[Completed] Professional Google Cybersecurity Specialization C8/8; Put It to Work: Prepare for Cybersecurity Jobs
- Introduction to Course 8
- Course 8 content
- Dion: My personal career journey
- Helpful resources and tips
- Welcome to module 1
- Security as a mindset
- Data and asset classification
- Detect and protect without neglect
- Disaster recovery and business continuity
- Juliana's story: Asset protection
- Wrap-up; Terms and definitions from Course 8, Module 1
- Welcome to module 2
- The importance of escalation
- The importance of escalation
- Escalate with a purpose
- Prepare to escalate through security recognition
- Recognize roles and responsibilities during escalation
- From simple activity to major data breach
- When and how to escalate a security incident
- Escalation timing
- Juliana's story: Attention to detail
- Welcome to module 3
- Stakeholders in cybersecurity
- The purpose and impact of stakeholders
- Explore: Stakeholder roles and responsibilities
- Clear and concise communication
- Building blocks of cybersecurity communications
- Communicate effectively with stakeholders
- Visual storytelling in cybersecurity
- Create visual dashboards for impactful cybersecurity communications
- How to create a visual dashboard
- Juliana’s story: Effective communication
- Wrap-up;Terms and definitions from Course 8, Module 3
- Welcome to module 4 (38% complete)
- Helpful cybersecurity resources
- Strategies for engaging with the cybersecurity community
- Victoria: Continue your learning journey
- Engage with the cybersecurity community in a meaningful way
- Connect with other cybersecurity professionals
- Sarah: Network in the cybersecurity community
- Wrap-up; Terms and definitions from Course 8, Module 4
- Security organization worksheet
- Welcome to module 5
- Find cybersecurity jobs
- Create a resume
- Create a resume, example resume and Tips
- Garvey: Cover letter tips
- Explore the interview process
- The interview process
- Garvey: Technical interview tips
- Conduct pre-interview research
- Build rapport with interviewers
- Use strategies to answer interview questions
- Apply the STAR method during interviews
- Prepare for interviews
- Ask the interviewer questions
- Karan: Interview tips from a hiring manager
- Develop an elevator pitch
- Learn more about developing an elevator pitch
- Tips for interviewing remotely
- Emily: Overcome imposter syndrome
- Wrap-up; Terms and definitions from Course 8, Module 5
- Course wrap-up
- Course 8 glossary
- Recap of the Google Cybersecurity Certificate program
- Congratulations on completing the Google Cybersecurity Certificate program!
- Showcase your work
- Claim your Google Cybersecurity Certificate badge!
- Free resources for Google Cybersecurity Certificate graduates
- Terms and definitions from the Professional Google Cybersecurity Specialization Certificate
- Create a cybersecurity portfolio
Introduction to Course 8
Hello, and welcome to the course!
I'm Dion, a Program Manager at Google.
I've worked in security for the past five years in areas ranging from risk management to insider threat detection.
I'll be your first instructor in this course.
As a security analyst, you'll help protect the assets of the organization you work for, including tangible, or physical, assets such as software and network devices, as well as intangible assets, like PII, copyrights, and intellectual property.
Imagine if this kind of sensitive information were to be exposed by a threat actor!
It would be devastating to the reputation and financial stability of the organization and the people the organization serves.
In previous courses, we discussed a variety of topics that are relevant to the security profession, including: core security concepts; frameworks and controls; threats, risks, and vulnerabilities; networks; incident detection and response; and programming basics.
Now it's time to put all of these core security concepts to practical use.
In this course, we'll further explore how to protect assets and communicate incidents.
Then, we'll discuss when and how to escalate incidents to protect an organization's assets and data.
We'll also cover how to communicate effectively to influence stakeholders' decisions related to security.
After that, Emily, your instructor for the second part of this course will introduce some reliable resources that will help you engage with the security community after you complete this certificate program.
And finally, we'll cover how to find, prepare for, and apply for security jobs.
This will include discussions about how to create a compelling resume and tips to help you throughout the interview process.
When I started my first security-based role, I was excited to be hired at Google to protect information and devices.
I was also happy to be a part of a broader team that I could learn from and reach out to for support.
My team helped me grow my expertise, and I'm proud of my contribution to our projects.
By the end of this course, you'll have had multiple opportunities to refine your understanding of key security concepts, create a resume, build confidence in your interview skills, and even participate in an artificial intelligence, or AI, generated interview.
The security profession is such an amazing field, and I'm looking forward to you joining it!
I have one question for you: Are you ready to get started?
Course 8 content
Each course of this certificate program is broken into modules. You can complete courses at your own pace, but the module breakdowns are designed to help you finish the entire Google Cybersecurity Certificate in about six months.
What’s to come? Here’s a quick overview of the skills you’ll learn in each module of this course.
Module 1: Protect data and communicate incidents
You will recognize the importance of security professionals in the workplace. You'll discover how proper detection and escalation can impact an organization’s security posture.
Module 2: Escalate incidents
You will explore the importance of incident prioritization and escalation. You'll learn how the decisions security professionals make help to keep business operations safe.
Module 3: Communicate effectively to influence stakeholders
You will learn about important stakeholders in cybersecurity. In addition, you'll create clear and concise communications to stakeholders.
Module 4: Engage with the cybersecurity community
You will learn how to stay up-to-date on the latest cybersecurity trends and explore how to engage with the security community.
Module 5: Find and apply for cybersecurity jobs
You will prepare for your job search. You will explore career readiness techniques, such as creating a resume, developing an elevator pitch, and preparing for the interview process. Finally, you'll use career resources that can help you find and apply for jobs in cybersecurity.
Dion: My personal career journey
Hi, I'm Dion.
I am a program manager at Google.
I am a part of the detection and response team which falls under the privacy, safety, and security organization.
My favorite part of my job is understanding that there are threats that we encounter day by day.
And my team helps to ensure that we can find those threats and respond to them accordingly.
Cybersecurity is very important.
Just as we need to keep ourselves physically secure, we need to keep our information online safe and secure.
So, whenever you use a computer or a device, that data lives somewhere online.
And you trust Google and other companies to secure that data and keep it private, only to you.
The work that I do day by day ensures that your information, your data, and the world's information stays secure, stays private, and protected.
I've held many jobs in different areas before getting involved in cybersecurity.
One of those jobs is serving as a radio DJ and online personality, which has not much to do with security.
One of the key things I got from that was to keep the music playing.
No matter what happens, keep the music playing.
I'm also a proud father.
My kids are my greatest assets and I have to protect them.
There are lots of threats and risks associated with them, even vulnerabilities.
As a security guy, I have to protect the information that I'm tasked with holding from threats, risks, and vulnerabilities.
As a security professional, fires will come up.
You have to find a way to keep things moving, either escalating to the right team or escalating up the chain to find a resolution.
So, having not been formally trained in security, I am tasked with teaching myself new things daily.
New threats arrive, new things need to be protected, and security is constantly changing.
I teach myself through online learning.
I subscribe to and read to lots of journals related to security knowledge, and I'm also taking some security courses online as well.
I think the most challenging part about an entry-level role in security is not knowing what you don't know.
When I first got involved in security, I was really winging it, but the one thing that I did was always reach out to my team for support.
Getting stuck is a part of the process, we could always lean on our team and others for additional support or to help us get unstuck.
Helpful resources and tips
As a learner, you can choose to complete one or multiple courses in this program. However, to obtain the Google Cybersecurity Certificate, you must complete all the courses. This reading describes what is required to obtain a certificate and best practices for you to have a good learning experience on Coursera.
Module, course, and certificate glossaries
This program covers a lot of terms and concepts, some of which you may already know and some of which may be unfamiliar to you. To review terms and help you prepare for graded quizzes, refer to the following glossaries:
Module, course, and certificate glossaries
This program covers a lot of terms and concepts, some of which you may already know and some of which may be unfamiliar to you. To review terms and help you prepare for graded quizzes, refer to the following glossaries:
Module, course, and certificate glossaries
This program covers a lot of terms and concepts, some of which you may already know and some of which may be unfamiliar to you. To review terms and help you prepare for graded quizzes, refer to the following glossaries:
-
Module glossaries: At the end of each module’s content, you can review a glossary of terms from that module. Each module’s glossary builds upon the terms from the previous modules in that course. The module glossaries are not downloadable; however, all of the terms and definitions are included in the course and certificate glossaries, which are downloadable.
-
Course glossaries: At the end of each course, you can access and download a glossary that covers all of the terms in that course.
-
Certificate glossary: The certificate glossary includes all of the terms in the entire certificate program and is a helpful resource that you can reference throughout the program or at any time in the future.
Terms and definitions from the certificate:
A
Absolute file path: The full file path, which starts from the root
Access controls: Security controls that manage access, authorization, and accountability of information
Active packet sniffing: A type of attack where data packets are manipulated in transit
Address Resolution Protocol (ARP): A network protocol used to determine the MAC address of the next router or device on the path
Advanced persistent threat (APT): An instance when a threat actor maintains unauthorized access to a system for an extended period of time
Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Adware: A type of legitimate software that is sometimes used to display digital advertisements in applications
Algorithm: A set of rules used to solve a problem
Analysis: The investigation and validation of alerts
Angler phishing: A technique where attackers impersonate customer service representatives on social media
Anomaly-based analysis: A detection method that identifies abnormal behavior
Antivirus software: A software program used to prevent, detect, and eliminate malware and viruses
Application: A program that performs a specific task
Application programming interface (API) token: A small block of encrypted code that contains information about a user
Argument (Linux): Specific information needed by a command
Argument (Python): The data brought into a function when it is called
Array: A data type that stores data in a comma-separated ordered list
Assess: The fifth step of the NIST RMF that means to determine if established controls are implemented correctly
Asset: An item perceived as having value to an organization
Asset classification: The practice of labeling assets based on sensitivity and importance to an organization
Asset inventory: A catalog of assets that need to be protected
Asset management: The process of tracking assets and the risks that affect them
Asymmetric encryption: The use of a public and private key pair for encryption and decryption of data
Attack surface: All the potential vulnerabilities that a threat actor could exploit
Attack tree: A diagram that maps threats to assets
Attack vectors: The pathways attackers use to penetrate security defenses
Authentication: The process of verifying who someone is
Automation: The use of technology to reduce human and manual effort to perform common and repetitive tasks
Availability: The idea that data is accessible to those who are authorized to access it
B
Bandwidth: The maximum data transmission capacity over a network, measured by bits per second
Baseline configuration (baseline image): A documented set of specifications within a system that is used as a basis for future builds, releases, and updates
Bash: The default shell in most Linux distributions
Basic auth: The technology used to establish a user’s request to access a server
Basic Input/Output System (BIOS): A microchip that contains loading instructions for the computer and is prevalent in older systems
Biometrics: The unique physical characteristics that can be used to verify a person’s identity
Bit: The smallest unit of data measurement on a computer
Boolean data: Data that can only be one of two values: either True or False
Bootloader: A software program that boots the operating system
Botnet: A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder"
Bracket notation: The indices placed in square brackets
Broken chain of custody: Inconsistencies in the collection and logging of evidence in the chain of custody
Brute force attack: The trial and error process of discovering private information
Bug bounty: Programs that encourage freelance hackers to find and report vulnerabilities
Built-in function: A function that exists within Python and can be called directly
Business continuity: An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans
Business continuity plan (BCP): A document that outlines the procedures to sustain business operations during and after a significant disruption
Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
C
Categorize: The second step of the NIST RMF that is used to develop risk management processes and tasks
CentOS: An open-source distribution that is closely related to Red Hat
Central Processing Unit (CPU): A computer’s main processor, which is used to perform general computing tasks on a computer
Chain of custody: The process of documenting evidence possession and control during an incident lifecycle
Chronicle: A cloud-native tool designed to retain, analyze, and search data
Cipher: An algorithm that encrypts information
Cloud-based firewalls: Software firewalls that are hosted by the cloud service provider
Cloud computing: The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices
Cloud network: A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet
Cloud security: The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Command: An instruction telling the computer to do something
Command and control (C2): The techniques used by malicious actors to maintain communications with compromised systems
Command-line interface (CLI): A text-based user interface that uses commands to interact with the computer
Comment: A note programmers make about the intention behind their code
Common Event Format (CEF): A log format that uses key-value pairs to structure data and identify fields and their corresponding values
Common Vulnerabilities and Exposures (CVE®) list: An openly accessible dictionary of known vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS): A measurement system that scores the severity of a vulnerability
Compliance: The process of adhering to internal standards and external regulations
Computer security incident response teams (CSIRT): A specialized group of security professionals that are trained in incident management and response
Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software
Conditional statement: A statement that evaluates code to determine if it meets a specified set of conditions
Confidentiality: The idea that only authorized users can access specific assets or data
Confidential data: Data that often has limits on the number of people who have access to it
Confidentiality, integrity, availability (CIA) triad: A model that helps inform how organizations consider risk when setting up systems and security policies
Configuration file: A file used to configure the settings of an application
Containment: The act of limiting and preventing additional damage caused by an incident
Controlled zone: A subnet that protects the internal network from the uncontrolled zone
Cross-site scripting (XSS): An injection attack that inserts code into a vulnerable website or web application
Crowdsourcing: The practice of gathering information using public input and collaboration
Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient
Cryptographic key: A mechanism that decrypts ciphertext
Cryptography: The process of transforming information into a form that unintended readers can’t understand
Cryptojacking: A form of malware that installs software to illegally mine cryptocurrencies
Cybersecurity (or security): The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
D
Data: Information that is translated, processed, or stored by a computer
Data at rest: Data not currently being accessed
Database: An organized collection of information or data
Data controller: A person that determines the procedure and purpose for processing data
Data custodian: Anyone or anything that’s responsible for the safe handling, transport, and storage of information
Data exfiltration: Unauthorized transmission of data from a system
Data in transit: Data traveling from one point to another
Data in use: Data being accessed by one or more users
Data owner: The person who decides who can access, edit, use, or destroy their information
Data packet: A basic unit of information that travels from one device to another within a network
Data point: A specific piece of information
Data processor: A person that is responsible for processing data on behalf of the data controller
Data protection officer (DPO): An individual that is responsible for monitoring the compliance of an organization's data protection procedures
Data type: A category for a particular type of data item
Date and time data: Data representing a date and/or time
Debugger: A software tool that helps to locate the source of an error and assess its causes
Debugging: The practice of identifying and fixing errors in code
Defense in depth: A layered approach to vulnerability management that reduces risk
Denial of service (DoS) attack: An attack that targets a network or server and floods it with network traffic
Detect: A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections
Detection: The prompt discovery of security events
Dictionary data: Data that consists of one or more key-value pairs
Digital certificate: A file that verifies the identity of a public key holder
Digital forensics: The practice of collecting and analyzing data to determine what has happened after an attack
Directory: A file that organizes where other files are stored
Disaster recovery plan: A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident
Distributed denial of service (DDoS) attack: A type of denial of service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic
Distributions: The different versions of Linux
Documentation: Any form of recorded content that is used for a specific purpose
DOM-based XSS attack: An instance when malicious script exists in the webpage a browser loads
Domain Name System (DNS): A networking protocol that translates internet domain names into IP addresses
Dropper: A type of malware that comes packed with malicious code which is delivered and installed onto a target system
E
Elevator pitch: A brief summary of your experience, skills, and background
Encapsulation: A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets
Encryption: The process of converting data from a readable format to an encoded format
Endpoint: Any device connected on a network
Endpoint detection and response (EDR): An application that monitors an endpoint for malicious activity
Eradication: The complete removal of the incident elements from all affected systems
Escalation policy: A set of actions that outline who should be notified when an incident alert occurs and how that incident should be handled
Event: An observable occurrence on a network, system, or device
Exception: An error that involves code that cannot be executed even though it is syntactically correct
Exclusive operator: An operator that does not include the value of comparison
Exploit: A way of taking advantage of a vulnerability
Exposure: A mistake that can be exploited by a threat
External threat: Anything outside the organization that has the potential to harm organizational assets
F
False negative: A state where the presence of a threat is not detected
False positive: An alert that incorrectly detects the presence of a threat
Fileless malware: Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer
File path: The location of a file or directory
Filesystem Hierarchy Standard (FHS): The component of the Linux OS that organizes data
Filtering: Selecting data that match a certain condition
Final report: Documentation that provides a comprehensive review of an incident
Firewall: A network security device that monitors traffic to or from a network
Float data: Data consisting of a number with a decimal point
Foreign key: A column in a table that is a primary key in another table
Forward proxy server: A server that regulates and restricts a person’s access to the internet
Function: A section of code that can be reused in a program
G
Global variable: A variable that is available through the entire program
Graphical user interface (GUI): A user interface that uses icons on the screen to manage different tasks on the computer
H
Hacker: Any person who uses computers to gain access to computer systems, networks, or data
Hacktivist: A person who uses hacking to achieve a political goal
Hard drive: A hardware component used for long-term memory
Hardware: The physical components of a computer
Hash collision: An instance when different inputs produce the same hash value
Hash function: An algorithm that produces a code that can’t be decrypted
Hash table: A data structure that's used to store and reference hash values
Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients’ health information
Honeypot: A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders
Host-based intrusion detection system (HIDS): An application that monitors the activity of the host on which it’s installed
Hub: A network device that broadcasts information to every device on the network
Hypertext Transfer Protocol (HTTP): An application layer protocol that provides a method of communication between clients and website servers
Hypertext Transfer Protocol Secure (HTTPS): A network protocol that provides a secure method of communication between clients and website servers
I
Identify: A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets
Identity and access management (IAM): A collection of processes and technologies that helps organizations manage digital identities in their environment
IEEE 802.11 (Wi-Fi): A set of standards that define communication for wireless LANs
Immutable: An object that cannot be changed after it is created and assigned a value
Implement: The fourth step of the NIST RMF that means to implement security and privacy plans for an organization
Improper usage: An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies
Incident: An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies
Incident escalation: The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member
Incident handler’s journal: A form of documentation used in incident response
Incident response: An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach
Incident response plan: A document that outlines the procedures to take in each step of incident response
Inclusive operator: An operator that includes the value of comparison
Indentation: Space added at the beginning of a line of code
Index: A number assigned to every element in a sequence that indicates its position
Indicators of attack (IoA): The series of observed events that indicate a real-time incident
Indicators of compromise (IoC): Observable evidence that suggests signs of a potential security incident
Information privacy: The protection of unauthorized access and distribution of data
Information security (InfoSec): The practice of keeping data in all states away from unauthorized users
Injection attack: Malicious code inserted into a vulnerable application
Input validation: Programming that validates inputs from users and other programs
Integer data: Data consisting of a number that does not include a decimal point
Integrated development environment (IDE): A software application for writing code that provides editing assistance and error correction tools
Integrity: The idea that the data is correct, authentic, and reliable
Internal hardware: The components required to run the computer
Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk
Internet Control Message Protocol (ICMP): An internet protocol used by devices to tell each other about data transmission errors across the network
Internet Control Message Protocol flood (ICMP flood): A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server
Internet Protocol (IP): A set of standards used for routing and addressing data packets as they travel between devices on a network
Internet Protocol (IP) address: A unique string of characters that identifies the location of a device on the internet
Interpreter: A computer program that translates Python code into runnable instructions line by line
Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions
Intrusion prevention system (IPS): An application that monitors system activity for intrusive activity and takes action to stop the activity
IP spoofing: A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network
Iterative statement: Code that repeatedly executes a set of instructions
K
KALI LINUX ™: An open-source distribution of Linux that is widely used in the security industry
Kernel: The component of the Linux OS that manages processes and memory
Key-value pair: A set of data that represents two linked items: a key, and its corresponding value
L
Legacy operating system: An operating system that is outdated but still being used
Lessons learned meeting: A meeting that includes all involved parties after a major incident
Library: A collection of modules that provide code users can access in their programs
Linux: An open-source operating system
List concatenation: The concept of combining two lists into one by placing the elements of the second list directly after the elements of the first list
List data: Data structure that consists of a collection of data in sequential form
Loader: A type of malware that downloads strains of malicious code from an external source and installs them onto a target system
Local Area Network (LAN): A network that spans small areas like an office building, a school, or a home
Local variable: A variable assigned within a function
Log: A record of events that occur within an organization’s systems
Log analysis: The process of examining logs to identify events of interest
Logging: The recording of events occurring on computer systems and networks
Logic error: An error that results when the logic used in code produces unintended results
Log management: The process of collecting, storing, analyzing, and disposing of log data
Loop condition: The part of a loop that determines when the loop terminates
Loop variable: A variable that is used to control the iterations of a loop
M
Malware: Software designed to harm devices or networks
Malware infection: An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network
Media Access Control (MAC) address: A unique alphanumeric identifier that is assigned to each physical device on a network
Method: A function that belongs to a specific data type
Metrics: Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application
MITRE: A collection of non-profit research and development centers
Modem: A device that connects your router to the internet and brings internet access to the LAN
Module: A Python file that contains additional functions, variables, classes, and any kind of runnable code
Monitor: The seventh step of the NIST RMF that means be aware of how systems are operating
Multi-factor authentication (MFA): A security measure that requires a user to verify their identity in two or more ways to access a system or network
N
nano: A command-line file editor that is available by default in many Linux distributions
National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
National Institute of Standards and Technology (NIST) Incident Response Lifecycle: A framework for incident response consisting of four phases: Preparation; Detection and Analysis; Containment, Eradication and Recovery, and Post-incident activity
National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53: A unified framework for protecting the security of information systems within the U.S. federal government
Network: A group of connected devices
Network-based intrusion detection system (NIDS): An application that collects and monitors network traffic and network data
Network data: The data that’s transmitted between devices on a network
Network Interface Card (NIC): Hardware that connects computers to a network
Network log analysis: The process of examining network logs to identify events of interest
Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network
Network protocols: A set of rules used by two or more devices on a network to describe the order of delivery and the structure of data
Network security: The practice of keeping an organization's network infrastructure secure from unauthorized access
Network segmentation: A security technique that divides the network into segments
Network traffic: The amount of data that moves across a network
Non-repudiation: The concept that the authenticity of information can’t be denied
Notebook: An online interface for writing, storing, and running code
Numeric data: Data consisting of numbers
O
OAuth: An open-standard authorization protocol that shares designated access between applications
Object: A data type that stores data in a comma-separated list of key-value pairs
On-path attack: An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit
Open-source intelligence (OSINT): The collection and analysis of information from publicly available sources to generate usable intelligence
Open systems interconnection (OSI) model: A standardized concept that describes the seven layers computers use to communicate and send data over the network
Open Web Application Security Project/Open Worldwide Application Security Project (OWASP): A non-profit organization focused on improving software security
Operating system (OS): The interface between computer hardware and the user
Operator: A symbol or keyword that represents an operation
Options: Input that modifies the behavior of a command
Order of volatility: A sequence outlining the order of data that must be preserved from first to last
OWASP Top 10: A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications
P
Package: A piece of software that can be combined with other packages to form an application
Package manager: A tool that helps users install, manage, and remove packages or applications
Packet capture (P-cap): A file containing data packets intercepted from an interface or network
Packet sniffing: The practice of capturing and inspecting data packets across a network
Parameter (Python): An object that is included in a function definition for use in that function
Parrot: An open-source distribution that is commonly used for security
Parsing: The process of converting data into a more readable format
