You’ll discover common tools used by cybersecurity analysts to identify and mitigate risk. You’ll learn about security information and event management (SIEM) tools, network protocol analyzers, and programming languages such as Python and SQL.
Learning Objectives
- Identify common tools used by entry-level security analysts
- Identify the purposes of commonly used tools
- Identify commonly used programming languages and how entry-level security analysts interact with those languages
- Discuss how entry-level security analysts use tools and programming languages to mitigate risk
- Important cybersecurity tools
- Core cybersecurity knowledge and skills
- Video: Introduction to Linux, SQL, and Python
- Reading: Use tools to protect business operations
- Practice Quiz: Test your knowledge: Core cybersecurity knowledge and skills
- Reading: Create a cybersecurity portfolio
- Quiz: Portfolio Activity: Draft a professional statement
- Reading: Portfolio Activity Exemplar: Draft a professional statement
- Review: Cybersecurity tools and programming languages
- Congratulations on completing Course 1!
Important cybersecurity tools
Video: Welcome to module 4
- This is the final section of the course on security.
- This section will introduce tools and programming languages that are commonly used in the security field.
- These tools are essential for monitoring security in an organization because they enhance efficiency by automating tasks.
- The tools that will be introduced include:
- Security information and event management (SIEM) tools
- Playbooks
- Network protocol analyzers
- The Linux operating system
- Programming languages such as SQL and Python
- The course will also provide hands-on activities so that learners can practice using these tools.
- The course will provide foundational knowledge that will help learners succeed in the security industry.
Here are some specific points from the text:
- The author emphasizes the importance of automating tasks in security monitoring.
- The author also stresses the importance of hands-on practice in learning security tools.
- The author mentions that the course will provide foundational knowledge, but that each organization will have its own set of tools and training materials.
Welcome to the final
section of this course! Here, we’ll be
introducing tools and programming languages that are commonly used in
the security field. They are essential for
monitoring security in an organization
because they enhance efficiency by automating tasks. Although we’re only introducing these concepts and
tools at this point, later in the program, you’ll have opportunities
to use them in a variety of
hands-on activities. In the following videos, you’ll learn about
security information and event management, or SIEM, tools. You’ll also be introduced
to other tools such as playbooks and network
protocol analyzers. Then, you’ll learn about the
Linux operating system and security-related tasks
that are initiated through programming languages,
such as SQL and Python. For me, SQL is one of
the most useful tools. It allows me to explore all the different data
sources we collect, and it allows my team to
analyze the data for trends. Take your time going
through the videos and if you need
to, re-watch them. Also know that
these tools will be discussed in much more detail, and you will be able
to practice them firsthand, later in the
certificate program. While every organization has
their own set of tools and training materials that you’ll
learn to use on the job, this program will provide you with foundational
knowledge that will help you succeed in
the security industry. Let’s get started!
Video: Common cybersecurity tools
- Security tools are essential for mitigating potential risks and threats.
- Some commonly used security tools are SIEM tools, playbooks, and network protocol analyzers.
- SIEM tools collect and analyze log data to monitor critical activities in an organization.
- Playbooks are manuals that provide details about how to respond to security incidents.
- Network protocol analyzers are tools that capture and analyze data traffic within a network.
- As an entry-level security analyst, you don’t have to be an expert in these tools.
- As you continue through the certificate program and get more hands-on practice, you’ll continuously build your understanding of how to use these tools to identify, assess, and mitigate risks.
Here are some specific points from the text:
- The author emphasizes the importance of using security tools to mitigate risks.
- The author also stresses the need for security analysts to be familiar with a variety of security tools.
- The author mentions that playbooks and network protocol analyzers are not as commonly used as SIEM tools, but they can be essential for responding to specific types of security incidents.
Cybersecurity tools are essential for protecting organizations from cyberattacks. There are many different types of cybersecurity tools available, each with its own specific purpose. Some of the most common cybersecurity tools include:
- Firewalls: Firewalls are used to block unauthorized access to a network. They can be configured to block specific IP addresses, ports, or protocols.
- Intrusion detection systems (IDS): IDSs monitor network traffic for suspicious activity. When an IDS detects suspicious activity, it can generate an alert or take automated action to block the attack.
- Intrusion prevention systems (IPS): IPSs are similar to IDSs, but they can also take active steps to block attacks. For example, an IPS can block a malicious packet from reaching its destination.
- Antivirus software: Antivirus software scans files and applications for known malware. It can also quarantine or delete infected files.
- Anti-spam software: Anti-spam software filters out unwanted emails, such as spam and phishing emails.
- Data loss prevention (DLP) software: DLP software helps organizations to prevent sensitive data from being leaked. It can do this by monitoring data flows and blocking unauthorized access to sensitive data.
- Web application firewalls (WAFs): WAFs are used to protect web applications from attacks. They can do this by blocking malicious requests and by scanning web traffic for vulnerabilities.
- Endpoint detection and response (EDR) solutions: EDR solutions monitor endpoints, such as computers and mobile devices, for suspicious activity. They can also collect and analyze data from endpoints to investigate and respond to security incidents.
These are just a few of the many different types of cybersecurity tools available. The specific tools that an organization needs will depend on its size, industry, and risk profile.
Here are some tips for choosing cybersecurity tools:
- Consider the organization’s size, industry, and risk profile.
- Make sure the tools are compatible with the organization’s existing systems and infrastructure.
- Get expert advice from a cybersecurity professional.
- Regularly update the tools to ensure they are up-to-date with the latest threats.
By using a variety of cybersecurity tools, organizations can help to protect themselves from cyberattacks.
