Cybersecurity For Beginners | Basics of Cyber security For Beginners Complete Course, Google

hello and welcome to the Google career certificate focused on cyber security I'm so excited that you're here my name is Tony and I am a security engineering manager at Google I'll be your instructor for the first course of this certificate program by starting this course you've already taken a big step towards building new skills that will help you in your career the cyber security may seem daunting at first but you'd be surprised by the different backgrounds many of us have I worked as an intelligence analyst before I got my first job in the security industry

and I'm excited to be your instructor as you begin your journey into security the demand for Security Professionals is growing at an incredible rate by 2030 the US Bureau of Labor Statistics expects security roles to grow by more than 30% Which is higher than the average growth rate for other occupations Global access to the internet is expanding every day more people and organizations are adopting new digital Technologies having a diverse community of Security Professionals with unique backgrounds perspectives and experiences is essential for protecting and serving different markets working in security has allowed me to work

with people from all around the world working with people who have diverse backgrounds ensures that our teams get to ask lots of questions and come up up with more Creative Solutions the main objective in Security is to protect organizations and people this line of work allows you to support and interact with people across the globe there are many openings for entry-level security analysts and employers are struggling to find enough candidates with the right expertise this program is designed to give you the knowledge and skills you need to start or advance in the security profession no

matter your current skill level by the time you finish this certificate program you'll be prepared to find a security related job or expand your career in security you may be wondering what do Security Professionals actually do have you ever had to update your password online to include a number or a special symbol if so then you're already familiar with basic security measures like password management and if you've ever received a notification from a service provider about stolen data or a software hack then you have firsthand experience with the impact of a security breach if you've

ever asked yourself how organizations Safeguard data then you already have two important traits that are necessary to thrive in this industry curiosity and excitement security analysts help minimize risks to organizations and people analysts work to to proactively guard against incidents while continuously monitoring systems and networks and if an incident does occur they investigate and Report their findings they are always asking questions and looking for Solutions one of the best things about the security industry is the many paths and career options it exposes you to each option involves a unique set of skills and responsibilities no

matter what your background is you'll probably find that you already have some relevant experience if you enjoy collaborating with and helping others solving puzzles and are motivated by challenges then this is the career for you for example my background as an intelligence analyst had nothing to do with cyber security however having strong critical thinking skills and communication skills provided a solid foundation for My Success when I decided to pursue a career in security if you're not sure what direction you want to take in the security industry that's okay this program will give you an overview

of many different types of available jobs it will also let you explore certain specialized skill sets to help you figure out where you want to take your career the Google career certificates are designed by industry professionals with Decades of experience here at Google you'll have a different expert from Google guide you through each course in the certificate we'll share our knowledge in videos provide practice opportunities with Hands-On activities and take you through real scenarios that you might encounter on the job throughout this program you'll gain Hands-On practice with detecting and responding to attacks monitoring and

protecting networks investigating incidents and writing code to automate tasks the program is made up of several courses that are designed to help you land an entry-level job you'll learn about topics like core security Concepts security domains network security Computing Basics including Linux and SQL along with understanding assets threats and vulnerabilities our goal is to help you reach your goal of joining the security industry you'll learn about incident detection and response as well as how to use programming languages like python to accomplish common security tasks you'll also gain valuable job search strategies that will benefit you

as you begin to find and apply for jobs in the security profession completing this Google career certificate will help you develop skills and learn how to use tools to prepare you for a job in a fast growing high demand field the certificate is designed to prepare you for a job in 3 to six months if you work on the certificate part-time and once you graduate you can connect with over 200 employers who are interested in hiring Google career certificate graduates like you whether you're looking to switch jobs start a new career or level up your

skills this Google career certificate can open doors to new job opportunities you don't need prior experience or knowledge in the security field because this certificate program will begin with the basics I'll be by your side throughout this first course making sure that you're learning the foundational knowledge needed to succeed in the field this program is also flexible you can complete all of the courses in this certificate on your own terms and at your own pace online we've gathered some amazing instructors to support you on your journey and they'd like to introduce themselves now hi my

name is Ashley and I'm a customer engineering enablement lead for Security operation sales at Google I'll take you through security domains Frameworks and controls as as well as common security threats risks and vulnerabilities you'll also be introduced to common tools used by security analysts I can't wait to get started hi there my name is Chris and I'm the Chief Information Security Officer for Google Fiber I'm excited to talk to you about the structure of a network network protocols common Network attacks and how to secure a network hi there my name is Kim and I'm a

technical program manager at Google I will guide you through foundational Computing skills that support the work of a security analyst we'll also learn about operating systems the Linux command line and SQL hi my name is taquisha and I'm a security engineer at Google together we explore protecting organizational assets through a variety of security controls and develop a deeper understanding of risk and vulnerabilities hi my name is Dave and I'm a principal security strategist at Google in our time together we'll learn about detecting and responding to security incidents you'll also have the chance to Monitor and

analyze network activity using powerful security tools hello I'm anel and I'm a security engineer at Google we'll explore foundational Python Programming Concepts to help you automate common security tasks hello I'm Dion I'm a program manager at Google I'm your instructor for the first portion of the final course of the program there we'll discuss how to escalate incidents and communicate with stakeholders and my name is Emily I'm a program manager at Google I'll guide you through the final portion of the program and share ways that you can engage with the security community and prepare for your

upcoming job search and as you already know I'll guide you through the first course of this program this is such a great time to grow your career in the field of security sound exciting let's get started hi again now that you have some idea of what to expect from the program as a whole let's discuss more about what you'll learn in this course this course will introduce you to the world of security and how it's used to protect business operations users and devices so you can contribute to the creation of a safer internet for All

in This section we'll cover foundational security Concepts first we'll Define security then we'll explore common job responsibilities of security analysts building on that we'll cover core skills a security analyst may have finally we'll discuss the value of security for protecting organizations and people later on we'll cover eight security domains then we'll cover common security Frameworks and controls finally we'll wrap up the course by discussing common tools and programming languages that entry-level security analysts may use coming up we'll go over some resources that will allow you to get the most out of this program I'm really

excited for you to start this journey let's begin imagine that you're preparing for a storm you've received notification that a storm is coming you prepare by gathering the tools and materials you'll need to stay safe you make sure your windows and doors are secure you assemble a first aid kit tools food and water you're prepared the storm hits and there are powerful winds and heavy rain the storm is using its Force to try and breach your home you notice some water leaks and begin patching them quickly in order to minimize any risk or potential damage

handling a security incident is no different organizations must prepare for the storm by ensuring they have the tools to mitigate and quickly respond to outside threats the objective is to minimize risk and potential damage as a security analyst you'll work to protect your organization and the people it serves from a variety of risks and outside threats and if a threat does get through you and your team will provide a solution to remedy the situation to help you better understand what this means we'll Define security and discuss the roles of Security Professionals in organizations let's start

with some definitions cyber security or security is the practice of ensuring confidentiality integrity and availability of information by protecting networks devices people and data from unauthorized access or criminal exploitation for example requiring complex passwords to access sites and services improves confidentiality by making it much more difficult for a threat actor to compromise them a threat actor is any person or group who presents a security risk now that you know the definition of security let's discuss what security teams do for an organization security protects against external and internal threats an external threat is someone outside of

the organization trying to gain access to private information networks or devices an internal threat comes from current or former employees external vendors or trusted Partners often these internal threats are accidental such as an employee clicking on a compromise Link in an email other times the internal actor intentionally engages in activities such as unauthorized data access or abusing systems for personal use experienced Security Professionals will help organizations mitigate or reduce the impact of threats like these security teams also ensure an organization meets Regulatory Compliance or laws and guidelines that require the implementation of specific security standards

ensuring that organizations are in compliance may allow them to avoid fines and audits while also upholding their ethical obligation to protect users security teams also maintain and improve business productivity by establishing a plan for business continuity security teams allow people to do their jobs even in the case of something like a data breach being security conscious can also reduce expenses associated with risk such as recovering from data loss or operational downtime and potentially avoiding fines the last benefit of security that we'll discuss is maintaining brand trust if services or customer data are compromised this can

lower trust in the organization damage the brand and hurt the business in the long term loss of customer trust may also lead to less revenue for the business now let's go over some common security-based roles after completing this certificate program here are some job titles you may want to search for security analyst or specialist cyber security analyst or specialist Security operation Center or sock analyst and information security analyst you'll also learn more about the responsibilities associated with some of these job titles later in the program as you may now realize the field of security includes

many topics and Concepts and every activity you complete in this program moves you one step closer to a new job let's keep learning together hi I'm I'm Tony I'm a security engineering manager our teams protect Google and its users from serious threats um usually government back attackers coordinated influence operations and serious cyber crime threat actors I grew up as a as an army brat my dad was in the military and we moved around a lot so I've always had an interest in security sort of generally I got really hooked on international relations when I was

in high school I did a lot of Model United Nations and that really sort of brought these two things together for me the way that security works in the world I come from a big family I knew I was going to need financial assistance to go to college um and the Department of Defense provides a lot of educational opportunities that are tied to service so this was a natural fit for me I knew I was interested in this area and this was going to provide um a career path into something I was passionate about I

started as an intelligence analyst but not focused on cyber security I worked counter Insurgency for a number of years and sort of geopolitical intelligence issues eventually as I looked and saw that the the way that cyber security was starting to have an impact um both in our daily lives and in that world of international relations I got more and more drawn to it transitioning into cyber security was a huge shift for me uh I came in without a solid technical background had to learn a lot of that on the job and through self-paced learning and

different types of courses I needed to learn programming languages uh like Python and SQL two of the things that we covered in this certificate I needed to learn a whole new language about the vocabulary of threats and the different components and how those manifest technically one of the things that I had to figure out very early in this journey is what kind of learner I was I work best with a structured learning style so turning to a lot of these online courses and resources that took this material and structured it sort of from first principles

through application resonated very well for me a lot of this was also learned on the job by co-workers who were willing to share and invest time in helping me understand this I asked a lot of questions and I still do most of cyber security work is going to be learned on the job in the specific environment that you're protecting so you have to work well with your teammates in order to be able to to build that knowledge base my advice would be to stay curious and keep learning especially focusing on your technical skills and growing

those throughout your career it's really easy to get impostor syndrome in cyber security because it's so Broad and Mastery of all these different areas is a lifetime's work and sometimes that impostor syndrome can shut us down and make a feel like why bother trying to keep growing I'm never going to be able to master this instead of motivating us so keep learning push through that fear the effort's always going to be rewarded technology is rapidly changing and so are the tactics and techniques that attackers use as digital infrastructure evolves Security Professionals are expected to continually

grow their skills in order to protect and secure sensitive information in this video we'll discuss some job responsibilities of an entry-level security analyst so what do security analysts do security analysts are responsible for monitoring and protecting information and systems now we'll discuss three primary responsibilities of a security analyst starting with protecting Computer and Network systems protecting Computer and Network systems requires an analyst to monitor an organization's internal network if a threat is detected then an analyst is generally the first to respond analysts also often take part in exercises to search for weaknesses in an organization's

own systems for example a security analyst May contribute to penetration testing or ethical hacking the goal is to penetrate or hack their own organization's internal Network to identify vulnerabilities and suggest ways to strengthen their security measures think of it like this after you lock your car you check the door handles to make sure no one can access any valuables you keep inside security analysts also proactively work to prevent threats from happening in the first place one way they do this is by working with information technology or it teams to install prevention software for the purposes

of identifying risks and vulnerabilities analysts may also be involved in software and Hardware development they'll often work with development teams to support product security by setting up appropriate processes and systems to meet the organization's data protection needs the last task we'll discuss is conducting periodic security audits a security audit is a review of an organization's security records activities and other related documents for example an analyst May examine in-house security issues such as making sure that confidential information like individual computer passwords isn't available to all employees phew that was a lot to cover but hopefully you

have a general idea of what entry-level security analysts do on a day-to-day basis security analysts are an important part of any organization their daily tasks protect small businesses large companies nonprofit organizations and government agencies they also help to ensure that the people served by those organizations remain [Music] safe my name is Nikki and I'm a security engineer at Google I am part of The Insider threat detection team at Google so my role is more focused on catching Insider threats or Insider suspicious activity within the company my first experience with cyber security was when I was

interning at the aquarium I learned a lot of network security there they had a lot of fishing attempts of course you know at the aquarium my manager was really focused on making sure that our networks were secure and I learned a lot from him and that really sparked my interest in cyber security the main reason I chose to pursue a career in cyber security is just how flexible the career path is once you're in security there's so many different fields you can dive into whether it's through the blue team protecting the user or the red

team which is just you know poking holes in other people's defenses and letting them know where they're going wrong A Day in the Life as an entry-level security professional um it can change day-to-day but there's two basic parts to it there's the operations side which is responding to detections and doing investigations and then there's the project side where you're working with other teams to build new detections or improve the current detections the difference between a entry-level cyber secur analyst and an entry-level cybercity engineer is pretty much that the analyst is more focused on operations and

the engineer while they can do operations they also build the the detections and they do more project focused work my favorite task is probably the operations side doing investigations because we can sometimes get something like this actor did such and such on this day and we're supposed to then dive in to what they've been doing what they've been working on to figure out if there's any suspicious activity or if it was just a false positive one of the biggest ways I've made an impact as an entry-level cyber security professional is actually working on the playbooks

that um our team uses a Playbook is a list of how to go through a certain detection and what the analyst needs to look at in order to investigate those incidents I was really proud of those those playbooks that I've made so far because a lot of my teammates have even said how helpful they've been to them if you love solving problems if if you love protecting user data being at the front lines of a lot of headlines then this is definitely the role for you for any job you need certain skills to be successful

and many of these core skills are transferable from one role to the next no matter what job you currently have you likely have many core skills already having a diverse background enhances your core skills which means your personal experiences and pers perspectives are especially valuable in this video we'll discuss both transferable and technical skills that are particularly useful for a security analyst transferable skills are skills from other areas that can apply to different careers technical skills May apply to several professions as well however at times they may require knowledge of specific tools procedures and policies

let's discuss some core transferable skills you may already have that will benefit you in a career as a security analyst communication is a transferable skill for a security analyst they will often need to describe certain threats risks or vulnerabilities to people who may not have a technical background for example security analysts may be tasked with interpreting and communicating policies and procedures to other employees or analysts may be asked to report findings to their supervisors so the appropriate actions can be taken to secure the organization another transferable skill is collaboration security analysts often work in teams

with Engineers digital forensic investigators and program managers for example if you are working to roll out a new security feature you will likely have a project manager an engineer and an ethical hacker on your team security analysts also need to be able to analyze complex scenarios that they may encounter for example a security analyst may need to make recommendations about how different tools can support efficiency and Safeguard an organization's internal Network the last transferable skill that we'll discuss is problem solving identifying a security problem and then diagnosing it and providing Solutions is a necessary skill

to keep business operations safe understanding threat actors and identifying Trends can provide Insight on how to handle future threats okay now that we've covered some important transferable skills let's discuss some technical skills that security analysts need to develop a basic understanding of programming languages is an important skill to develop because security analysts can use programming to automate tasks and identify error messages like learning any other language learning a programming language may seem challenging at first however this certificate program assumes no prior programming experience so we'll start at the very beginning and provide several opportunities for