Passive packet sniffing: A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network
Password attack: An attempt to access password secured devices, systems, networks, or data
Patch update: A software and operating system update that addresses security vulnerabilities within a program or product
Payment Card Industry Data Security Standards (PCI DSS): A set of security standards formed by major organizations in the financial industry
Penetration test (pen test): A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes
PEP 8 style guide: A resource that provides stylistic guidelines for programmers working in Python
Peripheral devices: Hardware components that are attached and controlled by the computer system
Permissions: The type of access granted for a file or directory
Personally identifiable information (PII): Any information used to infer an individual's identity
Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Phishing kit: A collection of software tools needed to launch a phishing campaign
Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed
Ping of death: A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB
Playbook: A manual that provides details about any operational action
Policy: A set of rules that reduce risk and protect information
Port: A software-based location that organizes the sending and receiving of data between devices on a network
Port filtering: A firewall function that blocks or allows certain port numbers to limit unwanted communication
Post-incident activity: The process of reviewing an incident to identify areas for improvement during incident handling
Potentially unwanted application (PUA): A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software
Private data: Information that should be kept from the public
Prepare: The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Prepared statement: A coding technique that executes SQL statements before passing them on to a database
Primary key: A column where every row has a unique entry
Principle of least privilege: The concept of granting only the minimal access and authorization required to complete a task or function
Privacy protection: The act of safeguarding personal information from unauthorized use
Procedures: Step-by-step instructions to perform a specific security task
Process of Attack Simulation and Threat Analysis (PASTA): A popular threat modeling framework that’s used across many industries
Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks
Protect: A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats
Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual
Protecting and preserving evidence: The process of properly working with fragile and volatile digital evidence
Proxy server: A server that fulfills the requests of its clients by forwarding them to other servers
Public data: Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others
Public key infrastructure (PKI): An encryption framework that secures the exchange of online information
Python Standard Library: An extensive collection of Python code that often comes packaged with Python
Q
Query: A request for data from a database table or a combination of tables
Quid pro quo: A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money
R
Rainbow table: A file of pre-generated hash values and their associated plaintext
Random Access Memory (RAM): A hardware component used for short-term memory
Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access
Rapport: A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other
Recover: A NIST core function related to returning affected systems back to normal operation
Recovery: The process of returning affected systems back to normal operations
Red Hat® Enterprise Linux® (also referred to simply as Red Hat in this course): A subscription-based distribution of Linux built for enterprise use
Reflected XSS attack: An instance when malicious script is sent to a server and activated during the server’s response
Regular expression (regex): A sequence of characters that forms a pattern
Regulations: Rules set by a government or other authority to control the way something is done
Relational database: A structured database containing tables that are related to each other
Relative file path: A file path that starts from the user's current directory
Replay attack: A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time
Resiliency: The ability to prepare for, respond to, and recover from disruptions
Respond: A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process
Return statement: A Python statement that executes inside a function and sends information back to the function call
Reverse proxy server: A server that regulates and restricts the internet's access to an internal server
Risk: Anything that can impact the confidentiality, integrity, or availability of an asset
Risk mitigation: The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Root directory: The highest-level directory in Linux
Rootkit: Malware that provides remote, administrative access to a computer
Root user (or superuser): A user with elevated privileges to modify the system
Router: A network device that connects multiple networks together
S
Salting: An additional safeguard that’s used to strengthen hash functions
Scareware: Malware that employs tactics to frighten users into infecting their device
Search Processing Language (SPL): Splunk’s query language
Secure File Transfer Protocol (SFTP): A secure protocol used to transfer files from one device to another over a network
Secure shell (SSH): A security protocol used to create a shell with a remote system
Security architecture: A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats
Security audit: A review of an organization's security controls, policies, and procedures against a set of expectations
Security controls: Safeguards designed to reduce specific security risks
Security ethics: Guidelines for making appropriate decisions as a security professional
Security frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy
Security governance: Practices that help support, define, and direct security efforts of an organization
Security hardening: The process of strengthening a system to reduce its vulnerabilities and attack surface
Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization
Security mindset: The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data
Security operations center (SOC): An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks
Security orchestration, automation, and response (SOAR): A collection of applications, tools, and workflows that use automation to respond to security events
Security posture: An organization’s ability to manage its defense of critical assets and data and react to change
Security zone: A segment of a company’s network that protects the internal network from the internet
Select: The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
Sensitive data: A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), or protected health information (PHI)
Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines
Separation of duties: The principle that users should not be given levels of authorization that would allow them to misuse a system
Session: a sequence of network HTTP requests and responses associated with the same user
Session hijacking: An event when attackers obtain a legitimate user’s session ID
Session ID: A unique token that identifies a user and their device while accessing a system
Set data: Data that consists of an unordered collection of unique values
Shell: The command-line interpreter
Signature: A pattern that is associated with malicious activity
Signature analysis: A detection method used to find events of interest
Simple Network Management Protocol (SNMP): A network protocol used for monitoring and managing devices on a network
Single sign-on (SSO): A technology that combines several different logins into one
Smishing: The use of text messages to trick users to obtain sensitive information or to impersonate a known source
Smurf attack: A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets
Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Speed: The rate at which a device sends and receives data, measured by bits per second
Splunk Cloud: A cloud-hosted tool used to collect, search, and monitor log data
Splunk Enterprise: A self-hosted tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time
Spyware: Malware that’s used to gather and sell information without consent
SQL (Structured Query Language): A programming language used to create, interact with, and request information from a database
SQL injection: An attack that executes unexpected queries on a database
Stakeholder: An individual or group that has an interest in any decision or activity of an organization
Standard error: An error message returned by the OS through the shell
Standard input: Information received by the OS via the command line
Standard output: Information returned by the OS through the shell
Standards: References that inform how to set policies
STAR method: An interview technique used to answer behavioral and situational questions
Stateful: A class of firewall that keeps track of information passing through it and proactively filters out threats
Stateless: A class of firewall that operates based on predefined rules and that does not keep track of information from data packets
Stored XSS attack: An instance when malicious script is injected directly on the server
String concatenation: The process of joining two strings together
String data: Data consisting of an ordered sequence of characters
Style guide: A manual that informs the writing, formatting, and design of documents
Subnetting: The subdivision of a network into logical groups called subnets
Substring: A continuous sequence of characters within a string
Sudo: A command that temporarily grants elevated permissions to specific users
Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Suricata: An open-source intrusion detection system, intrusion prevention system, and network analysis tool
Switch: A device that makes connections between specific devices on a network by sending and receiving data between them
Symmetric encryption: The use of a single secret key to exchange information
Synchronize (SYN) flood attack: A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets
Syntax: The rules that determine what is correctly structured in a computing language
Syntax error: An error that involves invalid usage of a programming language
T
TCP/IP model: A framework used to visualize how data is organized and transmitted across a network
tcpdump: A command-line network protocol analyzer
Technical skills: Skills that require knowledge of specific tools, procedures, and policies
Telemetry: The collection and transmission of data for analysis
Threat: Any circumstance or event that can negatively impact assets
Threat actor: Any person or group who presents a security risk
Threat hunting: The proactive search for threats on a network
Threat intelligence: Evidence-based threat information that provides context about existing or emerging threats
Threat modeling: The process of identifying assets, their vulnerabilities, and how each is exposed to threats
Transferable skills: Skills from other areas that can apply to different careers
Transmission Control Protocol (TCP): An internet communication protocol that allows two devices to form a connection and stream data
Triage: The prioritizing of incidents according to their level of importance or urgency
Trojan horse: Malware that looks like a legitimate file or program
True negative: A state where there is no detection of malicious activity
True positive An alert that correctly detects the presence of an attack
Tuple data: Data structure that consists of a collection of data that cannot be changed
Type error: An error that results from using the wrong data type
U
Ubuntu: An open-source, user-friendly distribution that is widely used in security and other industries
Uncontrolled zone: Any network outside your organization's control
Unified Extensible Firmware Interface (UEFI): A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems
USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
User: The person interacting with a computer
User Datagram Protocol (UDP): A connectionless protocol that does not establish a connection between devices before transmissions
User-defined function: A function that programmers design for their specific needs
User interface: A program that allows the user to control the functions of the operating system
User provisioning: The process of creating and maintaining a user's digital identity
V
Variable: A container that stores data
Virtual machine (VM): A virtual version of a physical computer
Virtual Private Network (VPN): A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet
Virus: Malicious code written to interfere with computer operations and cause damage to data and software
VirusTotal: A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content
Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Visual dashboard: A way of displaying various types of data quickly in one place
Vulnerability: A weakness that can be exploited by a threat
Vulnerability assessment: The internal review process of an organization's security systems
Vulnerability management: The process of finding and patching vulnerabilities
Vulnerability scanner: Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network
W
Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Web-based exploits: Malicious code or behavior that’s used to take advantage of coding flaws in a web application
Whaling: A category of spear phishing attempts that are aimed at high-ranking executives in an organization
Wide Area Network (WAN): A network that spans a large geographic area like a city, state, or country
Wi-Fi Protected Access (WPA): A wireless security protocol for devices to connect to the internet
Wildcard: A special character that can be substituted with any other character
Wireshark: An open-source network protocol analyzer
World-writable file: A file that can be altered by anyone in the world
Worm: Malware that can duplicate and spread itself across systems on its own
Y
YARA-L: A computer language used to create rules for searching through ingested log data
Z
Zero-day: An exploit that was previously unknown
Welcome to module 1
Welcome to the first section of the course!
In the next several videos, we'll discuss what it means to have a security mindset, and how you'll use that mindset to protect an organization's assets and data.
Then, we'll explore the process of incident escalation in the event of a breach.
Finally, we'll share information to better help you understand the sensitive nature of the data that you'll work to protect.
Coming up, we'll focus on how to develop a security mindset then use that mindset to protect organizations and the people they serve.
Security as a mindset
Let's take a little time to discuss a concept that would help you throughout your security career: having a security mindset.
In previous courses, we discussed various threats, risks, and vulnerabilities and how they can impact organizational operations and the people served by those organizations.
These concepts are key considerations when thinking about having a security mindset.
You'll have to recognize not only what you're defending, but what or who you're defending against.
For example, it's important to recognize the types of assets that are essential to maintaining an organization's business functions, along with types of threats, risks, and vulnerabilities that can negatively impact those assets.
And that's what having a security mindset is all about.
A security mindset is the ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data.
Earlier in the program, we discussed threats, risks, and vulnerabilities that are posed by social engineering attacks, such as phishing.
These attacks are designed to compromise an organization's assets to help the threat actor or actors gain access to sensitive information.
Using our security mindset can help prevent these types of attacks.
It's important that we're constantly staying up-to-date with the kinds of attacks that are happening.
To do this, it's good to develop a habit of seeking out information regarding the latest security threats or vulnerabilities.
As you do this, new ideas for protecting company data may come to mind.
Security is an everyday objective for every security team in the industry.
So having a security mindset helps analysts defend against the constant pressure from attackers.
That mindset can make you think: "Every click of the mouse has the potential to lead to a security breach." That level of scrutiny as a security professional helps you prepare for the worst-case scenario, even if it doesn't happen.
Entry-level analysts can help protect low-level assets, such as an organization's guest WiFi network, and high-importance assets, such as intellectual property, trade secrets, PII, and even financial information.
Your security mindset allows you to protect all levels of assets.
However, if an incident does occur, that doesn't mean you respond to all incidents in the same way.
So we'll discuss incident prioritization a little later in the course.
Having a strong security mindset can help set you apart from other candidates as you prepare to enter the security profession.
It may even be a good idea to reference that foundation in future job interviews.
We'll discuss interview preparation in detail, later in the course.
Coming up, we'll focus on incident detection in greater detail.
Data and asset classification
Protecting an organization’s business operations and assets from security threats, risks, and vulnerabilities is important. You previously learned what it means to have a security mindset. That mindset can help you identify and reduce security risks and potential incidents.
In this reading, you will learn about key data classification types and the difference between the low-level and high-level assets of an organization.
Classifying for safety
Security professionals classify data types to help them properly protect an organization from cyber attacks that negatively impact business operations. Here is a review of the most common data types:
-
Public data
-
Private data
-
Sensitive data
-
Confidential data
Public data
This data classification does not need extra security protections. Public data is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others. Although this data is open to the public, it still needs to be protected from security attacks. Examples of public data include press releases, job descriptions, and marketing materials.
Private data
This data classification type has a higher security level. Private data is information that should be kept from the public. If an individual gains unauthorized access to private data, that event has the potential to pose a serious risk to an organization.
Examples of private data can include company email addresses, employee identification numbers, and an organization’s research data.
Sensitive data
This information must be protected from everyone who does not have authorized access. Unauthorized access to sensitive data can cause significant damage to an organization’s finances and reputation.
Sensitive data includes personally identifiable information (PII), sensitive personally identifiable information (SPII), and protected health information (PHI). Examples of these types of sensitive data are banking account numbers, usernames and passwords, social security numbers (which U.S. citizens use to report their wages to the government), passwords, passport numbers, and medical information.
Confidential data
This data classification type is important for an organization’s ongoing business operations. Confidential data often has limits on the number of people who have access to it. Access to confidential data sometimes involves the signing of non-disclosure agreements (NDAs)— legal contracts that bind two or more parties to protect information—to further protect the confidentiality of the data.
Examples of confidential data include proprietary information such as trade secrets, financial records, and sensitive government data.
Asset classification
Asset classification means labeling assets based on sensitivity and importance to an organization. The classification of an organization's assets ranges from low- to high-level.
Public data is a low-level asset. It is readily available to the public and will not have a negative impact on an organization if compromised. Sensitive data and confidential data are high-level assets. They can have a significantly negative impact on an organization if leaked publicly. That negative impact can lead to the loss of a company’s competitive edge, reputation, and customer trust. A company’s website address is an example of a low-level asset. An internal email from that company discussing trade secrets is an example of a high-level asset.
Key takeaways
Every company has their own data classification policy that identifies what type of data is in each category. It will be important to your success as a security professional to familiarize yourself with that policy. Understanding different data and asset classification types is important. It helps you prioritize what data needs to be protected most. It also helps you recognize what assets need higher levels of security and what assets need minimal security.
Detect and protect without neglect
Welcome back!
In earlier courses, we discussed the impact that security incidents can have on the critical data and assets of an organization.
If data and assets are compromised, it can lead to financial pains for an organization.
It can even lead to regulatory fines and the loss of credibility with customers or other businesses in the same industry.
This is why your role in protecting company data and assets is so valuable.
Collaboration is an exciting part about working in security.
There are so many individuals across an organization that are interested in various functions of security.
No security professional can do this alone.
Some team members are focused on protecting sensitive financial data, others work on protecting usernames and passwords, some are more focused on protecting third-party vendor security, and others may be concerned with protecting employees' PII.
These stakeholders and others have an interest in the role the security team plays for keeping the organization, and the people it serves, safe from malicious attacks.
It's important to recognize that the assets and data you protect affect multiple levels of your organization.
One of the most important concerns for an organization is the protection of customer data.
Customers trust that an organization they engage with will protect their data at all times.
This means credit card numbers, Social Security numbers, emails, usernames, passwords, and so much more.
It's important to keep this in mind when taking on a security role.
Understanding the importance of the data you're protecting is a big part of having a strong security mindset.
As a security professional, it's important to handle sensitive data with care while being mindful of the little details to ensure that private data is protected from breaches.
When a security event results in a data breach, it is categorized as a security incident.
However, if the event is resolved without resulting in a breach, it's not considered an incident.
It's better to be safe when it comes to taking a job in the security profession.
That means paying attention to details and raising your issues to your supervisor.
For example, a seemingly small issue, like an employee installing an app on their work device without getting permission from the help desk should be escalated to a supervisor.
This is because some apps have vulnerabilities that can pose a threat to the security of the organization.
An example of a bigger issue is noticing that a log may have malicious code executed in it.
Malicious code can lead to operational downtime, severe financial consequences, or the loss of critical high-level assets.
The point is that there are no issues that are too small or too big.
If you're not sure of the potential impact of an incident, it's always best to be cautious and report events to the appropriate team members.
Each day on the job as a security professional comes with a level of responsibility to help protect the organization and the people it serves.
The decisions you make not only affect the company, but also its customers and countless team members across the organization.
Remember, what you do matters!
Disaster recovery and business continuity
The role of a security professional is to ensure a company’s data and assets are protected from threats, risks, and vulnerabilities. However, sometimes things don’t go as planned. There are times when security incidents happen. You’ve already learned that security breaches can lead to financial consequences and the loss of credibility with customers or other businesses in the industry.
This reading will discuss the need to create business continuity and disaster recovery plans to minimize the impact of a security incident on an organization’s business operations. Analysts need to consider the sequence of steps to be taken by the security team before business continuity and disaster recovery plans are implemented.
Identify and protect
Creating business continuity and disaster recovery plans are the final steps of a four-part process that most security teams go through to help ensure the security of an organization.
First, the security team identifies the assets that must be protected in the organization. Next, they determine what potential threats could negatively impact those assets. After the threats have been determined, the security team implements tools and processes to detect potential threats to assets. Lastly, the IT or appropriate business function creates the business continuity and disaster recovery plans. These plans are created in conjunction with one another. The plans help to minimize the impact of a security incident involving one of the organization’s assets.
Business continuity plan
The impact of successful security attacks on an organization can be significant. Loss of profits and customers are two possible outcomes that organizations never want to happen. A business continuity plan is a document that outlines the procedures to sustain business operations during and after a significant disruption. It is created alongside a disaster recovery plan to minimize the damage of a successful security attack. Here are four essential steps for business continuity plans:
-
Conduct a business impact analysis. The business impact analysis step focuses on the possible effects a disruption of business functions can have on an organization.
-
Identify, document, and implement steps to recover critical business functions and processes. This step helps the business continuity team create actionable steps toward responding to a security event.
-
Organize a business continuity team. This step brings various members of the organization together to help execute the business continuity plan, if it is needed. The members of this team are typically from the cybersecurity, IT, HR, communications, and operations departments.
-
Conduct training for the business continuity team. The team considers different risk scenarios and prepares for security threats during these training exercises.
Disaster recovery plan
A disaster recovery plan allows an organization’s security team to outline the steps needed to minimize the impact of a security incident, such as a successful ransomware attack that has stopped the manufacturing team from retrieving certain data. It also helps the security team resolve the security threat. A disaster recovery plan is typically created alongside a business continuity plan. Steps to create a disaster recovery plan should include:
-
Implementing recovery strategies to restore software
-
Implementing recovery strategies to restore hardware functionality
-
Identifying applications and data that might be impacted after a security incident has taken place
Key takeaways
Disaster recovery and business continuity plans are important for an organization’s security posture. It’s essential that the security team has plans in place to keep the organization’s business operations moving forward in case a security incident does occur.
Juliana's story: Asset protection
Meet Juliana Soto, who recently completed an online cybersecurity certificate program and was hired as a cybersecurity analyst for Right-On-Time Payment Solutions, a fictional payment processing company allowing individuals to transfer money to friends and family. Right-On-Time also allows companies to accept payments from customers or organizations.
In this reading, you will begin a three-part journey that follows Juliana as she takes on new roles and responsibilities within the cybersecurity team of her new company.
Juliana decides that one of her first objectives is to gain a better understanding of the most important assets to the company by reviewing various company reading materials that will help her learn what is most valuable to them. On her first day, she is given reading materials to help her familiarize herself with the company. She learns that customers must create unique usernames and passwords and provide their full name or company name to sign up for the service as an individual. Business customers can also sign up for the service if they provide their employee identification number (EIN). Finally, customers must enter their bank account information or debit card number for payments to be accepted.
Juliana discovers that this company handles a lot of personally identifiable information (PII) from its customers. This kind of information is considered sensitive data. Unauthorized access to it can lead to significant damage to the organization’s finances, its customers, and its reputation. Juliana realizes that the most important asset to this company is customer data.
After finishing the required onboarding materials, she decides to put together an information lifecycle strategy. She learned about this when completing her online cybersecurity certificate program.
Information lifecycle strategy
Juliana recalls the following steps of the information lifecycle:
-
The first step in the information lifecycle is to identify the important assets to the company, including sensitive customer information such as PII, financial information, social security numbers, and EINs.
-
The second step is to assess the security measures in place to protect the identified assets and review the company’s information security policies. There are different components to this step, ranging from vulnerability scanning to reviewing processes and procedures that are already in place. Juliana is new to the company and might not be ready to conduct vulnerability scans.
-
The third step of the information lifecycle is to protect the identified assets of the organization. Once again, this is only Juliana’s first day on the job. She asks her supervisor if she can observe a more senior security analyst for a day. This will give her the opportunity to learn how the security team monitors the company’s systems and network.
-
The last step of the security lifecycle is to monitor the security processes that have been implemented to protect the organization’s assets. She contacts her supervisor and gives them a detailed report of what she has learned on her first day. She requests to finish her day by monitoring a few of the systems that are in place. Her supervisor is impressed with her initiative and prepares Juliana to monitor the security systems. What a great first day for Juliana!
Key takeaways
Identifying the important assets of a company is a key security analyst responsibility. Once you identify the assets, it can be helpful to follow the information lifecycle strategy to help ensure those assets are being protected effectively. Reviewing a company’s security policies will also help an analyst understand what is important to the company and how the analyst should be protecting that data.
Wrap-up; Terms and definitions from Course 8, Module 1
You've had an opportunity to learn more about the important role an entry-level analyst plays in protecting the data and assets of an organization.
Let's quickly review what we covered.
We started off by discussing the importance of having a security mindset, including how it supports incident detection.
Then, we examined the relationship between incidents and events, and further explored the incident escalation process.
We ended our discussion by exploring the sensitive nature of the data that you're protecting and the amount of people counting on you to play your part in protecting that data.
