68 lines
1.7 KiB
Markdown
68 lines
1.7 KiB
Markdown
# getting-started-in-cybersec
|
|
A guide to go from zero to hero in cyber security
|
|
|
|
Outline of core fundamentals (mostly blue team)
|
|
* fundamentals
|
|
1. definitions
|
|
2. core ideas
|
|
i. GRC
|
|
- security culture
|
|
- budget
|
|
- man power
|
|
ii. CIA triad
|
|
iii. security in depth + zero trust security vs castle method
|
|
iv. assume compromise
|
|
v. assessing threats
|
|
- threat actors
|
|
vi. threat modeling
|
|
vii. risk analysis
|
|
- assets
|
|
- financial impact modeling
|
|
- heatmap of threats
|
|
viii. mitigating risk
|
|
|
|
ix. controlls
|
|
- administrative
|
|
- technical
|
|
- detective
|
|
- preventitive
|
|
- deturrant
|
|
x. disaster recovery
|
|
- assume compromise
|
|
- redundant backups
|
|
- hot/cold/warm sites
|
|
xi. access and authentication
|
|
- access
|
|
- authentication
|
|
- MFA
|
|
i. soemthing you know
|
|
ii. something you have
|
|
iii. something you are
|
|
iv. location
|
|
3. how security departments usually work
|
|
i. SOC
|
|
ii. NOC
|
|
iii. IR
|
|
iv. administrative
|
|
|
|
4. offensive/defensive aka red team/blue team
|
|
i. blue team
|
|
ii. red team
|
|
iii. red team informs blue team
|
|
iv. purple team
|
|
|
|
5. Look ahead to technical concepts
|
|
i. networking
|
|
- client-server model
|
|
- ip addresses
|
|
- mac addresses
|
|
- LAN
|
|
- ARP
|
|
- DHCP
|
|
- routing
|
|
ii. networking contd
|
|
- TCP
|
|
i. packets
|
|
- UDP
|
|
- DNS
|