Week 1: Welcome to the exciting world of cybersecurity

Hello and welcome to the Google Career Certificate
focused on cybersecurity. I’m so excited that you’re here! My name is Toni, and I am a Security Engineering
Manager at Google. I’ll be your instructor for the first course of this
certificate program. By starting this course, you’ve already taken
a big step towards building new skills that will
help you in your career. Cybersecurity may seem
daunting at first, but you’d be surprised by the different backgrounds
many of us have. I worked as an intelligence
analyst before I got my first job in
the security industry, and I’m excited to be your instructor as you begin
your journey into security. The demand for
security professionals is growing at an
incredible rate. By 2030, the U.S. Bureau
of Labor Statistics expects security roles to
grow by more than 30%, which is higher than the average growth rate
for other occupations. Global access to the
internet is expanding. Every day, more people and organizations are adopting
new digital technologies. Having a diverse community of security professionals
with unique backgrounds, perspectives, and experiences is essential for protecting and
serving different markets. Working in security
has allowed me to work with people from
all around the world. Working with people who have diverse backgrounds
ensures that our teams get to ask lots of questions and come up with more
creative solutions. The main objective
in security is to protect organizations
and people. This line of work allows you to support and interact with
people across the globe. There are many openings for entry-level security analysts, and employers are
struggling to find enough candidates with
the right expertise. This program is designed to
give you the knowledge and skills you need to start or advance in the
security profession. No matter your
current skill level, by the time you finish
this certificate program, you’ll be prepared to find a security-related job or
expand your career in security. You may be wondering, what do security
professionals actually do? Have you ever had to
update your password online to include a number
or a special symbol? If so, then you’re
already familiar with basic security measures,
like password management. And if you’ve ever received
a notification from a service provider about
stolen data or a software hack, then you have
first-hand experience with the impact of
a security breach. If you’ve ever asked yourself how organizations
safeguard data, then you already have two important traits
that are necessary to thrive in this industry:
curiosity and excitement. Security analysts help minimize risks to organizations
and people. Analysts work to proactively
guard against incidents while continuously monitoring
systems and networks. And, if an incident does occur, they investigate and
report their findings. They are always asking questions and looking
for solutions. One of the best things
about the security industry is the many paths and career
options it exposes you to. Each option involves
a unique set of skills and responsibilities. No matter what your
background is, you’ll probably find that you already have some
relevant experience. If you enjoy collaborating
with and helping others, solving puzzles, and are
motivated by challenges, then this is the career for you. For example, my background as an intelligence analyst had nothing to do with
cybersecurity. However, having strong critical thinking skills
and communication skills provided a solid foundation for my success when I decided to
pursue a career in security. If you’re not sure what
direction you want to take in the security
industry, that’s okay. This program will give
you an overview of many different types
of available jobs. It will also let you explore certain specialized
skill sets to help you figure out where you
want to take your career. The Google Career
Certificates are designed by industry professionals
with decades of experience here at Google. You’ll have a
different expert from Google guide you through each
course in the certificate. We’ll share our
knowledge in videos, provide practice opportunities
with hands-on activities, and take you through
real scenarios that you might
encounter on the job. Throughout this
program, you’ll gain hands-on practice with detecting and responding to attacks, monitoring and
protecting networks, investigating incidents, and writing code
to automate tasks. The program is made up of
several courses that are designed to help you
land an entry-level job. You’ll learn about topics
like: core security concepts; security domains;
network security; computing basics,
including Linux and SQL; along with understanding assets, threats, and vulnerabilities. Our goal is to help you reach your goal of joining
the security industry. You’ll learn about
incident detection and response, as well as how to use programming languages,
like Python, to accomplish common
security tasks. You’ll also gain valuable job search strategies
that will benefit you as you begin to find and apply for jobs in the
security profession. Completing this Google
Career Certificate will help you develop
skills and learn how to use tools to prepare you for a job in a fast-growing,
high-demand field. The certificate is designed
to prepare you for a job in 3-6 months if you work on the
certificate part-time. Once you graduate, you can connect with over 200 employers who are interested in hiring Google Career Certificate
graduates, like you. Whether you’re looking
to switch jobs, start a new career, or level up your skills, this Google Career
Certificate can open doors to new
job opportunities. You don’t need prior
experience or knowledge in the security field because this certificate program
will begin with the basics. I’ll be by your side
throughout this first course, making sure that you’re learning the foundational
knowledge needed to succeed in the field. This program is also flexible. You can complete all of the courses in this
certificate on your own terms and at
your own pace, online. We’ve gathered some amazing
instructors to support you on your journey, and they’d like to introduce
themselves now: Hi! My name is Ashley, and I’m a Customer
Engineering Enablement Lead for Security
Operations Sales at Google. I’ll take you through
security domains, frameworks and controls, as well as common
security threats, risks, and vulnerabilities. You’ll also be introduced to common tools used by
security analysts. I can’t wait to get started! Hi there! My name is Chris, and I’m the Chief
Information Security Officer for Google Fiber. I’m excited to talk to you about the structure
of a network, network protocols,
common network attacks, and how to secure a network. Hi there! My name is Kim, and I’m a Technical
Program Manager at Google. I will guide you through
foundational computing skills that support the work
of a security analyst. We’ll also learn about
operating systems, the Linux command line, and SQL. Hi! My name is Da’Queshia, and I’m a Security
Engineer at Google. Together we’ll
explore protecting organizational assets
through a variety of security controls and develop a deeper understanding of
risks and vulnerabilities. Hi! My name is Dave, and I’m a Principal Security
Strategist at Google. In our time together,
we’ll learn about detecting and responding
to security incidents. You’ll also have the chance
to monitor and analyze network activity using
powerful security tools. Hello! I’m Angel, and I’m a Security
Engineer at Google. We’ll explore foundational
Python programming concepts to help you automate
common security tasks. Hello! I’m Dion. I’m a Program Manager at Google. I’m your instructor for the first portion of the
final course of the program. There, we’ll discuss
how to escalate incidents and communicate
with stakeholders. And my name is Emily. I’m a
Program Manager at Google. I’ll guide you through
the final portion of the program and share
ways that you can engage with the
security community and prepare for your
upcoming job search. And, as you already know, I’ll guide you through the
first course of this program. This is such a great time to grow your career in
the field of security. Sound exciting?
Let’s get started!

