more on the outline, reformatted nested lists to be prettier
This commit is contained in:
@@ -1,67 +1,68 @@
|
||||
# getting-started-in-cybersec
|
||||
A guide to go from zero to hero in cyber security
|
||||
|
||||
Outline of core fundamentals (mostly blue team)
|
||||
* fundamentals
|
||||
1. definitions
|
||||
2. core ideas
|
||||
i. GRC
|
||||
- security culture
|
||||
- budget
|
||||
- man power
|
||||
ii. CIA triad
|
||||
iii. security in depth + zero trust security vs castle method
|
||||
iv. assume compromise
|
||||
v. assessing threats
|
||||
- threat actors
|
||||
vi. threat modeling
|
||||
vii. risk analysis
|
||||
- assets
|
||||
- financial impact modeling
|
||||
- heatmap of threats
|
||||
viii. mitigating risk
|
||||
|
||||
ix. controlls
|
||||
- administrative
|
||||
- technical
|
||||
- detective
|
||||
- preventitive
|
||||
- deturrant
|
||||
x. disaster recovery
|
||||
- assume compromise
|
||||
- redundant backups
|
||||
- hot/cold/warm sites
|
||||
xi. access and authentication
|
||||
- access
|
||||
- authentication
|
||||
- MFA
|
||||
i. soemthing you know
|
||||
ii. something you have
|
||||
iii. something you are
|
||||
iv. location
|
||||
3. how security departments usually work
|
||||
i. SOC
|
||||
ii. NOC
|
||||
iii. IR
|
||||
iv. administrative
|
||||
|
||||
4. offensive/defensive aka red team/blue team
|
||||
i. blue team
|
||||
ii. red team
|
||||
iii. red team informs blue team
|
||||
iv. purple team
|
||||
## fundamentals and theory
|
||||
1. definitions
|
||||
2. core ideas
|
||||
a. GRC
|
||||
- security culture
|
||||
- budget
|
||||
- man power
|
||||
b. CIA triad
|
||||
c. security in depth + zero trust security vs castle methoddiv. assume compromise
|
||||
d. assessing threats
|
||||
- threat actors
|
||||
e. threat modeling
|
||||
f. risk analysis
|
||||
- assets
|
||||
- financial impact modeling
|
||||
- heatmap of threats
|
||||
g. mitigating risk
|
||||
h. controlls
|
||||
- administrative
|
||||
- technical
|
||||
- detective
|
||||
- preventitive
|
||||
- deturrant
|
||||
i. disaster recovery
|
||||
- assume compromise
|
||||
- redundant backups
|
||||
- hot/cold/warm sites
|
||||
j. access and authentication
|
||||
- access
|
||||
- authentication
|
||||
- MFA
|
||||
i. soemthing you know
|
||||
ii. something you have
|
||||
iii. something you are
|
||||
iv. location
|
||||
3. how security departments usually work
|
||||
a. SOC
|
||||
b. NOC
|
||||
c. IR
|
||||
d. administrative
|
||||
4. offensive/defensive aka red team/blue team
|
||||
a. blue team
|
||||
b. red team
|
||||
c. red team informs blue team
|
||||
d. purple team
|
||||
|
||||
5. Look ahead to technical concepts
|
||||
i. networking
|
||||
- client-server model
|
||||
- ip addresses
|
||||
- mac addresses
|
||||
- LAN
|
||||
- ARP
|
||||
- DHCP
|
||||
- routing
|
||||
ii. networking contd
|
||||
- TCP
|
||||
i. packets
|
||||
- UDP
|
||||
- DNS
|
||||
## technical concepts and theory
|
||||
1. networking
|
||||
a. client-server model
|
||||
b. network devices
|
||||
c. ip addresses
|
||||
d. mac addresses
|
||||
e. LAN
|
||||
f. ARP
|
||||
g. DHCP
|
||||
h. routing
|
||||
I. TCP
|
||||
- packets
|
||||
J. DNS
|
||||
2. operating systems
|
||||
a. windows
|
||||
b. linux
|
||||
c. android
|
||||
d. ios
|
||||
e. embedded/iot
|
||||
|
||||
Reference in New Issue
Block a user