Hands-On practice with languages like Python and SQL another important technical skill is knowing how to use security information and event management or Sim tools Security Professionals use sim tools to identify and analyze security threats risks and vulnerabilities for example a Sim tool May alert you that an unknown user has accessed the system in the event of an unknown user access accessing the system you may use computer forensics to investigate the incident now let's discuss computer forensics similar to an investigator and a forensic scientist working in the criminal justice system digital forensic investigators will attempt to

identify analyze and preserve criminal evidence within networks computers and electronic devices keep in mind that you may already have some of the core skills we've discussed and if you don't have the technical skills that's okay this program is designed to support you in learning those skills for example over the past 7even years working in cyber security I've learned that security analysts need to have intellectual curiosity and the motivation to keep learning in order to succeed personally I dedicate time on a regular basis towards learning more Python and SQL skills in order to meet the demands

of the projects I'm working on you'll get to learn about Python and SQL later in this program as you continue this journey you'll build the knowledge and skills you need to enter the security field hi I'm Veronica and I'm a security engineer at Google my journey into cyber security has changed my life for the better in so many ways the most important part is fulfilling work I get to do something that I absolutely love and that I'm super interested in and and I feel very lucky that this is what I get to do for work

before I entered my current field I had no idea what cyber security was my knowledge of cyber security was using secure passwords and that was about it so if you asked me you know what I be in cyber security 5 years ago I would have said what is that someone without a technical background can 100% be successful in cyber security my path to my current role in cyber security started as an IT resident here at Google uh Staffing Tech Stop I learned a lot of analytical thinking skills working out it helped us troubleshooting debugging I

didn't realize I had transferable skills until I got into my role in cyber security and from there I took it upon myself to uh bug a bunch of security Engineers interviewed a lot of them I didn't get here alone it took a village of mentors to get me here so don't be afraid to ask for help I don't think someone needs a college degree to go into cyber security some of the brightest Minds that I get to work with don't have a college degree and so I think that's one of the best parts about the

industry looking back at my career I wish I would have known that I don't have to check all the boxes uh that I don't have to be an expert in the area to shoot my shot and I also wish I would have known that perfectionism can get in the way of what you want to achieve as we've discussed Security Professionals protect many physical and digital assets these skills are desired by organizations and government entities because risk needs to be managed let's continue to discuss why security matters security is essential for ensuring an organization's business continuity

and ethical standing there are both legal implications and moral considerations to maintaining an organization's security a data breach for example affects everyone that is associated with the organization this is because data losses or leaks can affect an organization's reputation as well as the lives and reputations of their users clients and customers by maintaining strong security measures organizations can increase user trust this may lead to financial growth and ongoing business referrals as previously mentioned organizations are not the only ones that suffer during a data breach maintaining and securing user customer and vendor data is an important

part of preventing incidents that may expose people's personally identifiable information personally identifiable information known as pii is any information used to infer an individual's identity pi I includes someone's full name date of birth physical address phone number email address Internet Protocol or IP address and similar information sensitive personally identifiable information known as spii is a specific type of pii that falls under stricter handling guidelines and may include Social Security numbers medical or financial cial information and biometric data such as facial recognition if SPI is stolen this has the potential to be significantly more damaging to

an individual than if pii is stolen pi and SPI data are key assets that a threat actor will look for if an organization experiences a breach when a person's identifiable information is compromised leaked or stolen ident theft is the primary concern identity theft is the act of stealing personal information to commit fraud while impersonating a victim and the primary objective of identity theft is financial gain we've explored several reasons why security matters employers need security analysts like you to fill the current and future demand to protect data products and people while ensuring confidentiality integrity and

safe access to information this is why the US Bureau of Labor Statistics expects the demand for Security Professionals to grow by more than 30% by the year 2030 so keep learning and eventually you'll be able to do your part to create a safer and more secure environment for organizations and people alike congratulations on completing the first section of this course let's quickly review what we've covered so far before moving on WE Define security and introduce the benefits of implementing Security in an organization then we discuss different job responsibilities such as managing threats and installing prevention

software we also introduced some important core skills like collaboration and computer forensics we finished by discussing the value of security and how it supports critical business functions I hope you've gained a greater understanding of security if you feel like you need a refresher before moving on you can always go back and review any content you're unsure about by learning the basics you are laying the foundation for the rest of your security career coming up we'll explore some well-known attacks that shape the security industry I'm excited to continue this journey with you welcome back when it

comes to security there is so much to learn and I'm thrilled to be part of your career Journey this is such an exciting time to be learning about security when I learned about International hacks that impacted both private companies and government organizations I was inspired to want to work in security because I realized how Dynamic and important this field is one reason there are so many jobs in the security field today is because of attacks that happened in the 1980s and 1990s decades later Security Professionals are still active AC L working to protect organizations and

people from variations of these early computer attacks in this section of the course we'll discuss viruses and malware and introduce the concept of social engineering then we'll discuss how the digital age ushered in a new era of threat actors knowing the evolution of each attack is key to protecting against future attacks lastly we'll provide an overview of eight security domains next up we'll travel back in time to explore some of the viruses data breaches and Mau attacks that have help shape the industry as we know it today the security industry is constantly evolving but many

present day attacks are not entirely new attackers often alter or enhance previous methods understanding past attacks can provide direction for how to handle or investigate incidents in your job as a security analyst first let's go over a couple of key terms that will support your understanding of the attacks we'll discuss a computer virus is malicious code written to interfere with computer operations and cause damage to data and software the virus attaches itself to programs or documents on a computer then spreads and infects one or more computers in a network a worm is a type of

computer virus that can duplicate and spread on its own without human involvement today viruses are more commonly referred to as malware which is software designed to harm devices or networks two examples of early malware attacks that we'll cover are the brain virus and the Morris worm they were created by malware developers to accomplish specific tasks however the developers underestimated the impact their malware would have and the amount of infected computers there would be let's take a closer look at these attacks and discuss how they helped shape security as we know it today in 1986 the

alvie Brothers created the brain virus although the intention of the virus was to track illegal copies of medical software and prevent pirated licenses what the virus actually did was unexpected once a person used a pirated copy of the software the virus infected that computer then any disk that was inserted into the computer was also infected the virus spread to a new computer every time someone used one of the infected diss undetected the virus spread globally within a couple of months although the intention was not to destroy data or Hardware the virus slowed down productivity and

significantly impacted business operations the the brain virus fundamentally altered the Computing industry emphasizing the need for a plan to maintain security and productivity as a security analyst you will follow and maintain strategies put in place to ensure your organization has a plan to keep their data and people safe another influential computer attack was the Morris worm in 1988 Robert Morris developed a program to assess the size of the internet the program crawled the web and installed itself onto other computers to tally the number of computers that were connected to the internet sounds simple right the

program however failed to keep track of the computers it had already compromised and continued to reinstall itself until the computers ran out of memory and crashed about 6,000 computers were affected representing 10% of the internet at the time this attack cost millions of dollars in damage due to business disruptions and the efforts required to remove the worm after the Morris worm computer emergency response teams known as CS were established to respond to computer security incidents CS still exist today but their place in the security industry has expanded to include more responsibilities later in this program

you'll learn more about the core functions of these security teams and gain Hands-On practice with detection and response tools early attacks played a key role in shaping the current security industry and coming up we'll discuss how attacks evolved in the digital age with the expansion of reliable high-speed internet the number of computers connected to the internet increased dramatically because malware could spread through the internet threat actors no longer needed to use physical discs to spread viruses to better understand attacks in the digital age we'll discuss two notable attacks that relied on the internet The Love

Letter attack and the Equifax breach in the year 2000 onell the Guzman created The Love Letter malware to steal internet login credentials this attack spread rapidly and took advantage of people who had not developed a healthy suspicion for unsolicited emails users received an email with the subject line I love you each email contained an attachment labeled love letter for you when the attachment was opened the Mau scanned a user's address book then it automatically sent itself to each person on the list and installed a program to collect user information and passwords recipients would think they

were receiving an email from a friend but it was actually malware The Love Letter ended up infecting 45 million Compu computers globally and is believed to have caused over10 billion in Damages The Love Letter attack is the first example of social engineering social engineering is a manipulation technique that exploits human error to gain private information access or valuables After the Love Letter attackers understood the power of social engineering the number of social engineering attacks is increasing with every new social media application that allows public access to people's data many people are now prioritizing convenience over

privacy the trade-off of this evolving shift is that these tools may lead to increased vulnerability if people do not use them appropriately as a security professional Your Role is to identify and manage in appropriate use of technology that may place your organization and all the people associated with it at risk one way to safeguard your organization is to conduct regular internal trainings which you as a future security analyst may be asked to lead or participate in today it's common for employees to receive training on how to identify social engineering attacks specifically fishing through the emails

they receive fishing is the use of digital Communications to trick people into revealing sens sensitive data or deploying malicious software now let's discuss the Equifax breach in 2017 attackers successfully infiltrated the credit reporting agency Equifax this resulted in one of the largest known data breaches of sensitive information over 143 million customer records were stolen and the breach affected approximately 40% of all Americans the records included personally identifiable information including Social Security numbers birth dates driver's license numbers home addresses and credit card numbers from a security standpoint the breach occurred due to multiple failures on equifax's

part it wasn't just one vulnerability that the attackers took advantage of there were several the company failed to take the actions needed to fix multiple known vulnerabilities in the months leading up to the data breach in the end Equifax settled with the US government and paid over $575 million to resolve customer complaints and cover required fines while there have been other data breaches before and after the Equifax breach the large settlement with the US government alerted companies to the financial impact of a breach and the need to implement preventative measures these are just a couple

of well-known incidents that have shaped the security industry knowing about them will help you in your security career understanding different types of malware and social engineering attacks will allow you to communicate about security risks during future job interviews as a future security professional constantly adapting and educating yourself on threat actors tactics and techniques will be a part of your job by noticing similar Trends patterns and methodologies you may be able to identify a potential breach and limit future damage finally understanding how security affects people's lives is a good reminder of why the work you will

do is so [Music] important hi my name is Sean I am a technical prog program manager in Google workspace I am a 30-year security veteran um within the security space across six different Industries during your first data breach the most important thing that you can do is keep your cool everyone around is going to be freaking out if you are on the security team and you are managing the incident you have to legitimately be the cool guy in the room be that person that has the pause in the conversation somebody might be like do you

know what's going on I absolutely do I think the biggest breach I've ever had was a phone call an engineer for another Financial but a server off eBay that server fired it up hadn't been wiped 20 million credit cards records were on it it triggered a whole review of we had not been controlling for how do third parties because we were now Outsourcing data centers how do third parties wipe the servers that we no longer use the first thing you're going to do is to contain the breach if you are still hemorrhaging data you go

through your progressions to stop hemorrhaging data so if that means shutting down a server shutting down a data center shutting down Comm whatever stopping the data loss is that is your number one priority your job as an incident manager or as as somebody working a breach is to stop the breach and then investigate the breach so executing your Incident Management by plan is the most important thing that an entry-level person can keep in mind as the tactics of threat actors evolve so do the roles of Security Professionals having a solid understanding of core security Concepts

will support your growth in this field one way to better understand these Core Concepts is by organizing them into categories called security domains as of 2022 cisp has defined eight domains to organize the work of Security Professionals it's important to understand that these domains are related ated and that gaps in one domain can result in negative consequences to an entire organization it's also important to understand the domains because it may help you better understand your career goals and your role within an organization as you learn more about the elements of each domain the work involved

in one may appeal to you more than the others this domain may become a career path for you to explore further cisp defines eight domains in total and we'll discuss all eight between this video and the next in this video we're going to cover the first four security and risk management asset security security architecture and engineering and communication and network security let's start with the first domain security and risk management security and risk management focuses on defining security goals and objectives risk mitigation compliance business continuity and the law for example security analysts may need to