Hi again! Now that you have some idea of what to expect
from the program as a whole, let’s discuss more about what you’ll learn
in this course. This course will
introduce you to the world of security
and how it’s used to protect business
operations, users, and devices, so you can contribute
to the creation of a safer internet for all. In this section, we’ll cover foundational
security concepts. First, we’ll define security. Then, we’ll explore common job responsibilities
of security analysts. Building on that, we’ll cover core skills a security
analyst may have. Finally, we’ll
discuss the value of security for protecting
organizations and people. Later on, we’ll cover
eight security domains. Then, we’ll cover common security
frameworks and controls. Finally, we’ll wrap up the course by
discussing common tools and programming languages that entry-level security
analysts may use. Coming up, we’ll go over
some resources that will allow you to get the
most out of this program. I’m really excited
for you to start this journey–let’s begin!

What is cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction. It is a broad field that encompasses a wide range of topics, including:

• Network security
• Endpoint security
• Application security
• Data security
• Identity and access management (IAM)
• Risk management
• Compliance

Why is cybersecurity important?

Cybersecurity is important because it protects our critical infrastructure, our personal information, and our financial assets. In today’s digital world, we are all connected to the internet, and our data is constantly being transmitted and stored online. This makes us vulnerable to cyberattacks.

Cyberattacks can have a devastating impact on individuals and organizations. They can lead to data breaches, financial losses, and even physical harm. According to the Ponemon Institute, the average cost of a data breach is now $3.86 million.