Understanding how valuable you are as a member of the security team can help you put the work you do into perspective.
Every role in security matters.
Each individual contributes to making a company's operations flow smoothly.
I hope you enjoyed our discussion as much as I did!
Are you ready to continue your journey into the security world?
Coming up, we'll discuss the importance of escalating security incidents.
Glossary terms from module 1
Business continuity plan (BCP): A document that outlines the procedures to sustain business operations during and after a significant disruption
Confidential data: Data that often has limits on the number of people who have access to it
Disaster recovery plan: A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident
Private data: Information that should be kept from the public
Public data: Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others
Security mindset: The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data
Sensitive data: A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), and protected health information (PHI)
Welcome to module 2
I'm excited that you could join me today!
Previously, you learned about the importance of various asset types.
You also learned about the relationship between incidents and events.
Now, we'll focus on escalating those incidents and events to the right people.
Protecting the data and assets of an organization is the primary goal of a security team.
The decisions you make every day are important for helping the security team achieve that goal.
Recognizing when and how to escalate security incidents is crucial.
It helps ensure simple issues don't become larger problems for an organization.
Escalation is a term you should familiarize yourself with.
It's likely to resurface often as you continue your journey into the security profession.
In the following videos, we'll discuss incident escalation from an entry-level analyst's perspective.
Then, we'll explore various incident classification types and the impacts security incidents can have on business operations.
Finally, we'll share some general guidelines for escalating incidents.
Coming up, we'll start by focusing on incident escalation and how it can be used to prevent a seemingly small issue from becoming a bigger problem.
Let's get started!
The importance of escalation
Security analysts are hired to protect company assets and data, including knowing when and how to escalate security incidents.
In this video, we'll define security incident escalation and discuss your role in making decisions that help protect your organization's data and assets.
So what is incident escalation?
And why is it so important for security professionals?
Incident escalation is the process of identifying a potential security incident, triaging it, and (if appropriate) handing it off to a more experienced team member.
It's important to also recognize that not every incident needs to be escalated.
In this video, we'll cover what types of incidents should be escalated.
As an entry-level analyst, it's unlikely that you'll be responding to security incidents independently.
However, it's important that you know how to evaluate and escalate incidents to the right individual or team when necessary.
Let's discuss the essential skills needed to properly escalate security incidents.
There are two essential skills that will help you identify security incidents that need to be escalated: attention to detail and an ability to follow an organization's escalation guidelines or processes.
Attention to detail will help you quickly identify when something doesn't seem right within the organization's network or systems.
Following a company's escalation guidelines or processes will help you know how to properly escalate the issue you've identified.
Larger organizations' security teams have many levels, and each level, or member, of that team plays a major role in protecting the company's assets and data.
However, smaller and medium sized companies have only one or two people responsible for the organization's security.
For now, we'll focus on the roles in bigger organizations.
From the Chief Information Security Officer, also known as the CISO, to the engineering team, public relations team, and even the legal team, every member of the security team matters.
Each team member's role depends on the nature and scope of the incident.
These roles are highlighted within a company's escalation process.
Even the smallest security incident can become a much larger issue if not addressed.
And that's where you come in!
Imagine you're working at your desk and notice what appears to be a minor incident, but you decide to take a break before addressing or escalating it.
This decision could have major consequences.
If a small issue goes unescalated for too long, it has the potential to become a larger problem that costs the company money, exposes sensitive customer data, or damages the company's reputation.
However, with a high-level of attention to detail, and an ability to follow your organization's escalation guidelines and processes, it may be possible to avoid exposing the business, and its customers, to harmful incidents.
As an entry-level analyst, you play an important role.
You help the security team identify issues within the network and systems and help make sure the right person on the team is alerted when incidents occur.
Think about an assembly line.
Would the final step in the line be negatively impacted if the first step were done incorrectly, or not at all?
Of course it would!
Every decision you make helps the entire security team protect an organization's assets and data.
Knowing when and how to escalate security incidents is one of many important decisions you'll need to make on a daily basis.
Later in this course, we'll discuss the various levels of security incidents.
Knowing those levels will help you determine the level of urgency needed to escalate different incident types.
The importance of escalation
Security analysts are hired to protect company assets and data, including knowing when and how to escalate security incidents.
In this video, we'll define security incident escalation and discuss your role in making decisions that help protect your organization's data and assets.
So what is incident escalation?
And why is it so important for security professionals?
Incident escalation is the process of identifying a potential security incident, triaging it, and (if appropriate) handing it off to a more experienced team member.
It's important to also recognize that not every incident needs to be escalated.
In this video, we'll cover what types of incidents should be escalated.
As an entry-level analyst, it's unlikely that you'll be responding to security incidents independently.
However, it's important that you know how to evaluate and escalate incidents to the right individual or team when necessary.
Let's discuss the essential skills needed to properly escalate security incidents.
Escalate with a purpose
You previously learned about security incident escalation and the skills needed to help you escalate incidents. In this reading, you’ll learn the importance of escalating security issues and the potential impact of failing to escalate an issue.
Incident escalation
Security incident escalation is the process of identifying a potential security incident. During this process, potential incidents are transferred to a more experienced department or team member. As a security analyst, you’ll be expected to recognize potential issues, such as when an employee excessively enters the wrong credentials to their account, and report it to the appropriate person. When you join a new organization, you’ll learn about the specific processes and procedures for escalating incidents.
Notification of breaches
Many countries have breach notification laws, so it's important to familiarize yourself with the laws applicable in the area your company is operating in. Breach notification laws require companies and government entities to notify individuals of security breaches involving personally identifiable information (PII). PII includes personal identification numbers (e.g., Social Security numbers, driver’s license numbers, etc.), medical records, addresses, and other sensitive customer information. As an entry-level security analyst, you’ll need to be aware of various security laws, especially because they are regularly updated.
Low-level security issues
Low-level security issues are security risks that do not result in the exposure of PII. These issues can include the following and other risks:
-
An employee having one failed login attempt on their account
-
An employee downloading unapproved software onto their work laptop
These issues are not significant security challenges, but they must be investigated further in case they need to be escalated. An employee typing in a password two to three times might not be of concern. But if that employee types in a password 15 times within 30 minutes, there might be an issue that needs to be escalated. What if the multiple failed login attempts were a malicious actor attempting to compromise an employee’s account? What if an employee downloads an internet game or software on their work laptop that is infected with malware? You previously learned that malware is software designed to harm devices or networks. If malware is downloaded onto an organization’s network, it can lead to financial loss and even loss of reputation with the organization’s customers. While low-level security issues are not considered significant security threats, they should still be investigated to ensure they result in minimal impact to the organization.
The escalation process
Every company has different protocols and procedures, including unique escalation policies. These policies detail who should be notified when a security alert is received and who should be contacted if the first responder is not available. The policy will also determine how someone should specifically escalate an incident, whether it’s via the IT desk, an incident management tool, or direct communication between security team members.
Key takeaways
Incident escalation is essential for protecting an organization’s data. Every organization might have a different way of escalating security incidents. A security analyst should be aware of the escalation protocols that are in place at their organization. Both small and large security issues should be escalated to the appropriate team or team member.
Prepare to escalate through security recognition
Previously, we defined what it means to escalate an incident.
We also discussed the skills needed to properly escalate incidents when the time comes.
In this video, we're going to cover a few incident classification types to be aware of: malware infection, unauthorized access, and improper usage.
A malware infection is the incident type that occurs when malicious software designed to disrupt a system infiltrates an organization's computers or network.
As discussed in a previous course, malware infections can come in many forms.
Some are simple and others are a bit more complex.
One example is a phishing attempt.
These are relatively simple malware infections.
Another example is a ransomware attack, which is considered much more complex.
Malware infections can cause a system's network to run an unusually low speeds.
Attackers can even prevent an organization from viewing critical data, unless the organization pays the attacker a ransom to unlock the data.
This incident type is especially impactful to an organization because of the amount of sensitive data stored on an organization's network and computers.
Escalating malware infections is an important aspect of protecting the organization that you work for.
But wait, there's more.
The second incident type we'll discuss is unauthorized access.
This is an incident type that occurs when an individual gains digital or physical access to a system or application without permission.
As you may recall, earlier in the program, we discussed brute force attacks, which use trial and error to compromise passwords, login credentials, and encryption keys.
These attacks are often used to help attackers gain unauthorized access to an organization's systems or applications.
All unauthorized access incidents are important to escalate.
However, the urgency of that escalation depends on how critical that system is to the organization's business operations.
We'll explore this idea in more detail later in this course.
The third incident we'll discuss is improper usage.
This is an incident type that occurs when an employee of an organization violates the organization's acceptable use policies.
This one can be a bit complicated.
There are instances when improper usage is unintentional.
For an example, an employee may attempt to access software licenses for personal use or even use a company's system to access a friend's or coworker's data.
Maybe the employee wasn't aware of the policy they were violating, or maybe the policy wasn't properly defined and communicated to employees.
But there are other times when improper usage is an intentional act.
So how do you know if an improper usage incident is accidental or intentional?
That can be a difficult decision to make.
That's why improper usage incidents should always be escalated to a supervisor.
As a member of an organization's security team, it's likely that you'll encounter a variety of incident types while on the job.
So it's important to know what they are and how to escalate them.
Recognize roles and responsibilities during escalation
You previously learned about various incident classification types and how those incidents can impact an organization.
This reading will discuss the roles of the various team members who are a part of the incident escalation process. Keep in mind that not all organizations are alike, and some roles and responsibilities may be identified using different terminology and definitions.
Data owners
A data owner is the person that decides who can access, edit, use, or destroy their information. Data owners have administrative control over specific information hardware or software and are accountable for the classification, protection, access, and use of company data. For example, consider a situation where an employee gains unauthorized access to software they do not need to use for work. This kind of security event would be escalated to the data owner of that software.
Data controllers
Data controllers determine the procedure and purpose for processing data. This role largely focuses on collecting the personal information of customers. The data controller determines how that data is used. The data controller also ensures that data is used, stored, and processed in accordance with relevant security and privacy regulations. If sensitive customer information was at risk, that event would be escalated to data controllers.
Data processors
Data processors report directly to the data controller and are responsible for processing the data on behalf of the data controller. The data processor is typically a vendor and is often tasked with installing security measures to help protect the data. Data processing issues are typically escalated to the individual who oversees the third-party organization responsible for data processing.
Data custodians
Data custodians assign and remove access to software or hardware. Custodians are responsible for implementing security controls for the data they are responsible for, granting and revoking access to that data, creating policies regarding how that data is stored and transmitted, advising on potential threats to that data, and monitoring the data. Data custodians are notified when data security controls need to be strengthened or have been compromised.
Data protection officers (DPOs)
Data protection officers are responsible for monitoring the internal compliance of an organization’s data protection procedures. These individuals advise the security team on the obligations required by the organization's data protection standards and procedures. They also conduct assessments to determine whether or not the security measures in place are properly protecting the data as necessary. DPOs are notified when set standards or protocols have been violated.
Key takeaways
Incident escalation requires various members of a security team to act as one. Entry-level analysts should be familiar with the roles and responsibilities of different team members on the security team. As an entry-level analyst, you will typically escalate incidents to your direct supervisor. However, it’s still important to have an understanding of the different team members as you move forward in your security career because it will help you recognize which incidents should be reported to whom.
From simple activity to major data breach
So far, we've discussed different incident types and the importance of escalating those incidents to the right person.
But what happens if an incident goes unescalated for too long?
In this video, we'll discuss the potential impact that even the smallest incident can have on an organization, if it goes unnoticed.
Are you ready?
Great!
Now let's take a journey into a day in the life of an organization's security team.
It's been a quiet day for the security team.
Suddenly, you notice there's been unusual log activity in an app that was recently banned from the organization.
You make a note to mention this activity during the next meeting with your supervisor.
But you forget, and never mention it.
Following this same scenario, let's fast forward to a week later.
You and your supervisor are meeting again.
But now, the supervisor indicates that a data breach has occurred.
This breach has impacted one of the manufacturing sites for the organization.
Now, all operations at the manufacturing site have been put on hold.
This causes the company to lose money and precious time.
Days later, the security team discovers that the data breach began with suspicious activity in the app that was recently banned from the organization.
What we've learned from this scenario is that a simple incident can lead to a much larger issue, if not escalated properly.
Incident criticality is also important to note here.
Initially an incident can be escalated with a medium level of criticality if the analyst doesn't have enough information to determine the amount of damage done to the organization.
Once an experienced incident handler reviews the incident, the incident may be increased or decreased to a high or low criticality level.
Every security incident you encounter is important to an organization, but some incidents are certainly more urgent than others.
So, what's the best way to determine the urgency of a security incident?
It really depends on the asset or assets that the incident affects.
For example, if an employee forgets their login password for their work computer, a low-level security incident may be prompted if they have repeated failed login attempts.
This incident needs to be addressed, but the impact of this incident is likely minimal.
In other instances, assets are critical to an organization's business operations, such as a manufacturing plant or database that stores PII.
These types of assets need to be protected with a higher level of urgency.
The impact of an attacker gaining unauthorized access to a manufacturing application or PII is far greater than a forgotten password, because the attacker could interfere with the manufacturing processes or expose private customer data.
I hope this video has helped you understand the importance of knowing the relationship between assets and security incidents.
Later in this course, we'll share some new concepts related to escalation timing and why your role in that process matters.
When and how to escalate a security incident
Escalation timing
You previously learned about the potential impact even the smallest incident can have on an organization if the incident is not escalated properly. You also discovered just how important your role as an entry-level analyst will be to the effectiveness of an organization’s escalation process.
This reading will go into more detail about the role you’ll play in protecting an organization’s data and assets when it comes to escalating incidents.
Your decisions matter
Security is a fast-paced environment with bad actors constantly trying to compromise an organization’s systems and data. This means security analysts must be prepared to make daily decisions to help keep a company’s data and systems safe. Entry-level security analysts help the security team escalate potential security incidents to the right team members. A big part of your role as a security analyst will be making decisions about which security events to escalate before they become major security incidents.
Trust your instincts and ask questions
Confidence is an important attribute for a security analyst to have, especially when it comes to the escalation process. The security team will depend on you to be confident in your decision-making. You should be intentional about learning the organization’s escalation policy. This will help you gain confidence in making the right decisions when it comes to escalating security events. But remember to ask questions when necessary. It shows that you’re committed to constantly learning the right way to do your job.
All security events are not equal
An important part of escalation is recognizing which assets and data are the most important for your organization. You can determine this information by reading through your onboarding materials, asking your supervisor directly about which assets and data are most important, and reviewing your company’s security policies. When you have that type of understanding, it allows you to recognize when one incident should be given a higher priority over others. You previously learned about the following incident classification types:
-
Malware infections: Occur when malicious software designed to disrupt a system infiltrates an organization’s computers or network
-
Unauthorized access: Occurs when an individual gains digital or physical access to a system, data, or application without permission
-
Improper usage: Occurs when an employee of an organization violates the organization’s acceptable use policies
Identifying a specific incident type allows you to properly prioritize and quickly escalate those incidents. Remember, an incident which directly impacts assets that are essential to business operations should always take priority over incidents that do not directly impact business operations. For example, an incident where unauthorized access has been gained to a manufacturing application should take priority over an incident where malware has infected a legacy system that does not impact business operations. As you gain experience in the cybersecurity field, you will learn how to quickly assess the priority levels of incident types.
Quick escalation tips
A big part of your role in cybersecurity will be determining when to escalate a security event. Here are a few tips to help with this:
-
Familiarize yourself with the escalation policy of the organization you work for.
-
Follow the policy at all times.
-
Ask questions.
Key takeaways
Incident escalation will be an important part of your role within a security team. Entry-level analysts are expected to identify and escalate incidents related to their daily work. Reading and understanding your organization’s escalation policy will be helpful in this responsibility. The escalation policy will describe how and to whom you should escalate incidents. When in doubt, never be afraid to ask a supervisor about the escalation process. This will help you stay knowledgeable about your job and make informed decisions.
Juliana's story: Attention to detail
This is the second reading in the scenario about Juliana Soto, a cybersecurity analyst who was recently hired by Right-On-Time Payment Solutions. In the reading about asset protection
, Juliana identified important assets to her organization and came up with a plan for how to protect them. In this reading, you will review how Juliana used her company’s escalation policy and her attention to detail to deal with security issues she encountered on the job.
Focus on the details
As she prepares to go into the office this morning, Juliana reflects on the previous day’s accomplishments:
-
Read through company information to learn about the most important assets she is tasked with protecting
-
Learned that her company deals with PII data from customers
-
Put together an information security lifecycle strategy for the organization’s data
-
Began monitoring security systems on her work laptop
It was an exciting first day full of new information for Juliana! She wonders what today will bring.
Juliana is at her desk monitoring data logs and responding to emails. Suddenly, her system alerts her of suspicious log activity. It appears that an employee’s account has been locked due to 10 failed login attempts. She finds this concerning because the escalation policy states that 10 failed login attempts should be escalated to the password protection team.
Juliana is excited about her first chance to escalate a security event. As she prepares to go through the escalation process, she is suddenly alerted to another event that has happened. She clicks on the alert and learns that an unknown source has attempted to compromise a system that stores bank account information for the company’s customers. She views this as a major concern. She recalls the importance of sensitive financial information from her previous security training. She learned the previous day that her company stores a large amount of sensitive customer data. Hundreds of customers will be impacted if a system storing this kind of important data is compromised.
Juliana decides that the unknown source attempting to compromise the system that stores the bank information of customers is the more urgent of the two events and needs to be handled immediately. She references the company’s escalation policy to find the best way to handle the escalation process for this type of incident.
Juliana carefully follows the process outlined in the escalation policy, making sure to be attentive to all of the details in the process. This allows her to notify the appropriate team members of what has happened. She completes all the steps outlined in the escalation policy for an event dealing with customer PII.
Next, she decides to escalate the lower-priority event. Once again, she follows the company guidelines to escalate that event.
Juliana’s supervisor is impressed with her initiative and ability to follow the escalation guidelines. Juliana is off to a great start in her security career!
Key takeaways
Attention to detail is important for an entry-level security analyst. It helps the analyst monitor data logs and effectively follow an escalation policy. It’s also critical for the analyst to recognize what assets are most important to an organization. This helps the analyst prioritize how quickly certain incidents should be escalated.
Welcome to module 3
We've covered so much in previous courses, from the foundations of security to a basic understanding of networks and programming languages like SQL and Python.
These concepts are core knowledge when preparing for a role in the security profession.
But how does this information help you on a day-to-day basis?
And to whom do you communicate this information?
In this course, we'll start by discussing who stakeholders are.
Then, we'll identify their roles in relation to security.
Finally, we'll share effective communication strategies for relaying key information to stakeholders.
But before we can communicate with stakeholders, we have to understand who they are and why they're important.
So let's get started!
Stakeholders in cybersecurity
Let's discuss the hierarchy within an organization.
It goes from you, the analyst, to management, all the way up to executives.
Hierarchy is a great way to understand stakeholders.
A stakeholder is defined as an individual or group that has an interest in the decisions or activities of an organization.
This is important for your role as an entry-level analyst because the decisions made on a day-to-day basis by stakeholders will impact how you do your job.
Let's focus on stakeholders who have an interest in the daily choices analysts make.
After all, you may be asked to communicate your findings to them.
So let's learn a little bit more about who they are and the roles they play in regards to security.
Security threats, risks, and vulnerabilities can affect an entire company's operations from financial implications to the loss of customer data and trust, the impact of security incidents are limitless.
Each stakeholder has a responsibility to provide input on the various decisions and activities of the security team and how to best protect the organization.
There are many stakeholders that pay close attention to the security of critical organizational assets and data.
We're going to focus on five of those stakeholders: risk managers; the Chief Executive Officer, also known as the CEO; the Chief Financial Officer, also known as the CFO; the Chief Information Security Officer, or CISO; and operation managers.
Let's discuss each of these stakeholders in more detail.
Risk managers are important in an organization because they help identify risks and manage the response to security incidents.
They also notify the legal department regarding regulatory issues that need to be addressed.
Additionally, risk managers inform the organization's public relations team in case there is a need to publish public communications regarding an incident.
Next, is the Chief Executive Officer, also known as the CEO.
This is the highest ranking person in an organization.
CEOs are responsible for financial and managerial decisions.
They also have an obligation to report to shareholders and manage the operations of a company.
So naturally, security is a top priority for the CEO.
Now, let's discuss the Chief Financial Officer, known as the CFO.
CFOs are senior executives responsible for managing the financial operations of a company.
They are concerned about security from a financial standpoint because of the potential costs of an incident to the business.
They are also interested in the costs associated with tools and strategies that are necessary to combat security incidents.
Another stakeholder with an interest in security is the Chief Information Security Officer, or CISO.
CISOs are high-level executives responsible for developing an organization's security architecture and conducting risk analysis and system audits.
They're also tasked with creating security and business continuity plans.
Last, we have operations managers.
Operations managers oversee security professionals to help identify and safeguard an organization from security threats.
These individuals often work directly with analysts as the first line of defense when it comes to protecting the company from threats, risks, and vulnerabilities.
They are also generally responsible for the daily maintenance of security operations.
As an entry-level analyst at a large organization, it's unlikely that you'll communicate directly with the risk manager, CEO, CFO, or the CISO.
However, the operations manager will likely ask you to create communications to share with those individuals.
Coming up, we'll focus a bit more on stakeholders and how to effectively communicate with them.
The purpose and impact of stakeholders
You previously learned about incident escalation and the various security incident classification types. You also learned about the impact these incidents can have on an organization’s business operations.
This reading will explore the individuals who have a significant interest in those business operations: stakeholders.
Who are stakeholders?
A stakeholder is defined as an individual or group that has an interest in any decision or activity of an organization. A big part of what you’ll do as a security analyst is report your findings to various security stakeholders.
Levels of stakeholders
There are many levels of stakeholders within larger organizations. As an entry-level analyst, you might only communicate directly with a few of them. Although you might not communicate with all of the security stakeholders in an organization, it’s important to have an understanding of who key stakeholders are:
-
A cybersecurity risk manager is a professional responsible for leading efforts to identify, assess, and mitigate security risks within an organization.
-
A Chief Executive Officer, also known as the CEO, is the highest ranking person in an organization. You are unlikely to communicate directly with this stakeholder as an entry-level analyst.
-
A Chief Financial Officer, also known as the CFO, is another high-level stakeholder that you’re unlikely to communicate with directly.
-
A Chief Information Security Officer, also known as the CISO, is the highest level of security stakeholder. You are also unlikely to communicate directly with this stakeholder as an entry-level analyst.