update company policies related to Private health information if a change is made to a federal compliance regulation such as the health insurance portability and accountability act also known as Hippa the second domain is asset security this domain focuses on securing digital and physical assets it's also related to the storage maintenance retention and destruction of data when working with this domain security analysts may be tasked with making sure that old equipment is properly disposed of and destroyed including any type of confidential information the third domain is security architecture and engineering this domain focuses on optimizing data

security by ensuring effective tools systems and processes are in place as a security analyst you may be tasked with configuring a firewall a firewall is a device used to Monitor and filter incoming and outgoing computer network traffic setting up a firewall correctly helps prevent attacks that could affect productivity the fourth security domain is communication and network security this domain focuses is on managing and securing physical networks and Wireless Communications as a security analyst you may be asked to analyze user Behavior within your organization imagine discovering that users are connecting to unsecured wireless hotspots this could

leave the organization and its employees vulnerable to attacks to ensure Communications are secure you would create a network policy to prevent and mitigate exposure maintaining an organization security is a team effort and there are many moving Parts as an entry-level analyst you will continue to develop your skills by learning how to mitigate risks to keep people and data safe you don't need to be an expert in all domains but having a basic understanding of them will Aid you in your journey as a security professional you're doing great we have just introduced the first four security

domains and in the next video we'll discuss four more see you soon welcome back in the last video we introduced you to the first four security domains in this video we'll introduce you to the next four security domains identity and access management security assessment and testing security operations and software development security familiarizing yourself with these domains will allow you to navigate the complex world of security the domains outline and organize how a team of Security Professionals work together depending on the organization analyst roles May sit at the intersection of multiple domains or focus on one

specific domain knowing where a particular role fits within the security landscape will help you prepare for job interviews and work as part of a full security team let's move into the fifth domain identity and access management identity and access management focuses on keeping data secure by ensuring users follow established policies to control and manage physical assets like office spaces and logical assets such as networks and applications validating the identities of employees and documenting access roles are essential to maintaining the organization's physical and digital security for example as a security analyst you may be tasked with

setting up employees key card access to buildings the sixth domain is security assessment and testing this domain focuses on conducting security control testing collecting and analyzing data and conducting security audits to monitor for risks threats and vulnerabilities security analysts May conduct regular audits of user permissions to make sure that users have the correct level of access for example access access to payroll information is often limited to certain employees so analysts may be asked to regularly audit permissions to ensure that no unauthorized person can view employees salaries the seventh domain is security operations this domain focuses

on conducting investigations and implementing preventative measures imagine that you as a security analyst receive an alert that an unknown device has been connected to your internal Network you would need to follow the organization's policies and procedures to quickly stop the Potential Threat the final eighth domain is software development security this domain focuses on using secure coding practices which are a set of recommended guidelines that are used to create secure applications and services a security analyst may work with software development teams to ensure security practices are incorporated into the software development Lifest cycle if for example

one of your partner teams is creating a new mobile app then you may be asked to advise on the password policies or ensure that any user data is properly secured and managed that ends our introduction to cp's eight security domains challenge yourself to better understand each of these domains and how they affect the overall security of an organization while they may still be a bit unclear to you this early in the program these domains will be discussed in Greater detail in the next course see you there this concludes our brief introduction to some of the

most influential security attacks throughout history and cp's eight security domains let's review what we've discussed first we covered viruses including the brain virus and the moris worm and discussed how these early forms of malware shaped the security industry we also discussed how many attacks today are variants of these early examples understanding previous attacks is critical for Security Professionals who were working to protect organizations and people from possible future variants we also discussed social engineering and thread actor motives by learning about The Love Letter attack and the Equifax data breach these incidents showed the widespread impacts

and Associated costs of more recent security breaches in the digital age finally we introduced cissps eight security domains and how they can be used to categorize different areas of focus within the security profession I hope you're feeling confident about your foundational security Knowledge Learning the history of security can allow you to better understand the current industry cp's 8 security domain Ms provide a way to organize the work of Security Professionals remember every security professional is essential your unique point of view professional background and knowledge are valuable so the diversity you bring to the field will

further improve the security industry as you work to keep organizations and people safe hi there glad to have you back you're halfway done with the first course so you're making great progress in this section we'll discuss how organizations protect themselves from threats risks and vulnerabilities by covering key principles such as Frameworks controls and ethics to help you better understand how this relates to the role of a security analyst we'll use an analogy imagine you want to plant a garden you research plan prepare and purchase materials while considering all the things that could potentially present a

risk to your garden you establish a plan to pull weeds spray for bugs and water your plants regularly to prevent issues or incidents but as the days go by unexpected problems arise the weather has been unpredictable and pests have been aggressively trying to infiltrate your garden you start implementing better ways to safeguard your garden by installing a surveillance camera building a fence and covering your plants with a canopy to keep your garden healthy and grow growing now that you have a better idea about the threats to your garden and how to keep your plant safe

you establish better policies and procedures to continuously Monitor and Safeguard your garden in this way security resembles a garden it's an evolving industry that will challenge you to make continuous improvements to policies and procedures that help protect your organization and the people it serves to that end we'll introduce security Frameworks and controls and explain why they're important we'll also cover core components and specific examples of Frameworks and controls including the confidentiality integrity and availability Triad or CIA Triad we'll end with the discussion about the ethics of security and share a few notable ethical concerns in

the security field evolving security practices may seem a little abstract but many of us use them every day for example I use security Keys which are type of security control as a second form of authentication to access my accounts the keys ensure that only I can access my accounts even if a password has been compromised by improving confidentiality they also assure me that the Integrity of my accounts is intact having processes and procedures in place to organize security efforts and make informed decisions is important for any organization I'm so excited to get started and I

hope you are too imagine you're working as a security analyst and receive multiple alerts about suspicious activity on the network you realize that you'll need to implement additional security measures to keep these alerts from becoming serious incidence but where do you start as an analyst you'll start by identifying your organization's critical assets and risks then you'll implement the necessary Frameworks and controls in this video we'll discuss how Security Professionals use Frameworks to continuously identify and manage risk we'll also cover how to use security controls to manage or reduce specific risks security Frameworks are guidelines used

for building plans to help mitigate risk and threats to data and privacy security Frameworks provide a structured approach to implementing a security life cycle the security life cycle is a constantly evolving set of policies and standards that Define how an organization manages risks follows established guidelines and meets Regulatory Compliance or laws there are several security Frameworks that may be used to manage different types of organizational and Regulatory Compliance risks the purpose of security Frameworks include protecting personally identifiable information known as pii securing financial information identifying security weaknesses managing organizational risks and aligning security with business

goals Frameworks have four core components and understanding them will allow you to better manage potential risks the first core component is identifying and documenting security goals for example an organization may have a goal to align with the eu's general data protection regulation also known as gdpr gdpr is a data Protection Law established to Grant European citizens more control over their personal data a security analyst may be asked to identify and document areas where an organization is out of compliance with gdpr the second core component is setting guidelines to achieve security goals for example when implementing

guidelines to achieve gdpr compliance your organization may need to develop new policies for how to handle data requests from individual users the third core component of security Frameworks is implementing strong security processes in the case of gdpr a security analyst working for a social media company may help design procedures to ensure the organization complies with verified user data requests an example of this type of request is when a user attempts to update or delete their profile information the last core compon component of security Frameworks is monitoring and communicating results as an example you may monitor

your organization's internal Network and report a potential security issue affecting gdpr to your manager or Regulatory Compliance officer now that we've introduced the four core components of security Frameworks let's tie them all together Frameworks allow analysts to work alongside other members of a security team to document Implement and and use the policies and procedures that have been created it's essential for an entry-level analyst to understand this process because it directly affects the work they do and how they collaborate with others next we'll discuss security controls security controls are safeguards designed to reduce specific security risks

for example your company may have a guideline that requires all employees to complete a privacy training to reduce the risk of data breaches as a security analyst you may use a software tool to automatically assign and track which employees have completed this training security Frameworks and controls are vital to managing security for all types of organizations and ensuring that everyone is doing their part to maintain a low level of risk understanding their purpose and how they are used allows analysts to support an organization security goals and protect the people it serves in the following videos

we'll discuss some well-known Frameworks and principles that analysts need to be aware of to minimize risk and protect data and users hi welcome back previously we discussed Frameworks and controls in general in this video you'll learn about specific Frameworks and controls that organizations can voluntarily use to minimize risks to their data and to protect users let's get started the CIA Triad is a a foundational model that helps inform how organizations consider risk when setting up systems and security policies CIA stands for confidentiality integrity and availability confidentiality means that only authorized users can access specific assets

or data for example strict access controls that Define who should and should not have access to data must be put in place to ensure confidential data remains safe integrity means the data is correct authentic and reliable to maintain Integrity Security Professionals can use a form of data protection like encryption to safeguard data from being tampered with availability means data is accessible to those who are authorized to access it as an example a director may have more access to certain data than a department manager because directors usually oversee more employees let's define a term that came

up during our discussion of the CIA Triad asset an asset is an item perceived as having value to an organization and value is determined by the cost associated with the asset in question for example an application that stores sensitive data such as Social Security numbers or bank accounts is a valuable asset to an organization it carries more risk and therefore requires tighter security controls in comparison to a website that shares publicly available news content as you may remember earlier in the course we discussed Frameworks and controls in general now we'll discuss a specific framework developed

by the us-based National Institute of Standards and Technology the cyber security framework also referred to as the nist CSF the nist cyber security framework is a voluntary framework that consists of Standards guidelines and best practices to manage cyber security risk it's important to become familiar with this framework because security teams use it as a baseline to manage short and long-term risk managing and mitigating risks and protecting an organization's assets from threat actors are key goals for Security Professionals understanding the different motives a threat actor may have alongside identifying your organization's most valuable assets is important

some of the most dangerous threat actors to consider are disgruntled employees they are the most dangerous because they often have have access to sensitive information and know where to find it in order to reduce this type of risk Security Professionals would use the principle of availability as well as organizational guidelines based on Frameworks to ensure staff members can only access the data they need to perform their jobs threat actors originate from all across the globe and a diverse Workforce of Security Professionals helps organizations identify attackers intentions a variety of perspectives can assist organizations in understanding

and mitigating the impact of malicious activity that concludes our introduction to the CIA Triad and nist CSF framework which are used to develop processes to secure organizations and the people they serve you may be asked in an interview if you know about security Frameworks and principles or you may be asked to explain how they're used to secure organizational assets in either case throughout this program you'll have multiple opportunities to learn more about them and apply what we've discussed to real world situations coming up we'll discuss the ethics of security see you [Music] soon hello my

name is Heather and I'm the vice president of security engineering at Google pii has been an important topic on the internet since the beginning of the internet and we've been talking about increasingly sophisticated way ways to protect that data over time when we think about collecting pii on behalf of another person we should make sure we're very deliberate about how it's handled and where it's stored and that we understand where it's stored all the time depending on what kind of role you're in you might also need to protect that data to comply with regulation or

law and so it's important to understand how the data relates to some of those obligations if an organization fails to meet their obligations a number of things might happen first you might see a government regulator become more interested in understanding the practices around how a company is handling data secondly consumers customers businesses may actually begin to directly inquire of the company how they're handling data and this may become part of the customer relationship and increasingly important if that data is very sensitive and third the last consequence is legal action and it's not uncommon for us

to see victims of cyber security incidents now suing companies for mishandling their data you can keep up to date with compliance regulation and laws around pii by Consulting the relevant website in the jurisdiction that you have a question for many government websites now post the laws regulations and compliance requirements for data that's being handled the regulations and laws that govern how pii can be handled are very complex all over the world countries states counties are regulating it at different levels it's important to understand and to be aware that these laws exist however if you need

to ask a question about a specific law it's important to seek advice from legal counsel for that particular jurisdiction it may be very different than the jurisdiction that you're in insecurity new technologies present new challenges for every new security incident or risk the right or wrong decision isn't always clear for example imagine that you're working as an entry-level security analyst and you have received a high-risk alert you investigate the alert and discover data has been transferred without authorization you work diligently to identify who made the transfer and Discover it is one of your friends from

work what do you do ethically as a security professional your job is to remain unbiased and maintain security and confidentiality while it's normal to want to protect a friend regardless of who the user in question may be your responsibility and obligation is to adhere to the policies and protocols you've been trained to follow in many cases security teams are entrusted with greater access to data and information than other employees Security Professionals must respect that privilege and act ethically at all times security ethics are guidelines for making appropriate decisions as a security professional as another example

if you as an analyst have the ability to Grant yourself access to payroll data and can give yourself a raise just because you have access to do so does that mean you should the answer is no you should never abuse the access you've been granted and entrusted with let's discuss ethical principles that may raise questions as you navigate solutions for mitigating risks these are confidentiality privacy protections and laws let's begin with the first ethical principle confidentiality earlier we discussed confidentiality as part of the CIA Triad now let's discuss how confidentiality can be applied to ethics

as a security professional you'll encounter proprietary or private information such as pii it's your ethical duty to keep that information confidential and safe for example you may want to help out a co-worker by providing computer system access outside of properly documented channels however this ethical violation can result in serious consequences including reprimands the loss of your professional reputation and legal repercussions for both you and your friend the second ethical principle to consider is privacy protections privacy protection means safeguarding personal information from unauthorized use for example imagine you receive a personal email after hours from your

manager requesting a colleague's home phone number your manager explains that they can't access the employee database at the moment but they need to discuss an urgent matter with that person as a security analyst Your Role is to follow the policies and procedures of your company which in this example state that employee information is stored in a secured database and should never be accessed or shared in any other format so accessing and sharing the employees personal information would be unethical in situations like this it can be difficult to know what to do so the best response

is to adhere to the policies and procedures set by your organization a third important ethical principle we must discuss is the law laws are rules that are recognized by a community and enforced by a governing entity for example consider a staff member at a hospital who has been trained to handle pii and SPI for compliance the staff member has files with confidential data that should never be left unsupervised but the staff member is late for a meeting instead of locking the files in a designated area the files are left on the staff member's desk unsupervised

upon the employees return the files are missing the staff member has just violated multiple compliance regulations and their actions were unethical and illegal since their negligence has likely resulted in the loss of private patient and Hospital data as you enter the security field remember that technology is const stantly evolving and so are attackers tactics and techniques because of this Security Professionals must continue to think critically about how to respond to attacks having a strong sense of ethics can guide your decisions to ensure that the proper processes and procedures are followed to mitigate these continually involving