What are the different types of cyberattacks?

There are many different types of cyberattacks, but some of the most common include:

• Phishing: This is a type of social engineering attack where the attacker sends an email or text message that appears to be from a legitimate source, such as a bank or credit card company. The email or text message will often contain a link or attachment that, when clicked, will install malware on the victim’s computer.
• Malware: This is software that is designed to harm a computer system. Malware can be installed on a computer through a variety of ways, such as clicking on a malicious link, opening an infected attachment, or downloading a file from an untrusted source.
• Ransomware: This is a type of malware that encrypts the victim’s files and demands a ransom payment in order to decrypt them.
• Denial-of-service (DoS) attacks: These attacks are designed to overwhelm a computer system with traffic, making it unavailable to its intended users.
• Zero-day attacks: These are attacks that exploit vulnerabilities in software that the software vendor is not aware of. Zero-day attacks are often the most difficult to defend against.

How can I protect myself from cyberattacks?

There are a number of things you can do to protect yourself from cyberattacks, including:

• Use strong passwords and don’t reuse them across different websites and services.
• Be careful about what links you click on and what attachments you open.
• Keep your software up to date.
• Install antivirus and anti-malware software and keep it up to date.
• Be aware of the latest cyberattacks and how to protect yourself from them.

How can I become a cybersecurity professional?

If you are interested in a career in cybersecurity, there are a number of things you can do to prepare. You can get a degree in cybersecurity, take online courses, or get certified. You can also gain experience by working in IT or another related field.

Cybersecurity is a growing field with many opportunities. If you are interested in protecting people and organizations from cyberattacks, then a career in cybersecurity may be the right choice for you.

Fill in the blank: Cybersecurity is the practice of ensuring ___. Select three answers.

integrity, availability of information, confidentiality

Confidentiality, integrity, and availability of information are ensured through the effective practice of security. This involves protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

Imagine that you’re
preparing for a storm. You’ve received notification
that a storm is coming. You prepare by gathering the tools and materials
you’ll need to stay safe. You make sure your windows
and doors are secure. You assemble a first aid kit, tools, food and water.
You’re prepared. The storm hits and there are powerful winds and heavy rain. The storm is using its force
to try and breach your home. You notice some water leaks and begin patching them quickly in order to minimize any
risk or potential damage. Handling a security
incident is no different. Organizations must prepare for
the storm by ensuring they have the tools to mitigate and quickly respond to
outside threats. The objective is to minimize
risk and potential damage. As a security analyst, you’ll work to protect your organization and the
people it serves from a variety of risks and outside threats. And if a threat
does get through, you and your team will provide a solution to remedy
the situation. To help you better
understand what this means, we’ll define
security and discuss the roles of security
professionals in organizations. Let’s start with
some definitions: Cybersecurity, or
security, is the practice of ensuring
confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or
criminal exploitation. For example, requiring complex passwords
to access sites and services improves
confidentiality by making it much
more difficult for a threat actor to
compromise them. A threat actor is any person or group who presents
a security risk. Now that you know the
definition of security, let’s discuss what security
teams do for an organization. Security protects against
external and internal threats. An external threat is someone
outside of the organization trying to gain access to private information,
networks or devices. An internal threat comes from current or
former employees, external vendors, or
trusted partners. Often these internal
threats are accidental, such as an employee clicking on a compromised link in an email. Other times, the internal
actor intentionally engages in activities such as
unauthorized data access or abusing systems
for personal use. Experienced security
professionals will help organizations mitigate or reduce the impact
of threats like these. Security teams also ensure an organization meets
regulatory compliance, or laws and guidelines, that require the implementation of
specific security standards. Ensuring that
organizations are in compliance may allow
them to avoid fines and audits, while also upholding their ethical obligation
to protect users. Security teams also maintain and improve business
productivity. By establishing a plan
for business continuity, security teams allow
people to do their jobs, even in the case of something
like a data breach. Being security
conscious can also reduce expenses
associated with risks, such as recovering
from data loss or operational downtime, and
potentially avoiding fines. The last benefit of
security that we’ll discuss is maintaining
brand trust. If services or customer
data are compromised, this can lower trust
in the organization, damage the brand, and hurt the
business in the long term. Loss of customer trust may also lead to less revenue
for the business. Now, let’s go over some
common security-based roles. After completing this
certificate program, here are some job titles
you may want to search for: Security analyst or specialist, Cybersecurity analyst
or specialist, Security operation center or SOC analyst, Information
security analyst. You’ll also learn more
about the responsibilities associated with some of these job titles
later in the program. As you may now realize, the field of security includes many topics and concepts and every activity you complete in this program moves you one
step closer to a new job. Let’s keep learning together.