As mentioned earlier, security is like
preparing for a storm. If you identify a leak, the color or shape
of the bucket you use to catch the
water doesn’t matter. What is important is
mitigating the risks and threats to your home, by using
the tools available to you. As an entry-level
security analyst, you’ll have a lot of tools in your toolkit that you can use to mitigate potential risks. In this video, we’ll discuss the primary purposes
and functions of some commonly
used security tools. And later in the program, you’ll have hands-on
opportunities to practice using them. Before discussing tools further, let’s briefly discuss logs, which are the
source of data that the tools we’ll cover are
designed to organize. A log is a record of events that occur within an
organization’s systems. Examples of security-related
logs include records of employees signing
into their computers or accessing web-based services. Logs help security
professionals identify vulnerabilities and
potential security breaches. The first tools we’ll discuss are security information and
event management tools, or SIEM tools. A SIEM tool is an application
that collects and analyzes log data to monitor critical activities
in an organization. The acronym S-I-E-M may be
pronounced as ‘sim’ or ‘seem’, but we’ll use ‘sim’
throughout this program. SIEM tools collect real-time,
or instant, information, and allow security analysts to identify potential
breaches as they happen. Imagine having to read
pages and pages of logs to determine if there
are any security threats. Depending on the amount of data, it could take hours or days. SIEM tools reduce the amount
of data an analyst must review by providing alerts for specific types of
risks and threats. Next, let’s go over examples
of commonly used SIEM tools: Splunk and Chronicle. Splunk is a data
analysis platform, and Splunk Enterprise
provides SIEM solutions. Splunk Enterprise is a
self-hosted tool used to retain, analyze, and search an
organization’s log data. Another SIEM tool is
Google’s Chronicle. Chronicle is a cloud-native SIEM tool that stores security data for
search and analysis. Cloud-native means
that Chronicle allows for fast delivery
of new features. Both of these SIEM tools,
and SIEMs in general, collect data from
multiple places, then analyze and filter
that data to allow security teams to
prevent and quickly react to potential
security threats. As a security analyst, you may find yourself
using SIEM tools to analyze filtered
events and patterns, perform incident analysis, or proactively
search for threats. Depending on your organization’s
SIEM setup and risk focus, the tools and how they
function may differ, but ultimately, they are
all used to mitigate risk. Other key tools that
you will use in your role as a security analyst, and that you’ll have hands-on opportunities to use later in the program, are playbooks and
network protocol analyzers. A playbook is a manual that provides details about
any operational action, such as how to respond
to an incident. Playbooks, which vary from one
organization to the next, guide analysts in how to handle a security
incident before, during, and after
it has occurred. Playbooks can pertain
to security or compliance reviews,
access management, and many other
organizational tasks that require a documented process
from beginning to end. Another tool you may use as a security analyst is a
network protocol analyzer, also called packet sniffer. A packet sniffer is
a tool designed to capture and analyze data
traffic within a network. Common network
protocol analyzers include tcpdump and Wireshark. As an entry-level analyst, you don’t have to be an
expert in these tools. As you continue through this certificate program and
get more hands-on practice, you’ll continuously build
your understanding of how to use these
tools to identify, assess, and mitigate risks.
Reading: Tools for protecting business operations
Reading
Previously, you were introduced to several technical skills that security analysts need to develop. You were also introduced to some tools entry-level security analysts may have in their toolkit. In this reading, you’ll learn more about how technical skills and tools help security analysts mitigate risks.
An entry-level analyst’s toolkit
Every organization may provide a different toolkit, depending on its security needs. As a future analyst, it’s important that you are familiar with industry standard tools and can demonstrate your ability to learn how to use similar tools in a potential workplace.
Security information and event management (SIEM) tools
A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization. A log is a record of events that occur within an organization’s systems. Depending on the amount of data you’re working with, it could take hours or days to filter through log data on your own. SIEM tools reduce the amount of data an analyst must review by providing alerts for specific types of threats, risks, and vulnerabilities.
SIEM tools provide a series of dashboards that visually organize data into categories, allowing users to select the data they wish to analyze. Different SIEM tools have different dashboard types that display the information you have access to.
SIEM tools also come with different hosting options, including on-premise and cloud. Organizations may choose one hosting option over another based on a security team member’s expertise. For example, because a cloud-hosted version tends to be easier to set up, use, and maintain than an on-premise version, a less experienced security team may choose this option for their organization.
Network protocol analyzers (packet sniffers)
A network protocol analyzer, also known as a packet sniffer, is a tool designed to capture and analyze data traffic in a network. This means that the tool keeps a record of all the data that a computer within an organization’s network encounters. Later in the program, you’ll have an opportunity to practice using some common network protocol analyzer (packet sniffer) tools.
Playbooks
A playbook is a manual that provides details about any operational action, such as how to respond to a security incident. Organizations usually have multiple playbooks documenting processes and procedures for their teams to follow. Playbooks vary from one organization to the next, but they all have a similar purpose: To guide analysts through a series of steps to complete specific security-related tasks.
For example, consider the following scenario: You are working as a security analyst for an incident response firm. You are given a case involving a small medical practice that has suffered a security breach. Your job is to help with the forensic investigation and provide evidence to a cybersecurity insurance company. They will then use your investigative findings to determine whether the medical practice will receive their insurance payout.
In this scenario, playbooks would outline the specific actions you need to take to conduct the investigation. Playbooks also help ensure that you are following proper protocols and procedures. When working on a forensic case, there are two playbooks you might follow:
- The first type of playbook you might consult is called the chain of custody playbook. Chain of custody is the process of documenting evidence possession and control during an incident lifecycle. As a security analyst involved in a forensic analysis, you will work with the computer data that was breached. You and the forensic team will also need to document who, what, where, and why you have the collected evidence. The evidence is your responsibility while it is in your possession. Evidence must be kept safe and tracked. Every time evidence is moved, it should be reported. This allows all parties involved to know exactly where the evidence is at all times.
