About this Cybersecurity Course
This is a free Cybersecurity course encompassing a general overview and the history in this exciting field. We will also explore future projections, including problems and opportunities, for professionals and managers in the field.
Course Navigation:
- What Is Cybersecurity?
- History of Cybersecurity
- Future of Cybersecurity
- Challenges & Opportunities in Cybersecurity
- Next Steps for Cybersecurity
This free online Cybersecurity course directs you toward free videos, podcasts, and resources coupled with questions to aid in processing this critical sector. Each section is created to encompass two to three hours of learning material.
Whenever you see this icon, it is time to stop. Take a moment to watch, listen, read, or reflect.
At the end of each of the five sections is an opportunity to invest further. These suggestions include certifications, books, or courses, within a wide range of financial and time investments, to further studies and enrichment in the field of Cybersecurity.
1│What Is Cybersecurity?
Our world is an online one. We are deeply reliant on computers and the internet in all facets of our daily life, from the obvious (Netflix, Zoom, Gmail) to the not as obvious (traffic lights, water purification, weather forecasts). So much of our personal information now is stored on computers and networks. Therefore, it is crucial that there are security measures in place to protect ourselves and our businesses from cyber attacks. Cybersecurity is the practice of protecting the availability, integrity, and confidentiality of the information and secure the data, devices, and networks from attacks.
Read through this overview of cybersecurity put out by the U.S. Cybersecurity & Infrastructure Security Agency, check out this quick overview from IBM about how cybersecurity works, and watch this introduction to cybersecurity to gain a grasp of the field’s basic concepts. Is there anything that surprised you in these overviews?
Types of Cybersecurity and Threats
Because our computer and online world are vast, it follows that the types of cybersecurity needed are also broad. Some types of cybersecurity include critical infrastructure security, application security, network security, and cloud security. Critical infrastructure security is for things like our electrical grid, and application security includes things like the antivirus program on your computer. Network security is for protection against outside threats to internal networks and includes things like two-factor authentication. Cloud security protects data on the cloud. And there’s more. Basically, there are threats to everything related to computers, and the need for security of these systems cannot be understated.
Watch this video that lays out eight of the most common types of cybersecurity threats and pay attention to the ways to protect against each particular threat.
Cybersecurity Manager
A Cybersecurity Manager, an IT professional, oversees the security of systems, notes possible vulnerabilities to networks and systems, and comes up with strategies to protect the systems from possible attacks. Their job protects their organizations from possible loss of income but also loss of trust from clients.
For these Cybersecurity Managers, a four-year degree is required for most, if not all, organizations. It is not uncommon to need a higher-level degree or an additional certificate as well. A Cybersecurity Manager must have a high level of understanding regarding information security, assurance, and operations. But they must also have an understanding of risk management and project management since they also must help in the creation and implementation of protocols and audits, alongside the investigation of any data breaches.
This video offers a solid overview of the lay of the cybersecurity land. Presented as interview questions for a new cybersecurity professional, the questions here should provide you with a solid understanding of some key elements when it comes to cybersecurity.
Further Thought
Cybersecurity management is an interdisciplinary field. The National Initiative for Cybersecurity Education created the Cybersecurity Workforce Framework, which is a resource to create a consistent language around how to recruit, train, and keep cybersecurity professionals. Take some time to read through the information to gain some important language about the roles and functions of cybersecurity professionals in the workplace.
Further Investment
To augment the information in this free cybersecurity course, consider this cybersecurity certification. This program covers the fundamentals of cybersecurity, from cryptography to access management to network security. The courses are synchronous online courses and run for four weeks, two days in a row each week. It’s a good course for both those brand new to cybersecurity and for IT professionals with just one to two years of working experience. It covers content around general level security essentials, networks, and security, including application, data, cloud, endpoint security, cryptography, and best practices in security.
2│History of Cybersecurity
I’m the creeper…
You could say the cybersecurity was nascent in the 1970s, though the idea of a computer virus was actually conceptualized in 1949 by John von Neumann. Neumann, a mathematician and physicist, wrote a paper that posited the idea of what we today call a worm that could self-replicate automatically within a computer. In 1971, Bob Thomas at BBN Technologies created what is widely agreed to be the first computer worm. This worm was not intended to be malicious, it simply moved between computers and would display the message, “I’m the creeper: catch me if you can.”
