# Week 1 * Threats continue to increase and it won't change * 1.8 mil. unfilled csec jobs + 200k layoff in IT. #layoff2023 * Not enough skilled cybersec people * Skilled people go to find cool job in DarkWeb due * to better salary * WFH remote * No dumb ass management * No weird colleagues * SOC analyst reviews security incidents in SIEMs * Pivot data and triage it in different ways to understand is this an issue or not * Create IOC's * Find other internal Ip's that are potentially infected with same malware * Use * Thread feed * Search Engines * Virus Total * Favorite tools * Be curious to learn, research and investigate * Search more IOC's information for malware from the internet * Skills in cybersecurity are in high demand. * Kenneth Gonzalez, a penetration tester in Costa Rica from IBM's Explores Red Team * LinkedIn * IBM is a global company with subject matter experts in a range of job roles. {% hint style="info" %} Interesting, is it possible to get hired by IBM for the Red or Blue team role? {% endhint %} * IBM [guys](https://d3c33hcgiwev3.cloudfront.net/deHBQ5nPEem6SAq8ilBGGg_741bbdfe17884efb88e59dfe71281303_Your-IBM-Subject-Matter-Experts--Intro-to-Cybersecurity-tools.pdf?Expires=1675814400\&Signature=UaR-ioZ4Id2FUtStZz2hoJcbfty--S5fWS1Ane8ZSlITOhDf7YJM8j2iQBnpqndKaCGWBH0zHg1NUFoHmFmWTdFO8nGmyKIy4BEYx5aPKcB8Uv-~XQoK6eEC31-BtMEEkjmbrfK-OREsaykuY-1OuhM0gJMJUxg4GmoaJUHzYR4_\&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A) * CIA triad - protection of information systems from unauthorized activities in order to provide confidentiality, integrity and availability * Confidentiality - data must be restricted to only authorized subjects or entities * Data encryption is a common method of ensuring confidentiality * Integrity - maintaining the consistency and accuracy of data over its entire life cycle. * use hash values for data integrity verification as they must match to make sure that the integrity is accurate. * Availability - it is about keeping the business operations up and running, firewalls, proxies, computers everything has to be up and running 24 by 7, 365 days * business continuity plans * disaster recovery * redundancy {% hint style="info" %} Key Terms {% endhint %} * Vulnerability - is a flaw, loophole, oversight, or error that can be exploited to violate system security policy. * For example, a software or an application that has code vulnerable to a buffer or flow exploit. * Threat - is an event, natural or man-made, able to cause negative impact to an organization. * It could be a storm or a hurricane or a hacker, for instance. * Exploit - a way to breach the security of an IT system through a vulnerability. * Like the buffer overflow example. {% hint style="warning" %} Learn how to "buffer overflow" on practice via HTB and TCM {% endhint %} * Risk - is the probability of an event or that an event could actually happen. * Likelihood of a vulnerability to be exploited. {% hint style="info" %} Security Threats {% endhint %} * We have internal factors and external threats. * Internal factors * former employees * current employees * External factors * Malicious events * Natural factors * Lightning * Hurricane * Tsunami {% hint style="info" %} Vulnerability Assessments {% endhint %} * Vulnerability assessment - is the process of identifying, analyzing, and ranking vulnerabilities in the specific environment * Many systems are shipped with known and unknown security holes and bugs {% hint style="info" %} Roles in Security {% endhint %} * Chief Information Security Officer - a head in charge of the Information Security Division to supervise, manage, and be the leader of the Information Security Tower. * Digital Forensic Analyst * SEM Engineer * Information security analyst - analyzing events, alerts, alarms, and any information that could be useful to identify any threats. * Information Security Auditor - in charge of testing the effectiveness of computer information systems to make sure that they follow best practices, they follow standards as specific regulations like the ISO27001 or 002 for instance. {% hint style="info" %} From Ronald Reagan {% endhint %} * US President Ronald Reagan to create the first national policy on cybersecurity * first policy for a cybersecurity field in United States that is called the National policy of telecommunication and automated Information Systems Security NSDD155.