- The second playbook your team might use is called the protecting and preserving evidence playbook. Protecting and preserving evidence is the process of properly working with fragile and volatile digital evidence. As a security analyst, understanding what fragile and volatile digital evidence is, along with why there is a procedure, is critical. As you follow this playbook, you will consult the order of volatility, which is a sequence outlining the order of data that must be preserved from first to last. It prioritizes volatile data, which is data that may be lost if the device in question powers off, regardless of the reason. While conducting an investigation, improper management of digital evidence can compromise and alter that evidence. When evidence is improperly managed during an investigation, it can no longer be used. For this reason, the first priority in any investigation is to properly preserve the data. You can preserve the data by making copies and conducting your investigation using those copies.
Key takeaways
In this reading, you learned about a few tools a security analyst may have in their toolkit, depending on where they work. You also explored two important types of playbooks: chain of custody and protecting and preserving evidence. However, these are only two procedures that occur at the beginning of a forensic investigation. If forensic investigations interest you, you are encouraged to further explore this career path or security practice. In the process, you may learn about forensic tools that you want to add to your toolkit. While all of the forensic components that make up an investigation will not be covered in this certificate program, some forensic concepts will be discussed in later courses.
Resources for more information
The Google Cybersecurity Action Team’s Threat Horizon Report provides strategic intelligence for dealing with threats to cloud enterprise.
The Cybersecurity & Infrastructure Security Agency (CISA) has a list of Free Cybersecurity Services and Tools. Review the list to learn more about open-source cybersecurity tools.
Practice Quiz: Test your knowledge: Important cybersecurity tools
What tool is designed to capture and analyze data traffic within a network?
network protocol analyzer (packet sniffer)
A packet sniffer, also known as a network protocol analyzer, is a tool designed to capture and analyze data traffic within a network.
AI assistant
A network protocol analyzer (packet sniffer) is a tool designed to capture and analyze data traffic within a network. It can be used to monitor network traffic for suspicious activity, such as malware or intrusion attempts. Packet sniffers can also be used to troubleshoot network problems.
Playbooks are manuals that provide details about how to respond to security incidents. They can be used to guide security analysts through the steps necessary to respond to an incident, such as isolating the affected systems and restoring them to operation.
Security information and event management (SIEM) tools collect and analyze log data from a variety of sources, such as firewalls, IDSs, and antivirus software. They can be used to identify suspicious activity and to investigate security incidents.
Structured Query Language (SQL) is a programming language used to manage data in relational databases. It can be used to query, insert, update, and delete data in a database.
Therefore, the answer is network protocol analyzer (packet sniffer).
What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?
SIEM
SIEM tools use dashboards to organize data into categories and allow analysts to identify potential security incidents, such breaches, as they happen.
AI assistant
A Security Information and Event Management (SIEM) tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen.
SIEM tools collect and analyze log data from a variety of sources, such as firewalls, IDSs, and antivirus software. They can be used to identify suspicious activity and to investigate security incidents. The dashboards in a SIEM tool provide a visual representation of the data, making it easier for analysts to identify patterns and trends.
Linux is an operating system, Python is a programming language, and network protocol analyzers (packet sniffers) are tools that capture and analyze data traffic within a network. These tools are not designed to organize data into categories or to identify potential security incidents.
Therefore, the answer is SIEM.
What can cybersecurity professionals use logs for?
To identify vulnerabilities and potential security breaches
Cybersecurity professionals can use logs to identify vulnerabilities and potential security breaches, as well as other potential security incidents.
AI assistant
Cybersecurity professionals can use logs to identify vulnerabilities and potential security breaches. Logs are records of events that occur within a network, such as logins, file accesses, and network traffic. By analyzing logs, cybersecurity professionals can identify patterns of activity that may indicate a security breach. For example, if a login attempt is made from an unusual IP address, this may be a sign of a brute-force attack.
Logs can also be used to research and optimize processing capabilities within a network. By analyzing log data, cybersecurity professionals can identify areas where the network is under-performing. This information can be used to improve the network’s performance and security.
Logs can also be used to analyze data traffic within a network. This can be helpful for troubleshooting network problems or for identifying malicious traffic. However, logs are not typically used to select which security team members will respond to an incident. This decision is typically made based on the severity of the incident and the skills and experience of the security team members.
Therefore, the answer is To identify vulnerabilities and potential security breaches.
Fill in the blank: A _ is a manual that provides details about operational actions.
playbook
A playbook is a manual that provides details about operational actions. Playbooks provide guidance when handling a security incident before, during, and after it has occurred.
Core cybersecurity knowledge and skills
Video: Introduction to Linux, SQL, and Python
- Organizations use a variety of tools to manage, monitor, and analyze security threats.
- These tools include SIEMs, playbooks, and packet sniffers.
- Analysts also use programming languages and operating systems to accomplish essential tasks.
- Programming languages allow analysts to complete repetitive tasks and processes with a high degree of accuracy and efficiency.
- They also help reduce the risk of human error, and can save time.
- Linux is an open-source operating system that is often used by security analysts.
- It relies on a command line as the primary user interface.
- SQL is a programming language that is used to create, interact with, and request information from databases.
- Python is another programming language that is often used by security analysts.
- It can be used to perform tasks that are repetitive and time-consuming.
- It is important for security analysts to be familiar with a variety of tools and technologies.
- This will show employers that they have the ability to learn how to use new tools to protect organizations.
Here are some additional points that you may want to include in your summary:
- Programming languages can be used to automate tasks, such as generating reports or analyzing data.
- They can also be used to create custom tools and applications.
- The Linux operating system is popular among security analysts because it is lightweight and secure.
- SQL is a powerful tool for querying and manipulating data.
- Python is a versatile language that can be used for a variety of tasks, including data analysis, web development, and machine learning.
Introduction to Linux
Linux is an open-source operating system that is used by a wide variety of organizations, including many large enterprises and government agencies. It is also a popular choice for cybersecurity professionals because it is lightweight and secure.