Hi, I’m Toni, I’m a Security
Engineering Manager. Our teams protect Google and its users from serious threats. Usually government-backed
attackers, coordinated influence
operations and serious cybercrime
threat actors. I grew up as an army brat. My dad was in the military
and we moved around a lot. I’ve always had an interest
in security sort of generally. I got really hooked
on international relations when I
was in high school. I did a lot of Model
United Nations. And that really sort of brought these
two things together for me, the way that security
works in the world. I come from a big family. I knew I was going
to need financial assistance to go to college. And the Department of
Defense provides a lot of educational
opportunities that are tied to service. So this was a natural fit for me. I knew I was interested in this area and this was going to provide a career path into something I was
passionate about. I started as an
intelligence analyst, but not focused
on cybersecurity. I worked counterinsurgency
for a number of years and geopolitical
intelligence issues. Eventually, as I
looked and saw that the way that cybersecurity
was starting to have an impact both in our daily lives and in that world of
international relations, I got more and more drawn to it. Transitioning into cybersecurity
was a huge shift for me. I came in without a solid
technical background, had to learn a lot of
that on the job and through self-paced learning in different types of courses, I needed to learn
programming languages like Python and SQL, two of the things that we
cover in this certificate, I needed to learn a
whole new language about the vocabulary of threats and the
different components and how those
manifest technically. One of the things that I had
to figure out very early in this journey is
what kind of learner I was. I work best with a
structured learning style. So turning to a lot of these online courses
and resources that took this material and
structured it sort of from first principles
through application resonated very well for me. A lot of this was
also learned on the job by co-workers who were willing to share and invest time in helping me
understand this. I asked a lot of
questions and I still do. Most of cybersecurity work
is going to be learned on the job in the specific environment that
you’re protecting. So you have to work well with
your teammates in order to be able to build
that knowledge base. My advice would be to stay
curious and keep learning, especially focusing on
your technical skills and growing those
throughout your career. It’s really easy to get imposter syndrome in
cybersecurity because it’s so broad and mastery of all these different areas
is a lifetime’s work. And sometimes that
imposter syndrome can shut us down and
make it feel like, why bother trying
to keep growing. I’m never going to
be able to master this instead of motivating us. So keep learning, push
through that fear. The efforts always
going to be rewarded.