-
An operations manager oversees the day-to-day security operations. These individuals lead teams related to the development and implementation of security strategies that protect an organization from cyber threats.
CFOs and CISOs are focused on the big picture, like the potential financial burden of a security incident, whereas other roles like operations managers are more focused on the impact on day-to-day operations. Although you will rarely interact directly with high-level security stakeholders, it’s still important to recognize their relevance.
Stakeholder communications for entry-level analysts
Two examples of security stakeholders with whom you might regularly communicate are operations managers and risk managers. When you report to these stakeholders, you'll need to clearly communicate the current security issue and its possible causes. The operations managers will then determine next steps and coordinate other team members to remediate or resolve the issue.
For example, you might report multiple failed login attempts by an employee to your operations manager. This stakeholder might contact the employee’s supervisor to ensure the occurrence is a genuine issue of entering the wrong password or determine if the account has been compromised. The stakeholder and supervisor might also need to discuss the consequences for day-to-day operations if genuine failed login attempts can lead to account lockouts that might impact business operations. As an entry-level security analyst, you might play a role in implementing preventative measures once next steps have been determined.
From one stakeholder to the next
Operations managers and risk managers are stakeholders who rely on entry-level analysts and other team members to keep them informed of security events in day-to-day operations. These stakeholders commonly report back to the CISOs and CFOs to give a broader narrative of the organization's overall security picture. Although you won't regularly communicate with high-level stakeholders, it's important to recognize that your efforts still reach the highest levels of security stakeholders in the organization. These other members of your team keep those top-level stakeholders informed on the security measures and protocols in place that are continuously helping to protect the organization.
Key takeaways
Stakeholders play a major role in ensuring the security of an organization. Entry-level analysts should have a foundational understanding of the different levels of security stakeholders within an organization. Entry-level analysts will not communicate with every security stakeholder in a company, but there are certain stakeholders that the analyst will need to provide updates to. Those updates will eventually be reported up to the more senior-level stakeholders, such as the CISO and the CFO.
Explore: Stakeholder roles and responsibilities
Risk manager
Chief Executive Officer (CEO)
Operations manager
Chief Financial Officer (CFO)
Clear and concise communication
Welcome back!
Previously, we discussed stakeholders and the important security roles they play within an organization.
Now, let's explore the role you play in communicating with those stakeholders.
The information that's communicated to stakeholders is sensitive.
For example, if you send an email to stakeholders about a recent security breach, it's important to be mindful of what you communicate and who you communicate to.
Different stakeholders may need to be informed about different issues.
As a result, your communications with them need to be clear, concise, and focused.
Security is a detail-driven profession, so it's essential that you stay mindful of the details when sending your communications.
Stakeholders are very busy people.
Your communication should be precise, avoid unnecessary technical terms, and have a clear purpose.
You don't want them to have to guess the reason for your email or why it matters to them.
To help with this, ask your manager or immediate supervisors questions to find out what the stakeholders you communicate with need to know.
As you may recall, earlier we discussed what it means to have a security mindset.
A part of that mindset means asking questions about the assets and data you're protecting.
For example, you could ask: What's the most important data to protect on a daily basis?
Or, what security tool has been most important or useful to protect our data and assets?
Having a security mindset also means understanding what matters most to stakeholders, so you know what information to share with them.
Effective communication involves relaying only the information that is most relevant to stakeholders.
Staying informed about security issues helps stakeholders do their jobs more effectively.
Your role in communicating with stakeholders is to help them obtain that information.
This is yet another example of how essential your role is within a security team.
Coming up, we'll discuss the information that is most important to communicate with stakeholders.
Building blocks of cybersecurity communications
Previously, we discussed communicating information that is important to stakeholders.
It's essential that communications are specific and clear, so stakeholders understand what's happening and what actions may need to be taken.
In this video, we'll go into more detail about how to create precise and clear communications.
Creating security communications to share with stakeholders is similar to telling a great story.
Stories typically have a beginning, middle, and end.
Somewhere in that story there is some sort of conflict and an eventual resolution.
This concept is also true when telling security stories to stakeholders.
The security story details what the security challenge is, how it impacts the organization, and possible solutions to the issue.
The security story also includes data related to the challenge, its impact and proposed solutions.
This data could be in the form of reports that summarize key findings or a list of issues that may need immediate attention.
Let's use the following scenario as an example.
You've been monitoring system logs and notice possible malicious code execution in the logs that can lead to the exposure of sensitive user information.
Now, you need to communicate what is happening to a stakeholder, in this case, your immediate supervisor.
The first step is to detail the issue: potential malicious code execution found while monitoring the logs.
The next step is to refer to the organization's incident response playbook, and mention the suggested guidance from the playbook regarding malicious code found in system logs.
This shows your supervisor that you've been paying attention to the procedures already established by the team.
The final piece of your story is to provide a possible solution to the issue.
In this scenario, you may not be the final decision maker regarding what action is taken, but you've explained to the stakeholder what has happened and a possible solution to the problem.
You can communicate the story we just discussed in various ways.
Send an email, share a document, or even communicate through the use of a visual representation.
You can also use incident management or ticketing systems.
Many organizations have incident management or ticketing systems that follow the steps outlined in their security playbooks.
Some scenarios are better expressed by using visual elements.
Visuals are used to convey key details in the form of graphs, charts, videos, or other visual effects.
This allows stakeholders to view a pictorial representation of what is being explained.
Visual dashboards can help you tell a full security story to stakeholders.
Later in this course, you'll have an opportunity to learn how to use Google Sheets to create a visual security story.
That's going to be fun!
A security professional who knows how to tell a compelling and concise security story can help stakeholders make decisions about the best ways to respond to an incident.
Ideally, you want to be someone that make stakeholders' jobs easier, and communicating effectively will certainly help you do that.
Coming up, we'll continue our discussion about communicating with stakeholders.
Communicate effectively with stakeholders
You previously learned about security stakeholders and their significance in an organization. In this reading, you’ll learn the importance of clearly communicating to stakeholders to ensure they have a thorough understanding of the information you’re sharing and why it’s meaningful to the organization.
Get to the point
Security stakeholders have roles and responsibilities that are time sensitive and impact the business. It’s important that any communications they receive, and the actions they need to take, are clear. To get to the point in your communications, ask yourself:
-
What do I want this person to know?
-
Why is it important for them to know it?
-
When do they need to take action?
-
How do I explain the situation in a nontechnical manner?
Follow the protocols
When you first join a security team, you’ll want to learn about the different protocols and procedures in place for communicating with stakeholders and other members of the organization. It’s important to make sure you know what applications and forms of communications are acceptable before you begin communicating with stakeholders, such as in-person meetings, video-conferencing, emails, or company chat applications.
Communicate with impact
You previously learned about the different stakeholders within an organization and what specific areas they’re focused on. When you first begin your career in the cybersecurity field, you're more likely to interact with lower-level stakeholders, like operations managers or security risk managers, who are interested in the day-to-day operations, such as logging. Senior-level stakeholders might be more interested in the underlying risks, such as the potential financial burden of a security incident—as opposed to the details around logs.
When you communicate with an operations manager, make sure you address relevant information that relates to their daily responsibilities, such as anomalies in data logs that you are escalating. Concentrating on a manager’s daily responsibilities will help you communicate the need-to-know information to that individual.
Communication methods
Your method of communication will vary, depending on the type of information you’re sharing. Knowing which communication channels are appropriate for different scenarios is a great skill to help you communicate effectively with stakeholders. Here are a few ways you might choose to communicate:
-
Instant messaging
-
Emailing
-
Video calling
-
Phone calls
-
Sharing a spreadsheet of data
-
Sharing a slideshow presentation
If your message is straightforward, an instant message or phone call might be the route to take. If you have to describe a complex situation with multiple layers, an email or in-person meeting might be the better option. If you’re providing a lot of data and numbers, sharing a graph might be the best solution. Each situation helps you determine the best means of communication.
Key takeaways
Stakeholders are busy people who have very specific interests within the organization. Therefore, it’s important to only communicate information that is specific to their interests and impacts their role in the company.
Be mindful of the kind of information you’re communicating because that will help determine what method of communication you should use.
Visual storytelling in cybersecurity
The ability to communicate threats, risks, vulnerabilities, or incidents and possible solutions is a valuable skill for security professionals.
In this video, we'll focus on various communication strategies that can help you engage with and convey key ideas to stakeholders.
Let's start with visuals.
The use of visuals to tell a security story can help you communicate impactful data and metrics.
Charts and graphs are particularly helpful for this.
They can be used to compare data points or show small parts of a larger issue.
Using relevant and detailed graphics can help you develop the story you want to tell stakeholders, so they can make decisions that would help protect the organization.
While visuals are a compelling way to capture the attention of your stakeholders, some issues are best explained in an email or even a phone call.
Be mindful of the sensitive information contained in these types of communications.
For security purposes, it's important to communicate sensitive information with care.
Be sure to follow the procedures outlined in your organization's playbooks and always make sure to send emails to the right email recipient, as it could create a risk if the wrong person receives confidential security information.
One challenging thing about emails is the potentially long wait time for response.
Stakeholders have many responsibilities.
This means they may sometimes miss an email, or fail to respond in a timely manner.
In these instances, a simple phone call or instant message may be a better option.
My experience in security has taught me that sometimes a simple instant message or call can help move a situation forward.
Direct communication is often better than waiting days or weeks for an email response to an issue that requires immediate attention.
When appropriate, take the initiative to follow up with a stakeholder if they haven't responded to an email in a timely manner.
It sounds simple, but a friendly call can often prevent a major issue from occurring.
It's important to stand out in the security profession, especially if you don't have previous experience in the industry.
Visual representations, emails, and phone calls are great ways to showcase your written and verbal communication skills.
The visual aspect shows your ability to put metrics and data together in an impactful way.
If you don't receive a timely response from a stakeholder, following up shows initiative.
Create visual dashboards for impactful cybersecurity communications
You previously learned about security stakeholders, the people responsible for protecting the data and systems of various departments of an organization. An entry-level analyst might communicate directly or indirectly with these individuals. If you do end up communicating with a stakeholder, it’s important to use the right method of communication. This reading will further elaborate on the significance of using visual dashboards to communicate information to stakeholders. Dashboards can include charts, graphs, and even infographics. You’ll learn more about when to use visual communication strategies in this reading.
Using visuals to communicate effectively
Security is about protecting a company from threats that can affect its reputation and finances. Oftentimes, responding to threats quickly and effectively depends on clear communications between the stakeholders who are involved.
In the cybersecurity field, the stakeholders you'll deal with will often be busy with other responsibilities. Showing them important information visually is a great way to gain their input and support to address security challenges that arise. Visuals help provide these decision-makers with actionable information that can help them identify potential risks to the organization's security posture.
Visual dashboards
A visual dashboard is a way of displaying various types of data quickly in one place. Visual dashboards are useful tools that can be used to communicate stories to stakeholders about security events—especially when they involve numbers and data.
Dashboards can be simple or complex depending on the information you're communicating. A simple dashboard might contain a single chart, while a complex one can include multiple detailed charts, graphs, and tables. Deciding which type to use will depend on the situation and story you are telling. However, attention to detail and accurately representing information is important anytime you're communicating data to stakeholders.
Pro tip: Programs like Google Sheets and Apache OpenOffice are tools that can be used to create visual dashboards.
When to use visual communication
Security is often a team effort. Everyone must work together to ensure an organization is properly protected from bad actors. Knowing how to communicate with your colleagues is a big part of the team-focused aspect.
Sometimes it’s enough to send a simple email update. Other times you might want to include a document attachment that further elaborates on a specific topic. A simple phone call can also be valuable because it allows you to quickly communicate the necessary information without having to wait for a response to an email or message. Other times, the best way to communicate is through visuals.
For example, consider a situation where your supervisor has asked you to provide them with results from a recent internal audit of five different departments within the organization. The audit gathered data showing how many phishing emails each department clicked over the last five months. This is an ideal opportunity to tell this story using visualization tools. Instead of sending an email that simply describes what the findings are, a graph or chart will clearly illustrate those findings, making them easier for the stakeholder to understand quickly and easily.
Key takeaways
Stakeholders, like the rest of the security team, are busy. With that in mind, be clear and concise any time you communicate with them. This makes everyone’s job easier! It’s important to recognize when visual dashboards are the most effective communication method. A visual dashboard is often best to use when you’re communicating information that involves numbers and data.
How to create a visual dashboard
Juliana’s story: Effective communication
Throughout this course, you’ve been following the story of Juliana Soto. Juliana was recently hired as a cybersecurity analyst by Right-On-Time Payment Solutions, a payment processing company that handles sensitive customer information. In the reading about attention to detail
, Juliana had to deal with two different types of security incidents, and she used her company’s escalation policy to properly escalate the two incidents. Now you will review how Juliana handled communication with stakeholders after escalating the incidents.
Communicating with stakeholders after an incident
Days after escalating the two incidents, Juliana’s manager asks her to communicate information about the incidents to stakeholders.
Communicating about incident #1
One of the incidents dealt with an employee being locked out of their account due to multiple failed login attempts. Juliana’s manager was recently asked to provide a report that reviews how many departments have experienced locked employee accounts due to failed login attempts over the last month. The security team shared data that details the number of locked employee accounts due to multiple failed login attempts from five different departments.
Juliana’s manager will report the information to the senior executives of each of the five departments. The manager asks Juliana to display the data in a way that communicates the incident clearly to these stakeholders. For this task, Juliana decides to put together a visual dashboard to represent the data because the communication is primarily focused on numbers. Her dashboard will use charts and graphs to relay important information, like the number of employees who have been locked out of their accounts in the last month. Juliana's visual dashboard makes it easier for the high-level stakeholders to review incident #1 and determine a course of action.
Communicating about incident #2
Juliana’s manager has also been informed that the Chief Information Security Officer (CISO) wants more information about what took place during the second incident, which involved an attacker almost compromising a system that stores customers’ private data. This communication will include a more detailed report that establishes what processes and procedures worked well during attackers' attempts to compromise the system and what processes and procedures might need to be revised. Because this is a more detailed communication, Juliana decides to put together a detailed document with timelines that clearly explain what happened. The document also includes her thoughts on what the security team, data owners, and data processors could have done differently to protect the system in question. She shares the report with her manager so they can review it.
Key takeaways
Communications for stakeholders should always be focused on what matters to them most. Some stakeholders will be more focused on the data and numbers, and other stakeholders will be more focused on how policies and procedures are working to prevent cyber attacks. Recognizing what’s important to each stakeholder will help an analyst decide what method of communication is best to use.
Wrap-up;Terms and definitions from Course 8, Module 3
You've had an opportunity to learn about the important role stakeholders play and different ways to communicate with them.
Let's review what we covered.
We started by defining stakeholders and their roles in protecting an organization.
We also explored the sensitive nature of communications with stakeholders and the importance of sharing that information with care and confidentiality.
Then, we discussed information that needs to be communicated to stakeholders.
After all, stakeholders are extremely busy, so we only want to share relevant information that they need to be aware of.
We ended our discussion by introducing various communications strategies, including emails, phone calls, and visual dashboards.
Understanding who the stakeholders are within your organization and how to communicate with them, will help you throughout your career as a security professional.
Be intentional about the strategies you use to communicate.
Remove unnecessary details from your communications, and be specific and precise when relaying information to stakeholders.
Stakeholders are depending on you, as a story-teller, to tell them the security story, or the potential issues and solutions, in a way that makes sense.
The communication strategies we discussed will help you stand out as someone who has a combination of technical and transferable skills.
Coming up, your instructor for the final sections of this course, Emily, will discuss a few ways to engage with the security community and how to find and apply for jobs in the security field.
Glossary terms from module 3
Stakeholder: An individual or a group that has an interest in any decision or activity of an organization
Visual dashboard: A way of displaying various types of data quickly in one place
Welcome to module 4 (38% complete)
Welcome back!
I'm Emily, and I've been working in security education at Google for nearly nine years.
My team works closely with our remarkable security experts to craft innovative and engaging educational solutions for our workforce to keep security at the forefront.
I'll be your instructor for the remainder of the course to discuss important career-related topics, such as how to engage with the security community, find jobs in the security field, create a resume, and navigate the interview process.
We're approaching the end of the certificate program, what an incredible journey it's been so far.
We've discussed a lot up to this point, including incident detection and escalation, and the roles that stakeholders play in protecting an organization.
We've also explored the sensitive nature of the communications we share and strategies for conveying critical information to stakeholders.
But does the learning stop now that we're approaching the end of the program?
Absolutely not!
In the following videos, we'll identify reliable security resources you can use to stay up-to-date on security news and trends.
Then, we'll share some ways to become involved with the security community.
We'll end with a discussion about how to establish and advance a career in security.
Coming up, we'll highlight some great resources to help you stay current on what's happening in the security industry.
Helpful cybersecurity resources
As we approach the end of our program, it's important to start thinking about ways to engage with the security community.
As the industry evolves, it's essential to stay up-to-date on the latest security trends and news.
Let's discuss a few good resources for you to review periodically.
What excites me about the security profession is the constant evolution of the industry.
Take the OWASP top 10 for example.
Earlier in the program, we discussed the fact that this is a globally recognized standard awareness document that lists the top 10 most critical security risks to web applications.
This list is updated every three to four years, so it's a great example of the evolving nature of the field.
Continuing your security education beyond this certificate program will help you stand out to hiring managers and could give you an extra edge over other candidates because it shows your willingness to remain current on what's happening in the industry.
A few well-known security websites and blogs to get you started are CSO Online, Krebs on Security, and Dark Reading.
The CSO Online site provides news, analysis, and research on various security and risk management topics.
Many CSOs view this site for tips and ideas.
It would be great for you to review this publication every now and then.
Krebs on Security is an in-depth security blog created by former Washington Post reporter, Brian Krebs.
This blog covers security news and investigations into various cyber attacks.
Accessing the Krebs blog is a good way to stay up-to-date on the latest security news and happenings around the world.
Dark Reading is a popular website for security professionals.
This site provides information about various security topics like analytics and application security, mobile and cloud security, as well as the Internet of Things, IOT.
Security is a constantly evolving industry.
As professionals in security, we must evolve with it by seeking out new information.
Be sure to explore a few of the websites and blogs we discussed in this video to stay up-to-date with what's happening in the industry.
Coming up, we'll discuss how to become engaged with the security community and ways to establish and advance your career in security.
Bye for now.
Strategies for engaging with the cybersecurity community
You have learned a lot about the security field, from the origins of security and its importance to organizations around the world to recognizing security incidents and communicating with stakeholders.
Security is a rapidly evolving industry, so it’s important to stay up-to-date on the latest news and trends. This reading will focus on how to stay engaged with the cybersecurity community after completing this program.
Security organizations and conferences
Attending security conferences and joining organizations gives you the opportunity to gain knowledge from seasoned professionals who are constantly seeking out new ways to improve on their security strategies and techniques.
Find the right organization
What security organization should you join? This question depends on your specific interest in security. Are you someone who wants to focus on reacting to security incidents or preventing them from happening? Are you interested in forensic security or data logging? Do you have aspirations of being a CISO one day? It’s important to have a clear understanding of what your interests are before you narrow down your search for a cybersecurity organization or conference.
Begin the search
Once you understand what your interests are, do a web search for organizations or conferences in your area. For example, you can type in “incident response cybersecurity conferences in my area.” This search will give you a list of cybersecurity conferences focused on incident response. If you’re interested in forensic security, you can type “forensic security organizations in my area” or a similar phrase into your web search engine. No matter what your interests are, you can do a web search online to find a cybersecurity organization or conference focused on that area.
Use social media
®, for example, is a social media platform that connects business professionals with one another. You can use LinkedIn® to find security groups or organizations to join. In the LinkedIn® search bar, you can try search queries such as:
-
“Incident response cybersecurity groups”
-
“Organizations for cybersecurity analysts”
Mailing lists for security
Another great way to stay connected with the security industry is to sign up for different cybersecurity mailing lists. These mailing lists send out information periodically on various security topics. The Cybersecurity & Infrastructure Security Agency (CISA) offers two cybersecurity mailing lists for you to join:
-
A list focused on security threat information, best practices for cybersecurity, and analysis from CISA’s domestic and international security partners
-
A list providing weekly summaries of new vulnerabilities that might pose a risk to an organization’s network
Key takeaways
Attackers are always developing new ways to compromise corporate and personal data from users. Cybersecurity organizations and conferences are a great way for security professionals to stay up-to-date on the latest news, tools, and trends in the industry. Be sure to find organizations that align with your security interests.
Victoria: Continue your learning journey
I'm Victoria, I'm a security engineer at Google.
When I first applied for a cybersecurity job, I felt overwhelmed.
I was not a traditionally educated in computer science applicant, I actually majored in biology.
So anytime a recruiter saw my resume, I would kind of get this little like fear that they would see that bio major and say, why are you even applying?
And just immediately disregard my resume.
I would consider the team that I work on to be very diverse.
We have a lot of different people from different backgrounds.
One of the benefits that I feel from having a diverse team is that you can have these different perspectives on a problem.
That if all of you had the same background for, you might not come up with this new solution.
Having someone that's new to the team, maybe new to the industry, and having that perspective can really help to make things more accessible for everyone.
It's important to continue to learn in the field of cybersecurity because things change all the time.
What was once a big threat a few years ago might not be the same as it is for today.
Trying to keep pace with how things are changing all the time is something that is a core part of my job role.
To support my continued education in security, I take courses, try to get certificates if I can along the way, but a lot of it is just keeping up on current industry news, whether that be a new blog post about a breach that has happened or a detailed analysis of a new malware that has been released.
Try to keep at least a surface level knowledge of the different trends in the industry.
I often go to BSides Conferences.
These are smaller and locally organized conferences.
So you have more of a chance to interact with your local security community, which is something you wouldn't get at a huge conference like, say, DEFCON or Black hat.
Meeting people locally is a great way to see what's out there in your area, and meet other folks that are local that you can talk to more consistently, that are also interested in security.
Before I got into my role, I wish that I knew that it was okay that you don't know everything.
You don't have to know everything.
You have teammates and other people that can help you with areas that you're weak in, so don't feel stressed if you don't know everything there is about security, because no one does.
Working in security is a lot of fun.
A lot of things can happen.
It's never the same day to day.
So if you like things that are dynamic and always changing, then security is the right field for you.
Engage with the cybersecurity community in a meaningful way
Earlier we discussed the importance of staying up-to-date on security trends and news.