[Music] risks hi I'm Holly and I'm a security architect with Google Cloud at the beginning of my Adult Career I sold hosery while I was going to school that led me into uh an opportunity to work in banking which then led me into an opportunity to work in telecommunications and from there I managed to get myself into a security vendor and learn security part of the way that I was able to change from my original half of my Tech Career being a database administrator to getting into cyber security was through getting certificates like you're doing

today those really helped me gain credibility with potential employers when I didn't have the experience in this particular field yet ethics are really the the Crux of cyber security you need to be able to be ethical in all of your actions in order to be a cyber security professional examples of unethical Behavior are usually honestly just slight laziness um people taking shortcuts and not really thinking about the consequ quences of their actions so certainly when people share passwords to systems or give out um private information or look into systems for their own personal um information

or or or purposes for people they about people they know or about celebrities one of the most difficult situations that I ever faced in my technology career uh related to ethics was shortly after 9911 um my boss's boss's boss uh came to me with a a bunch of key keywords that were clearly related uh to the attack in New York and asked me to query the database that I administered that had everybody's text messages in it for the entire telecommunications company without anything in writing and without a court order I was in a very uncomfortable

position to tell someone that much senior than me that I wasn't comfortable doing that I suggested that he bring something in writing to me uh to do that and he found someone else who did it for him when you're faced with one of these difficult decisions it's good to think about what would be the consequences of your decision my encouragement to those of you out here taking this program is that the rewards that you get from helping to protect your company or your users or your organization uh from cyber criminals is is really great we

get to be the good guys and help protect our industry and our customers from cyber attacks and cyber criminals that's rewarding you are now better prepared to understand and help make decisions regarding assessing and managing risk let's review what we've covered we discussed security Frameworks and controls and how they're used to develop processes and procedures that protect organizations and the people they serve we also discuss core components of Frameworks such as identifying security goals and establishing guidelines to achieve those goals then we introduce specific Frameworks and controls including the CIA Triad and the nist CSF

and how they are used to manage risk and finally we discuss security ethics including common ethical issues to consider such as confidentiality privacy protections and laws you're almost there only one more section to go in this course coming up you'll learn about common tools and programming languages used by security analysts to protect organizational operations hope you're as excited as I am to keep going welcome to the final section of this course here we'll be introducing tools and programming languages that are commonly used in the security field they are essential for monitoring Security in an organization

because they enhance efficiency by automating tasks although we're only introducing these Concepts and tools at this point later in the program you'll have opportunities to use them in a variety of Hands-On activities in the following videos you'll learn about security information and event management or Sim tools you'll also be introduced to other tools such as playbooks and network protocol analyzers then you'll learn about the Linux operating system and security related tasks that are initiated through programming languages such as SQL and python for me is one of the most useful tools it allows me to explore

all the different data sources we collect and it allows my team to analyze the data for Trends take your time going through the videos and if you need to rewatch them also know that these tools will be discussed in much more detail and you will be able to practice them firsthand later in the certificate program while every organization has their own set of tools and training materials that you'll learn to use on the job this program will provide provide you with foundational knowledge that will help you succeed in the security industry let's get started as

mentioned earlier security is like preparing for a storm if you identify a leak the color or shape of the bucket you use to catch the water doesn't matter what is important is mitigating the risks and threats to your home by using the tools available to you as an entrylevel security analyst you'll have a lot of tools in your tool tool kit that you can use to mitigate potential risks in this video we'll discuss the primary purposes and functions of some commonly used security tools and later in the program you'll have Hands-On opportunities to practice using

them before discussing tools further let's briefly discuss logs which are the source of data that the tools will cover are designed to organize a log is a record of events that occur within an organization's systems examples of security related logs include records of employees signing into their computers or accessing web-based Services logs help Security Professionals identify vulnerabilities and potential security breaches the first tools we'll discuss are security information and event management tools or Sim tools a Sim tool is an application that collects and analyzes log data to monitor critical activities in an organization the acronym

s IEM may be pronounced as Sim or se but we'll use sim throughout this program Sim tools collect real time or instant information and allow security analysts to identify potential breaches as they happen imagine having to read pages and pages of logs to determine if there are any security threats depending on the amount of data it could take hours or days Sim tools reduce the amount of data an analyst must review by providing alerts for specific types of risks and threats next let's go over examples of commonly used Sim tools Splunk and Chronicle Splunk is

a data analysis platform and Splunk Enterprise provides Sim Solutions Splunk Enterprise is a selfhosted tool used to retain analyze and search an organization's log data another Sim tool is Google's chronicle chronicle is a cloud native Sim tool that stores security data for search and Analysis Cloud native means that Chronicle allows for fast delivery of new features both of these Sim tools and Sims in general collect data from multiple places then analyze and filter that data to allow security teams to prevent and quickly react to potential security threats as a security analyst you may find yourself

using Sim tools to analyze filtered events and patterns perform incident analysis or proactively search for threats depending on your organization's Sim setup and risk Focus the tools and how they function May differ But ultimately they are all used to mitigate risk other key tools that you will use in your role as a security analyst and that you'll have Hands-On opportunities to use later in the program are playbooks and network protocol analyzers A playbook is a manual that provides details about any operational action such as how to respond to an incident playbooks which vary from one

organization to the next guide analysts in how to handle a security incident before during and after it has occurred playbooks can pertain to security or compliance reviews access management and many other organizational tasks that require a documented process from beginning to end another tool you may use as a security analyst is a network protocol analyzer also called packet sniffer a packet sniffer is a tool designed to capture and analyze data traffic within a network common Network protocol analyzers include TCP dump and wire shark as an entry-level analyst you don't have to be an expert in

these tools as you continue through this certificate program and get more Hands-On practice you'll continuously build your understanding of how to use these tools to identify assess and mitigate risks as we discussed previously organizations use a variety of tools such as Sims playbooks and packet snippers to better manage Monitor and analyze security threats but those aren't the only Tools in an analyst's toolkit analysts also use programming languages and operating systems to accomplish essential tasks in this video will introduce you to Python and SQL programming and the Linux operating system all of which will have an

opportunity to practice using later in the certificate program organizations can use programming to create a specific set of instructions for a computer to execute tasks programming allows analysts to complete repetitive tasks and processes with a high degree of accuracy and efficiency it also helps reduce the risk of human error and can save hours or days compared to performing the work manually now that you're aware of what programming languages are used for let's discuss a specific and related operating system called Linux and two programming languages SQL and python Linux is an open source or publicly available

operating system unlike other operating systems you may be familiar with for example Mac OS or Windows Linux relies on a command line as the primary user interface Linux itself is not a programming language but it does allow for the use of text based commands between the user and the operating system you'll learn more about Linux later in the program a common use of Linux for entry-level security analysts is examining logs to better understand what's occurring in a system for example you might find yourself using commands to review an error log when investigating uncommonly High Network

traffic next let's discuss SQL SQL stands for structured query language SQL is a programming language used to create interact with and request information from a database a database is an organized collection of information or data there may be millions of data points in a database so an entry-level security analyst would use SQL to filter through the data points to retrieve specific information the last programming language we'll introduce is python Security Professionals can use python to perform tasks that are repetitive and timec consuming and that require a high level of detail and accuracy as a future

analyst it's important to understand that every organization's toolkit may be somewhat different based on their security needs the main point is that you're familiar with some industry standard tools because that will show employers that you have the ability to learn how to use their tools to protect the organization and the people it serves you're doing great later in the course you'll learn more about Linux and programming languages and you'll practice using these tools in security related scenarios that completes the introduction to security tools and programming languages in this section of the course we covered Sim

tools such as Splunk and Chronicle we also discussed how Sim tools are used by security analysts to complete different tasks then we discussed other tools such as playbooks and network protocol analyzers also called packet sniffers finally we introduce the Linux operating system and the programming languages SQL and python remember the tools we discussed take time to understand completely but having a basic understanding of these tools can help you get a job in the security field and progress in your career congratulations on completing the first course we've come so far and covered so much about a

really exciting industry I'm I find cyber security to be exciting because it's Dynamic there are always new puzzles to solve and the work of protecting our users is worthwhile before we move on let's take a moment to celebrate and reflect on what we've covered first we introduced core security Concepts including what security is and why it matters we also discussed what an entry level security analyst does and some skills related to the rule then we transitioned to eight security domains which include security and risk management asset security and security operations next we highlighted security Frameworks

and controls specifically the CIA Triad model and the nist cyber security framework finally we explored common tools and programming languages used by security analysts such as Sims playbooks SQL and python I hope you're proud of the work you've done so far no matter what direction you take in the security industry everything you learned lays the foundation for the next phase of your career and as you move through this program you'll have the chance to develop your skills further in the next course we will provide more details about several of the topics introduced in this course

hi I'm Ashley and I will be guiding you through the next course of this certificate program we'll discuss security domains and business operations in Greater detail I'm so glad I was able to be here for the beginning of your Journey you're off to a great start I'm excited for you to reach your goal of joining the security industry my name is Ashley and I am a customer engineering enablement lead for Security operation sales at Google I'm excited to be your instructor for this course let's start by quickly reviewing what we've covered so far earlier we

defined security and explored some common job respons responsibilities for entrylevel analysts we also discussed core skills and knowledge that analysts need to develop then we shared some key events like the love letter and Morris attacks that led to the development and ongoing evolution of the security field we also introduce you to Frameworks controls and the CIA Triad which are all used to reduce risk in this course we'll discuss the focus of certified information system Security Professionals or cissps eight security domains we'll also cover security Frameworks and controls in more detail with a focus on nists

risk management framework additionally we'll explore security audits including common elements of internal audits then we'll introduce some basic security tools and you'll have a chance to EXP explore how to use security tools to protect assets and data from threats risks and vulnerabilities securing an organization and its assets from threats risks and vulnerabilities is an important step in maintaining business operations in my experience as a security analyst I helped respond to a severe breach that cost the organization nearly $250,000 so so I hope you're feeling motivated to continue your security journey I know I'm excited let's

get started the world of security which we also refer to as cyber security throughout this program is vast so making sure that you have the knowledge skills and tools to successfully navigate this world is why we're here in the following videos you'll learn about the focus of cp's eight security domains then we'll discuss threats risks and vulnerabilities in more detail we'll also introduce you to the three layers of the web and share some examples to help you understand the different types of attacks that we'll discuss throughout the program finally we'll examine how to manage risks

by using the National Institute of Standards and Technologies risk management framework known as the nist RMF because these topics and related technical skills are considered core knowledge in the security field continuing to build your understanding of them will help you mitigate and manage the risks and threats that organizations face on a daily basis in the next video we'll further discuss the focus of the eight security domains introduced in the first course welcome back you might remember from course one that there are eight security domains or categories identified by cissp security teams use them to organize

daily tasks and identify gaps in security that could cause negative consequences for an organization and to establish their security posture security posture refers to an organization's ability to manage its defense of critical assets and data and react to change in this video we'll discuss the focus of the first four domains security and risk management asset security security architecture and engineering and communication and network security the first domain is security and risk management there are several areas of focus for this domain defining security goals and objectives risk mitigation compliance business continuity and legal regulations let's discuss

each area of focus in more detail by defining security goals and objectives organizations can reduce risks to critical assets and data like pii or personally identifiable information risk mitigation means having the right procedures and rules in place to quickly reduce the impact of a risk like a breach compliance is the primary method used to develop an organization's internal security policies regulatory requirements and independent standards business continuity relates to an organization's ability to maintain their everyday productivity by establishing risk Disaster Recovery plans and finally while laws related to security and risk risk management are different worldwide

the overall goals are similar as a security professional this means following rules and expectations for ethical Behavior to minimize negligence abuse or fraud the next domain is asset security the asset security domain is focused on securing digital and physical assets it's also related to the storage maintenance retention and destruction of data this means that assets such as pii or spii should be securely handled and protected whether stored on a computer transferred over a network like the internet or even physically collected organizations also need to have policies and procedures that ensure data is properly stored maintained

retained and destroyed knowing what data you have and who has access to it is necessary for having a strong security posture that mitigates risk to critical assets and data previously we provided a few examples that touched on the disposal of data for example an organization might have you as a security analyst oversee the destruction of hard drives to make sure that they're properly disposed of this ensures that private data stored on those drives can't be accessed by threat actors the third domain is security architecture and engineering this domain is focused on optimizing data security by