Technology is
rapidly changing and so are the tactics and
techniques that attackers use. As digital
infrastructure evolves, security professionals are
expected to continually grow their skills in order to protect and secure
sensitive information. In this video, we’ll discuss some job responsibilities of an entry-level security analyst. So, what do security analysts do? Security analysts
are responsible for monitoring and protecting
information and systems. Now, we’ll discuss three
primary responsibilities of a security analyst, starting with protecting
computer and network systems. Protecting computer and
network systems requires an analyst to monitor an
organization’s internal network. If a threat is detected, then an analyst is generally
the first to respond. Analysts also often take
part in exercises to search for weaknesses in an
organization’s own systems. For example, a
security analyst may contribute to penetration
testing or ethical hacking. The goal is to penetrate or hack their own organization’s
internal network to identify vulnerabilities and suggest ways to strengthen
their security measures. Think of it like this. After you lock your car, you check the door
handles to make sure no one can access any
valuables you keep inside. Security analysts also
proactively work to prevent threats from
happening in the first place. One way they do this
is by working with information technology,
or IT, teams to install prevention software
for the purposes of identifying risks
and vulnerabilities. Analysts may also be involved in software and
hardware development. They’ll often work with
development teams to support product
security by setting up appropriate processes
and systems to meet the organization’s
data protection needs. The last task we’ll discuss is conducting periodic
security audits. A security audit is a review of an organization’s
security records, activities, and other
related documents. For example, an analyst may examine in-house
security issues, such as making sure that
confidential information, like individual
computer passwords, isn’t available
to all employees. Phew, that was a lot to cover! But hopefully you have
a general idea of what entry-level security analysts
do on a day-to-day basis. Security analysts are an important part of
any organization. Their daily tasks protect
small businesses, large companies, nonprofit organizations,
and government agencies. They also help to
ensure that the people served by those
organizations remain safe.

[MUSIC] My name is Nikki and
I’m a security engineer at Google. I am part of the insider threat detection
team at Google, so my role is more focused on catching insider threats or insider
suspicious activity within the company. My first experience with cybersecurity
was when I was interning at the aquarium. I learned a lot of network security there,
they had a lot of phishing attempts, of course, you know, at the aquarium. My manager was really focused on making
sure that our networks were secure and I learned a lot from him and that really
sparked my interest in cybersecurity. The main reason I chose to pursue a career
in cybersecurity is just how flexible the career path is. Once you’re in security, there’s so
many different fields you can dive into. Whether it’s through the blue team,
protecting the user or the red team, which is just, you know, poking
holes in other people’s defenses and letting them know where
they’re going wrong. A day in the life as a entry-
level security professional? Um, it can change day to day, but
there’s two basic parts to it. There’s the operation side,
which is responding to detections and doing investigations. And then there’s the project side where
you’re working with other teams to build new detections or
improve the current detections. The difference between this entry-
level cybersecurity analyst and an entry-level cybersecurity engineer
is pretty much that the analyst is more focused on operations and
the engineer, while they can do operations,
they also build the, the detections and they do more project focused work. My favorite task is probably
the operations side doing investigations because we can sometimes get something
like this actor did such and such on this day. And we’re supposed to then dive
into what they’ve been doing, what they’ve been working on to figure
out if there’s any suspicious activity or if it was just a false positive. One of the biggest ways I’ve made
an impact as an entry-level cybersecurity professional is actually working
on the playbooks that, um, our team uses. A playbook is a list of how to go
through a certain detection, and what the analyst needs to look at in
order to investigate those incidents. I was really proud of those, those playbooks
that I’ve made so far because a lot of my teammates have even said how
helpful they’ve been to them. If you love solving problems,
if you love protecting user data, being at the front lines of a lot of headlines,
then this is definitely the role for you.

Transferable Skills

• Communication: Cybersecurity professionals need to be able to communicate effectively with a variety of stakeholders, including technical and non-technical audiences. They need to be able to explain complex security concepts in a clear and concise way.
• Collaboration: Cybersecurity professionals often work on teams with other security professionals, engineers, and IT staff. They need to be able to collaborate effectively to identify and mitigate security threats.
• Problem-solving: Cybersecurity professionals need to be able to identify and solve security problems. This requires the ability to think critically and creatively.
• Analytical thinking: Cybersecurity professionals need to be able to analyze security data and identify trends. This helps them to identify potential threats and vulnerabilities.
• Attention to detail: Cybersecurity professionals need to be able to pay attention to detail in order to identify and prevent security threats.
• Resilience: Cybersecurity professionals need to be able to handle stress and setbacks. The security field is constantly evolving, and cybersecurity professionals need to be able to adapt to new threats and technologies.