In this video, we're going to share ways to establish and advance your career in security by connecting with people who are already in the industry.
Social media is a great way to connect to other security professionals in the industry.
However, it's important to be mindful of the information you share on your social media page and when responding to messages from people you don't know.
With that in mind, let's discuss ways to effectively use social media to establish or advance your security career.
One way to use social media is to follow, or read the posts of, leaders in the security industry.
Chief Information Security Officers, for example, are great individuals to follow.
They often post interviews they've done in the security space and share articles they've read or contributed to.
Here's a question you might be asking yourself: How can I find CISOs to follow on social media?
The best way would be to conduct an internet search for the name of the CISO of a popular organization or an organization you're interested in working for.
After you find their name, you can simply go to a social media site to look them up.
Ideally, you want to use LinkedIn® when following security professionals.
That's because the LinkedIn® platform focuses on connecting professionals with other professionals in the same or similar field.
Another way to use social media to establish or advance your career in the security industry is to connect with other security analysts currently employed in the field.
On social networks like LinkedIn®, you can find security professionals by searching for cybersecurity analysts, or a similar search term, then filtering for people and people who talk about #cybersecurity.
Once you've found other professionals you'd like to connect with, you can send a connection request with a brief comment such as: Hi, I'd like to connect to learn more about why you became interested in security and your experiences as an analyst.
Additionally, you can set your filter to locate events and groups that focus on security related topics that interest you.
While social media platforms like LinkedIn® are excellent for connecting with professionals, some people are more comfortable with being active on social media than others.
For those of us who aren't very active on social media, there are other ways to connect with security professionals or find mentors in the industry.
Joining different security associations is a good way to connect with others.
There are many associations out there, so you're going to have to do a little bit of research to find the best ones for you.
Here's a tip!
In your internet search engine, type: cybersecurity industry associations.
This search term will populate a variety of different associations, so be sure to select ones that align with your professional goals.
Now that we've discussed ways to engage with the security community, consider following a CISO on LinkedIn®, connecting with other analysts, or searching for cybersecurity organizations to join.
That's all for now.
I'll meet you in the next video!
Connect with other cybersecurity professionals
You’ve learned the importance of staying engaged with the cybersecurity community after completing this certificate program. The security industry is always evolving, so it’s important that security professionals continue to learn about the field.
This reading will focus on providing more tips to help you stay engaged with the security community and advance your career by engaging with the cybersecurity community.
LinkedIn® with CISOs
Earlier in the program, you learned about Chief Information Security Officers, also known as CISOs. It’s their job to be up-to-date on every aspect of security, including all of the latest trends and news in the security world. With this in mind, it’s a great idea to follow CISOs on LinkedIn® professional networking services. When you follow a CISO on social media, you’ll have an opportunity to discover the kinds of information they share with their audience. That information might provide you with useful tips and relevant news. Staying informed about security news and trends can help progress your cybersecurity career because it helps sharpen your security mindset.
Finding other security professionals on LinkedIn®
Whether you’d like to connect with other entry-level analysts or more seasoned professionals, LinkedIn® is a great way to connect with others. When connecting with others, it’s important to send a well-written message. This message can help the person understand your intentions. It also helps people determine that you’re not a scammer looking to exploit them. Here are a few tips to help you write your first message in a way that engages and interests the recipient:
-
Use a conversational tone.
-
Provide a clear reason for wanting to connect.
-
Avoid spelling and grammatical errors.
Here is an example of an effective LinkedIn® message to send to a security professional:
“Hi, Tim. I recently completed the Google Cybersecurity Certificate program, and I’d like to connect with other security professionals. It seems like you have a lot of experience in the security industry that I can learn from. Let’s keep in touch!”
This example provides a clear reason for why you want to connect with this person and is presented in a conversational tone. You also did not give the impression that you are a scammer by asking the person to do something suspicious to connect with you, like downloading an unusual file attachment.
Key takeaways
Attackers are always developing new ways to compromise corporate and personal data. Connecting with other cybersecurity professionals on social media is a great way to stay ahead of the latest trends in security. CISOs are great professionals to connect with because they are responsible for all aspects of an organization's security. Because of that, CISOs tend to share important security tips, news, and trends on their social media pages that could be valuable to you as a newcomer to industry.
Sarah: Network in the cybersecurity community
Hi everyone, I'm Sarah and I am a senior program manager on Google's privacy safety and security engineering team.
One of the communities I'm most involved in is a group called Women in Cybersecurity.
And so I found that community really helpful to me when I first joined because, I felt super new and slightly overwhelmed.
I listened to a lot of their webinars, I kind of look in on their forum board, now I always attend their conference and actually I just joined their board, which I'm super excited about.
One of the things that I find most exciting is that ability to be within cybersecurity without this long history.
I don't have a computer science degree, I don't have a masters, I don't have a PhD.
But through networking and figuring out where my areas of interest lie, I actually was able to get into this field and grow and advance within this field.
I've really found that, it is a welcoming community that is looking and needs more people to be a part of it.
There's a huge range of people that are coming into this again with the big wide range of experiences, and I think everyone has found or is exploring what their passions and the areas they want to dig in.
Networking is really important to be able to meet peers who might be at the same stage as you or people who might have hiring opportunities.
I definitely recommend connecting with your peers in the certificate program, it's a great form of motivation for yourself and to motivate others.
Having these points where you're either talking about the specific content or just doing a check in is going to be really helpful for you to continue through the course program and to help others continue through the course program as well.
There's also the series of conferences that exist called BSides.
So these are super informal security conferences that take place in communities around the world.
Many also have virtual components.
They're kind of a fun place to meet people.
A big piece of advice is, to not let yourself get overwhelmed, and don't feel nervous that you don't know all the answers, because you know what, nobody knows all the answers.
It's okay to come into this with not a ton of background in computer science, not a ton of background in tech and still, you will bring value to the field.
Wrap-up; Terms and definitions from Course 8, Module 4
Great job!
Now you've had an opportunity to learn about different ways to stay engaged with the security community.
Let's take a moment to review what we've covered.
First, we identified reliable security resources.
Then, we discussed different ways to engage with the security community.
We also explored the usefulness of social media to connect with other security professionals and stay informed about current topics of interest.
Finally, we shared ways to establish and advance a career in security, including following a CISO on social media or joining a professional organization.
We've come a long way in this journey.
You should be proud of your progress and how far you've come.
I'm certainly proud of you.
In the final section of this course, we'll take the time to prepare you for the job search and interviewing process.
How exciting is that!?
Glossary terms from module 4
OWASP Top 10: A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications
Security organization worksheet
Welcome to module 5
Welcome back!
We've covered so many security related topics in detail.
Throughout this program, we've discussed protecting organizational assets and data, and the tools and procedures used to protect them.
We've also explored how to communicate with stakeholders, reliable sources to help you stay up-to-date on security news and trends, and ways to get involved with the security community to help establish and advance your career in the field.
Now, we need to get you prepared to find a job as an entry-level security analyst.
Security is a huge field with countless job opportunities.
By 2030, the U.S. Bureau of Labor Statistics expects the number of security roles to grow by more than 30%.
But how can you find the right opportunity for you?
In the next several videos, we'll discuss specific strategies to help you find and apply for jobs in the industry, including how to create your resume and develop rapport with interviewers.
We'll also cover how to use the STAR method for interviewing and how to develop an elevator pitch.
I remember initially being interested in my role because education is my passion.
Researching the security field and industry in preparation for my interviews cemented my fascination for cybersecurity.
I'll be honest, I had taken a lot of what security does for granted.
Now, I feel incredibly fortunate to be a part of this industry and the exciting opportunities it offers.
Now, it's time to get you ready to find security jobs.
Let's get started!
Find cybersecurity jobs
I hope you feel really proud of how far you've come!
You may remember that earlier in this program, we discussed a few security roles in the industry.
Now, we'll explore three of those roles.
We'll start with security analyst.
Security analyst is typically an entry-level role that might interest you as you prepare to enter the security field.
The role generally focuses on monitoring networks for security breaches, developing strategies to help secure an organization, and even researching IT security trends.
In previous courses, we discussed log monitoring and SIEM tools.
Having a solid foundational understanding of how to use those tools will certainly be useful in this role.
Another role that might interest you is information security analyst.
This role generally focuses on creating plans and implementing security measures to protect organizations' networks and systems.
Earlier in the program, you learned about controls and frameworks that can be used to develop security plans and procedures, as well as how to use SIEMs and packet sniffers to identify risks.
That knowledge will be beneficial when it comes to developing plans and determining the best tools to strengthen an organization's security posture.
Finally, we'll explore the security operations center analyst role.
Security operations center analyst, also known as a SOC analyst, is another role you might find exciting.
This role generally focuses on ensuring security incidents are handled rapidly and efficiently by following established policies and procedures.
Earlier in this program, we discussed security playbooks and how they are unique to each organization.
We also covered the importance of being able to follow the processes outlined in playbooks to respond to security events or incidents.
That knowledge will certainly help you stand out as a potential candidate for this role.
There are many more job roles that you may be interested in.
A great way to find more of these roles is to create an account on various job sites and search for cybersecurity positions.
A few well-known job sites in the United States and internationally are ZipRecruiter, Indeed, and Monster Jobs.
Each of these sites have hundreds of open job listings with roles, responsibilities, and skill set requirements posted under the job title.
How exciting is it that we're now discussing jobs and sites that you can use to apply for them!?
It's important that you do your research before applying to any position.
Gather plenty of information about the company, the job role, as well as required and preferred skills.
This will help prepare you for a potential interview by knowing exactly what the employer is looking for and how your skills align with the employer's expectations.
This will also help you align your own values and passions with the organization's mission and vision.
But before you can apply for a security job, it's important to create a resume that will catch an employer's attention.
Coming up, we'll discuss the resume development process in detail.
Create a resume
In this video, we'll discuss how to create a resume that is tailored to the job you're applying for.
Note that a resume is sometimes called a Curriculum Vitae, or CV, for short.
Remember that it's okay if you don't have any cybersecurity experience.
This certificate program has covered key skills and concepts that employers are looking for in an entry-level security analyst position.
You can mention all that you've learned in this program on your resume, including programming languages, such as Python and SQL, and Linux line-command.
You can also share your understanding of what it means to have a security mindset, your knowledge of standard frameworks and controls, like the NIST CSF and CIA Triad model, as well as your familiarity with how to use SIEM tools and packet sniffers.
It's also possible that some of your earlier job experiences allowed you to develop knowledge and skills that are transferable to a security role.
These skills could include being detail oriented, collaborative, and having strong written and verbal communication skills.
Here's an example of a resume.
You'll want to start with your name at the top of the resume, followed by your professional title.
Your title could be something like 'Security Analyst' or a title that matches the position you're applying for.
You'll also want to include at least one way that employers or recruiters can contact you, for example, an email address or phone number.
After your name and title, you'll provide a summary statement.
This section should be brief, just one or two sentences related to your strengths and relevant skills.
Make sure the statement includes specific words from the responsibility section of the job description.
You can include something like this in your statement: I am a motivated security analyst seeking an entry-level cybersecurity position to apply my skills in network security, security policy, and organizational risk management.
Following your name and summary statement is the skills section.
This is a bulleted list of the skills you've learned in this program that are related to the position.
Employers usually like to know about your previous work experience.
In the experience section, you'll list your work history.
Underneath each job entry, provide a list of the skills and responsibilities you performed.
It's a good idea to start each bullet with a verb and, if possible, details that quantify an accomplishment.
For example: 'Collaborated with a team of six to develop training for more than 25 company employees.' 'Try to highlight the security or technology related skills and knowledge that you have, based on your experiences in previous jobs and this certificate program.' The next section of the resume lists your education and certifications.
Start with the most recent education you've completed, including certifications, trade schools, online courses, or college experience.
Also include the names of sites and organizations that issued your certifications and schools you attended.
List any subjects you studied related to the job you're applying for.
If you're currently enrolled in school or a certification program but haven't graduated, note: in progress.
As you develop your resume, keep a couple of things in mind.
Make sure there are no spelling or grammatical errors in your resume before sending it to your potential employer.
Also note that resumes are typically about two pages long, and list only your last 10 years or less of work experience.
Resumes can be created using word processing applications like Google Docs or OpenOffice.
However, you might find some simple but professional resume templates online to get you started.
To find them, type: free resume template or a similar search term into your internet browser.
If you use a template, be sure to replace all of the prefilled text with YOUR information and qualifications.
There is so much to consider when creating your resume.
But what we covered today will help you get started.
Coming up, we'll explore the interview process.
Create a resume, example resume and Tips
In this video, we'll discuss how to create a resume that is tailored to the job you're applying for.
Note that a resume is sometimes called a Curriculum Vitae, or CV, for short.
Remember that it's okay if you don't have any cybersecurity experience.
This certificate program has covered key skills and concepts that employers are looking for in an entry-level security analyst position.
You can mention all that you've learned in this program on your resume, including programming languages, such as Python and SQL, and Linux line-command.
You can also share your understanding of what it means to have a security mindset, your knowledge of standard frameworks and controls, like the NIST CSF and CIA Triad model, as well as your familiarity with how to use SIEM tools and packet sniffers.
It's also possible that some of your earlier job experiences allowed you to develop knowledge and skills that are transferable to a security role.
These skills could include being detail oriented, collaborative, and having strong written and verbal communication skills.
Here's an example of a resume.
You'll want to start with your name at the top of the resume, followed by your professional title.
Your title could be something like 'Security Analyst' or a title that matches the position you're applying for.
You'll also want to include at least one way that employers or recruiters can contact you, for example, an email address or phone number.
After your name and title, you'll provide a summary statement.
This section should be brief, just one or two sentences related to your strengths and relevant skills.
Make sure the statement includes specific words from the responsibility section of the job description.
You can include something like this in your statement: I am a motivated security analyst seeking an entry-level cybersecurity position to apply my skills in network security, security policy, and organizational risk management.
Following your name and summary statement is the skills section.
This is a bulleted list of the skills you've learned in this program that are related to the position.
Employers usually like to know about your previous work experience.
In the experience section, you'll list your work history.
Underneath each job entry, provide a list of the skills and responsibilities you performed.
It's a good idea to start each bullet with a verb and, if possible, details that quantify an accomplishment.
For example: 'Collaborated with a team of six to develop training for more than 25 company employees.' 'Try to highlight the security or technology related skills and knowledge that you have, based on your experiences in previous jobs and this certificate program.' The next section of the resume lists your education and certifications.
Start with the most recent education you've completed, including certifications, trade schools, online courses, or college experience.
Also include the names of sites and organizations that issued your certifications and schools you attended.
List any subjects you studied related to the job you're applying for.
If you're currently enrolled in school or a certification program but haven't graduated, note: in progress.
As you develop your resume, keep a couple of things in mind.
Make sure there are no spelling or grammatical errors in your resume before sending it to your potential employer.
Also note that resumes are typically about two pages long, and list only your last 10 years or less of work experience.
Resumes can be created using word processing applications like Google Docs or OpenOffice.
However, you might find some simple but professional resume templates online to get you started.
To find them, type: free resume template or a similar search term into your internet browser.
If you use a template, be sure to replace all of the prefilled text with YOUR information and qualifications.
There is so much to consider when creating your resume.
But what we covered today will help you get started.
Coming up, we'll explore the interview process.
Work Experience:
(month/year - present) Company XYZ
- Location:
- Collaborated with a team of six to develope training for more than 25 companies
start with a verb and if possible details that
Education
(June 2023 - Present)[in progress] Google Cyber Secyurity Certificate program VIA Coursera
(December of 2023) GED Certificate, Highschool diploma Equivalent.
(June 2023 - June 2023) part 1 of Google IT support Certificate program VIA Coursera
start with most recent accomplishment
if currently attending a course, school, or program, note in progress
Tips for finding and applying for a job
- No spelling or Gramatical Errors
- Two pages long
- 10 years or less of work experience
- google pre-existing templates
As you learned previously, connecting with security professionals on social media and joining different cybersecurity conferences and organizations are two ways to use your network to find job opportunities. You were also introduced to a few online resources to help you find jobs in the security field. In this reading, you’ll learn about specific sites and resources you can use to apply for jobs.
ZipRecruiter
is a popular website for job seekers and employers worldwide; the website helps connect job seekers with available roles in their industry. When you enter the site, you’re asked to fill out specific geographical and work preference questions to help ZipRecruiter match you with opportunities in your field. Then you can upload your resume on the platform and search for jobs in your industry. Employers can reach out to you directly, too, based on your profile and responses.
Indeed
is another popular website that helps connect job seekers with available roles in their industry. When you first enter the site, search for jobs using the job title, a keyword, or a company that you’re interested in working at. Then, specify your preferred job location. You can also upload your resume on Indeed, which allows recruiters to reach out to you if your resume is a match for a job opportunity.
Monster®
is a frequently used website in both the United States and internationally that helps connect job seekers with available roles in their industry. Similar to the other job search sites, search for a role using the job title, keyword, or company you’re interested in working at, as well as your preferred working location. If you upload your resume to Monster, recruiters might reach out to you if your resume is a match for a job opportunity.
LinkedIn®
LinkedIn® professional services is a social networking site where you can also find jobs in the cybersecurity field. When you first enter LinkedIn®, click on the “jobs” tab. From here, enter the location where you’d want to work and the particular job title that you’d be interested in. LinkedIn is also a great way to learn about a company's culture, values, and even community initiatives. This can help you determine if the company is the right fit for you.
Key takeaways
Building a network of security professionals, viewing and applying for jobs on various sites, and using professional networking applications like LinkedIn are great ways to find a job in the cybersecurity profession. So, use all of these resources to your advantage!
Garvey: Cover letter tips
My name is Garvey, I'm a global staffing manager here at Google.
I hire essentially all the cybersecurity engineers here at Google.
I've hired across the US, Zurich, London, Sydney, Australia, and virtually any office that you name.
This space is unique in the sense that it's growing, it's vastly evolving.
You have a number of candidates that have pivoted, changed positions in their life, come from all different walks of life, right?
So, cover letters is an opportunity for you to tell that story.
A resume tells me the facts, what have you done, but a cover letter tells me who you are.
Why cybersecurity?
Why this space, why this opportunity?
What draws you here?
Most folks that I've met that want to enter this space have a reason.
Either they've been the victim of some sort of cybercrime, or they know others who have, or they've seen something that has affected them in their lives, that has brought them to that moment.
I want to know more about that.
I want to understand what your passion is, what your interest is in this space.
So I think in particular when it comes to cybersecurity, when it comes to cover letters, it's your opportunity to tell me kind of what's written in between those lines of that resume that's brought you here.
How long should a cover letter be?
I don't think there's any perfect science to that, you know.
First give me a few lines about yourself, your family, your hobbies.
And then after that, really kind of cut to what makes you unique, what makes you different than this other applicant?
What has brought you to this opportunity?
How have you overcome adversity?
How do you plan to do so in this work environment?
What does this job mean to you?
What are the soft skills that you can present and bring to your colleagues in this role?
If I'm a candidate that's making a career transition, I want to know in that cover letter, why?
Is there a particular reason cybersecurity excites you?
Is there a particular reason you're making this transition?
What haven't you found in your previous career?
I want you here forever, right?
And if I keep you here forever, I want to keep you happy, right?
So what makes you happy?
What are the things that you see in this space that are going to excite you, that you're passionate about?
All right, I want to see that written on the cover letter.
Don't just sort of standardize your cover letter and just fire it off regardless of the company that it is, right?
Tailor your cover letter around that mission.
What's their mission?
Make it a part of your own.
Know the company's mission, know their purpose, their products.
Insert that in your cover letter.
A cover letter is meant to capture someone's attention quickly.
You can't manage to capture the attention of someone for the entirety of what you've written, right?
So, what is it about you that interests me, that brings you to this time and this opportunity?
You want to capture someone's eye first and then capture their attention and their mind, right?
So be bold, be loud, right?
I think keep the words simple, but like, be bold.
Explore the interview process
After you've submitted your resume to several job postings, you'll hopefully get an opportunity for an interview.
The interview process usually starts with a short pre-screening phone call.
It typically involves having a 15-minute conversation with a hiring manager or recruiter who will ask you some questions to make sure that you are who your resume says you are and that you meet the minimum requirements for the job.
Following the pre-screening, you could be invited to an in-person interview either on-site or online.
This could be a panel interview with a few members of the team that you would be working with or a one-on-one interview.
Let's discuss some strategies that can help prepare you for an interview.
Review the job description and your resume ahead of time.
Practice speaking about the experiences and skills that the employer is looking for.
Consider practicing this with a friend by participating in a mock interview.
Your friend will act as the interviewer and you will answer their questions, as if you're meeting with the employer.
It can also be helpful to dress professionally and feel comfortable in the clothes you choose to wear for the interview.
Before the interview begins, take a few deep breaths, and remind yourself of all the preparation you've done.
If the interview is online via video conference, prepare a location in your home that is quiet, tidy, and professional.
Also be sure to test your video and audio settings, and if necessary, download the video conference application specified by the interviewer.
This will help ensure that you correct any technical issues before the interview.
Interviews usually include two parts: a background interview and a technical interview.
The background interview will likely include questions about your education, work experience, skills, and abilities.
You might even be asked some personal questions unrelated to the job posting.
The interviewer is trying to get to know you, to determine if you'll be a good match for the team and company culture.
At the same time, you want to ask questions to help you decide if the team and company culture are a good match for you.
The other portion of the interview is the technical interview.
This is when the interviewer will ask you specific questions about technical skills related to the role.
You might be asked, how you would respond to a specific situation, or to explain a technical concept that's listed on your resume.
Do your best to answer these types of questions confidently and concisely based on your current knowledge.
It's okay to say that you don't know the answer to a question or that you need a moment to respond, so you can think about your answer.
Employers respect honesty.
Just follow up with an explanation of how you would figure out the answer, either by researching it or collaborating with the team.
Even after you've completed this certificate program, you'll still have access to all of the content.
So before the interview, go back and review your notes, the glossary, and any concepts that you might need to refresh your memory on.
This can help you feel prepared for the questions you'll be asked.
Remember, you can prepare for the interview by participating in a mock interview, reviewing the job description, and taking a few deep breaths before the interview begins.
You've learned a lot in this course and are ready to move ahead and find a position as a security analyst.
Coming up, we'll discuss how to conduct pre-interview research.
The interview process
You previously learned how to create a resume and cover letter to apply for security jobs. In this reading, you’ll concentrate on how to prepare for the interview process. Although the interview process can vary widely from one company to another, most companies follow the steps described in this reading.