ensuring effective tools systems and processes are in place to protect an organization's assets and data one of the Core Concepts of secure design architecture is shared responsibility shared responsibility means that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security by having policies that encourage users to recognize and Report security concerns many issues can be handled quickly and effectively the fourth domain is communication and network security which is mainly focused on managing and securing physical networks and Wireless Communications secure networks keep an organization's data and communication

safe whether on site or in the cloud or when connecting to Services remotely for example employees working remotely in public spaces need to be protected from vulnerabilities that can occur when they use insecure Bluetooth connections or public Wi-Fi hotspots by having security team members remove access ACC to those types of communication channels at the organizational level employees may be discouraged from practicing insecure behavior that could be exploited by threat actors now that we've reviewed the focus of our first four domains let's discuss the last four domains in this video we'll cover the last four domains

identity and access management security assessment and test testing security operations and software development security the fifth domain is identity and access management or IAM and it's focused on access and authorization to keep data secure by making sure users follow established policies to control and manage assets as an entry-level analyst it's essential to keep an organization systems and data as secure as possible by ensuring user access is limited to what employees need basically the goal of Imam is to reduce the overall risk to systems and data for example if everyone at a company is using the

same administrator login there is no way to track who has access to what data in the event of a breach separating valid user activity from the threat actor would be impossible there are four main components to I am identification is when a user verifies who they are by providing a username an access card or biometric data such as a fingerprint authentication is the verification process to prove a person's identity such as entering a password or pen authorization takes place after a user's identity has been confirmed and relates to their level of access which depends on

the role in the organization accountability refers to monitoring and recording user ACC actions like login attempts to prove systems and data are used properly the sixth security domain is security assessment and testing this domain focuses on conducting security control testing collecting and analyzing data and conducting security audits to monitor for risks threats and vulnerabilities security control testing can help an organization identify new and better ways to mitigate threats risks and vulnerabilities this involves examining organizational goals and objectives and evaluating if the controls being used actually achieve those goals collecting and analyzing security data regularly also

helps prevent threats and risks to the organization analysts might use security control testing evaluations and security assessment reports to improve existing controls or Implement new controls an example of implementing a new control could be requiring the use of multiactor authentication to better protect the organization from potential threats and risks next let's discuss security operations the security operations domain is focused on conducting investigations and implementing preventative measures investigations begin once a security incident has been identified this process requires a heightened sense of urgency in order to minimize potential risks to the organization if there is an

active attack mitigating the attack and preventing it from escalating further is essential for ensuring that private information is protected from threat actors once the threat has been neutralized the collection of digital and physical evidence to conduct a forensic investigation will begin a digital forensic investigation must take place to identify when how and and why the breach occurred this helps security teams determine areas for improvement and preventative measures that can be taken to mitigate future attacks the eighth and final security domain is software development security this domain focuses on using secure coding practices as you may

remember secure coding practices are recommended guidelines that are used to create secure applications and services the software development life cycle is an efficient process used by teams to quickly build software products and features in this process security is an additional step by ensuring that each phase of the software development life cycle undergo Security reviews security can be fully integrated into the software product for example performing a secure design review during the design phase secure code reviews during the development and test phases and penetration testing during the deployment and implementation phase ensures that security is embedded

into the software product at every step this keeps software secure and sensitive data protected and mitigates unnecessary risk to an organization being familiar with these domains can help you better understand how they're used to improve the overall security of an organization and the critical role security teams play next we'll discuss security threats risks and vulnerabilities including ransomware and introduce you to the three layers of the web my name is Ashley and my role at Google is CE enablement lead for SE op sales all that means is I help set up training for customer Engineers that

support our products grew up with a computer love the internet I have one of the earliest AOL screen names in history and I'm very proud of that my dad's an engineer and I think there was always an interest in Tech but when I got out of high school there wasn't a clear path to get there it wasn't a linear path at all so I was kind of a knucklehead growing up I gave up in 10th Grade and I just didn't care for a long time and I was getting in trouble a lot and I pretty

much told myself if I don't join the military and get out of here I will probably not be here in about two to three years if I continue down this path so I joined the army right out of high school graduated in June and 4 days later I was at boot camp at Fort Jackson South Carolina as a trumpet player believe it or not I come back and had to get a job and was not even tracking on tech jobs or anything like that so I was pulling in carts for a big hardware store selling

video games retail box Slinger for a freight company you know all of of that stuff has happened before I even figured out the tech was an option the military was kind enough to retrain me in it and that's kind of how I actually got the official first wave of schooling to be able to actually say hey I have the skills to at least be a PC technici I went back to Community College and I actually did find a cyber security associates degree program worked on some certifications I went to my first Defcon which is a

big hacking conference and that kind of set off the light bulb I think to actually get that Clarity on what the path could look like I landed my first security analy job back in 2017 and I went to a veterans training program at my last company that was free for vet and I ended up getting hired out of the training and I was with that company for almost five years before I came to Google so if you're new and you're just coming in you have to know how to work with a team I think a

lot of us learned that in customer service settings some of the skills I learn working in retail dealing with hard customers learning how to even talk to people or defuse a situation if if people are upset about things just learning how to talk to people and in it we need that you know it's no longer just the tech skills we need the more t-shaped which you know there's soft skills there's people skills and there's technical skills you have to have good analysis skills and again it doesn't even have to be technical analysis if you can

read a book and pick apart you know the rhetorical devices of that story you can do analysis work I didn't have to be a software engineer to work in this field for many of us there's like a math fear programming is a big hurdle but we work with people we work with processes and you don't necessarily need to have that coding knowledge to understand people or processes there's so many ways to break in so do not get discouraged and don't be scared to think outside of the box to get your foot in the door as

an entry-level security analyst one of your many roles will be to handle an organization's digital and physical assets as a reminder an asset is an item perceived as having value to an organization during their lifespan organizations acquire all types of assets including physical office spaces computers customers pii intellectual property such as patents or copyrighted data and so much more unfortunately organizations operate in an environment that presents multiple security threats risks and vulnerabilities to their assets let's review what threats risks and vulnerabilities are and discuss some common examples of each a threat is any circumstance or

event that can negatively impact assets one example of a threat is a social engineer engineering attack social engineering is a manipulation technique that exploits human error to gain private information access or valuables malicious links and email messages that look like they're from legitimate companies or people is one method of social engineering known as fishing as a reminder fishing is a technique that is used to acquire sensitive data such as usernames passwords or banking information risks are different from threats a risk is anything that can impact the confidentiality Integrity or availability of an asset think of

a risk as the likelihood of a threat occurring an example of a risk to an organization might be the lack of backup protocols for making sure its stored information can be recovered in the event of an accident or security incident organizations tend to rate risks at different levels low medium and high depending on possible threats and the value of an asset a low-risk asset is information that would not harm the organization's reputation or ongoing operations and would not cause Financial damage if compromis this includes public information such as website content or published research data a

medium risk asset might include information that's not available to the public and may cause some damage to the organization's finances reputation or ongoing operations for example the early release of a company's quarterly earnings could impact the value of their stock a high-risk asset is any information protected by regulations or laws which if compromised would have a severe negative impact on an organization's finances ongoing operations or reputation this could include leaked assets with SPI pii or intellectual property now let's discuss vulnerabilities a vulnerability is a weakness that can be exploited by a threat and it's worth

noting that both a vulnerability and threat must be present for there to be a risk examples of vulnerabilities include an outdated firewall software or application weak passwords or unprotected confidential data people can also be considered a vulnerability people's actions can significantly affect an organization's internal Network whether it's a client external vendor or employee maintaining security must be a United effort so entry-level analysts need to educate and Empower people to be more security conscious for example educating people on how to identify a fishing email is a great starting point using access cards to Grant employee access

to phys physical spaces while restricting outside visitors is another good security measure organizations must continently improve their efforts when it comes to identifying and mitigating vulnerabilities to minimize threats and risks entry-level analysts can support this goal by encouraging employees to report suspicious activity and actively monitoring and documenting employees access to critical assets now that you're familiar with some of the threats risks and vulnerabilities analysts frequently encounter coming up will'll discuss how they impact business operations in this video we'll discuss an expensive type of malware called ransomware then we'll cover three key impacts of threats risks

and vulnerabilities on organizational operations ransomware is a malicious attack where threat actors encrypt an organization's data then demand payment to restore access once ransomware is deployed by an attacker it can freeze Network systems leave devices unusable and encrypt or lock confidential data making devices inaccessible the threat actor then Demands a ransom before providing a decryption key to allow organizations to return to their normal business operations think of a decryption key as a password provided to regain access to your data Note that when Ransom negotiations occur or data is leaked by threat actors these events can

occur through the dark web while many people use search engines to navigate to their social media accounts or to shop online this is only a small part of what the web really is the web is actually an interl network of on online content that's made up of three layers the surface web the Deep Web and the dark web the surface web is the layer that most people use it contains content that can be accessed using a web browser the Deep Web generally requires authorization to access it an organization's interet is an example of the deep

web since it can only be accessed by employees or others who have been granted access like lastly the dark web can only be accessed by using special software the dark web generally carries a negative connotation since it is the preferred web layer for criminals because of the secrecy that it provides now let's discuss three key impacts of threats risks and vulnerabilities the first impact we'll discuss is financial impact when an organization's assets are compromised by an attack such as the use of malware the financial consequences can be significant for a variety of reasons these can

include interrupted production and services the cost to correct the issue and fines if assets are compromised because of non-compliance with laws and regulations the second impact is identity theft organizations must decide whether to store private customer employee and outside vendor data and for how long storing any type of sensitive data presents a risk to the organization sensitive data can include personally identifiable information or pii which can be sold or leaked through the dark web that's because the dark web provides a sense of secrecy and threat actors may have the ability to sell data there without

facing legal consequen es the last impact we'll discuss is damage to an organization's reputation a solid customer base supports an organization's Mission Vision and financial goals an exploited vulnerability can lead customers to seek new business relationships with competitors or create bad press that causes permanent damage to an organization's reputation the loss of customer data doesn't only affect an organization's reputation and financials it may also result in legal penalties and fines organizations are strongly encouraged to take proper security measures and follow certain protocols to prevent the significant impact of threats risks and vulnerabilities by using all

the tools in their toolkit security teams are better prepared to handle an event such as a ransomware attack coming up we'll cover the nist risk management framework's seven steps for managing [Music] risk my name is Herbert and I am a security engineer at Google I think I've always been interested in Security in high school uh our school gave us uh these huge Dell laptops uh there wasn't a whole lot of security within those computers so many of my friends uh would have cracked versions of like video games like Halo that's really where I learned how

to uh start manipulating computers to kind of do what I want I guess my day-to-day consists of analyzing security risks and providing solutions to those risks a typical task for a cyber security analyst would usually be something like exceptions requests uh analyzing uh if someone needs to have special access to a device or a document based on the role that the person has or the project that they're working on one of the more common threats that we come across is is misconfigurations or requesting access for something they you don't really need for example uh I

recently had a case where a vendor who were working with had changed their oath scope requests uh and basically that means that they were requesting more permissions uh to use Google services than they had before in the past um we weren't sure really how to uh go about that because that that wasn't a situation we've come across before so it's still ongoing but we're working with uh partner teams to kind of develop a solution for that I think another thing that we've seen is uh um outdated systems uh machines that need to be patched that

sounds like an IT issue but it's also definitely a cybercity issue uh having outdated machines um not having proper device management uh policies working with a team uh or many teams is a huge part of the job in order to get really anything done you need to communicate with not just the team that you're a part of but with other teams 10 years ago I I was working at a fizza joint and 10 years later here I am uh at Google as a security engineer if I told my my 16-year-old self that uh that I

would be here I I I wouldn't have believed myself but it is possible as you might remember from earlier in the program the National Institute of Standards and Technology nist provides many Frameworks that are used by Security Professionals to manage risks threats and vulnerabilities in this video we're going to focus on nist's riskmanagement framework or RMF as an entrylevel analyst you may not engage in all of these steps but it's important to be familiar with this framework having a solid foundational understanding of how to mitigate and manage risks can set yourself apart from other candidates

as you begin your job search in the field of security there are seven steps in the r MF prepare categorize select Implement assess authorize and monitor let's start with step one prepare prepare refers to activities that are necessary to manage security and privacy risks before a breach occurs as an entry-level analyst you'll likely use this step to monitor for risks and identify controls that can be used to reduce those risks step two is categorize which is used to develop risk management processes and tasks Security Professionals then use those processes and develop tasks by thinking about

how the confidentiality integrity and availability of systems and information can be impacted by risk as an entry-level analyst you'll need to be able to understand understand how to follow the processes established by your organization to reduce risks to critical assets such as private customer information step three is Select select means to choose customize and capture documentation of the controls that protect an organization an example of the select step would be keeping a Playbook up to date or helping to manage other documentation that allows you and your team to address issues more efficiently step four is

to implement security and privacy plans for the organization having good plans in place is essential for minimizing the impact of ongoing security risks for example if you notice a pattern of employees constantly needing password resets implementing a change to password requirements may help solve this issue St step five is assess assess means to determine if established controls are implemented correctly an organization always wants to operate as efficiently as possible so it's essential to take the time to analyze whether the implemented protocols procedures and controls that are in place are meeting organizational needs during this step

