Week 1

History of Cybersecurity

  • Threats continue to increase and it won't change

  • 1.8 mil. unfilled csec jobs + 200k layoff in IT. #layoff2023

  • Not enough skilled cybersec people

  • Skilled people go to find cool job in DarkWeb due

    • to better salary

    • WFH remote

    • No dumb ass management

    • No weird colleagues

  • SOC analyst reviews security incidents in SIEMs

    • Pivot data and triage it in different ways to understand is this an issue or not

    • Create IOC's

    • Find other internal Ip's that are potentially infected with same malware

    • Use

      • Thread feed

      • Search Engines

      • Virus Total

      • Favorite tools

    • Be curious to learn, research and investigate

    • Search more IOC's information for malware from the internet

  • Skills in cybersecurity are in high demand.

  • Kenneth Gonzalez, a penetration tester in Costa Rica from IBM's Explores Red Team

    • LinkedIn

  • IBM is a global company with subject matter experts in a range of job roles.

Interesting, is it possible to get hired by IBM for the Red or Blue team role?

  • IBM guys

  • CIA triad - protection of information systems from unauthorized activities in order to provide confidentiality, integrity and availability

  • Confidentiality - data must be restricted to only authorized subjects or entities

    • Data encryption is a common method of ensuring confidentiality

  • Integrity - maintaining the consistency and accuracy of data over its entire life cycle.

    • use hash values for data integrity verification as they must match to make sure that the integrity is accurate.

  • Availability - it is about keeping the business operations up and running, firewalls, proxies, computers everything has to be up and running 24 by 7, 365 days

    • business continuity plans

    • disaster recovery

    • redundancy

Key Terms

  • Vulnerability - is a flaw, loophole, oversight, or error that can be exploited to violate system security policy.

    • For example, a software or an application that has code vulnerable to a buffer or flow exploit.

  • Threat - is an event, natural or man-made, able to cause negative impact to an organization.

    • It could be a storm or a hurricane or a hacker, for instance.

  • Exploit - a way to breach the security of an IT system through a vulnerability.

    • Like the buffer overflow example.

Learn how to "buffer overflow" on practice via HTB and TCM

  • Risk - is the probability of an event or that an event could actually happen.

    • Likelihood of a vulnerability to be exploited.

Security Threats

  • We have internal factors and external threats.

  • Internal factors

    • former employees

    • current employees

  • External factors

    • Malicious events

  • Natural factors

    • Lightning

    • Hurricane

    • Tsunami

Vulnerability Assessments

  • Vulnerability assessment - is the process of identifying, analyzing, and ranking vulnerabilities in the specific environment

  • Many systems are shipped with known and unknown security holes and bugs

Roles in Security

  • Chief Information Security Officer - a head in charge of the Information Security Division to supervise, manage, and be the leader of the Information Security Tower.

  • Digital Forensic Analyst

  • SEM Engineer

  • Information security analyst - analyzing events, alerts, alarms, and any information that could be useful to identify any threats.

  • Information Security Auditor - in charge of testing the effectiveness of computer information systems to make sure that they follow best practices, they follow standards as specific regulations like the ISO27001 or 002 for instance.

From Ronald Reagan

  • US President Ronald Reagan to create the first national policy on cybersecurity

  • first policy for a cybersecurity field in United States that is called the National policy of telecommunication and automated Information Systems Security NSDD155.

Last updated