Getting contacted by a recruiter
After you apply for a job, you might receive a call, an email, or a message from a recruiter expressing interest in your application and asking to schedule a call or meeting. Reply as soon as possible to show that you’re responsive and interested in the position.
Preliminary interview or phone screening
In most cases, the first step in the interview process is a preliminary interview, sometimes referred to as a phone screening. This usually involves a conversation with a recruiter over the phone, in person, or on a video call.
The preliminary interview is typically shorter than a regular interview. The recruiter will share information about the company and the job opening. Then they’ll ask you questions to get to know you and your work experience better. The recruiter will also provide time for you to ask questions about the role and the company, so be sure to prepare a few questions before the interview. For example, you might ask: “What is the work culture like at the company?” or “What will my average day be like in this role?” Asking questions helps demonstrate your interest and will help you determine whether the job will be a good fit for you.
After the interview, send a thank-you email to the recruiter within 24 hours. Express your gratitude for their time and briefly restate why you would be a good fit for the position.
Additional interviews
Once you’ve passed the preliminary interview, you might be invited for multiple additional interviews. These interviews are typically with the hiring manager. You might also meet with other individuals on the team and be required to go through a technical interview. You’ll learn more about technical interviews in a later reading.
This interview is often longer than the preliminary interview. It could be in person, over the phone, or on a video call.
The interview usually opens with introductions and a brief description of the company and job position. Then, the interviewer will ask you questions about your background, skills, and experience. Next, you’ll have an opportunity to ask questions about the company, the role, and job expectations.
Finally, you’ll learn about next steps in the hiring process.
There might be multiple rounds of interviews, depending on how the company’s interview process works. These additional interviews could be longer, include future teammates or other employees at the company, and feature questions that take more time and thought to answer.
As with the preliminary interview, send a thank-you note to the people you interviewed with after each round of interviews.
Final offer
Now comes the exciting part: Receiving a job offer. The company might reach out to you by phone or email. After the company extends their initial offer, you’ll need to decide whether or not to accept it or negotiate for a higher salary or other benefits. Feel free to ask for a day or two to make your decision.
Building perseverance
If the company lets you know that you didn’t get the job, take a moment to process your emotions. If you’d like, you can let the company know that you appreciate the opportunity to be considered and that you’d be interested in any future roles that might be a good fit. You can also ask for feedback on what you could do better next time.
Key takeaways
Interviews are a great opportunity to learn more about a job and the company you’d be working for. By preparing for the interview process and continuing to persevere in your job search, you’ll be well on your way to building a career in cybersecurity.
Garvey: Technical interview tips
My name is Garvey, I'm a global staffing manager here at Google.
I've hired, I would say, several hundred security engineers here at Google over the last seven years.
Advice I'd give those that are preparing for their technical interviews, don't expect that the interview will be a sort of trivial exam of how many questions can you answer in this sort of period of time.
I want to know, as an interviewer, does the candidate understand the fundamentals and can they explain them back to me?
Programs and applications that I would recommend preparing for when doing an entry level interview, for example, Splunk, Wireshark, understanding their functions, their purpose.
If you can get to the point of understanding their internals, why they exist.
If they didn't exist, how would you solve a problem?
Outside of that, just understanding the fundamentals of topics that exist within this space.
Network security, web application, security knowledge, operating system internals, understanding and mastering security protocols I think that's an important place to start.
Practice answering open end questions.
They tend to be really difficult, they're ambiguous by design, they're complex by design.
You always want to start first by asking clarifying questions.
Get information from your interviewer to help you narrow down the focus of the question itself, but also sort of lower the scope of the problem, right?
Into something that you can answer yourself, that you know that you feel comfortable with.
Organize your answer through the STAR method.
It's a great way to organize yourself when faced with a large open ended question, it will help your interviewer understand your train of thought.
Thinking out loud as well will help your interviewer understand okay, this is where Garvey's going with this answer, if I need to help him, I can help him.
Maybe he doesn't get the entire answer, I know he was on the right track because he was thinking out loud, I understood where he was going.
If you don't know the answer, that's fine.
Again, no one expects you to walk on water, but we don't expect you to lie, [LAUGH] if you will, right?
My ideal candidate is someone who just loves to learn, right?
Someone that's humble, that's honest, someone that can manage through ambiguity, complexity in their own life, doesn't necessarily have to be directly related to cybersecurity, but someone that when faced with a problem, runs towards it.
They're always a student, they're always there to learn, always there to mentor, lead others, and they demonstrate those characteristics throughout their life.
Nerves during technical interviews, I think that's pretty standard [LAUGH], it's okay to be nervous, right?
I think it means you care.
There's a reason you're there.
There's a reason you find yourself in that moment, right?
Someone has counted you in already.
They have belief in you and this space needs you.
So, you know, I would say, trust yourself, trust your gut, don't be afraid to fail.
Conduct pre-interview research
Previously, we discussed how to create a resume and what to expect during an interview.
In this video, we're going to cover a few more things that you need to do to prepare for the interview and that could help set you apart as an excellent candidate for the position.
Before the interview, it's important to do some research about the organization you're interviewing with.
Interviewers want to know that you're a good match for their team and that you value the things that are important to the company.
It's just as important for you to decide if the company matches your values.
So make sure you know the organization's mission and vision.
Understand their core values and company culture.
This information is usually easy to find either in the job description or on the "About" page of the organization's website.
Think about why these values and the company culture are also important to you.
Then, practice how you will communicate this to potential employers.
Remember that you will not be the only applicant for the position.
Consider what sets you apart from other candidates and be prepared to emphasize those qualities during the interview.
What about your skills, experience, or work ethic make you the best match for this position?
How do your goals align to the goals of the organization?
You want the employer to remember you after they've interviewed several candidates.
So highlight things that make you the best candidate for the role.
You also want to think about the employer's perspective.
The organization has needs that must be met by filling the position.
They may have productivity or compliance goals.
Or the team might be growing because the company is expanding.
Take some time to think about what the interviewer is seeking in a candidate.
Then prepare yourself to state directly how you can meet the employer's needs.
The interviewer may have reservations about hiring you because of your lack of experience as a security analyst.
If this comes up in the interview, be prepared to address any possible concerns by speaking about your strong work ethic.
This could include an ability to learn quickly based on feedback, or to collaborate and communicate with others.
Also, you could discuss having a security mindset, or problem solving skills that you've developed from personal life, work, or educational experiences.
Learning about the organization's culture and mission and preparing to demonstrate how you can add value to the team are essential.
It's also a good idea to write down questions that you can ask the interviewer about the organization's past accomplishments and future goals.
This shows potential employers that you've done your research and care about the organization's success.
Coming up, we'll discuss how to build rapport with interviewers.
Build rapport with interviewers
In this video, we'll explore a topic that can contribute to your success during the interview process: How to build rapport with your potential employer.
Rapport is a friendly relationship in which the people involved understand each other's ideas and communicate well with each other.
Building rapport begins with the very first interaction you have with the company's staff by phone, email, or video conference.
It's important to use a professional tone in the email you write, expressing your interest in the job.
But it's also important to be polite and friendly.
Expressing appreciation for being considered and having the potential opportunity to interview is one way to build rapport.
When and if you have an initial phone screen, you can use a friendly, conversational tone of voice.
To do this, try smiling while you talk.
While it's true that nobody can see you smile on a phone call, smiling while you talk can make you sound friendlier.
During the phone screening and in-person interview, you can ease interview nervousness by engaging actively in a way that feels natural to you.
That can mean simply saying: "Hello, nice to meet you." You can even start a short, friendly conversation by asking the interviewer how their day is going.
Or, if the weekend just passed, you might ask the interviewer: "How was your weekend?" Make eye contact when you ask these questions during an in-person interview, or be sure to look directly into the camera during a video interview.
This will show the interviewer that you're engaged in the conversation.
Oftentimes, during the second half of an interview, the interviewer will ask if you have any questions for them.
As we discussed earlier, it's important to have some questions prepared to ask at this point.
Here are some suggestions.
You could ask: What is the biggest challenge I might face coming into this role and how would I be expected to meet that challenge?" Or you might ask: "What would you say is the best part about working for this company?" Or: "What is a typical day like for an analyst?" Another great question is: "What is the potential for growth in this role?" Asking questions shows that you're engaged in the conversation and you're interested in the company and the position.
It also shows the employer that you are confident and that you want to make sure that their company is a good match for you before you make a commitment.
It's nice to send a follow-up email a day or two after your in-person interview.
This is just a brief email thanking the interviewer for the opportunity to meet with them and learn more about the organization.
It's also a good idea to mention something specific from your interview in this email.
It shows that you were actively engaged in the conversation.
Remember, the employer is probably interviewing other candidates.
So sending a follow-up email will help set you apart and remind the interviewer of your discussion.
Building rapport with the interviewer and other employees is an important skill when interviewing for your first security position.
Writing friendly but professional emails before and after the interview and engaging in friendly conversation during the interview can help set you apart as a great candidate for the job.
Use strategies to answer interview questions
Welcome back!
Preparing for job interviews in the security field is such an exciting process.
You've learned a lot through this program that can help you stand out as a candidate.
Let's discuss some useful interview strategies to consider when speaking to an employer.
Your interviewer is going to ask several questions when you meet.
Carefully consider each question before responding.
Let's discuss the STAR method, which can help you prepare for interviews.
The STAR Method is a technique used to answer behavioral and situational interview questions.
Using this method is a great way to help you understand each interview question and provide a thoughtful and thorough response.
STAR stands for: Situation, Task, Action, Result.
The STAR method is typically used to answer open-ended questions such as: "Tell me about a time when you encountered a challenge on the job?" Let's go through an example of how this question could be answered using the STAR method.
The situation: Two people needed to stay home for work due to illness, and I was the only person available to assist customers.
The task: I needed to answer phone calls from customers, while assisting shoppers in the store.
The action: I came up with a strategy that allowed me to assist customers as they entered the store while also ensuring that customers who called were helped or politely placed on hold until I was able to address their needs.
The result: I managed the in-store operations for the day without many mistakes, and my manager complimented me during the next team meeting.
Hopefully this example highlights the benefits of answering open-ended interview questions using the STAR method.
But the STAR method isn't the only strategy you can use during an interview.
You can also answer questions with confidence.
One way to demonstrate confidence is by admitting when you don't know something.
For example, if an interviewer asks you to discuss a skill that you don't have, it's okay to admit you haven't learned it yet.
However, the trick is to confidently mention that while you don't have that particular skill, you're a quick learner and eager to develop that skill.
Treat it as an opportunity to emphasize your ability to adapt and learn on the job, which shows confidence!
You know what else shows confidence?
Taking the time to fully understand a problem or question to provide the best solution or answer possible.
When interviewing, don't be afraid to ask the interviewer for a moment to think about your answer.
It shows that you're willing to take the time needed to understand the question and provide a response that is meaningful and relevant.
We've discussed a few strategies that can help you overcome the nervousness you may feel about interviewing for a job.
Coming up, we'll continue to explore ways to prepare for interviews.
REMEMBER
STAR stands for:
Situation
Task
Action
Result.
Apply the STAR method during interviews
You’ve been learning about different techniques and strategies to use during future interviews for jobs in the cybersecurity field. In this reading, you’ll learn more details about the STAR method for answering interview questions. Implementing this strategy will help you answer interview questions with confidence and clarity.
The STAR method
When interviewing for a job, it can be challenging to convey the right details about your professional history and skills to your interviewers. Using the STAR method can help you share your success stories effectively and strategically. STAR stands for Situation, Task, Action, and Result. Using this method enables you to describe potential challenges you faced in previous roles and gives you the opportunity to show how you thoughtfully approached solving those problems from start to finish.
Situation
The situation is the project you worked on or a challenge that you had to overcome. For example, perhaps you had to manage a disgruntled customer’s negative feedback about your company, a system error on your work device that slowed down a customer transaction, or being left alone in the office for an extended period of time. Fully describing the situation allows the interviewer to gain a clear understanding of the challenge you had to overcome.
Task
The task outlines the key responsibilities or role you played in solving the challenge described in the situation phase of the STAR method. Specifying what the task is provides clarity about what your objectives were in this scenario.
Action
The action describes the exact steps you took to resolve the challenging situation you described in the beginning of the STAR method. The action is crucial to the STAR method because it allows the employer to understand what choices you made to achieve your desired outcome during a real conflict or challenge. Employers want employees who can think fast and make decisions that help solve problems.
Result
Finally, sharing the result of your challenge or example shows the employers how the situation was resolved as a direct result of the actions you took. When participating in an interview, you want to make sure that any example you give with the STAR method ends in a positive result. Positive results show an employer that you are someone who has demonstrated an ability to successfully resolve issues and may lead an employer to offer you a job. Of course, not all situations have completely positive outcomes; if an employer asks you about a situation that didn’t have a positive outcome, try to focus on what you learned from the situation and how that experience helped you become a better employee.
Key takeaways
The STAR method stands for Situation, Task, Action, and Result. Following this method helps you communicate to an employer an example of a challenge you faced in the workplace. Remember to use one of your success stories when using the STAR method on an interview. Challenges arise all the time in the security world, so being able to demonstrate an ability to overcome any type of challenge is a great trait to show off during an interview. Plus, since cybersecurity is such a team-driven industry, being able to communicate effectively to an interviewer will help you be a competitive applicant.
Prepare for interviews
Great news! You’ve submitted your application and received a follow-up email requesting an interview. The work isn’t over yet, though—you still have a lot of preparation to do. That’s what you’re going to learn about in this reading!
Prepare for the introductory call
It’s important to showcase your best self in the introductory phone call. In this conversation, you’ll talk with the recruiter or hiring manager about yourself, the kind of work or training you have, and why you want the job. You might also be asked specifically about your salary requirements. For this question, it’s a good idea to prepare in advance and conduct an internet search for “average salary for entry-level security analysts.”
Do your research
Make sure you’ve done your research on the company. When the interviewer asks why you’d be a good fit for the job, they want to learn why you’re interested in cybersecurity and why you want to work at that company specifically.
Prepare for the second round
Your second-round interview will focus more on what you can offer as an entry-level security analyst. You’ll likely discuss yourself here, too, but you’ll also be going into detail about your knowledge of the profession. You’ll want to cover the same material you prepared for your introductory call, but you’ll also need to fully review your accomplishments in the security industry. Don’t worry if you have no prior professional cybersecurity experience. You can discuss the information you’ve learned in this certificate program.
Depending on where you and your interviewer are located, the second-round interview might be over the phone, via video conference, or in person. In-person interviews often last an hour or so, but if you traveled for your interview or the company likes to bring candidates in for all of the remaining interview stages at once, you might complete your panel interview with a group that day as well.
Panel interview
During the panel interview, you’ll meet with two or more people and discuss yourself and your ability to contribute to the organization. If you’re nervous about this, remind yourself that the team brought you in for the interview for a reason. When you feel confident in your abilities, you’re better able to showcase your knowledge about the security industry and demonstrate your ability to work well with a team.
Be sure to engage with each panelist by giving them your full attention during the interview. Maintaining eye contact can help you express confidence, but for those who cannot do so, actively engaging with each panelist in your own way is just as important.
It’s likely that each panelist will ask you at least one question during the interview. It’s okay to address the whole panel when answering a question, rather than only directing your response to the person who asked the question.
More resources to help you prepare
There’s an endless supply of job-preparation resources available to you. Here are some great ones to get you started:
-
. This resource from the Google Careers team provides best practices and advice on how to prepare and ace your interviews at Google, but of course these tips will work at any company!
-
. This resource from the Job Accommodation Network (JAN) offers helpful advice on navigating the interview process for individuals with disabilities.
Key takeaways
Preparation for your first interview is very important, so be sure to do your research and practice for the introductory call. Don’t worry if you don’t have prior security experience. Instead, you can rely on the information and skill sets you’ve gained from completing this certificate program.
Ask the interviewer questions
In this video, we'll take a little time to discuss additional strategies you can use during a job interview.
In past job interviews, your potential employer may have asked: "Do you have any questions for me?" This type of question can be an opportunity for you to show the interviewer that you're prepared and ready to have a meaningful conversation with them.
A big part of interview preparation is researching the company before the interview because it will allow you to ask questions that demonstrate you took the time to learn about the organization and its needs.
These kinds of questions show that you're passionate about your career and that you want to help the company strengthen its security posture.
There are also some general questions you can ask the interviewer to determine if the job and the organization itself are a good match for you.
Here are some examples: "What's the biggest challenge for a new person in this role?" "In what ways can I contribute to the success of the team and the organization?" "What qualities or traits are most important for working well with the team and other stakeholders?" Questions like these can help you develop rapport with the interviewer, and show that you're interested in learning more about the role and the organizational culture.
Interviewing for jobs can be a really exciting process when you're prepared, and asking questions is an essential part of the interview process.
Don't be afraid to ask potential employers tough questions.
This will help them understand you as a thoughtful, curious person who can add value to the team.
Coming up, we'll discuss another strategy: The elevator pitch!
Karan: Interview tips from a hiring manager
Hi, I'm Karan.
I'm a security engineering manager here at Google.
As part of my job, I do participate in hiring candidates.
And so far I've spoken to like hundreds of candidates, potential candidates, people who actually got into Google.
Almost every time I meet somebody, I get to see a new path.
And that's always fascinating for me to learn about somebody else.
One thing I'm seeing very interestingly is the increase in the number of people who come from non-technical backgrounds.
So that can be recruiting, sales, like you name it, we're seeing a ton of people.
So, for preparing for interviews, I think you can break down that question into technical preparation and non-technical preparation.
And so for technical preparation, I advise people to build up on, you know networking fundamentals, information security fundamentals, get all those concepts right, so you understand how things work, how are they related, and all of that.
Make sure you ask clarifying questions to get to the root of the problem and what the interviewer wants from you.
A lot of people just dive into the problem without really clarifying.
If you don't know something, don't be afraid to say, "I don't know" and say, but here's how I would approach the problem.
For the non-technical pieces, I think practice with a friend, have an interview partner, and see how you respond.
See where you fumble, and be kind to yourself as you're doing that.
Focus on bringing your whole self to the interview.
So that means showcasing how you'll work with a team.
Bring up examples of projects you have done with others, how you have led those projects?
Have you done open-source collaborations?
A lot of these soft skills, if I may put them as are super crucial even when you're solving a security problem.
So those are some key aspects that we're looking for when we are interviewing for roles.
For new folks in the industry, the main thing we would be looking for is curiosity.
Personally speaking, I look for people who have drive, who are very driven to learn more about the field, they may not know everything and we know that, but we want to make sure that they are asking the right questions and getting through the problem by working with others.
So, if you get an answer like, I don't know, but I'll figure it out, and here's how, that's amazing.
Also, I'll say don't be afraid of rejection, because it takes time to find your first role.
It took me hundreds of applications to find my first job.
And then don't be afraid to apply even if you don't meet all the required or preferred qualifications, just look at the minimum qualifications.
And if you do pass that, you know, it doesn't hurt to apply.
So, please keep applying.
Develop an elevator pitch
Now, let's discuss a concept that can help you identify your strengths and allow you to highlight those strengths to others: An elevator pitch.
An elevator pitch is a brief summary of your experience, skills, and background.
It's called an elevator pitch because it should be short enough to say in 60 seconds or less, which is the average amount of time you might spend talking with someone on an elevator.
Elevator pitches allow you to demonstrate who you are to potential employers in a very short time span.
They can be used at job fairs, career expos, and other networking situations, like professional conferences and social media job sites such as LinkedIn®.
Now, let's examine how to create an elevator pitch.
Your elevator pitch needs to be short and persuasive.
There's no need to list all of your previous experiences and accomplishments.
Instead, explain who you are and why you care about being a security professional, as well as the qualifications and skills you have that are specifically related to getting a job as a security analyst.
For example, critical thinking, problem-solving, and the ability to build collaborative relationships with others are transferable skills that most organizations are looking for.
So, highlight those in your elevator pitch.
You could also mention technical skills you've learned in this certificate program, such as using various SIEM tools and programming languages like SQL and Python to identify and respond to risks.
Now, we'll cover a few things to avoid when delivering your elevator pitch.
It's important to avoid rambling, or sharing irrelevant details, during your elevator pitch.
Potential employers only want to know who you are and why they should consider you for a security role.
As you develop your elevator pitch, you're going to want to practice it several times.
However, don't practice it so much that you end up sounding ingenuine or robotic when it's time to share your pitch with a possible decision maker.
Instead, speak naturally, like you're having a conversation, when you give your elevator pitch.
That will help keep people engaged and interested in what you're saying.
Another thing to avoid: speaking too quickly.
Because an elevator pitch is fairly short, it can be easy to rush through it.
But that can cause people to miss out on some key skills you have to offer, simply because you sped past them.
One last tip: search the internet for elevator pitches to find examples that may help you generate ideas for your own pitch.
In essence, your elevator pitch is a way to tell people why you are an amazing candidate for a security position with great skills and a clear direction for what you want to do in your career.
While it's natural to be nervous when speaking to potential employers, just remember: take a deep breath, gather your composure, and deliver your pitch with confidence, conviction, and at a normal pace.
You'll be just fine.
Now, let's discuss a concept that can help you identify your strengths and.
Learn more about developing an elevator pitch
When interviewing with potential employers, it’s important to communicate who you are, your value as a security professional, and what qualities you’re searching for in a potential job. A simple way to deliver this information succinctly is with an elevator pitch. An elevator pitch is a brief summary of your experience, skills, and background that should be communicated in 60 seconds or fewer.
Although an elevator pitch is often specific to an idea or a product, you can also use it to sell yourself as a professional to potential employers. In an interview, a strong elevator pitch can be used to stand out to your interviewer. It can be used to help explain why you’re a good fit for the role or to answer the popular interview question “tell me about yourself.” This reading helps you prepare your elevator pitch to express the value you can provide as an entry-level security analyst or a more experienced cybersecurity professional.
Provide an introduction
Start by providing an introduction. Introduce yourself and give a brief overview of your professional background. Explain some job roles you’ve had, your years of work experience, and the types of industries you’ve worked in. If this is your first job in security, mention some of your past roles and skills used for those roles that can translate to success in the security field. Some of these skills can include attention to detail, goal-orientedness, and good collaboration skills.
Describe your career interests and transferable skills
Even if you’re interviewing for your first internship or job in security, it’s important to clarify that this is your desired career. For example, you could say, “I want to apply my excellent skills for collaborating with others, and my attention to detail, to help the security team protect company data and assets.” To determine which transferable skills to highlight in your elevator pitch, consider ones that you have already developed and how they might apply to your goals as a security professional, such as problem-solving, communication, and time management.
