Week 1
History of Cybersecurity
Threats continue to increase and it won't change
1.8 mil. unfilled csec jobs + 200k layoff in IT. #layoff2023
Not enough skilled cybersec people
Skilled people go to find cool job in DarkWeb due
to better salary
WFH remote
No dumb ass management
No weird colleagues
SOC analyst reviews security incidents in SIEMs
Pivot data and triage it in different ways to understand is this an issue or not
Create IOC's
Find other internal Ip's that are potentially infected with same malware
Use
Thread feed
Search Engines
Virus Total
Favorite tools
Be curious to learn, research and investigate
Search more IOC's information for malware from the internet
Skills in cybersecurity are in high demand.
Kenneth Gonzalez, a penetration tester in Costa Rica from IBM's Explores Red Team
LinkedIn
IBM is a global company with subject matter experts in a range of job roles.
Interesting, is it possible to get hired by IBM for the Red or Blue team role?
IBM guys
CIA triad - protection of information systems from unauthorized activities in order to provide confidentiality, integrity and availability
Confidentiality - data must be restricted to only authorized subjects or entities
Data encryption is a common method of ensuring confidentiality
Integrity - maintaining the consistency and accuracy of data over its entire life cycle.
use hash values for data integrity verification as they must match to make sure that the integrity is accurate.
Availability - it is about keeping the business operations up and running, firewalls, proxies, computers everything has to be up and running 24 by 7, 365 days
business continuity plans
disaster recovery
redundancy
Key Terms
Vulnerability - is a flaw, loophole, oversight, or error that can be exploited to violate system security policy.
For example, a software or an application that has code vulnerable to a buffer or flow exploit.
Threat - is an event, natural or man-made, able to cause negative impact to an organization.
It could be a storm or a hurricane or a hacker, for instance.
Exploit - a way to breach the security of an IT system through a vulnerability.
Like the buffer overflow example.
Learn how to "buffer overflow" on practice via HTB and TCM
Risk - is the probability of an event or that an event could actually happen.
Likelihood of a vulnerability to be exploited.
Security Threats
We have internal factors and external threats.
Internal factors
former employees
current employees
External factors
Malicious events
Natural factors
Lightning
Hurricane
Tsunami
Vulnerability Assessments
Vulnerability assessment - is the process of identifying, analyzing, and ranking vulnerabilities in the specific environment
Many systems are shipped with known and unknown security holes and bugs
Roles in Security
Chief Information Security Officer - a head in charge of the Information Security Division to supervise, manage, and be the leader of the Information Security Tower.
Digital Forensic Analyst
SEM Engineer
Information security analyst - analyzing events, alerts, alarms, and any information that could be useful to identify any threats.
Information Security Auditor - in charge of testing the effectiveness of computer information systems to make sure that they follow best practices, they follow standards as specific regulations like the ISO27001 or 002 for instance.
From Ronald Reagan
US President Ronald Reagan to create the first national policy on cybersecurity
first policy for a cybersecurity field in United States that is called the National policy of telecommunication and automated Information Systems Security NSDD155.
Last updated