Technical Skills

• Networking: Cybersecurity professionals need to have a strong understanding of networking concepts and technologies. This includes understanding how networks work, how data is transmitted, and how vulnerabilities can be exploited.
• Systems administration: Cybersecurity professionals need to have the skills to install, configure, and maintain computer systems. This includes understanding the operating system, software, and hardware.
• Programming: Cybersecurity professionals can use programming languages to automate tasks, develop security tools, and analyze security data.
• Security information and event management (SIEM): SIEM tools are used to collect and analyze security logs. Cybersecurity professionals use SIEM tools to identify and investigate security threats.
• Cloud security: Cybersecurity professionals need to have a strong understanding of cloud computing concepts and technologies. This includes understanding how cloud services work, how data is stored and protected, and how vulnerabilities can be exploited.
• Cyber forensics: Cyber forensics is the process of recovering and analyzing digital evidence. Cybersecurity professionals use cyber forensics to investigate security incidents.

Other Skills

• Security awareness: Cybersecurity professionals need to be aware of the latest security threats and vulnerabilities. They need to stay up-to-date on the latest security news and trends.
• Continuous learning: The security landscape is constantly changing, so cybersecurity professionals need to be lifelong learners. They need to be willing to learn new skills and technologies in order to stay ahead of the curve.
• Integrity: Cybersecurity professionals need to be trustworthy and ethical. They need to be able to keep sensitive information confidential and to act in the best interests of their organization.

These are just some of the core skills that are important for cybersecurity professionals. The specific skills that are required will vary depending on the specific job role and the organization. However, all cybersecurity professionals need to have a strong foundation in the core skills listed above.

If you are interested in a career in cybersecurity, there are many resources available to help you learn the skills you need. You can take courses, get certifications, and read books and articles on cybersecurity. You can also get involved in cybersecurity communities and participate in online forums and discussions.

The field of cybersecurity is constantly evolving, so it is important to stay up-to-date on the latest threats and technologies. You can do this by reading security news, attending conferences, and taking continuing education courses.

If you are passionate about protecting computer systems and networks from security threats, then a career in cybersecurity may be the right choice for you. With hard work and dedication, you can develop the skills you need to succeed in this exciting field.

What are some core skills entry-level security analysts need to develop? Select three answers.

Problem-solving, Communication, Programming

Some core skills entry-level analysts need to develop are programming, communication, and problem-solving skills.