Express your excitement
This is where you share your passion for the field and why you want to work in the industry. If you’re motivated to help an organization defend itself against hackers, mention that. This is also a good time to talk about your goals.
For example, you could say, “I love security because it gives me the opportunity to safeguard valuable information from malicious actors attempting to cause unnecessary harm to people and organizations. Long term, I’d love to develop a security and hacker mindset to play my part in defending against the constantly evolving threat actor tactics and techniques.”
Communicate your interest in the company
Communicating why you are interested in the company—and not just the role—is a great way to help the interviewer recognize that you are knowledgeable about the company. This helps you to establish a rapport with the interviewer and shows that you’ve done your due diligence before coming to the interview.
For example, if you were interviewing for a position for Google’s security team, you could say, “Being a member of Google’s security team helps protect millions of people’s private and sensitive information. As a long-time Google products user, I’m looking forward to the opportunity to be able to help safeguard those products and ensure customers have the best experience possible.”
Key takeaways
Creating an elevator pitch that's 60 seconds or fewer is a great tool to use to quickly share who you are. Use an elevator pitch to introduce yourself to career and business connections in the future. You can even use your elevator pitch in other types of situations, like meeting new friends or colleagues.
Tips for interviewing remotely
A remote interview is an interview conducted virtually using video platform software. This type of interview provides an opportunity to connect with hiring managers and recruiters, even if you are not able to meet with them in person. Remote interviews also present challenges that in-person interviews do not, such as issues related to technology, lighting, and sound.
In this reading, you will learn tips to successfully prepare for a remote interview.
Test your technology
The first tip is to test the technology you’ll be using for the video. Different companies use different video platform software to host their remote interviews. Typically, the recruiter or hiring manager will reach out to you over the phone or email to share information about which software will be used for the interview.
Once you find out which software the company you’re interviewing with uses, you should download that software, if you don't have it already. Next, it's important to test your computer’s camera and microphone to ensure they work well with the video platform software a day or two before the interview. This allows you to resolve any technical issues you might have. Be mindful of how to mute and unmute your microphone, just in case there is noise in your environment that you do not want the interviewer to hear. It’s also important to talk with the recruiter or hiring manager about a backup plan if the technology does not cooperate when it's time for the interview.
You’ll also want to test any technologies you need to use to ensure you are ready to interview, such as the closed caption feature on the app. Employers are typically happy to accommodate your needs if you're using assistive technology or need specific accommodations. If your internet service is not fast enough to allow for a video interview, you can request a phone interview instead.
Practice communicating through video
Communicating through video can be a challenge because there is a slight sound delay. The sound delay can make it difficult to know how long to wait for someone to stop speaking and for you to start. If you don’t have experience communicating through video, consider practicing with friends and family before the remote interview. This will help you learn how pauses affect video communication.
Create a professional background
Review your video background before the interview. Typically, you should avoid having an unorganized background or any objects that might distract the interviewer. When interviewing remotely, ensure that your area is well lit. You might want to rearrange your desk or furniture to ensure good lighting.
Always try to have light behind your camera so that it will shine on your face. If you can’t position your desk next to a window or don’t have enough light coming from the window, consider using artificial light.
Additionally, you should do your best to limit background noise and use a headset, if possible.
Dress appropriately
It’s a good idea to research the company you’re interviewing with to determine which type of interview outfit is suitable. You might need to wear formal business attire during your remote interview for a particular role and company, whereas for another position, more casual clothing might be appropriate. Typically, it is better to overdress than to underdress, especially for more traditional businesses.
Look at the interviewer when speaking
When communicating through video, try to look at the interviewer when speaking instead of at the camera. Looking at the interviewer can give them the feeling that you’re engaged in the conversation and focused on what they’re saying.
Sign in early
Before the interview, test your technology. This will help you feel confident that everything will work. However, technology and software can be unpredictable. If possible, sign in to your remote interview early to ensure everything is working properly.
Signing in early also indicates to your interviewer that you respect their time and are a punctual person.
Key takeaways
Follow the tips in this reading to become more confident with the remote interviewing process. Always test your technology before the interview to ensure it works well with the video platform software being used for the interview.
Emily: Overcome imposter syndrome
Hi, I'm Emily and I'm a program manager at Google.
I work in our security education space.
Imposter syndrome is a very real thing.
There will be days where you feel like you're riding high, you're getting everything done, you're on top of your game.
Then there are times where you feel like I just don't know what I'm doing.
Everybody else is doing so much better.
Connecting with others in cybersecurity associations is a great way to combat that imposter syndrome.
Getting involved in cybersecurity organizations and associations is a great way to grow your network and frankly build a community for yourself.
It can be really intimidating to join a new industry.
Those folks can support you, and they can also be a great example of how far you've come when you share your skills with them as well.
What helped me when I was feeling imposter syndrome or just not feeling as confident as I think I could have been, was connecting with a trusted mentor.
They were really helpful when I said, "Oh gosh, I feel like I should know this." And she said, "There's no way you can know everything.
We have people who work on those things across the company and you don't have to know everything." It just helped calm me down and helped me feel comfortable with what I do know and the skills that I do bring to my organization.
It's really important to recognize those small wins.
I actually like to go to a special folder I have in my email where I've collected kudos and special emails that folks have sent me who are congratulating me on a project accomplishment or just complimenting me on some skill or something that I helped them out with.
And that really helps buoy my spirits and reminds me that, yes, I can do this.
There is a reason I'm here.
Reflecting on your career no matter where you've worked, is a really great way to combat imposter syndrome as well.
It's a great way to show how far you've come, what skills you've learned and what you're really going to be able to contribute in this new field.
In the security industry, you're never going to know everything, and so it's important to stay flexible and fungible and to ensure that you're always learning because the industry changes so quickly and evolves so quickly.
There's not one person who's going to know everything.
It can be really hard to maintain your confidence, especially when you're new on a job.
It's okay to take time and to ask questions.
There's never a stupid question.
It's important for you to get information and the folks around you should be trying to support you and help you succeed, because they too will succeed with your success.
Wrap-up; Terms and definitions from Course 8, Module 5
You've done a great job completing this section of the course.
Let's take a moment to review what we've covered.
We started by discussing how to find and apply for jobs in the security field.
Then, we explored how to create your resume.
Next, we shared some strategies to develop rapport with interviewers.
We also covered how to use the STAR Method to answer open-ended interview questions thoughtfully.
We finished by discussing how to develop an elevator pitch.
Hopefully, this has helped you feel confident as you begin to search and apply for jobs in the security field.
Good luck!
Glossary terms from module 5
Rapport: A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other
STAR method: An interview technique used to answer behavioral and situational questions
Elevator pitch: A brief summary of your experience, skills, and background
Course wrap-up
Congratulations on completing the final course of the certificate program!
We covered a lot of information, so let's take a moment to review.
We started by discussing how to protect assets and communicate incidents by developing a security mindset.
Then, we covered when and how to escalate incidents to the appropriate team members to make sure that small issues don't become big problems for an organization and the people it serves.
Next, we explored ways to communicate effectively to influence stakeholders' decisions related to security.
This included discussions about how to use visuals to convey important information and sending emails, making phone calls, or sending instant messages.
After that, we shared some ways to engage with the security community, including attending conferences and connecting with other analysts through a networking site.
Then we moved on to the final section of the course, which covered how to find, prepare for, and apply for jobs.
This included discussions about how to create a compelling resume and tips to help you navigate the interview process.
It's been an absolute pleasure guiding you through this journey.
Course 8 glossary
Cybersecurity
Terms and definitions from Course 8
B
Business continuity plan: A document that outlines the procedures to sustain business operations during and after a significant disruption
C
Confidential data: Data that often has limits on the number of people who have access to it
D
Data controller: A person that determines the procedure and purpose for processing data
Data processor: A person that is responsible for processing data on behalf of the data controller
Data protection officer (DPO): An individual that is responsible for monitoring the compliance of an organization's data protection procedures
E
Elevator pitch: A brief summary of your experience, skills, and background
Escalation policy: A set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled
I
Improper usage: An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies
Incident escalation: The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member
M
Malware infection: An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network
O
OWASP Top 10: A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications
P
Private data: Information that should be kept from the public
Public data: Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others
R
Rapport: A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other
S
Security mindset: The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, an application, or data
Sensitive data: A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), or protected health information (PHI)
Stakeholder: An individual or a group that has an interest in any decision or activity of an organization
STAR method: An interview technique used to answer behavioral and situational questions
U
V
Visual dashboard: A way of displaying various types of data quickly in one place
Recap of the Google Cybersecurity Certificate program
This certificate covered some rigorous security content.
You could have given up at any point, but you didn't.
And for that, you deserve to be proud of yourself!
As we discussed at the beginning of this program, the security field is growing and in need of security professionals, just like you, to help protect organizations around the world and the people they serve.
The knowledge and skills you've obtained throughout this certificate program will allow you to begin applying for entry-level security analyst jobs.
Now, let's take a moment to summarize what we've discussed throughout this program.
We started by exploring core security concepts, including the definition of security and core skills.
Then, we covered the focus of eight security domains and discussed how security supports critical organizational operations.
Following that, we discussed network security, including network architecture and the mechanisms used to secure an organization's network.
In the next course, we turned our focus to computing basics for security analysts.
In this section, we introduced Linux and SQL.
After that, we explored assets, threats, and vulnerabilities in depth.
This included discussions about how assets are classified and the security controls used by organizations to protect valuable information and minimize risks.
In the next course, we focused on incident detection and response.
Here, we defined what a security incident is and explained the incident response lifecycle.
In the following course, we introduced the Python programming language and explored how to develop code related to common security tasks.
Finally, in the last course of the program, we explored topics related to your pathway into the security profession, including how to find and apply for jobs.
You put a lot of valuable time and energy into completing this certificate program.
Remember that the learning doesn't stop here.
As you move forward in your career, always be mindful of the new trends developing in the world of security.
As technology continues to advance, the threats to organizations and people will evolve as well.
It's up to you to stay informed and always be willing to learn.
Congratulations on completing the Google Cybersecurity Certificate program!
You've just completed the Google cybersecurity certificate.
What a remarkable accomplishment that shows just how committed you are to learning new skills that will allow you to pursue your career goals.
On behalf of myself and my fellow course instructors, congratulations.
You did it.
Congrats.
I can't wait to see how many of you decide to pursue this career and visit some really cool places in cybersecurity.
Way to go.
Congratulations.
Congratulations.
You're a rockstar.
Congratulations.
Congratulations.
Great job.
You did it.
Congratulations.
Congratulations, I am rooting for you and wishing you continued success.
Congratulations on your big accomplishment.
Now it's time to get to work.
This is probably one of the best decisions you've ever made I can't wait to hear about all the opportunities that you're going to experience.
Congratulations.
Congratulations.
You've made it to the end and you're now ready to keep everyone safe online.
Congratulations.
Continue to learn, continue to grow.
You'll find this is a very rewarding career.
Congratulations, you did it.
Welcome to cybersecurity.
The adventure continues after this.
There's still a lot more to explore in the world security, but you're off to a great start.
It's been my pleasure guiding you through the final part of this program.
I know you're well-prepared to begin or continue a remarkable career in security.
Congratulations and best of luck on your journey.
Showcase your work
-
Showcase your work
Congratulations on earning your Google Cybersecurity Certificate! Now it’s time to let the world know about the skills you’ve gained to help advance your career. We recommend adding the completion of this certificate program to your resume and LinkedIn® profile. Read on and follow these tips to get started.
Add the Google Cybersecurity Certificate to your resume and LinkedIn® profile
You may have already started on a cybersecurity resume earlier in the program. If not, there are a variety of digital templates for creating your resume available at Enhancv
, Big Interview, Google Docs, or Microsoft Word. You can find additional resume creation guidance in this lesson from Google Applied Digital Skills: Start a Resume
.
Update your Education or Licenses and Certifications section
-
To add the completion of this certificate to your resume, update your Education or Licenses & Certifications section.
-
To add the completion of this certificate to the Licenses & Certifications section of your LinkedIn profile, follow the steps listed in this LinkedIn® Help article
-
.
Update your Skills section
-
If applicable, update the Skills section of your resume. Following is a comprehensive list of skills that this certificate was designed to help you develop that you could potentially add.
-
To update the Skills & Endorsements section of your LinkedIn® profile, follow the steps listed in this LinkedIn® Help article.
Update your Summary or About section
-
If your resume has a Summary section, you can include this certification as a qualification.
-
To include a summary that mentions this certification in your LinkedIn® profile, update your About section by following the steps listed in this LinkedIn® Help article
-
.
Here is an example of a professional summary:
Add your badge
Check out the next course item to learn how to claim your Google Cybersecurity Certificate completion badge and add it to your LinkedIn® profile!
-
Claim your Google Cybersecurity Certificate badge!
Learners who complete all eight courses of the Google Cybersecurity Certificate are eligible to earn a digital badge from Credly and Google. A badge is a visual representation of a verified credential that you’ve earned. In this case, your credential is the Google Cybersecurity Certificate. You can share your badge on platforms like LinkedIn® to draw the attention of potential employers.
Details are in the FAQ below. For other questions, including issues with your certificate, please reach out to Coursera Learner Services
.
About badges
What are Credly and Acclaim?
is a badging platform that’s part of Credly
-
, a leading digital credential service provider. Acclaim provides badges so that you can easily share your achievements to online destinations like LinkedIn®, and employers can instantly verify your skills.
About the Google badge
How do I claim my badge for completing the Google Cybersecurity Certificate?
-
When you complete the Google Cybersecurity Certificate, you will receive an email from Credly (admin@credly.com) with instructions about claiming your badge and setting up your account.
-
Claim your badge on Credly’s Acclaim platform using the email address linked to your Coursera account. You’ll need to opt in to share your information and receive your badge
-
Please allow at least one week from your date of completion for the system to update. Remember to check your spam folder.
I completed the Google Cybersecurity Certificate. What should I do if I have not received an email invite to claim my badge?
-
If you’ve waited a week since you completed the certificate and haven’t received an email, please submit a request through the Credly Help Center
-
.
How do I add my badges to my LinkedIn® profile?
Follow the steps in this Credly article
to add your badge to your LinkedIn® profile. You can also check out this YouTube video.
Free resources for Google Cybersecurity Certificate graduates
Have you finished all 8 courses in the Google Cybersecurity Certificate?
Congratulations! As a Google Cybersecurity Certificate graduate, you’ve unlocked exclusive job search resources. Sign up for these free resources, courtesy of Google.
Notes:
-
To access the free resources below, you must use the same email address that you use to log into Coursera. If you have not yet completed all eight courses in the Google Cybersecurity Certificate, you will not be able to access these resources.
-
To pass this course item, you must check the boxes to receive at least 75%, or 5 out of 6 points.
Complete the Google Cybersecurity Certificate (Done!)
Claim your Google Cybersecurity Certificate badge
When you complete the Google Cybersecurity Certificate, you will receive an email from Credly (admin@credly.com) with instructions about claiming your badge and setting up your account. Please allow at least one week from your date of completion for the system to update. Remember to check your spam folder.
Claim your badge on Credly’s Acclaim platform using the email address linked to your Coursera account. You’ll need to opt in to share your information and receive your badge. Then, add the badge to your LinkedIn® profile to stand out to employers. Follow the steps in this Credly article about how to share your badge
.

Take the CompTIA Security+ exam
The Google Cybersecurity Certificate helps prepare you for the CompTIA Security+ exam
, the industry-leading certification for cybersecurity roles. You’ll earn a dual credential when you complete both, which can be shared with potential employers.
As a Google Cybersecurity Certificate graduate, you have unlocked a 30% discount for the CompTIA Security+ exam
and additional practice materials. Go to the CompTIA Store
and enter the discount code you dont get the discount code because you didnt finish it, but if you did it would give you one to buy a voucher so you can take your exam (a $117 value)
U.S. graduates: Join CareerCircle
for free career support
Google is giving certificate graduates, like you, free access to career support from CareerCircle, including a resume builder and interview preparation resources to help you land your next job. Plus, you’ll get access to free one-on-one career coaching and thousands of job postings from top employers. You must be eligible to work in the U.S. to unlock this resource.
Practice interviewing with Interview Warmup
Improve your interview technique with Interview Warmup, a tool built by Google with certificate graduates in mind. Access cybersecurity-specific practice questions, transcripts of your responses, and automatic insights that help you grow your skills and confidence.
Sign up for Big Interview
Get practice with mock interviews, job search tips, and customizable resume templates with Big Interview, available free for one year to Google Career Certificate graduates.