Then, in 1988, Robert Morris, a graduate student at Cornell University, launched a worm on the computer systems at MIT. Again, this worm was not ill-intended. Rather, Morris sought to identify vulnerabilities in the system. Because he wanted to ensure system administrators couldn’t defeat the worm by having the computers report a false positive, Morris wrote the code in a way that made the worm replicate 14 percent of the time. In the end, the worm caused significant financial damage. As a result, Morris was prosecuted and became the first person to be convicted under the new Computer Fraud and Abuse Act.
Read through the groundbreaking U.S. vs Morris case. And additionally, take some time to watch the documentary to learn more about the virus that changed the world. How did this case alter the trajectory of online data and data systems?
Netscape and SSL
Netscape released the first browser and shortly thereafter launched the Secure Sockets Layer 2.0 in the mid-1990s, which creates an encrypted link between a client and a server. This meant that when someone inputted important information, it will become encrypted and only be readable by the intended recipient. Until 2011, it was used for things we now consider commonplace, such as buying things online. In 2011, SSL was replaced with Transport Layer Security.
Learn about SSL in this short video and look over this report that was created specifically to track the historical record of SSL 3.0 by the Internet Engineering Task Force. SSL technology was foundational for buying and selling goods online. What other virtual tools and functions can you think of that are built around secure and encrypted communication?
ILOVEYOU, Melissa
In the late 1990s and early 2000s, ILOVEYOU and Melissa were some of the viruses that infected millions of computers around the globe. These threats led to the creation of the first antivirus technology and also raised awareness for users of the risks associated with the internet. Since it was clear that these viruses spread between email accounts, they also spurred organizations in taking action to create safeguards to protect their systems and data.
Cybersecurity is a priority for every organization, from virtual private networks to more intense measures. The landscape of cybersecurity’s history is vast, and we’ve only skimmed the surface. Take some time to read this article on the history of cybersecurity to gain a better perspective on how this worldwide industry came to be as it is today. The article states that the Federal Cybersecurity Research and Development has the understanding that it is impossible to be 100% protected from cyberattacks. What are the pros and cons of this type of ideology?
Further Thought
Black Hat Briefings is a security event series that’s been around for more than 20 years that cover information on the latest trends in security research, development, and trends. In this Black Hat Briefing, a Department of Justice Computer Crime and Intellectual Property Section Prosecutor explains the Computer Fraud and Abuse Act in layman’s terms and walks the viewer through the process of how federal prosecutors decide when to press charges in hacking cases. What are some of the barriers to successfully charge cyber criminals?
Further Investment
Much of cybersecurity is centered around companies and organizations protecting client and customer data. But the industry also plays a very important role in national governments around the world. Consider reading Dark Territory: The Secret History of Cyber War by Fred Kaplan, which explores the U.S. government’s efforts to manage national security in a world of open communications networks.
3│Future of Cybersecurity
Global Events
The COVID-19 pandemic has made it remarkably clear, if it wasn’t already, how heavily we rely on the digital infrastructure of businesses and government, and how easily they are threatened.
In fact, the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre issued a joint Cyber Awareness alert in April 2020 about it. Read through the alert and the advice that the agencies give. Are there any actions you can take to help secure your data in light of the malicious COVID-19 cyber activity?
The future of cybersecurity is going to continue to be shaped by global phenomena, like the COVID-19 pandemic, as the number of cyber threats and attacks increases. Read this Security Intelligence article to learn more about what Cybersecurity Managers can learn about the rise of threats during the current pandemic and consider what this information can do during future global events.
Autonomous Endpoints
Endpoints are things like laptops, desktops, or mobile phones and create exploitable entry points into networks. Endpoint vulnerabilities are ever-increasing for organizations, especially as more are allowing employees to use their own devices for work, something that, with COVID-19 and increased remote work, we’re likely to see even more of. As a result, most security breaches now come through endpoints, rather than networks. Meaning, Cybersecurity Managers must develop methods to create better control over endpoints.
Louis Columbus, Principal at IQMS, believes that creating autonomous endpoints that can both heal themselves and revive their operating systems is essential for a secure future. As you read this article by Columbus, be sure to also spend some time exploring Verizon’s 2020 Data Breach Investigations Report that he references. What can you see as the financial pros and cons of this type of cybersecurity?