analysts identify potential weaknesses and and determine whether the organization's tools procedures controls and protocols should be changed to better manage potential risks step six is authorized authorized means being accountable for the security and privacy risks that may exist in an organization as an analyst the authorization step could involve generating reports developing plans of action and establishing project Milestones that are aligned to your organization's security goals step seven is monitor monitor means to be aware of how systems are operating assessing and maintaining technical operations are tasks that analysts complete daily part of maintaining a low level

of risk for an organization is knowing how the current Systems Support the organization's security goals if the systems in place don't meet those goals changes may be needed although it may not be your job to establish these procedures you will need to make sure they're working is intended so that risks to the organization itself and the people it serves are minimized you've now completed the first section of this course let's review what we've discussed so far we started out by exploring the focus of cp's eight security domains then we discussed threats risks and vulnerabilities and

how they can impact organizations this included a close examination of ransomware and an introduction to the three layers of the web finally we focused on seven steps of the nist risk management framework also called the RMF you did a fantastic job adding new knowledge to your security analyst toolkit in upcoming videos we'll go into more detail about some common tools used by entrylevel security analysts then you'll have an opportunity to analyze data generated by those tools to identify risks threats or vulnerabilities you'll also have a chance to use a Playbook to respond to incidents that's

all for now keep up the great work welcome back as a security analyst your job isn't just keeping organizations safe Your Role is much more important you're also helping to keep people safe breaches that affect customers vendors and employees data can cause significant damage to people's Financial stability and their reputations as an analyst your day to day work will help keep people and organizations safe in this section of the course we'll discuss security Frameworks controls and design principles in more detail and how they can be applied to security audits to help protect organizations and people

keeping customer information confidential is a crucial part of my daily work at Google and the nist cyber security framework plays a large part in this the framework ensures the protection and compliance of customer tools and personal work devices through the use of security controls welcome to the world of security Frameworks and controls let's get started in an organization plans are put in place to protect against a variety of threats risks and vulnerabilities however the requirements used to protect organizations and people often overlap because of this organizations use security Frameworks as a starting point to create

their own security policies and processes let's start by quickly reviewing what Frameworks are security Frameworks are guidelines used for building plans to help mitigate risk and threats to data and privacy such as social engineering attacks and ransomware security involves more than just the virtual space it also includes the physical which is why many organizations have plans to maintain safety in the work environment for example access to a building may require using a key card or badge other security Frameworks provide guidance for how to prevent detect and respond to security breaches this is particularly important when

trying to protect an organization from social engineering attacks like fishing that Target their employees remember people are the biggest threat to security so Frameworks can be used to create plans that increase employee awareness and educate them about how they can protect the organization their co-workers and themselves educating employees about existing security challenges is essential for minimizing the possibility of a breach providing employee training about how to recognize red flags or potential threats is essential along with having plans in place to quickly report and address security issues as an analyst it will be important for you

to understand and implement the plans your organization has in place to keep the organization its employees and the people it serves safe from social engineering attacks breaches and other harmful security incidents coming up we'll review and discuss security controls which are used along side Frameworks to achieve an organization security goals while Frameworks are used to create plans to address security risks threats and vulnerabilities controls are used to reduce specific risks if proper controls are not in place an organization could face significant financial impacts and damage to the reputation because of exposure to risks including trespassing

creating fake employee accounts or providing free benefits let's review the definition of controls security controls are safeguards designed to reduce specific security risks in this video we'll discuss three common types of controls encryption authentication and authorization encryption is the process of converting data from a readable format to an encoded format typically encryption involves converting data from PL text to Cipher text Cipher text is the raw encoded message that's under readable to humans and computers Cipher Tex data cannot be read until it's been decrypted into its original PL text form encryption is used to ensure confidentiality

of sensitive data such as customers account information or social security numbers another control that can be used to protect sensitive data is authentication authentication is the process of verifying who someone or something is a a real world example of authentication is logging into a website with your username and password this basic form of authentication proves that you know the username and password and should be allowed to access the website more advanced methods of authentication such as multiactor authentication or MFA challenge the user to demonstrate that they are who they claim to be by requiring both

a password and and an additional form of authentication like a security code or Biometrics such as a fingerprint Voice or face scan Biometrics are unique physical characteristics that can be used to verify a person's identity examples of Biometrics are a fingerprint an I scan or a palm scan one example of a social engineering attack that can exploit Biometrics is Vishing vising is the exploitation of elect iic voice communication to obtain sensitive information or to impersonate a known source for example Vishing could be used to impersonate a person's voice to steal their identity and then commit

a crime another very important security control is authorization authorization refers to the concept of granting access to specific resources within a system essentially authorization is used to verify that a person has permission to access a resource as an example if you're working as an entry-level security analyst for the federal government you could have permission to access data through the Deep Web or other internal data that is only accessible if you're a federal employee the security controls we discussed today are only one element of a core security model known as the CIA Triad coming up we'll

talk more about this model and how security teams use it to protect their organizations great to see you again while working as an entry-level security analyst your main responsibility is to help protect your organization's sensitive assets and data from threat actors the CIA Triad is a core security model that will help you do that in this video we'll explore the CIA Triad and discuss the importance of each component for keeping an organization safe from threats risks and vulnerabilities let's get started the CIA Triad is a model that helps inform how organizations consider risk when setting

up systems and security policies as a reminder the three letters in the CIA Triad stand for confidentiality integrity and availability as an entry-level analyst you'll find your yourself constantly referring to these three core principles as you work to protect your organization and the people it serves confidentiality means that only authorized users can access specific assets or data sensitive data should be available on a need to know basis so that only the people who are authorized to handle certain assets or data have access integrity means that the data is correct authentic and reliable determining the Integrity

of data and analyzing how it's used will help you as a security professional decide whether the data can or cannot be trusted availability means that the data is accessible to those who are authorized to access it inaccessible data isn't useful and can prevent people from being able to do their jobs as a security professional ensuring that systems networks and applications are functioning properly to allow for timely and reliable access may be a part of your everyday work responsibilities now that we've defined the CIA Triad and its components let's explore how you might use the CIA

Triad to protect an organization if you work for an organization that has large amounts of private data like a bank the principle of confidentiality is essential because a bank must keep people's personal and financial information safe the principle of Integrity is also a priority for example if a person's spending habits or purchasing locations change dramatically the bank will likely disable access to the account until they can verify that the account owner not a threat actor is actually the one making purchases the availability principle is also critical Banks put a lot of effort into making sure

that people can access their account information easily on the web and to make sure that information is protected from threat actors Banks use a validation process to help minimize damage if they suspect that customer accounts have been compromised as an analyst you'll regularly use each component of the Triad to help protect your organization and the people it serves and having the CIA Triad constantly in mind will help you keep sensitive data and assets safe from a variety of threats risks and vulnerabilities including the social engineering attacks malware and data theft we discussed earlier coming up

we'll explore specific Frameworks and principles that will also help you protect your organization from threats risks and vulnerabilities see you soon welcome back before we get started let's quickly review the purpose of Frameworks organizations use Frameworks as a starting point to develop plans that mitigate risks threats and vulnerabilities to sensitive data and assets and fortunately there are organizations worldwide that create Frameworks Security Professionals can use to develop those plans in this video we'll discuss two of the National Institute of Standards and technology or nists Frameworks that can support ongoing security efforts for all types of

organizations including for-profit and nonprofit businesses as well as government agencies and while nist is a us-based organization the guidance it provides can help analysts all over the world understand how to implement essential cyber security practices one nist framework that we'll discuss throughout the program is the nist cyber security framework or CSF the CSF is a voluntary framework that consists of Standards guidelines and best practices to manage cyber security risk this framework is widely respected and essential for maintaining security regardless of the organization you work for the CSF consists of five important core functions identify protect

detect respond and recover which we'll discuss in detail in a future video for now we'll focus on how the CSF benefits organizations and how it can be used to protect against threats risks and vulnerabilities by providing a workplace example imagine that one morning you receive a high-risk notification that a workstation has been compromised you identify the workstation and discover that there's an unknown device plugged into it you block the unknown device remotely to stop any Potential Threat and protect the organization then you remove the infected workstation to prevent the spread of the damage and use

tools to to detect any additional threat actor behavior and identify the unknown device you respond by investigating the incident to determine who used the unknown device how the threat occurred what was affected and where the attack originated in this case you discover that an employee was charging their infected phone using a USB port on their work laptop finally you do your best to recover any files or data that were affected and correct any damage the threat caused to the workstation itself as demonstrated by the previous example the core functions of the nist CSF provide specific

guidance and direction for Security Professionals this framework is used to develop plans to handle an incident appropriately and quickly to lower risk protect an organization against a threat and mitigate any potential vulnerabilities the nist CSF also expands into the protection of the United States federal government with nist special publication or SP 800-53 it provides a unified framework for protecting the security of Information Systems within the federal government including the systems provided by private companies for federal government use the security controls provided by this framework are used to Main maintain the CIA Triad for those systems

used by the government isn't it amazing how all of these Frameworks and controls work together we've discussed some really important security topics in this video that will be very useful for you as you continue your security Journey because they're core elements of the security profession the nist CSF is a useful framework that most Security Professionals are familiar with and having an understanding of the nist SP 800-53 is crucial if you have an interest in working for the US federal government coming up we'll continue to explore the five nist CSF functions and how organizations use them

to protect assets and data hello again I'm excited you're here we have so much to discuss previously we covered the uses and benefits of the nist CSF in this video we'll focus specifically on the five core functions of the nist CSF framework let's get started nist CSF focuses on five core functions identify protect detect respond and recover these core functions help organizations manage cyber security risks Implement risk management strategies and learn from previous mistakes basically when it comes to security operations NIS CSF functions are key for making sure an organization is protected against potential threats

risks and vulnerabilities so let's take a little time to explore how each function can be used to improve an organization security the first core function is identify which is related to the management of cyber security risk and its effect on an organization's people and assets for example as a security analyst you may be asked to monitor the systems and devices in your organization's internal Network to identify potential security issues like compromised devices on the network the second core function is protect which is the strategy used to protect an organization through the implementation of policies procedures

training and tools that help mitigate cyber security threats for example as a security analyst you and your team might encounter new and unfamiliar threats and attacks for this reason studying historical data and making improvements to policies and procedures is essential the third core function is detect which means identifying potential security incidents in and improving monitoring capabilities to increase the speed and efficiency of detections for example as an analyst you might be asked to review a new security tool setup to make sure it's flagging low medium or high risk and then alerting the security team about

any potential threats or incidents the fourth function is respond which means making sure that the proper procedures are used to contain neut neutralize and analyze security incidents and Implement improvements to the security process as an analyst you could be working with a team to collect and organize data to document an incident and suggest improvements to processes to prevent the incident from happening again the fifth core function is recover which is the process of returning affected systems back to normal operation for example as an entrylevel security analyst you might work with your security team to restore

systems data and assets such as Financial or legal files that have been affected by an incident like a breach we've covered a lot of information in this video hopefully it helped you understand the value of learning about nist CSF and its five core functions from proactive to reactive me measures all five functions are essential for making sure that an organization has effective security strategies in place security incidents are going to happen but an organization must have the ability to quickly recover from any damage caused by an incident to minimize their level of risk coming up

we'll discuss security principles that work hand inand with nist Frameworks and the CIA Triad to help protect critical data and assets it's important to understand how to protect an organization's data and assets because that will be part of your role as a security analyst fortunately there are principles and guidelines that can be used along with NIS Frameworks and the CIA Triad to help security teams minimize threats and risks in this video we'll explore some open web application security project or oasp security principles that are useful to know as an entry-level analyst the first OAS principle

is to minimize the attack surface area an attack surface refers to all the potential vulnerabilities that a threat actor could exploit like attack vectors which are Pathways attackers use to penetrate security defenses examples of common attack vectors are fishing emails and weak passwords to minimize the attack surface and avoid incidents from these types of vectors security teams might disable software features restrict who can access certain assets or establish more complex password requirements the principle of least privilege means making sure that users have the least amount of access required to perform their everyday tasks the main

reason for limiting access to organizational information and resources is to reduce the amount of damage a security breach could cause for example as an entry-level analyst you may have access to log data but may not have access to change user permissions therefore if a threat actor compromises your credentials they'll only be able to gain limited access to digital or physical assets which may not be enough for them to deploy their intended attack the next principle we'll discuss is defense in depth defense in depth means that an organization should have multiple security controls that address risks

and threats in different ways one example of a security control is multiactor authentication or MFA which requires users to take an additional Step Beyond simply entering their username and password to gain access to an application other controls include firewalls intrusion detection systems and permission settings that can be used to create multiple points of Defense a threat actor must get through to breach an organization another principle is separation of Duties which can be used to prevent individuals from carrying out fraudulent or illegal activities this principle means that no one should be given so many privileges that

they can misuse the system system for example the person in a company who signs the paychecks shouldn't also be the person who prepares them only two more principles to go you're doing great keep security simple is the next Principle as the name suggests when implementing security controls unnecessarily complicated Solutions should be avoided because they can become unmanageable the more comp complex the security controls are the harder it is for people to work collaboratively the last principle is to fix security issues correctly technology is a great tool but can also present challenges when a security incident

occurs Security Professionals are expected to identify the root cause quickly from there it's important to correct any identified vulnerabilities and conduct tests to ensure that repairs are successful an example of an issue is a weak password to access an organization's Wi-Fi because it could lead to a breach to fix this type of security issue stricter password policies could be put in place I know we've covered a lot but understanding these principles increases your overall security knowledge and can help you stand out as a security professional [Music] my name is waji and I'm a security engineer