For any job, you need certain
skills to be successful, and many of these
core skills are transferable from one
role to the next. No matter what job
you currently have, you likely have many
core skills already. Having a diverse background
enhances your core skills, which means your
personal experiences and perspectives are
especially valuable. In this video, we’ll discuss both transferable and
technical skills that are particularly useful for
a security analyst. Transferable skills
are skills from other areas that can apply
to different careers. Technical skills may apply to several professions as well. However, at times they
may require knowledge of specific tools,
procedures, and policies. Let’s discuss some core transferable skills
you may already have that will benefit you in a career as a
security analyst. Communication is a
transferable skill for a security analyst. They will often need to describe
certain threats, risks, or vulnerabilities to people who may not have a
technical background. For example, security
analysts may be tasked with interpreting and
communicating policies and procedures to
other employees. Or analysts may be asked
to report findings to their supervisors, so
the appropriate actions can be taken to secure
the organization. Another transferable
skill is collaboration. Security analysts often work
in teams with engineers, digital forensic investigators,
and program managers. For example, if you are working to roll out a new
security feature, you will likely have
a project manager, an engineer, and an ethical
hacker on your team. Security analysts also
need to be able to analyze complex scenarios
that they may encounter. For example, a security analyst may need to make recommendations
about how different tools can
support efficiency and safeguard an organization’s
internal network. The last transferable skill that we’ll discuss is
problem-solving. Identifying a security problem and then diagnosing
it and providing solutions is a necessary skill to keep business
operations safe. Understanding threat actors
and identifying trends can provide insight on how
to handle future threats. Okay, now that we’ve covered some important
transferable skills, let’s discuss some
technical skills that security analysts
need to develop. A basic understanding of programming languages is an important skill
to develop because security analysts can
use programming to automate tasks and
identify error messages. Like learning any
other language, learning a programming language may seem challenging at first. However, this
certificate program assumes no prior
programming experience, so we’ll start at
the very beginning and provide several
opportunities for hands-on practice with
languages like Python and SQL. Another important technical
skill is knowing how to use security information and event
management, or SIEM, tools. Security professionals use
SIEM tools to identify and analyze security threats,
risks, and vulnerabilities. For example, a SIEM
tool may alert you that an unknown user
has accessed the system. In the event of an unknown
user accessing the system, you may use computer forensics to investigate the incident. Now, let’s discuss
computer forensics. Similar to an investigator and a forensic scientist working in the criminal justice system, digital forensic
investigators will attempt to identify, analyze, and preserve criminal
evidence within networks, computers, and
electronic devices. Keep in mind that
you may already have some of the core skills
we’ve discussed. And if you don’t have the
technical skills, that’s okay! This program is designed to support you in
learning those skills. For example, over the past seven years
working in cybersecurity, I’ve learned that security
analysts need to have intellectual curiosity
and the motivation to keep learning in
order to succeed. Personally, I dedicate time on a regular basis
towards learning more Python and SQL
skills in order to meet the demands of the
projects I’m working on. You’ll get to learn
about Python and SQL later in this program. As you continue this journey, you’ll build the
knowledge and skills you need to enter
the security field.

Hi, I’m Veronica and I’m a
security engineer at Google. My journey into
cybersecurity has changed my life for the
better in so many ways. The most important part
is fulfilling work. I get to do something
that I absolutely love and that I’m
super interested in, and I feel very lucky that this is what I
get to do for work. Before I entered
my current field, I had no idea what
cybersecurity was. My knowledge of cybersecurity was using secure passwords, and that was about it. So if you asked me, you know, would I be in cybersecurity five years ago? I would’ve said, what is that? Someone without a
technical background can 100% be
successful in cybersecurity. My path to my current
role in cybersecurity started as an IT resident here at Google
staff in Techstop. I learned a lot of
analytical thinking skills, working on a help desk,
troubleshooting, debugging. I didn’t realize I had
transferable skills until I got into my
role in cybersecurity. And from there, I took
it upon myself to bug a bunch of
security engineers, interviewed a lot of them. I didn’t get here alone. It took a village of
mentors to get me here, so don’t be afraid
to ask for help. I don’t think someone needs a college degree to go
into cybersecurity. Some of the brightest minds that I get to work with
don’t have a college degree, so I think that’s one
of the best parts about the industry. Looking back at my career, I wish I would have known that I don’t have
to check all the boxes, that I don’t have
to be an expert in the area to shoot my shot, and I also wish I
would’ve known that perfectionism can get in the way of what you want to achieve.

Cybersecurity is the practice of protecting systems, networks, and data from digital attacks. It is essential for businesses of all sizes, as well as individuals, to protect their information from cyber threats.

There are many reasons why cybersecurity is important. Here are a few of the most important reasons:

• To protect sensitive data: Businesses and individuals often store sensitive data on their computer systems and networks. This data can include financial information, personal identification information, and intellectual property. Cybersecurity helps to protect this data from unauthorized access, use, or disclosure.
• To prevent financial losses: Cyber attacks can lead to financial losses for businesses and individuals. For example, a data breach could allow criminals to steal credit card numbers or other financial information. This could lead to identity theft, fraud, and other financial crimes.
• To protect reputation: A data breach or other cyber attack can damage a business’s reputation. Customers may lose trust in a business that has been hacked, and this can lead to lost sales and revenue.
• To comply with regulations: Many businesses are subject to regulations that require them to protect their data. For example, financial institutions are subject to the Payment Card Industry Data Security Standard (PCI DSS), which requires them to implement specific security measures to protect customer credit card data.
• To protect national security: Cyber attacks can also pose a threat to national security. For example, a cyber attack could be used to disrupt critical infrastructure or steal sensitive government information.