Linux is a command-line operating system, which means that users interact with it by typing commands into a terminal window. This can be daunting for beginners, but it is also a powerful way to control the system.
There are many different distributions of Linux available, each with its own strengths and weaknesses. Some popular distributions for cybersecurity professionals include Kali Linux, Parrot Security OS, and BlackArch Linux.
Introduction to SQL
SQL stands for Structured Query Language. It is a programming language that is used to interact with databases. Databases are a way of storing and organizing data in a structured way.
SQL is a powerful tool that can be used to perform a variety of tasks, such as creating, querying, and updating databases. It is also used to export data from databases and import it into other applications.
SQL is a relatively easy language to learn, and there are many resources available to help beginners get started.
Introduction to Python
Python is a general-purpose programming language that is used for a variety of tasks, including cybersecurity. It is a versatile language that is easy to learn and use.
Python can be used to automate tasks, create scripts, and develop custom tools. It is also used for data analysis, machine learning, and artificial intelligence.
Python is a popular choice for cybersecurity professionals because it is powerful, flexible, and easy to learn.
Conclusion
Linux, SQL, and Python are three essential tools for cybersecurity professionals. By learning these languages, you will be able to automate tasks, analyze data, and develop custom tools. This will make you a more valuable asset to any cybersecurity team.
Here are some additional resources that you may find helpful:
- Introduction to Linux: https://www.linux.org/
- Introduction to SQL: https://www.w3schools.com/sql/
- Introduction to Python: https://www.python.org/
Which of the following can be used to perform repetitive, time-consuming tasks and/or request information from a database? Select two answers.
Python, SQL
Python and SQL can be used to perform repetitive, time-consuming tasks and/or request information from a database.
As we discussed previously, organizations use a variety
of tools, such as SIEMs, playbooks, and packet
sniffers to better manage, monitor, and analyze
security threats. But those aren’t the only
tools in an analyst’s toolkit. Analysts also use
programming languages and operating systems to
accomplish essential tasks. In this video, we’ll
introduce you to Python and SQL programming, and the
Linux operating system. All of which you’ll have
an opportunity to practice using later in the
certificate program. Organizations can use
programming to create a specific set of instructions for a computer to execute tasks. Programming allows analysts to complete repetitive tasks and processes with a high degree
of accuracy and efficiency. It also helps reduce the
risk of human error, and can save hours or days compared to performing
the work manually. Now that you’re aware of what programming languages
are used for, let’s discuss a specific and related
operating system called Linux, and two programming
languages: SQL and Python. Linux is an open-source, or publicly available,
operating system. Unlike other operating systems
you may be familiar with, for example MacOS or Windows, Linux relies on a command line as the primary user interface. Linux itself is not a
programming language, but it does allow for the use of text-based commands
between the user and the operating system. You’ll learn more about
Linux later in the program. A common use of Linux for entry-level security analysts is examining logs to better understand what’s
occurring in a system. For example, you might find yourself using
commands to review an error log when investigating uncommonly high network traffic. Next, let’s discuss SQL. SQL stands for Structured
Query Language. SQL is a programming
language used to create, interact with, and request
information from a database. A database is an
organized collection of information or data. There may be millions of
data points in a database. So an entry-level security
analyst would use SQL to filter through the data points to retrieve specific
information. The last programming language
we’ll introduce is Python. Security professionals can use Python to perform tasks that are repetitive and
time-consuming and that require a high level of
detail and accuracy. As a future analyst, it’s important to
understand that every organization’s
toolkit may be somewhat different based
on their security needs. The main point is that
you’re familiar with some industry standard tools
because that will show employers that you have the
ability to learn how to use their tools to protect the organization and
the people it serves. You’re doing great! Later in the course, you’ll learn
more about Linux and programming languages,
and you’ll practice using these tools in
security-related scenarios.
Reading: Use tools to protect business operations
Reading
Previously, you were introduced to programming, operating systems, and tools commonly used by cybersecurity professionals. In this reading, you’ll learn more about programming and operating systems, as well as other tools that entry-level analysts use to help protect organizations and the people they serve.
Tools and their purposes
Programming
Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks. Security analysts use programming languages, such as Python, to execute automation. Automation is the use of technology to reduce human and manual effort in performing common and repetitive tasks. Automation also helps reduce the risk of human error.
Another programming language used by analysts is called Structured Query Language (SQL). SQL is used to create, interact with, and request information from a database. A database is an organized collection of information or data. There can be millions of data points in a database. A data point is a specific piece of information.
Operating systems
An operating system is the interface between computer hardware and the user. Linux®, macOS®, and Windows are operating systems. They each offer different functionality and user experiences.
Previously, you were introduced to Linux as an open-source operating system. Open source means that the code is available to the public and allows people to make contributions to improve the software. Linux is not a programming language; however, it does involve the use of a command line within the operating system. A command is an instruction telling the computer to do something. A command-line interface is a text-based user interface that uses commands to interact with the computer. You will learn more about Linux, including the Linux kernel and GNU, in a later course.
Web vulnerability
A web vulnerability is a unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.
To stay up-to-date on the most critical risks to web applications, review the Open Web Application Security Project (OWASP) Top 10.
Antivirus software
Antivirus software is a software program used to prevent, detect, and eliminate malware and viruses. It is also called anti-malware. Depending on the type of antivirus software, it can scan the memory of a device to find patterns that indicate the presence of malware.
Intrusion detection system
An intrusion detection system (IDS) is an application that monitors system activity and alerts on possible intrusions. The system scans and analyzes network packets, which carry small amounts of data through a network. The small amount of data makes the detection process easier for an IDS to identify potential threats to sensitive data. Other occurrences an IDS might detect can include theft and unauthorized access.