at Google working in the digital forensics Department do you need a background in cyber security no you don't my past experiences is working at a water park uh as a snow con machine guy I worked at a movie theater selling Popcorn and Concession stands during my undergrad I I uh was a bio major at first like my freshman year year uh met someone in a bus who was mentioning about this cool cyber security startup that just sounded cool like really cool some strategies I leverage to keep up to date on the latest cyber security Trends

is um going on online forums such as medium to research different um security Trends and topics I personally use medium a lot um as I could you know filter by the tag of like I want to find uh articles related to cyber security and or I want to find articles related to Cloud Security based off their filtering algorithm I just go on and see like what other people are talking about and then that's what helps me keep up to date if it's more of like networking that you're looking for uh to then I highly recommend

just going out to those like conferences my advice for people wanting to get into cyber security is don't be too overwhelmed with trying to understand everything single specialization within cyber security there's so much going on within uh the cyber security field in terms of Trends and it's nice to stay up to date with all of those but sometimes you need to take a step back and prioritize what subjects within cyber security you are staying most up to dat like on I love this job uh I love the challenges I feel like there is a shortage

in uh cyber Security Professionals out there from just past experiences hearing from other friends in computer science Fields U most of them say that oh it's too hard too complicated to get in don't listen to those people I encourage you to push through it's definitely well worth it first just get the fundamentals down and uh be persistent now that we've covered different Frameworks controls security principles and compliance regulations the question is how do they all work together the answer to that question is by conducting security audits a security audit is a review of an organization's

security controls policies and procedures against a set of expectations there are two main types of security audits external and internal we'll focus on internal security audits because those are the types of audits that entry-level analysts might be asked to contribute to an internal security audit is typically conducted by a team of people that might include an organization's compliance officer security manager and other security team members internal security audits are used to help improve an organization's security posture and help organizations avoid fines from governing agencies due to a lack of compliance internal security audits help security

teams identify organizational risk assess controls and correct compliance issues now that we've discussed the purposes of internal audits let's cover some common elements of internal audits these include establishing the scope and goals of the audit conducting a risk assessment of the organization's assets completing a controls assessment assessing compliance and communicating results to stakeholders in this video we'll cover the first two elements which are a part of the audit planning process establishing the scope and goals then completing a risk assessment scope refers to the specific criteria of an internal security audit scope requires organizations to identify

people assets policies procedures and technologies that might impact an organization's security posture goals are an outline of the organization's security objectives or what they want to achieve in order to improve their security posture although more senior level security team members and other stakeholders usually establish the scope and goals of the audit entry-level analysts might be asked to review and understand the scope and goals in order to complete other elements of the audit as an example the scope of this audit involves assessing user permissions identifying existing controls policies and procedures and accounting for the technology currently

in use by the organization the goals outlined include implementing core functions of Frameworks like the NIS CSF establishing policies and procedures to ensure compliance and strengthening system controls the next element is conducting a risk assessment which is focused on identifying potential threats risks and vulnerabilities this helps organizations consider what security measures should be implemented and monitored to ensure the safety of assets similar to establishing the scope and goals a risk assessment is often times completed by managers or other stakeholders however you might be asked to analyze details provided in the risk assessment to consider what

types of controls and compliance regulations need to be in place to help improve the organization security posture for example this risk assessment highlights that there are inadequate controls processes and procedures in place to protect the organization's assets specifically there is a lack of proper management of physical and digital assets including employee equipment the equipment used to store data is not properly secured and access to private information stored in the organization's internal Network likely needs more robust controls in place now that we've discussed the initial planning elements of an internal security audit coming up we'll focus

on the last three elements previously we discussed the initial planning elements of an internal security audit in this video we'll cover the final elements that an entry-level analyst might be asked to complete at as a reminder the planning elements of internal security audits include establishing the scope and goals then conducting a risk assessment the remaining elements are completing a controls assessment assessing compliance and communicating results before completing these last three elements you'll need to review the scope and goals as well as the risk assessment and ask yourself some questions first for example what is the

audit meant to achieve which assets are most at risk are current controls sufficient to protect those assets if not what controls and compliance regulations need to be implemented considering questions like these can support your ability to complete the next element a controls assessment a controls assessment involves closely reviewing an organization A's existing assets then evaluating potential risks to those assets to ensure internal controls and processes are effective to do this entry-level analysts might be tasked with classifying controls into the following categories administrative controls technical controls and physical controls administrative controls are related to the human

component of cyber security they include policies and procedures that Define how an organization manages data such as the implementation of password policies technical controls are hardware and software Solutions used to protect assets such as the use of intrusion detection systems or ids's and encryption physical controls refer to measures put in place to prevent physical access to protected assets such as surveillance cameras and locks the next element is determining whether or not the organization is adhering to necessary compliance regulations as a reminder compliance regulations are laws that organizations must follow to ensure private data remains secure

in this example the organization conducts business in the European Union and accepts credit card payments so they need to adhere to the gdpr and payment card industry data security standard or PCI DSS the final common element of an internal security audit is communication once the internal security audit is complete results and recommendations need to be communicated to stakeholders in general this type of communication summarizes the scope and goals of the audit then it lists existing risks and notes how quickly those risks need to be addressed additionally it identifies compliance regulations the organization needs to adhere

to and provides recommendations for improving the organization's security posture internal audits are a great way to identify gaps within an organization when I worked at a previous company my team and I conducted an internal password audit and found that many of the passwords were weak once we identified this issue the compliance team took the lead and began enforcing stricter password policies audits are an opportunity to determine what security measures an organization has in place and what areas need to be improved to achieve the organization's desired security posture security audits are quite involved involved yet of

extreme value to organizations later in the course you'll have an opportunity to complete elements of an internal security audit for a fictional company which you can include in your professional portfolio great job now you've had an opportunity to learn more about security Concepts that can help an organization protect data and assets we've covered quite a bit but it will all be valuable knowledge for you as you continue along your journey into the security profession we started by defining what security Frameworks are and how they help organizations protect critical information we also explored security controls and

the important role they play in protecting against risks threats and vulnerabilities this included a discussion of the CIA Triad which is a core security model and two two n Frameworks the CSF and SP 800-53 then we covered some of O wasp's secure design principles we ended by introducing security audits with a focus on the elements of an internal audit that you may be asked to complete or contribute to Security Professionals use the concepts we discussed to help protect organization's assets data systems and people as you continue along your journey into the security profession a lot

of these Concepts will come up repeatedly what we're doing now is giving you a foundational understanding of security practices and topics that will help you along the way in the next section of the course we'll discuss specific security tools you may one day use as an analyst we'll cover how they're used to improve an organization security posture and how they can help you achieve your goal of keeping organizations and people safe I'm excited to continue this journey with you see you soon welcome back previously we discuss security Frameworks controls and design principles and how Security

Professionals apply these to security audits in this section we'll continue to explore security tools and how they can help you keep organizations and the people they serve safe Security Professionals often use a variety of tools to address specific security challenges such as collecting security data detecting and analyzing threats or automating tasks security tools help organizations achieve a more comprehensive security posture we'll Begin by covering different types of logs what they track and how they're used then we'll explore security information and event management otherwise known as Sim dashboards finally we'll discuss some common Sim tools used

in the security industry let's get started as a security analyst one of your responsibilities might include analyzing log data to mitigate and manage threats risks and vulnerabilities as AER Remer a log is a record of events that occur within an organization's systems and networks security analysts access a variety of logs from different sources three common log sources include firewall logs Network logs and server logs let's explore each of these log sources in more detail a firewall log is a record of attempted or established connections for incoming traffic from the internet it also includes outbound requests

to the internet from within the network a network log is a record of all computers and devices that enter and leave the network it also records connections between devices and services on the network finally a server log is a record of events related to services such as websites emails or file shares in including clud actions such as login password and username requests by monitoring logs like the one shown here security teams can identify vulnerabilities and potential data breaches understanding logs is important because Sim tools rely on logs to monitor systems and detect security threats a

security information and event management or Sim tool is an application that collects and analyzes log data to monitor critical activities in an organization it provides realtime visibility event monitoring and Analysis and automated alerts it also stores all log data in a centralized location because Sim tools index and minimize the number of logs a security professional must manually review and analyze they increase efficiency and save time but Sim tools must be configured and customized to meet each organization's unique security needs as new threats and vulnerabilities emerge organizations must continually customize their Sim tools to ensure that

threats are detected and quickly addressed later in the certificate program you'll have a chance to practice using different Sim tools to identify potential security incidents coming up we'll explore Sim dashboards and how cyber Security Professionals use them to monitor for for threats risks and vulnerabilities we've explored how Sim tools are used to collect and analyze log data however this is just one of the many ways Sim tools are used in cyber security Sim tools can also be used to create dashboards you might have encountered dashboards in an app on your phone or other device they

present information about your account or location in a format that's easy to understand for example weather apps display data like temperature precipitation wind speed and the forecast using charts graphs and other visual elements this format makes it easy to quickly identify weather patterns and Trends so you can stay prepared and plan your day accordingly just like weather apps help people make quick and informed decisions based on data Sim Das boards help security analysts quickly and easily access their organization security information as charts graphs or tables for example a security analyst receives an alert about a

suspicious login attempt the analyst accesses their Sim dashboard to gather information about this alert using the dashboard the analyst discovers that there have been 500 login attempts for yar's account in the span of five Mons minutes they also discover that the login attempts happened from Geographic locations outside of yara's usual location and outside of her usual working hours by using a dashboard the security analyst was able to quickly review visual representations of the timeline of the login attempts the location and the exact time of the activity then determined that the activity was suspicious in addition

to providing a comprehensive summary of security related data Sim dashboards also provide stakeholders with different metrics metrics are key technical attributes such as response time availability and failure rate which are used to assess the performance of a software application Sim dashboards can be customized to display specific metrics or other data that are relevant to different members in an organization for example a security analyst May create a dashboard that displays metrics for monitoring everyday business operations like the volume of incoming and outgoing Network traffic we've examined how security analysts use sim dashboards to help organizations maintain

their security posture well done coming up we'll discuss some common Sim tools used in the cyber security industry meet you there [Music] my name is paresa and I'm a vice president of engineering and lead the Chrome team so as general manager of the Chrome team I lead a team of Engineers and product managers and designers around the world who actually build Chrome and keep all of our users safe I think accessibility is important to all aspects of technology and when we think about it's relevance for cyber security you know we ultimately want to keep everybody

is safe I think of accessibility as making information activities or even environments meaningful sensible usable to as many people as possible and when we're talking about this in a technology standpoint it's usually about making information or services available to people with disabilities decisions we make based on our own abilities to enhance security can actually be ineffective for example you'll sometimes see the color red used for um indication of a warning well for somebody who's colorblind like that is going to be ineffective and so really thinking about accessibility when we're trying to keep people safe is

super important for them to be effective I've worked in the space of security for a really long time I do see some parallels between the spaces I've really been able to see Innovation uh driven when you're trying to solve a very specific security problem or a specific accessibility problem closed captioning was originally designed and built to help people with um hearing impairments but it ends up helping everybody for people who are new to the field of cyber security it's just really important to remember that there's a range of abilities that you are wanting to serve

it's so important to get user research and feedback and a range of abilities in terms of testing the effectiveness of your security mitigations I know it was scary for me early on I didn't look like everybody else I really struggled with whether I belonged finding people who could be mentors Having the courage to ask questions and recognize that you're rarely the only person with that question and just sort of persevering through sometimes hard moments can lead to breakthroughs and also just growing confidence and one of the things I've learned is me having a different background

than other people in the space was my own superpower instead of focusing on the Delta between what I was and what the norm was in the room I should feel a lot of pride in what made me unique and what unique skills and perspective I brought to the table hello again previously we discussed how Sim tools help security analysts monitor systems and detect security threats in this video we'll cover some industry-leading Sim tools that you'll likely encounter as a security analyst first let's discuss the different types of sim tools that organizations can choose from based

on their unique security needs selfhosted Sim tools require organizations to install operate and maintain the tool using their own physical infrastructure such as server capacity these applications are then managed and maintained by the organization's it Department rather than a third-party vendor self-hosted Sim tools are ideal when an organization is required to maintain physical control over confidential data alternatively Cloud hosted Sim tools are main maintained and managed by the Sim providers making them accessible through the internet Cloud hosted Sim tools are ideal for organizations that don't want to invest in creating and maintaining their own infrastructure

or an organization can choose to use a combination of both self-hosted and Cloud hosted Sim tools known as a hybrid solution organizations might choose a hybrid Sim solution to leverage the benefits of the cloud while also maintaining physical control over confidential data Splunk Enterprise Splunk cloud and Chronicle are common Sim tools that many organizations use to help protect their data and systems let's begin by discussing Splunk Splunk is a data analysis platform and Splunk Enterprise provides Sim Solutions Splunk Enterprise is a self-hosted tool using to retain analyze and search an organization's log data to provide

security information and alerts in real time Splunk cloud is a cloud hosted tool used to collect search and monitor log data Splunk cloud is helpful for organizations running hybrid or cloudon environments where some or all of the organization services are in the cloud finally there's Google's Chronicle Chronicle is a cloud native tool designed to retain analyze and search data Chronicle provides log monitoring data analysis and data collection like Cloud hosted tools Cloud native tools are also fully maintained and managed by the vendor but Cloud native tools are specifically designed to take full advantage of cloud