There are many things that businesses and individuals can do to improve their cybersecurity posture. Here are a few tips:

• Use strong passwords and keep them updated: Passwords should be at least 12 characters long and should include a mix of letters, numbers, and symbols. Passwords should be changed regularly.
• Use multi-factor authentication: Multi-factor authentication adds an extra layer of security by requiring users to provide two or more pieces of information to authenticate themselves. For example, users may be required to enter their password and a code that is sent to their phone.
• Keep software up to date: Software updates often include security patches that fix vulnerabilities. It is important to install software updates as soon as they are available.
• Be careful about what you click on: Phishing emails and malicious websites are often used to spread malware. It is important to be careful about what links you click on and what attachments you open.
• Back up your data: In the event of a data breach, it is important to have a backup of your data. This will help you to recover your data if it is lost or stolen.

Cybersecurity is a complex and ever-evolving field. However, by following these tips, businesses and individuals can improve their cybersecurity posture and protect themselves from cyber threats.

As we’ve discussed, security professionals
protect many physical and digital assets. These skills are desired
by organizations and government entities because
risk needs to be managed. Let’s continue to discuss
why security matters. Security is essential for ensuring
an organization’s business continuity and ethical standing. There are both legal implications and moral considerations to maintaining
an organization’s security. A data breach, for example, affects everyone that is
associated with the organization. This is because data losses or leaks
can affect an organization’s reputation as well as the lives and reputations
of their users, clients, and customers. By maintaining strong security measures,
organizations can increase user trust. This may lead to financial growth and
ongoing business referrals. As previously mentioned, organizations are not the only ones
that suffer during a data breach. Maintaining and
securing user, customer, and vendor data is an important part
of preventing incidents that may expose people’s personally
identifiable information. Personally identifiable
information, known as PII, is any information used to infer
an individual’s identity. PII includes someone’s full name,
date of birth, physical address,
phone number, email address, internet protocol, or IP address and
similar information. Sensitive personally
identifiable information, known as SPII, is a specific type of PII that
falls under stricter handling guidelines and may include social security numbers,
medical or financial information, and
biometric data, such as facial recognition. If SPII is stolen,
this has the potential to be significantly more damaging to an individual
than if PII is stolen. PII and SPII data are key assets
that a threat actor will look for if an organization experiences a breach. When a person’s identifiable
information is compromised, leaked, or stolen,
identity theft is the primary concern. Identity theft is the act of stealing
personal information to commit fraud while impersonating a victim. And the primary objective of
identity theft is financial gain. We’ve explored several
reasons why security matters. Employers need security analysts
like you to fill the current and future demand to protect data,
products, and people while ensuring confidentiality, integrity, and
safe access to information. This is why the U.S. Bureau of
Labor Statistics expects the demand for security professionals to grow by
more than 30% by the year 2030. So keep learning, and eventually you’ll be
able to do your part to create a safer and more secure environment for
organizations and people alike!

Congratulations on completing the first section
of this course! Let’s quickly review what we’ve covered so far, before moving on. We defined security and introduced the benefits of implementing
security in an organization. Then, we discussed different
job responsibilities, such as managing threats and installing
prevention software. We also introduced some
important core skills, like collaboration and
computer forensics. We finished by discussing
the value of security and how it supports critical
business functions. I hope you’ve gained a greater
understanding of security. If you feel like you need a
refresher before moving on, you can always go
back and review any content you’re unsure about. By learning the basics, you are laying the
foundation for the rest of your
security career. Coming up, we’ll explore some well-known attacks that
shaped the security industry. I’m excited to continue
this journey with you!