Encryption
Encryption makes data unreadable and difficult to decode for an unauthorized user; its main goal is to ensure confidentiality of private data. Encryption is the process of converting data from a readable format to a cryptographically encoded format. Cryptographic encoding means converting plaintext into secure ciphertext. Plaintext is unencrypted information and secure ciphertext is the result of encryption.
Note: Encoding and encryption serve different purposes. Encoding uses a public conversion algorithm to enable systems that use different data representations to share information.
Penetration testing
Penetration testing, also called pen testing, is the act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses.
Key takeaways
In this reading, you learned more about programming and operating systems. You were also introduced to several new tools and processes. Every organization selects their own set of tools. Therefore, the more tools you know, the more valuable you are to an organization. Tools help security analysts complete their tasks more efficiently and effectively.
Practice Quiz: Test your knowledge: Core cybersecurity knowledge and skills
What do security professionals use to interact with and request information from a database?
Structured Query Language (SQL)
Security professionals use Structured Query Language (SQL) to interact with and request information from a database.
What is programming typically used for? Select two answers.
- Complete repetitive tasks and processes
- Create a specific set of instructions for a computer to execute tasks
Fill in the blank: Linux is an open-source _ that can be used to examine logs.
operating system
Linux is an open-source operating system that can be used to examine logs.
A playbook is a manual that only provides details about how to respond to an incident.
False
A playbook is a manual that provides details about any operational action, including incident response, security or compliance reviews, access management, and many other organizational tasks that require a documented process from beginning to end.
Reading: Create a cybersecurity portfolio
Reading
Throughout this certificate program, you will have multiple opportunities to develop a professional cybersecurity portfolio to showcase your security skills and knowledge.
In this reading, you’ll learn what a portfolio is and why it’s important to develop a professional cybersecurity portfolio. You’ll also learn about options for creating an online or self-hosted portfolio that you can share with potential employers when you begin to look for cybersecurity jobs.
What is a portfolio, and why is it necessary?
Cybersecurity professionals use portfolios to demonstrate their security education, skills, and knowledge. Professionals typically use portfolios when they apply for jobs to show potential employers that they are passionate about their work and can do the job they are applying for. Portfolios are more in depth than a resume, which is typically a one-to-two page summary of relevant education, work experience, and accomplishments. You will have the opportunity to develop a resume, and finalize your portfolio, in the last course of this program.
Options for creating your portfolio
There are many ways to present a portfolio, including self-hosted and online options such as:
- Documents folder
- Google Drive or Dropbox™
- Google Sites
- Git repository
Option 1: Documents folder
Description: A documents folder is a folder created and saved to your computer’s hard drive. You manage the folder, subfolders, documents, and images within it.
Document folders allow you to have direct access to your documentation. Ensuring that your professional documents, images, and other information are well organized can save you a lot of time when you’re ready to apply for jobs. For example, you may want to create a main folder titled something like “Professional documents.” Then, within your main folder, you could create subfolders with titles such as:
- Resume
- Education
- Portfolio documents
- Cybersecurity tools
- Programming
Setup: Document folders can be created in multiple ways, depending on the type of computer you are using. If you’re unsure about how to create a folder on your device, you can search the internet for instructional videos or documents related to the type of computer you use.
Option 2: Google Drive or Dropbox
Description: Google Drive and Dropbox offer similar features that allow you to store your professional documentation on a cloud platform. Both options also have file-sharing features, so you can easily share your portfolio documents with potential employers. Any additions or changes you make to a document within that folder will be updated automatically for anyone with access to your portfolio.
Similar to a documents folder, keeping your Google Drive or Dropbox-based portfolio well organized will be helpful as you begin or progress through your career.
Setup: To learn how to upload and share files on these applications, visit the Google Drive and Dropbox websites for more information.
Option 3: Google Sites
Description: Google Sites and similar website hosting options have a variety of easy-to-use features to help you present your portfolio items, including customizable layouts, responsive webpages, embedded content capabilities, and web publishing.
Responsive webpages automatically adjust their content to fit a variety of devices and screen sizes. This is helpful because potential employers can review your content using any device and your media will display just as you intend. When you’re ready, you can publish your website and receive a unique URL. You can add this link to your resume so hiring managers can easily access your work.
Setup: To learn how to create a website in Google Sites, visit the Google Sites website.
Option 4: Git repository
Description: A Git repository is a folder within a project. In this instance, the project is your portfolio, and you can use your repository to store the documents, labs, and screenshots you complete during each course of the certificate program. There are several Git repository sites you can use, including:
- GitLab
- Bitbucket™
- GitHub
Each Git repository allows you to showcase your skills and knowledge in a customizable space. To create an online project portfolio on any of the repositories listed, you need to use a version of Markdown.
Setup: To learn about how to create a GitHub account and use Markdown, follow the steps outlined in the document Get started with GitHub.
Portfolio projects
As previously mentioned, you will have multiple opportunities throughout the certificate program to develop items to include in your portfolio. These opportunities include:
- Drafting a professional statement
- Conducting a security audit
- Analyzing network structure and security
- Using Linux commands to manage file permissions
- Applying filters to SQL queries
- Identifying vulnerabilities for a small business
- Documenting incidents with an incident handler’s journal
- Importing and parsing a text file in a security-related scenario
- Creating or revising a resume
Note: Do not include any private, copyrighted, or proprietary documents in your portfolio. Also, if you use one of the sites described in this reading, keep your site set to “private” until it is finalized.
Key takeaways
Now that you’re aware of some options for creating and hosting a professional portfolio, you can consider these as you develop items for your portfolio throughout the certificate program. The more proactive you are about creating a polished portfolio, the higher your chances of impressing a potential employer and obtaining a new job opportunity in the cybersecurity profession.
