getting-started-in-cybersec
A guide to go from zero to hero in cyber security
Outline of core fundamentals (mostly blue team)
- fundamentals
-
definitions
-
core ideas i. GRC - security culture - budget - man power ii. CIA triad iii. security in depth + zero trust security vs castle method iv. assume compromise v. assessing threats - threat actors vi. threat modeling vii. risk analysis - assets - financial impact modeling - heatmap of threats viii. mitigating risk
ix. controlls - administrative - technical - detective - preventitive - deturrant x. disaster recovery - assume compromise - redundant backups - hot/cold/warm sites xi. access and authentication - access - authentication - MFA i. soemthing you know ii. something you have iii. something you are iv. location
-
how security departments usually work i. SOC ii. NOC iii. IR iv. administrative
-
offensive/defensive aka red team/blue team i. blue team ii. red team iii. red team informs blue team iv. purple team
-
Look ahead to technical concepts i. networking - client-server model - ip addresses - mac addresses - LAN - ARP - DHCP - routing ii. networking contd - TCP i. packets - UDP - DNS
-