Intro to Cybersecurity
How to Think About Cybersecurity
Cybersecurity is how computers, computer networks, and data are kept safe and secure. Like physical security, there are different ways you can think about cybersecurity. There are basic things that everyone should know how to do (like locking the doors when you leave for the night). Some procedures and protocols get enforced regularly (such as installing keypads and changing the code regularly). Additionally, trained and experienced personnel work with special equipment (like security guards).
Also, like physical security, the level of investment into cybersecurity is usually related to the size, profitability, and vulnerability of the organization. For business owners and managers, there are strategies and approaches for raising the cybersecurity awareness of your employees. For people looking for jobs in this industry, there are many different career opportunities.
This introduction to cybersecurity explains all the different things cybersecurity can be: it touches on the technologies and concepts of cybersecurity before moving on to cybersecurity jobs available to people who want a long and interesting IT career. It wraps up by explaining the roadmap to learning the skills necessary for achieving those careers.
Introduction to Cybersecurity: Free Video Playlist
To get started, watch this free cybersecurity training. The playlist of seven videos is Keith Barker's Introduction to Cybersecurity. The videos can be watched in order, but you can also skip around to the topics that interest you most. Taken together, they help explain the fundamentals of cybersecurity and give you essential cybersecurity concepts and vocabulary.
On top of explaining the topics and skills that a cybersecurity professional needs, these videos will introduce you to the way a CBT Nuggets course is structured and presented. If you were to become a CBT Nuggets member, you can expect even more content like this.
Your Introduction to Cybersecurity
The only completely secure device is one that's turned off, in a locked room, and is not and has never been connected to the internet or any other network.
Since that's obviously unrealistic, the real work of cybersecurity is how difficult you can make devices to break into, how well you can detect attempts if they happen, and how quickly and effectively you respond when they do.
What are Cybersecurity Fundamentals?
Cybersecurity fundamentals are the little things anyone can do (and everyone should do) to help keep their networks safe. Cybersecurity fundamentals are small steps that have large results. There are many cybersecurity fundamentals, but three of the most important are:
Strong passwords. A "strong password" is one that a computer algorithm or program would struggle to guess or come up with on its own. Although it's annoying, making a new password regularly is proven to be effective.
Be suspicious. If you're online, you're vulnerable. Digital attackers don't always use technology; sometimes they act like people or organizations you know and trust. They'll try to trick you into revealing your account information, passwords, or information about your network. If you're connected to the internet, treat all requests for information with deep suspicion and have a way of verifying authenticity.
Keep apps updated. Don't "restart later" and don't delay the security patches when they pop up: take the time to download and install recommended security updates. It's worth the time.
5 Key Components of Professional Cybersecurity
Beyond the fundamentals, cybersecurity has certain key components – technological solutions for safeguarding networks and devices. In no particular order, they are:
Authentication and access control: Users must be identified accurately and given access to all (but only) the information they need.
Encryption: Encryption is any process that transforms information into a coded format which can then be decoded with the correct key. Encryption acts as an additional layer: even if someone gains access to a network, they still can't read encrypted data.
Incident Response: Like running a fire drill, incident response is part of being prepared for what happens after a successful attack and it improves data recovery and network downtime.
Penetration Testing: "Pentests" are simulated attacks against a network, looking for the digital equivalent of unlocked doors or unsecured windows. These penetration tests provide extremely valuable information about how to better secure networks and devices.
Patch and Software Management: Technology never stops evolving, and programmers are always finding new ways to protect and secure applications, devices, and networks. Patches are software updates that need to be tracked, downloaded and installed as soon as they're available.
These are just a few of the concepts of cybersecurity – many of them have entire careers dedicated to them, a few of which we describe later.
What is Cybersecurity Awareness?
Simply put, cybersecurity awareness is paying attention to how your actions could expose your network to attack. Like hygiene, it takes remembering and following a series of simple steps to prevent bigger problems from arising.
Employees and Team Members are the First Line of Cybersecurity Awareness
Every user on your network who uses a device that has any contact with the internet increases the risk of digital attack. When employees and team members are familiar with the real-world risks and attack patterns of hackers, they can help prevent them. The best way to improve cybersecurity awareness is with knowledge, usually through courses and training.
Entry-level courses on cybersecurity can help expose even non-technical employees to the risks of the internet and help explain the reasoning behind security habits that might seem tedious. Online courses tend to be the best way to deliver cybersecurity awareness training since they can be kept up-to-date and relevant more quickly than most other forms of education.
Good cybersecurity awareness is a matter of practice and habit. Before your team members and employees can follow the right habits, they need to learn what they are and will need opportunities to practice them – often found in cybersecurity training.
How Do You Get a Career in Cybersecurity?
The cybersecurity career field is wide and diverse. It's full of interesting challenges and opportunities to get lost in technical depth. It also tends to pay quite well if you can find the right combination of skills and knowledge.
What Do Different Cybersecurity Careers Do and Get Paid?
Cybersecurity professionals are the ones implementing each of the concepts mentioned above. Responsibilities will always vary from company to company, but many of the essentials remain the same across job titles.
Information Security Analyst: These tend to be junior cybersecurity professionals who monitor, investigate, and implement basic security measures. In a nation-wide survey, CBT Nuggets discovered that the national average salary for an information security analyst is $70,150.