Quiz: Portfolio Activity: Draft a professional statement
Reading: Portfolio Activity Exemplar: Draft a professional statement
Reading
Professional statement exemplar
Fictional persona:
Following is a fictional persona that may represent someone interested in
becoming a cybersecurity analyst.
Melodie is a high school graduate and her strongest subjects in school were
math and science. She enjoys learning and excelled in school. She likes creating
spreadsheets to organize everyday tasks. She also likes analyzing complex tasks.
Melodie has a passion for technology and enjoys helping others. She is
interested in the field of security but has no previous experience. She wants an
entry-level cybersecurity position that will utilize her drive and thirst for
knowledge. She believes the Google Cybersecurity Certificate will make her a
better candidate and will help her develop the professional skills she lacks.
Fictional persona’s draft professional statement:
My name is Melodie. I am driven and passionate about safeguarding people’s
security, including their financial well being. I enjoy working with technology and
analyzing and solving complex problems.
Review: Cybersecurity tools and programming languages
Video: Wrap-up
- This section of the course covered security tools and programming languages.
- SIEM tools, such as Splunk and Chronicle, were discussed.
- How SIEM tools are used by security analysts to complete different tasks was also discussed.
- Other tools, such as playbooks and network protocol analyzers (packet sniffers), were also covered.
- The Linux operating system and the programming languages SQL and Python were introduced.
- It was mentioned that the tools discussed take time to understand completely.
- However, having a basic understanding of these tools can help you get a job in the security field and progress in your career.
Here are some of the key points from the text:
- SIEM tools are used to collect, store, and analyze security logs.
- They can be used to identify security threats and incidents.
- Playbooks are a set of instructions that security analysts can use to respond to security incidents.
- Network protocol analyzers can be used to capture and analyze network traffic.
- The Linux operating system is a popular choice for security analysts because it is secure and flexible.
- SQL and Python are two programming languages that are commonly used in security.
That completes the introduction to
security tools and programming languages! In this section of the course, we covered
SIEM tools such as Splunk and Chronicle. We also discussed how SIEM tools are used
by security analysts to complete different tasks. Then, we discussed other
tools such as playbooks and network protocol analyzers,
also called packet sniffers. Finally, we introduced the Linux operating
system and the programming languages SQL and Python. Remember, the tools we discussed take
time to understand completely. But having a basic understanding
of these tools can help you get a job in the security field and
progress in your career!
Reading: Glossary terms from module 4
Reading
Terms and definitions from Course 1, Module 4
Antivirus software: A software program used to prevent, detect, and eliminate malware and viruses
Database: An organized collection of information or data
Data point: A specific piece of information
Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions
Linux: An open-source operating system
Log: A record of events that occur within an organization’s systems
Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network
Order of volatility: A sequence outlining the order of data that must be preserved from first to last
Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks
Protecting and preserving evidence: The process of properly working with fragile and volatile digital evidence
Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization
SQL (Structured Query Language): A programming language used to create, interact with, and request information from a database
Quiz: Module 4 challenge
Which of the following statements correctly describe logs?
Logs helps identify vulnerabilities and potential security breaches.
AI assistant
- Logs help identify vulnerabilities and potential security breaches. Logs can be used to track user activity, which can help security professionals identify suspicious behavior. For example, if a user is logging in from an unusual location or trying to access unauthorized files, this could be a sign of a security breach.
- A business might log each time an employee accesses web-based services. This is a common practice for businesses that want to track employee productivity and security. For example, a business might log which websites employees are visiting and how long they are spending on each website.
The other two statements are not correct. A log is not used as a formal guide to incident response. Instead, incident response plans are used to guide the response to security incidents. Security professionals do not use logs to automate tasks. Instead, they use automation tools to process and analyze logs.
Here are some other things that logs can be used for:
- Troubleshooting problems
- Analyzing performance
- Complying with regulations
- Auditing security
Which of the following tasks can be performed using SIEM tools?
- Providing alerts for specific types of risks
- Performing incident analysis
- Proactively searching for threats
AI assistant
- Providing alerts for specific types of risks. SIEM tools can be used to create rules that trigger alerts when certain events occur. For example, a SIEM tool could be configured to alert the security team if a user logs in from an unusual location or tries to access unauthorized files.
- Performing incident analysis. SIEM tools can be used to collect and analyze logs from different systems and applications. This can help security analysts to investigate security incidents and identify the root cause of the problem.
- Proactively searching for threats. SIEM tools can be used to search for threats in real time. This can help security analysts to identify and respond to threats quickly.
The other task, notifying authorities of illegal activity, is not typically performed by SIEM tools. This is usually done by law enforcement agencies.
Here are some other tasks that can be performed using SIEM tools:
- Complying with regulations
- Auditing security
- Troubleshooting problems
- Analyzing performance
A cybersecurity analyst needs to collect data from multiple places to analyze filtered events and patterns. What type of tool should they use?
Security information and event management (SIEM)
AI assistant
The tool that a cybersecurity analyst should use to collect data from multiple places to analyze filtered events and patterns is a Security Information and Event Management (SIEM) tool.
A SIEM tool is a software application that collects, stores, and analyzes security logs from different systems and applications. This data can be used to identify security threats and incidents.
SIEM tools typically have a number of features that make them well-suited for collecting and analyzing data from multiple sources. These features include:
- Data collection: SIEM tools can collect data from a variety of sources, including network devices, servers, applications, and cloud-based services.
- Data storage: SIEM tools can store large amounts of data for later analysis.
- Data analysis: SIEM tools can analyze data to identify patterns and anomalies that may indicate a security threat.
- Reporting: SIEM tools can generate reports that summarize the results of data analysis.
In addition to these features, SIEM tools often have a number of other features that can be used to improve security, such as:
- Incident response: SIEM tools can be used to automate the response to security incidents.
- Compliance: SIEM tools can be used to help organizations comply with security regulations.
- Auditing: SIEM tools can be used to audit security controls and identify vulnerabilities.