Remote Work
The rapid expansion of remote work in early 2020 due to COVID-19 is unlikely to disappear quickly. In fact, many in the workforce might find an increasing number of employers who are not only open to but encourage remote work. This is where, as we have seen, the conversation about cybersecurity for endpoints is relevant. But it’s not just that there is a weakness in these endpoints from a technological level. The risk is also due to our humanness.
Take a minute to read this cybersecurity article, which discusses the need for employees to develop a habit of being more mindful and reporting security issues, by doing things like reporting strange emails they receive in their inboxes. This kind of mentality, however, is one that must be led by Cybersecurity Managers and others within the organization. How do you see this mental shift affecting future organizational cybersecurity efforts?
It’s About Trust
The future of cybersecurity is not going to just be about protecting your passwords or your credit card account. We have built a way of life that is heavily dependent on our digital culture.
Keren Elazari and Amit Elazari Bar On are a friendly hacker/lawyer duo (who are also sisters) who believe that the future of cybersecurity is about protecting this digital way of life we’ve created. In their cybersecurity talk from an RSA Conference, the sisters discuss how the continuing rise of technological viruses discourages people from trusting digital innovation and impacts policy landscapes. They further describe how friendly hackers can help create a more hopeful future. After listening, explore the HackerOne site and what they are doing on the cybersecurity front.
The thing is that both the boon and the bane of new technology are entirely dependent upon people using it. Tony Sager is the Senior Vice-President and Chief Evangelist at the Center for Internet Security. Read the cybersecurity article he wrote for Cyber Security Summit and consider the balance he discusses between risk, innovation, and security in our digital world.
Further Thought
Learn more about Absolute Software, which Columbus refers to in the article about autonomous endpoints, as an example of a company doing innovative cybersecurity work by creating self-healing persistent-firmware technology and strong endpoint security. What is one way a system like this could help your community or organization during a global event, like the COVID-19 pandemic?
Further Investment
Making plans in the age of COVID-19 is a tenuous thing. Nevertheless, consider attending the Cyber Security Summit. This Summit brings together stakeholders in industry, academia, and government to help improve cybersecurity both domestically and abroad. Or, if you are more inclined to learn virtually, once this free cybersecurity course is completed, check out this ethical hacking course.
4│Challenges & Opportunities in Cybersecurity
Cybersecurity should be a priority for all levels of organizations, from governments to small enterprises. But, as you would expect, there are challenges that come along with working to ensure security. And, in fact, because this is a rapidly evolving field, the challenges for a Cybersecurity Manager are ever-new as well. Challenges range from compliance with the General Data Protection Regulation to Cloud security to ransomware and beyond.
Read through this primer on some general challenges faced in the field of cybersecurity within the last few years. Have you heard of any of these issues and attacks happening? Have you experienced any of these first hand?
Elections
Cybercrime is now known to influence world events, in part as cyber espionage. Governments at all levels have departments dedicated to election cybersecurity.
To get a picture of how cybersecurity professionals are combatting this challenge, you can explore a little about what the Office of Election Cybersecurity looks like for California. They list roles and responsibilities at many different levels to help aid election cybersecurity. What is one thing that you can do to help in the next election?
Listen to this election hacking talk, given by Kenneth Geers, who is the Chief Research Scientist at Comodo, given at the 2019 RSA Conference. Geers goes over how countries, their spies and hackers, are able to use cyberthreats to influence elections. He uses data from multiple countries that held national elections over a two-year span. As you watch, consider the ways the seemingly benign data we put out on the internet through channels such as our social media, can be used as accessories to these types of cybersecurity breaches.
Advanced Persistent Threats
Advanced Persistent Threats (APT) are threats that are able to sneak into systems and servers and remain there, stealthily undetected, for a significant period of time. They are created as sophisticated and targeted attacks, unlike malware, which is more general. They are often used to obtain highly sensitive information.
Learn more about the characteristics, progression, repair, and prevention of APTs. Compare these APTs to the initial worms from the 1970s. How have the attacks and the preventative measures advanced?
Internet of Things
The Internet of Things (IoT) devices are fantastic. They make life easier and more efficient. Examples of IoT devices include your Alexa, your Fitbit, or your Ring doorbell. However, for all their usefulness, they don’t have much in the way of security. With the increasing number of IoT in people’s lives, this is a deep concern for cybersecurity experts, because security practices do not yet have the same level of capabilities as many of these products. At the same time, there are huge opportunities for new devices as part of IoT, which means the opportunities for making strides in IoT cybersecurity are also high.
