more on the outline, reformatted nested lists to be prettier

This commit is contained in:
2024-03-15 11:17:51 -06:00
parent 1509c01964
commit fb1efbdfb8
+64 -63
View File
@@ -1,67 +1,68 @@
# getting-started-in-cybersec # getting-started-in-cybersec
A guide to go from zero to hero in cyber security A guide to go from zero to hero in cyber security
Outline of core fundamentals (mostly blue team) ## fundamentals and theory
* fundamentals 1. definitions
1. definitions 2. core ideas
2. core ideas a. GRC
i. GRC - security culture
- security culture - budget
- budget - man power
- man power b. CIA triad
ii. CIA triad c. security in depth + zero trust security vs castle methoddiv. assume compromise
iii. security in depth + zero trust security vs castle method d. assessing threats
iv. assume compromise - threat actors
v. assessing threats e. threat modeling
- threat actors f. risk analysis
vi. threat modeling - assets
vii. risk analysis - financial impact modeling
- assets - heatmap of threats
- financial impact modeling g. mitigating risk
- heatmap of threats h. controlls
viii. mitigating risk - administrative
- technical
- detective
- preventitive
- deturrant
i. disaster recovery
- assume compromise
- redundant backups
- hot/cold/warm sites
j. access and authentication
- access
- authentication
- MFA
i. soemthing you know
ii. something you have
iii. something you are
iv. location
3. how security departments usually work
a. SOC
b. NOC
c. IR
d. administrative
4. offensive/defensive aka red team/blue team
a. blue team
b. red team
c. red team informs blue team
d. purple team
ix. controlls ## technical concepts and theory
- administrative 1. networking
- technical a. client-server model
- detective b. network devices
- preventitive c. ip addresses
- deturrant d. mac addresses
x. disaster recovery e. LAN
- assume compromise f. ARP
- redundant backups g. DHCP
- hot/cold/warm sites h. routing
xi. access and authentication I. TCP
- access - packets
- authentication J. DNS
- MFA 2. operating systems
i. soemthing you know a. windows
ii. something you have b. linux
iii. something you are c. android
iv. location d. ios
3. how security departments usually work e. embedded/iot
i. SOC
ii. NOC
iii. IR
iv. administrative
4. offensive/defensive aka red team/blue team
i. blue team
ii. red team
iii. red team informs blue team
iv. purple team
5. Look ahead to technical concepts
i. networking
- client-server model
- ip addresses
- mac addresses
- LAN
- ARP
- DHCP
- routing
ii. networking contd
- TCP
i. packets
- UDP
- DNS