Overall, a SIEM tool is a powerful tool that can be used to collect data from multiple sources, analyze it for security threats, and respond to incidents.
The other tools mentioned, playbooks, network protocol analyzers (packet sniffers), and Linux operating systems, are also important tools for cybersecurity analysts. However, they are not as well-suited for collecting data from multiple sources as SIEM tools.
A playbook is a set of instructions that security analysts can use to respond to security incidents.
A network protocol analyzer (packet sniffer) is a tool that can be used to capture and analyze network traffic.
The Linux operating system is a popular choice for security analysts because it is secure and flexible.
Fill in the blank: A security professional uses a _ as a manual to guide operational activities.
playbook
AI assistant
A security professional uses a playbook as a manual to guide operational activities.
A playbook is a document that outlines the steps that should be taken to respond to a specific security incident. It typically includes information such as:
- The roles and responsibilities of different team members
- The tools and resources that should be used
- The communication plan
- The escalation procedures
Playbooks are essential for ensuring that security incidents are handled quickly and effectively. They help to ensure that everyone involved knows what to do and that there is no confusion or chaos.
The other options, toolkit, spreadsheet, and review, are not as accurate as playbook.
A toolkit is a collection of tools and resources that can be used to respond to security incidents. However, it does not provide the same level of detail as a playbook.
A spreadsheet is a grid of cells that can be used to store data. It can be used to track the progress of a security incident, but it does not provide the same level of guidance as a playbook.
A review is a process of examining something carefully. It can be used to assess the effectiveness of a playbook, but it is not the same as a playbook itself.
As a security analyst, you are tasked with auditing your organization’s network to identify security related issues. How might a network protocol analyzer (packet sniffer) help you perform this task?
By capturing and analyzing data traffic on the network
AI assistant
As a security analyst, you are tasked with auditing your organization’s network to identify security related issues. A network protocol analyzer (packet sniffer) can help you perform this task by capturing and analyzing data traffic on the network.
A packet sniffer is a tool that can be used to capture and view network traffic. This data can be used to identify malicious activity, such as unauthorized access, data exfiltration, or denial-of-service attacks.
Here are some specific ways that a packet sniffer can be used to audit a network for security issues:
- Identify unauthorized access: A packet sniffer can be used to identify unauthorized access to the network. This can be done by looking for traffic from unauthorized IP addresses or from known malicious sources.
- Detect data exfiltration: A packet sniffer can be used to detect data exfiltration. This can be done by looking for traffic that contains sensitive data, such as credit card numbers or social security numbers.
- Prevent denial-of-service attacks: A packet sniffer can be used to prevent denial-of-service attacks. This can be done by identifying and blocking malicious traffic that is designed to overwhelm the network.
In addition to these specific uses, a packet sniffer can also be used to gather general information about the network traffic. This information can be used to identify potential security issues, such as misconfigurations or vulnerabilities.
The other options, automating tasks that reduce human error, simulating attacks on connected devices, and removing malware and viruses from the network, are not as accurate as capturing and analyzing data traffic on the network.
Automating tasks can help to reduce human error, but it is not the primary function of a packet sniffer.
Simulating attacks on connected devices can be helpful for testing security controls, but it is not a good way to audit a network for security issues.
Removing malware and viruses from the network is important, but it is not the responsibility of a packet sniffer.
What are some key benefits of programming languages?
- Execute repetitive processes very accurately
- Complete repetitive tasks with a high degree of efficiency
- Can be used to create a specific set of instructions for a computer to execute tasks
AI assistant
- Can be used to create a specific set of instructions for a computer to execute tasks. This is the most important benefit of programming languages. It allows us to tell computers what to do, in a way that they can understand.
- Execute repetitive processes very accurately. Once a program is written, it can be executed repeatedly without error. This is in contrast to humans, who are prone to making mistakes, especially when performing repetitive tasks.
- Complete repetitive tasks with a high degree of efficiency. Computers can execute repetitive tasks much faster and more efficiently than humans. This can save time and money.
- To provide details about any operational action. Programming languages can be used to document the steps involved in an operational action. This can be helpful for troubleshooting problems or training new employees.
Here are some other benefits of programming languages:
- They can be used to create new products and services.
- They can be used to automate tasks.
- They can be used to solve problems.
- They can be used to create art and entertainment.
Overall, programming languages are powerful tools that can be used to create a wide variety of things. They are essential for many industries, including software development, engineering, and finance.
I hope this helps! Let me know if you have any other questions.
A security team wants to examine logs to understand what is occurring within their systems. Why might they choose Linux to perform this task?
- It allows for text-based commands by users.
- It is open source.
AI assistant
The two reasons why a security team might choose Linux to perform the task of examining logs are:
- It allows for text-based commands by users. Linux is a command-line driven operating system, which means that users can interact with it by typing commands into a terminal. This can be helpful for security analysts who need to be able to quickly and easily access and analyze logs.
- It is open source. This means that the source code for Linux is freely available to anyone. This can be helpful for security analysts who want to be able to audit the code to ensure that it is secure.
The other two options, efficient programming language and proprietary, are not as relevant to the task of examining logs.
- An efficient programming language is not necessary for examining logs. Any programming language that can be used to read and parse text files can be used to examine logs.
- A proprietary operating system is not necessarily more secure than an open-source operating system. In fact, some open-source operating systems, such as Linux, are considered to be more secure than some proprietary operating systems.
Fill in the blank: A database is a _ of organized data stored in a computer system.
collection
AI assistant
A database is a collection of organized data stored in a computer system.
The data in a database is typically structured in a way that makes it easy to access and retrieve. This structure can be in the form of tables, rows, and columns.
Databases are used to store a wide variety of data, including customer information, product data, and financial data. They are essential for many businesses and organizations.
