process
The containment, eradication, and recovery phase of the lifecycle
Business continuity considerations
The post-incident activity phase of the lifecycle
Post-incident review
Wrap-up; Terms and definitions from Course 6, Module 3
read
Welcome to module 4
The importance of logs
The importance of logs
Best practices for log collection and management
Rebecca: Learn new tools and technologies
Variations of logs
Overview of log file formats
Security monitoring with detection tools
Detection tools and techniques
Grace: Security mindset in detection and response
Components of a detection signature
Examine signatures with Suricata
Examine signatures with Suricata
Examine Suricata logs
Overview of Suricata
Activity: Explore signatures and logs with Suricata
Reexamine SIEM tools
Log sources and log ingestion
Query for events with Splunk
Search methods with SIEM tools
Follow-along guide for Splunk sign-up
Wrap-up; Glossary terms from module 4
Course wrap-up
Terms and definitions from Course 6, course 6 glossary

Books

[Completed] Profession...

MK: Changes in the cyb...

MK: Changes in the cybersecurity industry

Hi, I'm MK, Director in the Office of the CISO for Google Cloud.

The role of the Chief Information Security Officer is both to protect Google Cloud from a security standpoint.

But also to ensure that we're providing all of the tools and products necessary so that our customers can achieve their security outcomes as well.

So I spent a number of years in the US government, 32 years in fact, 22 of which were spent as a special agent in the Federal Bureau of Investigation.

About midway through the course of my career, I had the opportunity to shift into cybersecurity lanes, which initiated, or should I say, reinitiated my interest in all things computers and computer science.

One of the things that the industry lacks is a sense of agility, that the adversary has in spades.

When they identify something that works for them, they continue to pound on it until and unless there's an obstacle.

And then once that obstacle is put in their way, they have shown an ability to easily pivot their tactics and techniques so that they can bypass the obstacle in future attempts to gain access to environments.

And so none of us can predict the future.

We're not at any kind of final stage.

This is a continually evolving industry.

What you can ascertain is that we need to be prepared in a variety of ways to combat what will certainly be a persistent onslaught from the adversary.

What that requires is a certain sense of agility, you have to be comfortable in existing in the unknown.

But you also have to have the intellectual aptitude in order to be able to digest and formulate new solutions on the fly.

Zero Trust is a huge trend right now because it's both been a desire of the industry to move toward Zero Trust, but also a requirement in some areas around the world.

Zero Trust is a movement away from the historical way that we've done security in the past.

Layman's terms, so you're a business traveler, you travel with your business laptop and you check into your hotel halfway around the world, and you need to get prepared and ready for a business meeting that's about to occur.

Historically, you'd want to be able to attest to the fact that that is an intended or qualified user within the enterprise attempting to gain access to this information.

And yes, based upon the information that you have, the identity and coupling that with device information, that user and device should have access to this information and be able to make a determination about it.

I do believe that the more that we invest in the Zero Trust approach or architecture, it will get us to a good point from which to pivot off of.

But I think a lot of what's to come is unknown, and that means continual learning.

It means, continually exposing yourself to different parts of the industry so that we are prepared for what may happen in the future.

No Comments

Back to top