Security Operations Center (SOC) Analyst: Usually found working at a larger organization and with large data centers, SOC analysts tend to be deeply familiar with the specific tools and technologies used by that SOC. Salary.com reports that the average SOC Analyst salary is $73,000.
Network Security Engineer: More deeply and technically trained than an analyst, security engineers tend to design and implement technological security measures using programming, device configuration and infrastructural design. In a nationwide survey, CBT Nuggets discovered that the national average salary for a network security engineer is $139,000.
How Do You Get Started in Cybersecurity?
Getting started in the cybersecurity career field requires foundational IT, network, and device knowledge, as well as advanced familiarity with technical cybersecurity devices and procedures for operating them. If you already have some IT familiarity, you can learn how to manage and configure a certain vendor's tech (such as Cisco or Microsoft), or you can learn the techniques and processes that apply generally (CompTIA, ISC2).
Cybersecurity is a complex and technical career field, and you'll need specific training, preparation, and coursework to be prepared. There's a lot more than just concepts to learn, too: you'll have to practice and develop skills configuring devices, analyzing reports, and reading code. The best way to get started in cybersecurity is to choose an entry-level cybersecurity certification that applies to your current job or interests and then enroll in an online course to prepare for it.
What are Cybersecurity Certifications, and are They Worth It?
Like in any profession, cybersecurity certifications represent a certain level of familiarity with the skills and knowledge of the trade. Whether or not they're worth the time and investment is a constant source of debate.
Are Cybersecurity Certifications Necessary for a Career?
There are about as many answers to whether or not a cybersecurity certification is necessary as there are people in the cybersecurity field. Generally speaking, cybersecurity certifications stand for a certain level of skill.
Some cybersecurity certifications require a minimum number of years actually doing the work, and nearly all have challenging exams that can't be passed without specific training and preparation. While they might seem like cash grabs to the cynical, cybersecurity certifications tend to be trusted by employers when reliable organizations maintain them.
Since most cybersecurity certifications test your familiarity with a specific vendor or manufacturer, you should consider them if you know you'll be working on networks that use that technology.
A smaller number of cybersecurity certifications test general knowledge that apply across different vendors. Both types of certification can help you prove your knowledge, demonstrate your experience, and could land you your next job or promotion.
What are the Most Popular Cybersecurity Certifications?
There are many cybersecurity certification vendors to choose from, but here are some of the most popular:
Security+ from CompTIA: Security+ is a vendor-agnostic certification designed to prove familiarity with all the essential and generic skills a cybersecurity professional would need to have to be effective on the very first day of their first cybersecurity job.
Certified Information Systems Security Professional from ISC2: Also vendor-agnostic, CISSP is a more advanced certification that tries to validate the skills and knowledge of cybersecurity professionals with several years of experience.
CCNP Security from Cisco: Earning the professional-level Cisco security cert is a long and difficult process but proves deep mastery of the security tools and devices manufactured specifically by Cisco.
Microsoft Certified: Azure Security Engineer Associate: Meant for security analysts whose networks are driven by Microsoft Azure, earning the Azure Security Engineer cert requires proving familiarity with maintaining security postures for Azure, multi-cloud and hybrid environments.
How Do You Get Cybersecurity Training?
Cybersecurity isn't just an abstract idea – it's using certain tools in specific ways to keep networks safe. Cybersecurity training explains the knowledge, helps you practice the skills, and prepares you for the job.
What Cybersecurity Training is Right for You?
Generally speaking, when people consider online cybersecurity training, it's to learn the right skills to land a certain job. For instance, maybe you want to work as a cybersecurity analyst, so you take a Cisco CyberOps Associate course. That can give you enough knowledge to earn the Cisco entry-level certification, with which you can apply to entry-level cybersecurity positions and eventually move up the career ladder with more and more cybersecurity training.
But, even non-technical professionals need to understand cybersecurity. Maybe you work as an accountant, or HR manager, or marketing professional, and your supervisor needs you to understand Security Threats, Attacks, and Vulnerabilities. Online cybersecurity training can help you understand the basics of security threats without getting bogged down in technical details.
Browse all the Cybersecurity Training from CBT Nuggets to help give you a sense of how many different categories and vendors there are to consider when considering cybersecurity training.
What's the Best Sort of Cybersecurity Course?
The internet is full of online cybersecurity courses, and choosing the right one for you can be difficult. The thing to remember when you're choosing a cybersecurity course is that cybersecurity isn't just knowledge; it's also practiced skills. Whether you want a cybersecurity professional job or just want to be safer while you're online, find courses that let you practice what you're learning.
For example, there are cybersecurity courses that have virtual labs – simulations of real-world networks and devices. Studying with virtual labs means practicing skills that are actually applicable in the real world.
Cybersecurity is a career field full of possibilities, it's also a discipline and a mindset. Whether you're an IT professional or just an internet user, companies desperately need people who are trained in keeping their networks safe and secure. There are cybersecurity courses and training that can help you be that person, making you more attractive to employers.
Cybersecurity careers are often challenging and interesting, plus they pay well. But maybe cybersecurity doesn't sound right for you – there are many other fields of IT. Check out our Intro to IT trainings and find out what best suits your skills and interests.
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.