Here are some of the benefits of using databases:
- Efficiency: Databases can help to improve the efficiency of data storage and retrieval.
- Accuracy: Databases can help to ensure the accuracy of data by preventing duplicate entries and errors.
- Security: Databases can help to protect data by providing access controls and encryption.
- Scalability: Databases can be scaled to meet the needs of growing businesses.
The other options, visualization, frame, and model, are not as accurate as collection.
- Visualization is the process of displaying data in a way that makes it easy to understand.
- Frame is a structure that holds data.
- Model is a representation of something in the real world.
What are some key benefits of using Python to perform security tasks? Select all that apply.
- It simplifies repetitive tasks.
- It enables security professionals to be more accurate.
- It helps security professionals work with high levels of detail.
AI assistant
Sure, here are some key benefits of using Python to perform security tasks:
- It simplifies repetitive tasks. Python is a powerful programming language that can be used to automate repetitive tasks. This can save security professionals time and effort.
- It enables security professionals to be more accurate. Python is a precise language that can be used to write accurate code. This can help to prevent errors and improve the quality of security work.
- It helps security professionals work with high levels of detail. Python is a versatile language that can be used to work with data at different levels of detail. This can be helpful for security professionals who need to be able to analyze large amounts of data.
The following are not key benefits of using Python to perform security tasks:
- It automatically eliminates sensitive information. Python is a programming language, not an information security tool. It does not have the ability to automatically eliminate sensitive information.
Here are some other benefits of using Python for security tasks:
- It is open source. This means that the source code for Python is freely available to anyone. This can be helpful for security professionals who want to be able to audit the code to ensure that it is secure.
- It has a large community of users and developers. This means that there are many resources available to help security professionals learn how to use Python for security tasks.
- It is constantly being updated and improved. This means that security professionals can be confident that Python will be able to meet their needs in the future.
Congratulations on completing Course 1!
Video: Course wrap-up
- Congratulations on completing the first course of the cybersecurity certificate program!
- In this course, you learned about the core security concepts, the role of an entry-level security analyst, the eight security domains, security frameworks and controls, and common tools and programming languages used by security analysts.
- You should be proud of the work you’ve done so far. No matter what direction you take in the security industry, everything you’ve learned lays the foundation for the next phase of your career.
- In the next course, you will learn more details about several of the topics introduced in this course.
- I’m excited for you to reach your goal of joining the security industry!
Here are some of the key points from the text:
- The cybersecurity industry is dynamic and always changing.
- Security analysts play an important role in protecting organizations from cyberattacks.
- There are eight security domains that security analysts need to be familiar with.
- Security frameworks and controls help organizations to manage security risks.
- Common tools and programming languages used by security analysts include SIEMs, playbooks, SQL, and Python.
Congratulations on
completing the first course! We’ve come so far and covered so much about a really
exciting industry. I find cybersecurity to be
exciting because it’s dynamic. There are always new
puzzles to solve, and the work of protecting
our users is worthwhile. Before we move on,
let’s take a moment to celebrate and reflect
on what we’ve covered. First, we introduced
core security concepts, including what security
is and why it matters. We also discussed what an entry-level security analyst does and some skills
related to the role. Then, we transitioned to
eight security domains, which include security
and risk management, asset security, and
security operations. Next, we highlighted security
frameworks and controls. Specifically, the CIA triad model and the NIST
Cybersecurity Framework. Finally, we explored
common tools and programming languages used by security analysts, such as SIEMs, playbooks, SQL, and Python. I hope you’re proud of the
work you’ve done so far. No matter what direction you take in the
security industry, everything you’ve learned lays the foundation for the
next phase of your career. And, as you move through
this program, you’ll have the chance to
develop your skills further. In the next course, we’ll
provide more details about several of the topics
introduced in this course. Hi, I’m Ashley, and I
will be guiding you through the next course of
this certificate program. We’ll discuss
security domains and business operations
in greater detail. I’m so glad I was able to be here for the beginning
of your journey. You’re off to a great start. I’m excited for you to reach your goal of joining
the security industry!
Reading: Course 1 glossary
Reading
Reading: Get started on the next course
Reading
Congratulations on completing Course 1 of the Google Cybersecurity Certificate: Foundations of Cybersecurity! In this part of the program, you learned about possible career paths and key skills for cybersecurity professionals. You were also introduced to foundational cybersecurity terms and concepts that you will continue to explore throughout the certificate program.
The Google Cybersecurity Certificate has eight courses:
- Foundations of Cybersecurity — Explore the cybersecurity profession, including significant events that led to the development of the cybersecurity field and its continued importance to organizational operations. Learn about entry-level cybersecurity roles and responsibilities. (This is the course you just completed. Well done!)
- Play It Safe: Manage Security Risks — Identify how cybersecurity professionals use frameworks and controls to protect business operations, and explore common cybersecurity tools.
- Connect and Protect: Networks and Network Security — Gain an understanding of network-level vulnerabilities and how to secure networks.
- Tools of the Trade: Linux and SQL — Explore foundational computing skills, including communicating with the Linux operating system through the command line and querying databases with SQL.
- Assets, Threats, and Vulnerabilities — Learn about the importance of security controls and developing a threat actor mindset to protect and defend an organization’s assets from various threats, risks, and vulnerabilities.
- Sound the Alarm: Detection and Response — Understand the incident response lifecycle and practice using tools to detect and respond to cybersecurity incidents.
- Automate Cybersecurity Tasks with Python — Explore the Python programming language and write code to automate cybersecurity tasks.
- Put It to Work: Prepare for Cybersecurity Jobs — Learn about incident classification, escalation, and ways to communicate with stakeholders. This course closes out the program with tips on how to engage with the cybersecurity community and prepare for your job search.
Now that you have completed this course, you are ready to move on to the next course: Play It Safe: Manage Security Risks.
Keep up the great work!