Terms and definitions from the Professional Google Cybersecurity Specialization Certificate
A
Absolute file path: The full file path, which starts from the root
Access controls: Security controls that manage access, authorization, and accountability of information
Active packet sniffing: A type of attack where data packets are manipulated in transit
Address Resolution Protocol (ARP): A network protocol used to determine the MAC address of the next router or device on the path
Advanced persistent threat (APT): An instance when a threat actor maintains unauthorized access to a system for an extended period of time
Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Adware: A type of legitimate software that is sometimes used to display digital advertisements in applications
Algorithm: A set of rules used to solve a problem
Analysis: The investigation and validation of alerts
Angler phishing: A technique where attackers impersonate customer service representatives on social media
Anomaly-based analysis: A detection method that identifies abnormal behavior
Antivirus software: A software program used to prevent, detect, and eliminate malware and viruses
Application: A program that performs a specific task
Application programming interface (API) token: A small block of encrypted code that contains information about a user
Argument (Linux): Specific information needed by a command
Argument (Python): The data brought into a function when it is called
Array: A data type that stores data in a comma-separated ordered list
Assess: The fifth step of the NIST RMF that means to determine if established controls are implemented correctly
Asset: An item perceived as having value to an organization
Asset classification: The practice of labeling assets based on sensitivity and importance to an organization
Asset inventory: A catalog of assets that need to be protected
Asset management: The process of tracking assets and the risks that affect them
Asymmetric encryption: The use of a public and private key pair for encryption and decryption of data
Attack surface: All the potential vulnerabilities that a threat actor could exploit
Attack tree: A diagram that maps threats to assets
Attack vectors: The pathways attackers use to penetrate security defenses
Authentication: The process of verifying who someone is
Automation: The use of technology to reduce human and manual effort to perform common and repetitive tasks
Availability: The idea that data is accessible to those who are authorized to access it
B
Bandwidth: The maximum data transmission capacity over a network, measured by bits per second
Baseline configuration (baseline image): A documented set of specifications within a system that is used as a basis for future builds, releases, and updates
Bash: The default shell in most Linux distributions
Basic auth: The technology used to establish a user’s request to access a server
Basic Input/Output System (BIOS): A microchip that contains loading instructions for the computer and is prevalent in older systems
Biometrics: The unique physical characteristics that can be used to verify a person’s identity
Bit: The smallest unit of data measurement on a computer
Boolean data: Data that can only be one of two values: either True or False
Bootloader: A software program that boots the operating system
Botnet: A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder"
Bracket notation: The indices placed in square brackets
Broken chain of custody: Inconsistencies in the collection and logging of evidence in the chain of custody
Brute force attack: The trial and error process of discovering private information
Bug bounty: Programs that encourage freelance hackers to find and report vulnerabilities
Built-in function: A function that exists within Python and can be called directly
Business continuity: An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans
Business continuity plan (BCP): A document that outlines the procedures to sustain business operations during and after a significant disruption
Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
C
Categorize: The second step of the NIST RMF that is used to develop risk management processes and tasks
CentOS: An open-source distribution that is closely related to Red Hat
Central Processing Unit (CPU): A computer’s main processor, which is used to perform general computing tasks on a computer
Chain of custody: The process of documenting evidence possession and control during an incident lifecycle
Chronicle: A cloud-native tool designed to retain, analyze, and search data
Cipher: An algorithm that encrypts information
Cloud-based firewalls: Software firewalls that are hosted by the cloud service provider
Cloud computing: The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices
Cloud network: A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet
Cloud security: The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Command: An instruction telling the computer to do something
Command and control (C2): The techniques used by malicious actors to maintain communications with compromised systems
Command-line interface (CLI): A text-based user interface that uses commands to interact with the computer
Comment: A note programmers make about the intention behind their code
Common Event Format (CEF): A log format that uses key-value pairs to structure data and identify fields and their corresponding values
Common Vulnerabilities and Exposures (CVE®) list: An openly accessible dictionary of known vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS): A measurement system that scores the severity of a vulnerability
Compliance: The process of adhering to internal standards and external regulations
Computer security incident response teams (CSIRT): A specialized group of security professionals that are trained in incident management and response
Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software
Conditional statement: A statement that evaluates code to determine if it meets a specified set of conditions
Confidentiality: The idea that only authorized users can access specific assets or data
Confidential data: Data that often has limits on the number of people who have access to it
Confidentiality, integrity, availability (CIA) triad: A model that helps inform how organizations consider risk when setting up systems and security policies
Configuration file: A file used to configure the settings of an application
Containment: The act of limiting and preventing additional damage caused by an incident
Controlled zone: A subnet that protects the internal network from the uncontrolled zone
Cross-site scripting (XSS): An injection attack that inserts code into a vulnerable website or web application
Crowdsourcing: The practice of gathering information using public input and collaboration
Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient
Cryptographic key: A mechanism that decrypts ciphertext
Cryptography: The process of transforming information into a form that unintended readers can’t understand
Cryptojacking: A form of malware that installs software to illegally mine cryptocurrencies
Cybersecurity (or security): The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
D
Data: Information that is translated, processed, or stored by a computer
Data at rest: Data not currently being accessed
Database: An organized collection of information or data
Data controller: A person that determines the procedure and purpose for processing data
Data custodian: Anyone or anything that’s responsible for the safe handling, transport, and storage of information
Data exfiltration: Unauthorized transmission of data from a system
Data in transit: Data traveling from one point to another
Data in use: Data being accessed by one or more users
Data owner: The person who decides who can access, edit, use, or destroy their information
Data packet: A basic unit of information that travels from one device to another within a network
Data point: A specific piece of information
Data processor: A person that is responsible for processing data on behalf of the data controller
Data protection officer (DPO): An individual that is responsible for monitoring the compliance of an organization's data protection procedures
Data type: A category for a particular type of data item
Date and time data: Data representing a date and/or time
Debugger: A software tool that helps to locate the source of an error and assess its causes
Debugging: The practice of identifying and fixing errors in code
Defense in depth: A layered approach to vulnerability management that reduces risk
Denial of service (DoS) attack: An attack that targets a network or server and floods it with network traffic
Detect: A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections
Detection: The prompt discovery of security events
Dictionary data: Data that consists of one or more key-value pairs
Digital certificate: A file that verifies the identity of a public key holder
Digital forensics: The practice of collecting and analyzing data to determine what has happened after an attack
Directory: A file that organizes where other files are stored
Disaster recovery plan: A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident
Distributed denial of service (DDoS) attack: A type of denial of service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic
Distributions: The different versions of Linux
Documentation: Any form of recorded content that is used for a specific purpose
DOM-based XSS attack: An instance when malicious script exists in the webpage a browser loads
Domain Name System (DNS): A networking protocol that translates internet domain names into IP addresses
Dropper: A type of malware that comes packed with malicious code which is delivered and installed onto a target system
E
Elevator pitch: A brief summary of your experience, skills, and background
Encapsulation: A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets
Encryption: The process of converting data from a readable format to an encoded format
Endpoint: Any device connected on a network
Endpoint detection and response (EDR): An application that monitors an endpoint for malicious activity
Eradication: The complete removal of the incident elements from all affected systems
Escalation policy: A set of actions that outline who should be notified when an incident alert occurs and how that incident should be handled
Event: An observable occurrence on a network, system, or device
Exception: An error that involves code that cannot be executed even though it is syntactically correct
Exclusive operator: An operator that does not include the value of comparison
Exploit: A way of taking advantage of a vulnerability
Exposure: A mistake that can be exploited by a threat
External threat: Anything outside the organization that has the potential to harm organizational assets
F
False negative: A state where the presence of a threat is not detected
False positive: An alert that incorrectly detects the presence of a threat
Fileless malware: Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer
File path: The location of a file or directory
Filesystem Hierarchy Standard (FHS): The component of the Linux OS that organizes data
Filtering: Selecting data that match a certain condition
Final report: Documentation that provides a comprehensive review of an incident
Firewall: A network security device that monitors traffic to or from a network
Float data: Data consisting of a number with a decimal point
Foreign key: A column in a table that is a primary key in another table
Forward proxy server: A server that regulates and restricts a person’s access to the internet
Function: A section of code that can be reused in a program
G
Global variable: A variable that is available through the entire program
Graphical user interface (GUI): A user interface that uses icons on the screen to manage different tasks on the computer
H
Hacker: Any person who uses computers to gain access to computer systems, networks, or data
Hacktivist: A person who uses hacking to achieve a political goal
Hard drive: A hardware component used for long-term memory
Hardware: The physical components of a computer
Hash collision: An instance when different inputs produce the same hash value
Hash function: An algorithm that produces a code that can’t be decrypted
Hash table: A data structure that's used to store and reference hash values
Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients’ health information
Honeypot: A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders
Host-based intrusion detection system (HIDS): An application that monitors the activity of the host on which it’s installed
Hub: A network device that broadcasts information to every device on the network
Hypertext Transfer Protocol (HTTP): An application layer protocol that provides a method of communication between clients and website servers
Hypertext Transfer Protocol Secure (HTTPS): A network protocol that provides a secure method of communication between clients and website servers
I
Identify: A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets
Identity and access management (IAM): A collection of processes and technologies that helps organizations manage digital identities in their environment
IEEE 802.11 (Wi-Fi): A set of standards that define communication for wireless LANs
Immutable: An object that cannot be changed after it is created and assigned a value
Implement: The fourth step of the NIST RMF that means to implement security and privacy plans for an organization
Improper usage: An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies
Incident: An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies
Incident escalation: The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member
Incident handler’s journal: A form of documentation used in incident response
Incident response: An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach
Incident response plan: A document that outlines the procedures to take in each step of incident response
Inclusive operator: An operator that includes the value of comparison
Indentation: Space added at the beginning of a line of code
Index: A number assigned to every element in a sequence that indicates its position
Indicators of attack (IoA): The series of observed events that indicate a real-time incident
Indicators of compromise (IoC): Observable evidence that suggests signs of a potential security incident
Information privacy: The protection of unauthorized access and distribution of data
Information security (InfoSec): The practice of keeping data in all states away from unauthorized users
Injection attack: Malicious code inserted into a vulnerable application
Input validation: Programming that validates inputs from users and other programs
Integer data: Data consisting of a number that does not include a decimal point
Integrated development environment (IDE): A software application for writing code that provides editing assistance and error correction tools
Integrity: The idea that the data is correct, authentic, and reliable
Internal hardware: The components required to run the computer
Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk
Internet Control Message Protocol (ICMP): An internet protocol used by devices to tell each other about data transmission errors across the network
Internet Control Message Protocol flood (ICMP flood): A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server
Internet Protocol (IP): A set of standards used for routing and addressing data packets as they travel between devices on a network
Internet Protocol (IP) address: A unique string of characters that identifies the location of a device on the internet
Interpreter: A computer program that translates Python code into runnable instructions line by line
Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions
Intrusion prevention system (IPS): An application that monitors system activity for intrusive activity and takes action to stop the activity
IP spoofing: A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network
Iterative statement: Code that repeatedly executes a set of instructions
K
KALI LINUX ™: An open-source distribution of Linux that is widely used in the security industry
Kernel: The component of the Linux OS that manages processes and memory
Key-value pair: A set of data that represents two linked items: a key, and its corresponding value
L
Legacy operating system: An operating system that is outdated but still being used
Lessons learned meeting: A meeting that includes all involved parties after a major incident
Library: A collection of modules that provide code users can access in their programs
Linux: An open-source operating system
List concatenation: The concept of combining two lists into one by placing the elements of the second list directly after the elements of the first list
List data: Data structure that consists of a collection of data in sequential form
Loader: A type of malware that downloads strains of malicious code from an external source and installs them onto a target system
Local Area Network (LAN): A network that spans small areas like an office building, a school, or a home
Local variable: A variable assigned within a function
Log: A record of events that occur within an organization’s systems
Log analysis: The process of examining logs to identify events of interest
Logging: The recording of events occurring on computer systems and networks
Logic error: An error that results when the logic used in code produces unintended results
Log management: The process of collecting, storing, analyzing, and disposing of log data
Loop condition: The part of a loop that determines when the loop terminates
Loop variable: A variable that is used to control the iterations of a loop
M
Malware: Software designed to harm devices or networks
Malware infection: An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network
Media Access Control (MAC) address: A unique alphanumeric identifier that is assigned to each physical device on a network
Method: A function that belongs to a specific data type
Metrics: Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application
MITRE: A collection of non-profit research and development centers
Modem: A device that connects your router to the internet and brings internet access to the LAN
Module: A Python file that contains additional functions, variables, classes, and any kind of runnable code
Monitor: The seventh step of the NIST RMF that means be aware of how systems are operating
Multi-factor authentication (MFA): A security measure that requires a user to verify their identity in two or more ways to access a system or network
N
nano: A command-line file editor that is available by default in many Linux distributions
National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
National Institute of Standards and Technology (NIST) Incident Response Lifecycle: A framework for incident response consisting of four phases: Preparation; Detection and Analysis; Containment, Eradication and Recovery, and Post-incident activity
National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53: A unified framework for protecting the security of information systems within the U.S. federal government
Network: A group of connected devices
Network-based intrusion detection system (NIDS): An application that collects and monitors network traffic and network data
Network data: The data that’s transmitted between devices on a network
Network Interface Card (NIC): Hardware that connects computers to a network
Network log analysis: The process of examining network logs to identify events of interest
Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network
Network protocols: A set of rules used by two or more devices on a network to describe the order of delivery and the structure of data
Network security: The practice of keeping an organization's network infrastructure secure from unauthorized access
Network segmentation: A security technique that divides the network into segments
Network traffic: The amount of data that moves across a network
Non-repudiation: The concept that the authenticity of information can’t be denied
Notebook: An online interface for writing, storing, and running code
Numeric data: Data consisting of numbers
O
OAuth: An open-standard authorization protocol that shares designated access between applications
Object: A data type that stores data in a comma-separated list of key-value pairs
On-path attack: An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit
Open-source intelligence (OSINT): The collection and analysis of information from publicly available sources to generate usable intelligence
Open systems interconnection (OSI) model: A standardized concept that describes the seven layers computers use to communicate and send data over the network
Open Web Application Security Project/Open Worldwide Application Security Project (OWASP): A non-profit organization focused on improving software security
Operating system (OS): The interface between computer hardware and the user
Operator: A symbol or keyword that represents an operation
Options: Input that modifies the behavior of a command
Order of volatility: A sequence outlining the order of data that must be preserved from first to last
OWASP Top 10: A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications
P
Package: A piece of software that can be combined with other packages to form an application
Package manager: A tool that helps users install, manage, and remove packages or applications
Packet capture (P-cap): A file containing data packets intercepted from an interface or network
Packet sniffing: The practice of capturing and inspecting data packets across a network
Parameter (Python): An object that is included in a function definition for use in that function
Parrot: An open-source distribution that is commonly used for security
Parsing: The process of converting data into a more readable format
Passive packet sniffing: A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network
Password attack: An attempt to access password secured devices, systems, networks, or data
Patch update: A software and operating system update that addresses security vulnerabilities within a program or product
Payment Card Industry Data Security Standards (PCI DSS): A set of security standards formed by major organizations in the financial industry
Penetration test (pen test): A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes
PEP 8 style guide: A resource that provides stylistic guidelines for programmers working in Python
Peripheral devices: Hardware components that are attached and controlled by the computer system
Permissions: The type of access granted for a file or directory
Personally identifiable information (PII): Any information used to infer an individual's identity
Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Phishing kit: A collection of software tools needed to launch a phishing campaign
Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed
Ping of death: A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB
Playbook: A manual that provides details about any operational action
Policy: A set of rules that reduce risk and protect information
Port: A software-based location that organizes the sending and receiving of data between devices on a network
Port filtering: A firewall function that blocks or allows certain port numbers to limit unwanted communication
Post-incident activity: The process of reviewing an incident to identify areas for improvement during incident handling
Potentially unwanted application (PUA): A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software
Private data: Information that should be kept from the public
Prepare: The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Prepared statement: A coding technique that executes SQL statements before passing them on to a database
Primary key: A column where every row has a unique entry
Principle of least privilege: The concept of granting only the minimal access and authorization required to complete a task or function
Privacy protection: The act of safeguarding personal information from unauthorized use
Procedures: Step-by-step instructions to perform a specific security task
Process of Attack Simulation and Threat Analysis (PASTA): A popular threat modeling framework that’s used across many industries
Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks
Protect: A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats
Protected health information (PHI): Information that relates to the past, present, or future physical or mental health or condition of an individual
Protecting and preserving evidence: The process of properly working with fragile and volatile digital evidence
Proxy server: A server that fulfills the requests of its clients by forwarding them to other servers
Public data: Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others
Public key infrastructure (PKI): An encryption framework that secures the exchange of online information
Python Standard Library: An extensive collection of Python code that often comes packaged with Python
Q
Query: A request for data from a database table or a combination of tables
Quid pro quo: A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money
R
Rainbow table: A file of pre-generated hash values and their associated plaintext
Random Access Memory (RAM): A hardware component used for short-term memory
Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access
Rapport: A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other
Recover: A NIST core function related to returning affected systems back to normal operation
Recovery: The process of returning affected systems back to normal operations
Red Hat® Enterprise Linux® (also referred to simply as Red Hat in this course): A subscription-based distribution of Linux built for enterprise use
Reflected XSS attack: An instance when malicious script is sent to a server and activated during the server’s response
Regular expression (regex): A sequence of characters that forms a pattern
Regulations: Rules set by a government or other authority to control the way something is done
Relational database: A structured database containing tables that are related to each other
Relative file path: A file path that starts from the user's current directory
Replay attack: A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time
Resiliency: The ability to prepare for, respond to, and recover from disruptions
Respond: A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process
Return statement: A Python statement that executes inside a function and sends information back to the function call
Reverse proxy server: A server that regulates and restricts the internet's access to an internal server
Risk: Anything that can impact the confidentiality, integrity, or availability of an asset
Risk mitigation: The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Root directory: The highest-level directory in Linux
Rootkit: Malware that provides remote, administrative access to a computer
Root user (or superuser): A user with elevated privileges to modify the system
Router: A network device that connects multiple networks together
S
Salting: An additional safeguard that’s used to strengthen hash functions
Scareware: Malware that employs tactics to frighten users into infecting their device
Search Processing Language (SPL): Splunk’s query language
Secure File Transfer Protocol (SFTP): A secure protocol used to transfer files from one device to another over a network
Secure shell (SSH): A security protocol used to create a shell with a remote system
Security architecture: A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats
Security audit: A review of an organization's security controls, policies, and procedures against a set of expectations
Security controls: Safeguards designed to reduce specific security risks
Security ethics: Guidelines for making appropriate decisions as a security professional
Security frameworks: Guidelines used for building plans to help mitigate risk and threats to data and privacy
Security governance: Practices that help support, define, and direct security efforts of an organization
Security hardening: The process of strengthening a system to reduce its vulnerabilities and attack surface
Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization
Security mindset: The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data
Security operations center (SOC): An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks
Security orchestration, automation, and response (SOAR): A collection of applications, tools, and workflows that use automation to respond to security events
Security posture: An organization’s ability to manage its defense of critical assets and data and react to change
Security zone: A segment of a company’s network that protects the internal network from the internet
Select: The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
Sensitive data: A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), or protected health information (PHI)
Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter handling guidelines
Separation of duties: The principle that users should not be given levels of authorization that would allow them to misuse a system
Session: a sequence of network HTTP requests and responses associated with the same user
Session hijacking: An event when attackers obtain a legitimate user’s session ID
Session ID: A unique token that identifies a user and their device while accessing a system
Set data: Data that consists of an unordered collection of unique values
Shell: The command-line interpreter
Signature: A pattern that is associated with malicious activity
Signature analysis: A detection method used to find events of interest
Simple Network Management Protocol (SNMP): A network protocol used for monitoring and managing devices on a network
Single sign-on (SSO): A technology that combines several different logins into one
Smishing: The use of text messages to trick users to obtain sensitive information or to impersonate a known source
Smurf attack: A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets
Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Speed: The rate at which a device sends and receives data, measured by bits per second
Splunk Cloud: A cloud-hosted tool used to collect, search, and monitor log data
Splunk Enterprise: A self-hosted tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time
Spyware: Malware that’s used to gather and sell information without consent
SQL (Structured Query Language): A programming language used to create, interact with, and request information from a database
SQL injection: An attack that executes unexpected queries on a database
Stakeholder: An individual or group that has an interest in any decision or activity of an organization
Standard error: An error message returned by the OS through the shell
Standard input: Information received by the OS via the command line
Standard output: Information returned by the OS through the shell
Standards: References that inform how to set policies
STAR method: An interview technique used to answer behavioral and situational questions
Stateful: A class of firewall that keeps track of information passing through it and proactively filters out threats
Stateless: A class of firewall that operates based on predefined rules and that does not keep track of information from data packets
Stored XSS attack: An instance when malicious script is injected directly on the server
String concatenation: The process of joining two strings together
String data: Data consisting of an ordered sequence of characters
Style guide: A manual that informs the writing, formatting, and design of documents
Subnetting: The subdivision of a network into logical groups called subnets
Substring: A continuous sequence of characters within a string
Sudo: A command that temporarily grants elevated permissions to specific users
Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Suricata: An open-source intrusion detection system, intrusion prevention system, and network analysis tool
Switch: A device that makes connections between specific devices on a network by sending and receiving data between them
Symmetric encryption: The use of a single secret key to exchange information
Synchronize (SYN) flood attack: A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets
Syntax: The rules that determine what is correctly structured in a computing language
Syntax error: An error that involves invalid usage of a programming language
T
TCP/IP model: A framework used to visualize how data is organized and transmitted across a network
tcpdump: A command-line network protocol analyzer
Technical skills: Skills that require knowledge of specific tools, procedures, and policies
Telemetry: The collection and transmission of data for analysis
Threat: Any circumstance or event that can negatively impact assets
Threat actor: Any person or group who presents a security risk
Threat hunting: The proactive search for threats on a network
Threat intelligence: Evidence-based threat information that provides context about existing or emerging threats
Threat modeling: The process of identifying assets, their vulnerabilities, and how each is exposed to threats
Transferable skills: Skills from other areas that can apply to different careers
Transmission Control Protocol (TCP): An internet communication protocol that allows two devices to form a connection and stream data
Triage: The prioritizing of incidents according to their level of importance or urgency
Trojan horse: Malware that looks like a legitimate file or program
True negative: A state where there is no detection of malicious activity
True positive An alert that correctly detects the presence of an attack
Tuple data: Data structure that consists of a collection of data that cannot be changed
Type error: An error that results from using the wrong data type
U
Ubuntu: An open-source, user-friendly distribution that is widely used in security and other industries
Uncontrolled zone: Any network outside your organization's control
Unified Extensible Firmware Interface (UEFI): A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems
USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
User: The person interacting with a computer
User Datagram Protocol (UDP): A connectionless protocol that does not establish a connection between devices before transmissions
User-defined function: A function that programmers design for their specific needs
User interface: A program that allows the user to control the functions of the operating system
User provisioning: The process of creating and maintaining a user's digital identity
V
Variable: A container that stores data
Virtual machine (VM): A virtual version of a physical computer
Virtual Private Network (VPN): A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet
Virus: Malicious code written to interfere with computer operations and cause damage to data and software
VirusTotal: A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content
Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Visual dashboard: A way of displaying various types of data quickly in one place
Vulnerability: A weakness that can be exploited by a threat
Vulnerability assessment: The internal review process of an organization's security systems
Vulnerability management: The process of finding and patching vulnerabilities
Vulnerability scanner: Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network
W
Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Web-based exploits: Malicious code or behavior that’s used to take advantage of coding flaws in a web application
Whaling: A category of spear phishing attempts that are aimed at high-ranking executives in an organization
Wide Area Network (WAN): A network that spans a large geographic area like a city, state, or country
Wi-Fi Protected Access (WPA): A wireless security protocol for devices to connect to the internet
Wildcard: A special character that can be substituted with any other character
Wireshark: An open-source network protocol analyzer
World-writable file: A file that can be altered by anyone in the world
Worm: Malware that can duplicate and spread itself across systems on its own
Y
YARA-L: A computer language used to create rules for searching through ingested log data
Z
Zero-day: An exploit that was previously unknown
Create a cybersecurity portfolio
Throughout this certificate program, you will have multiple opportunities to develop a professional cybersecurity portfolio to showcase your security skills and knowledge.
In this reading, you’ll learn what a portfolio is and why it’s important to develop a professional cybersecurity portfolio. You’ll also learn about options for creating an online or self-hosted portfolio that you can share with potential employers when you begin to look for cybersecurity jobs.
What is a portfolio, and why is it necessary?
Cybersecurity professionals use portfolios to demonstrate their security education, skills, and knowledge. Professionals typically use portfolios when they apply for jobs to show potential employers that they are passionate about their work and can do the job they are applying for. Portfolios are more in depth than a resume, which is typically a one-to-two page summary of relevant education, work experience, and accomplishments. You will have the opportunity to develop a resume, and finalize your portfolio, in the last course of this program.
Options for creating your portfolio
There are many ways to present a portfolio, including self-hosted and online options such as:
-
Documents folder
-
Google Drive or Dropbox
-
Google Sites
-
Git repository
Option 1: Documents folder
Description: A documents folder is a folder created and saved to your computer’s hard drive. You manage the folder, subfolders, documents, and images within it.
Document folders allow you to have direct access to your documentation. Ensuring that your professional documents, images, and other information are well organized can save you a lot of time when you’re ready to apply for jobs. For example, you may want to create a main folder titled something like “Professional documents.” Then, within your main folder, you could create subfolders with titles such as:
-
Resume
-
Education
-
Portfolio documents
-
Cybersecurity tools
-
Programming
Setup: Document folders can be created in multiple ways, depending on the type of computer you are using. If you’re unsure about how to create a folder on your device, you can search the internet for instructional videos or documents related to the type of computer you use.
Option 2: Google Drive or Dropbox
Description: Google Drive and Dropbox offer similar features that allow you to store your professional documentation on a cloud platform. Both options also have file-sharing features, so you can easily share your portfolio documents with potential employers. Any additions or changes you make to a document within that folder will be updated automatically for anyone with access to your portfolio.
Similar to a documents folder, keeping your Google Drive or Dropbox-based portfolio well organized will be helpful as you begin or progress through your career.
Setup: To learn how to upload and share files on these applications, visit the Google Drive and Dropbox websites for more information.
Option 3: Google Sites
Description: Google Sites and similar website hosting options have a variety of easy-to-use features to help you present your portfolio items, including customizable layouts, responsive webpages, embedded content capabilities, and web publishing.
Responsive webpages automatically adjust their content to fit a variety of devices and screen sizes. This is helpful because potential employers can review your content using any device and your media will display just as you intend. When you’re ready, you can publish your website and receive a unique URL. You can add this link to your resume so hiring managers can easily access your work.
Setup: To learn how to create a website in Google Sites, visit the Google Sites website.
Option 4: Git repository
Description: A Git repository is a folder within a project. In this instance, the project is your portfolio, and you can use your repository to store the documents, labs, and screenshots you complete during each course of the certificate program. There are several Git repository sites you can use, including:
-
GitLab
-
Bitbucket
-
GitHub
Each Git repository allows you to showcase your skills and knowledge in a customizable space. To create an online project portfolio on any of the repositories listed, you need to use a version of Markdown.
Setup: To learn about how to create a GitHub account and use Markdown, follow the steps outlined in the document Get started with GitHub
.
Portfolio projects
As previously mentioned, you will have multiple opportunities throughout the certificate program to develop items to include in your portfolio. These opportunities include:
-
Drafting a professional statement
-
Conducting a security audit
-
Analyzing network structure and security
-
Using Linux commands to manage file permissions
-
Applying filters to SQL queries
-
Identifying vulnerabilities for a small business
-
Documenting incidents with an incident handler’s journal
-
Importing and parsing a text file in a security-related scenario
-
Creating or revising a resume
Note: Do not include any private, copyrighted, or proprietary documents in your portfolio. Also, if you use one of the sites described in this reading, keep your site set to “private” until it is finalized.
Key takeaways
Now that you’re aware of some options for creating and hosting a professional portfolio, you can consider these as you develop items for your portfolio throughout the certificate program. The more proactive you are about creating a polished portfolio, the higher your chances of impressing a potential employer and obtaining a new job opportunity in the cybersecurity profession.