An article came out just a few years ago about the state of cybersecurity when it comes to IoT. And while the field of cybersecurity is constantly changing, it still gives a great overview. Consider the question that the article concludes with and its implications: Must we wait for a big hack before facing down the current state of IoT cybersecurity?
Mirai is one example of an IoT threat from 2016. The creators of Mirai created a chain reaction through CCTV cameras and brought down a huge portion of the internet along the U.S. East Coast. It’s a fascinating study in terms of cybersecurity threats.
Read through the history and implementation of this cybersecurity attack. What do you see as the moral of the Mirai story?
Further Thought
Find an episode of The 443 Podcast that interests you and listen to it. This podcast, created by white-hat hackers, otherwise known as ethical hackers, delves into current events and trends in cybersecurity. There are a ton of episodes that will give you a window in the wide, wonderful, and terrifying world of cybersecurity in a way that breaks down complicated concepts into understandable insights.
Further Investment
IoT is huge and continues to grow. Take a look around your home; how many devices or wearables can you count? This is one area of cybersecurity that isn’t going to slow down anytime soon since it’s a field rife with innovative possibilities. Take some time to take this Coursera course on cybersecurity and the Internet of Things to gain a better understanding of the challenges as well as the opportunities in this cybersecurity area. This is an intermediate course that takes about 12 hours to complete.
5│Next Steps for Cybersecurity Managers
Getting Started in the Field
Breaking into a new field is no small feat. It can be overwhelming to know where to start. When it comes to cybersecurity, some feel that it’s important to come into it with some kind of background in the field. Others argue that a background in something like IT is the most beneficial.
Spend some time processing the advice in this cybersecurity article. The writers encourage hopeful Cybersecurity Managers to “just do the thing,” but they also provide some valuable tips and insights into how to make that actually happen. They also suggest some great professionals to follow; after reading, take some time to find a few that you feel would be particularly helpful for you and your cybersecurity interests.
This webinar from InfoSec Institute offers tips for those who are looking to break into the cybersecurity field and includes suggestions on some first steps, certifications to consider, and what kind of personal qualities you’ll want to have to succeed as a cybersecurity professional. What are some next steps you can take in your cybersecurity journey?
Build Up Your Toolbox
The world of cybersecurity management is vast. And as we’ve already explored, it is a field that is in a constant state of evolution. As a result, Cybersecurity Managers must be sure to keep their skills and knowledge base current as new threats and new ways to combat them are developed.
This video lays out eight cybersecurity tools that have stood the test of time and continue to be relevant. After watching this video, learn more about the tools that are used in the areas of cybersecurity in which you have an interest. Spend some time exploring different companies’ websites and what they offer.
Create a Cybersecurity Strategy
A Cybersecurity Manager plays a vital role in creating a cybersecurity strategy for their organization. This strategy consists of tools such as the ones discussed in the video you watched in the last section, as well as a variety of processes and policies. Read through this post from McAfee to get a general overview of considerations when it comes to putting together a cybersecurity strategy. Take note of the areas that you feel most comfortable dealing with and which areas you could gain more information on.
Further Thought
Cybersecurity is a field rife with certifications, which makes sense considering the sheer breadth of what cybersecurity entails. Certifications add credibility, and many leaders in the industry believe in the value of hiring credentialed cybersecurity professionals. You’ve already learned a bit about what certifications are out there earlier in this section. But if you’re unsure which certificates are worth pursuing, Forbes put together a list of the ten most popular certificates for cybersecurity. As you check out this list, it’s a great time to take stock, if you haven’t already, of what skills you already have and what direction you’d like to go as a Cybersecurity Manager.
Further Investment
Since there is such an emphasis on certifications when it comes to cybersecurity management, here’s a suggestion of a cybersecurity certificate course offered by Educba that you can pursue at the close of this free online cybersecurity course. This is a 77-hour program with 12 courses and three projects. It can be completed at whatever pace works best for you and will provide you with a solid background on basic concepts in cybersecurity. This certificate will set you up well as you set out on the path to becoming a Cybersecurity Manager.
This is the end of our free online cybersecurity course. We hope it gives you a good background on the topic!