computing capabilities such as availability flexibility and scalability because threat actors are frequently improving their strategies to compromise the confidentiality integrity and availability of their targets it's important for organizations to use a variety of security tools to help defend against attacks the Sim tools we just discussed are only a few examples of the tools available for security teams to use to help defend their organizations and later in the certificate program you'll have the exciting opportunity to practice using Splunk cloud and [Music] Chronicle I'm Talia and I am an engineer within privacy Safety and Security at Google

so there are a lot of myths in the cyber security space one big one is you must know how to code or you must know how to hack or you must be a math Wiz I don't know how to code although I have learned how to read code over time I'm not a hacker I'm on I'm not on on on the red team side of security and more like on the blue team I'm not a math Wiz I definitely took the business route but um I'm not a mathematici and that wasn't really the path so

a lot of my strength really lies in my ability to build relationships um learn quickly on the job doing uh conducting research asking all the right questions I think those have been my strongest uh strength another big myth is that you are required to have a cyber security degree I actually uh went to school for business an advanced degree is not required even though I did later on go back that was my preference you do not need to pursue that in order for you um to be considered a great candidate for cyber security another big

one is you work in isolation with in cyber security it really depends on the path that you choose um but I found it that to be one of the the most it couldn't be further from the truth my my biggest advice for anyone who's interested in cyber security is be okay with creating your own path the path looks different for everyone if you were to talk to five different people their Journeys are all different so own your journey and you know identify people who can support you let them know that you're sitting for the C

certificate and see what kind of support that you can get as you start your journey let's quickly review what we covered in this section of the course we started by discussing the importance of logs and cyber security and we explored different log types like firewall Network and server logs next we explored Sim dashboards and how they use visual representations to provide security teams with quick and clear clear insights into the security posture of an organization finally we introduced common Sim tools used in the cyber security industry including Splunk and Chronicle we'll be exploring even more

security tools later in the program and you'll have opportunities to practice using them coming up we'll discuss playbooks and how they help Security Professionals respond appropriately to identifi threats risks and vulnerabilities meet you there hello and welcome back you've reached the final section of this course previously we discussed security information and event management or Sim tools and how they can be used to help organizations improve their security posture let's continue our security journey by exploring another tool Security Professionals use Playbook in this section we'll explore how playbooks help security teams respond to threats risks or

vulnerabilities identified by Sim tools then we'll discuss the six phases of incident response let's get started previously we discussed how Sim tools are used to help protect an organization's critical assets and data in this video we'll introduce another important tool for maintaining an organization security known as a Playbook A playbook is a manual that provides details about any operational action playbooks also clarify what tools should be used in response to a security incident in the security field playbooks are essential urgency efficiency and accuracy are necessary to quickly identify and mitigate a security threat to reduce

potential risk playbooks ensure that people follow a consistent list of actions in a prescribed way regardless of who is working on the case different types of playbooks are used these include playbooks for incident Response Security alerts team specific and product specific purposes here we'll focus on a Playbook that's common used in cyber security called an incident response Playbook incident response is an organization's quick attempt to identify an attack contain the damage and correct the effects of a security breach an incident response Playbook is a guide with six phases used to help mitigate and manage security

incidents from beginning to end let's discuss each phase the first phase is preparation organizations must prepare to mitigate the likelihood risk and impact of a security incident by documenting procedures establishing Staffing plans and educating users preparation sets the foundation for successful incident response for example organizations can create incident response plans and procedures that outline the roles and responsibilities of each security team member the second phase is detection and Analysis the objective of this phase is to detect and analyze events using defined processes and technology using appropriate tools and strategies during this phase helps security analysts

determine whether a breach has occurred and analyze its possible magnitude the third phase is containment the goal of containment is to prevent further damage and reduce the immediate impact of a security incident during this phase Security Professionals take actions to contain an incident and minimize damage containment is a high priority for organizations because it helps prevent ongoing risks to critical assets and data the fourth phase in an incident response Playbook is is eradication and Recovery this phase involves the complete removal of an incident's artifacts so that an organization can return to normal operations during this

phase Security Professionals eliminate artifacts of the incident by removing malicious code and mitigating vulnerabilities once they've exercised due diligence they can begin to restore the affected environment to a secure State this is also known as it restoration the fifth phase is po incident activity this phase includes documenting the incident informing organizational leadership and applying Lessons Learned to ensure that an organization is better prepared to handle future incidents depending on the severity of the incident organizations can conduct a fullscale incident analysis to determine the root cause of the incident and Implement various updates or improvements to

enhance its overall security posture the sixth and Final Phase in an incident response Playbook is coordination coordination involves reporting incidents and sharing information throughout the incident response process based on the organization's established standards coordination is important for many reasons it ensures that organizations meet compliance requirements and it allows for coordinated response and resolution there are many ways Security Professionals may be alerted to an incident you recently learned about Sim tools and how they collect and analyze data they use this data to detect threats and generate alerts which can inform the security team of a potential

incident then when a security analyst receives a Sim alert they can use the appropriate Playbook to guide the response process Sim tools and playbooks work together to provide a structured and efficient way of responding to potential security incidents throughout the program you'll have opportunities to continue to build your understanding of these important Concepts welcome back in this video we're going to revisit Sim tools and how they're used alongside playbooks to reduce organizational threats risks and vulnerabilities an inate response Playbook is a guide that helps Security Professionals mitigate issues with a heightened sense of urgency while

maintaining accuracy playbooks create structure ensure compliance and outline processes for communication and documentation organizations may use different types of incident response playbooks to depending on the situation for example an organization may have specific playbooks for addressing different types of attacks such as ransomware malware distributed denial of service and more to start let's discuss how a security analyst might use a Playbook to address a similar like a potential malware attack in this situation A playbook is invaluable for guiding an analyst through the necessary actions to properly address the alert the first action in The Playbook is

to assess the alert this means determining if the alert is actually valid by identifying why the alert was generated by the Sim this can be done by analyzing log data and related metrics next The Playbook outlines the actions and tools to use to contain the malware and reduce further damage for example this Playbook instructs the analyst to isolate or disconnect the infected Network system to prevent the malware from spreading into other parts of the network after containing the incident step three of The Playbook describes ways to eliminate all traces of the incident and restore the

affected systems back to normal operations for example The Playbook might instruct the analyst to rest restore the impacted operating system then restore the affected data using a clean backup created before the malware outbreak finally once the incident has been resolved step four of the Playbook instructs the analyst to perform various post incident activities and coordination efforts with the security team some actions include creating a final report to communicate the security incident to stakeholders ERS or reporting the incident to the appropriate authorities like the US Federal Bureau of Investigations or other agencies that investigate cyber crimes

this is just one example of how you might follow the steps in a Playbook since organizations develop their own internal procedures for addressing security incidents what's most important to understand is that playbooks provide a consistent process for security professionals to follow note that playbooks are living documents meaning the security team will make frequent changes updates and improvements to address new threats and vulnerabilities in addition organizations learn from past security incidents to improve their security posture refine policies and procedures and reduce the likelihood and impact of future incidents then they update their playbooks accordingly as an

entry-level security analyst you may be required to use playbooks frequently especially when monitoring networks and responding to incidents having an understanding of why playbooks are important and how they can help you achieve your working objectives will help ensure your success within this field hi everyone my name is Aaron and I am a privacy engineer at Google I work on speculative and emerging technology so think of things that don't exist in the world and that are coming within the next 2 to 5 years my role is basically to take a look at all of the things

that we are creating in terms of technology and making sure that privacy is embedded in that I am thinking for users before they even touch the product making sure that when they utilize them they'll have some form of trust in the engagement with that product as well as knowing that we are protecting their privacy things that they don't want to share or broadcast and making sure that they're informed before they even touch the product I always talk about soft skills being the most important thing over the technical skills because we can teach you anything but

we can't teach you how to relate to people that is something that you bring to the table diversity of thought and diversity of perspectives are very useful in understanding the world that we exist in because if we are designing products for everyday people we need Everyday People to basically help us understand those perspectives because I may look at something one way but my colleague may see it another way based on their own experiences and so when you work together and come from different environments you actually bring more equity and more depth to the things that

you're looking at and the the perspective that you bring is the essential voice that is required in order to make a product better when you look at people who work in journalism or people who like myself worked in entertainment they are bringing a different perspective for how they would tackle something or if we have a product where we are trying to convince a product team that maybe we shouldn't do this it's always helpful to say you know from someone who worked in journalism do we really want this to end up in the times probably not

right and that is a way to come at people that on the ground floor they understand what that looks like all of the experiences that you have had from the time you were born to now they have been your experience and you have to think about that in terms of where we're going with technology when we're developing for a wide array of people your experience may be someone else's experience and so if we don't have you in the room then we are missing the opportunity to actually bring something beautiful I would say to the equation

which is why I encourage people please come you know work with us in terms of Technology get involved in stem because the equity across products security privacy you name it whether it be you know software engineering everything requires a different voice and it actually requires your voice let's review what we covered in this section we began by discussing the purpose of playbooks then we examine the six phases of an incident response Playbook including an example of how a Playbook might be used to address an incident playbooks are just one of the essential tools you'll use

as a security analyst they provide a structured consistent approach to handling security incidents and can help you respond to security incidents quickly knowing how and when to use a Playbook will allow you to make informed decisions about how to respond to a security incident when it occurs and help to minimize the impact and damage it may cause your organization and the people it serves following the steps of the Playbook and communicating appropriately with your team will ensure your Effectiveness as a security professional congratulations on completing this course let's recap what we've covered so far first

we reviewed cp's eight security domains and focused on threats risks and vulnerabilities to business operations then we explored security Frameworks and controls and how they're a starting point for creating policies and processes for Security Management this included a discussion of the CIA Triad nist Frameworks and security design principles and how they benefit the security Community as a whole this was followed by a discussion about how Frameworks controls and principles are related to security audits we also explored basic security tools such as Sim dashboards and how they are used to protect business operations and finally we

covered how to protect assets and data by using playbooks as a security analyst you may be working on multiple tasks at once understanding the tools you have at your disposal and how to use them will elevate your knowledge in the field while helping you successfully accomplish your everyday tasks coming up next in the program my colleague Chris will provide more details about topics covered in this course and introduce you to some new core security Concepts I've enjoyed sharing this journey with you you've learned about security domains in previous courses now we will explore one of

those domains further networks it's important to secure networks because network-based attacks are growing in both frequency and complexity hi there my name is Chris and I'm the Chief Information Security Officer for Google Fiber I'm excited to be your instructor for this course I've been working in network security and Engineering for over 20 years and I'm looking forward to sharing some of my knowledge and experience with you this course will help you understand the basic structure of a network also referred to as a network architecture and commonly use Network Tools you'll also learn about network operations

and explore some basic Network protocols next you'll learn about common Network attacks and how Network intrusion tactics can prevent a threat to a network finally the course will provide an overview of security hardening practices and how you might use them to help secure a network there's a lot to learn in securing networks and I'm excited to go on this journey with you ready to get started let's go before securing a network you need to understand the basic design of a network and how it functions in this section of the course you will learn about the

structure of a network standard networking tools Cloud networks and the basic framework for organizing Communications across a network called the tcpip model securing networks is a big part of a security analyst responsibilities so I'm I'm excited to help you understand how to secure your organization's network from threats risks and vulnerabilities let's get going my name is Chris and I'm the Chief Information Security Officer at Google Fiber we provide high-speed internet to customers across the United States as the Chief Information Security Officer I am responsible for making sure that the network stays safe our customers data

stays safe and that we are supporting law enforcement and others as required the career path was a a long and winding one uh my actual first job was working as a butcher at the family grocery store I eventually ended up uh with a job in the computer center at College uh which is where I learned a lot of my initial computer skills uh and then when I graduated from college I started off as a software developer design uh accounting software for a consulting company supporting the Department of Agriculture and then I moved on from that

to other roles eventually ending up in one of the first internet over cable companies uh and I ran several of their services email web services Etc and my stuff kept getting attacked I fell into cyber security because I had to defend the things that I was building I realized it was fun I realized that it was a great career opport opportunity and so I've just stuck with that ever since then when I got into this field other than a couple of books there wasn't a lot of training material out there there were some other people

out there that I could ask questions of uh that I could could get some mentoring from but as a general rule of thumb I was on my own despite this being a fairly technical field the most important thing you're going to learn are the connections you're going to make to other people I made a conscious decision to become actively involved in some of the outside work organizations the trade associations the nonprofits the meetups and other cyber security organizations this enabled me to build the reputation and the relationships so that as my career moved along people

were reaching out to me saying hey Chris we have this opportunity are you interested because the cyber security industry is so varied it can seem like there is a tremendous amount you have to learn that there is this huge step that you have to take in order to get into the industry and that can be daunting but the thing to remember is once you have that fundamental level of skills and fundamental level of background there are so many different directions you can go and there's so much opportunity out there there's this continuous education and curiosity

aspect of the job that is so much fun and it means that you are always having the opportunity to learn something new to change directions and go in new ways because cyber security is going to be constantly changing and that's part of the fun welcome before you can understand the importance of securing a network you need to know what a network is a network is a group of connected devices at home the devices connected to your network might be your laptop cell phones and smart devices like your refrigerator or air conditioner in an office devices

like workstations printers and servers all connect to the network the devices on a network can communicate with each other over network cables or wireless connections networks in your home and office can communicate with networks in other locations and the devices on them devices need to find each other on a network to establish Communications these devices will use unique addresses or identifiers to locate each other the addresses will ensure that Communications happens with the right device these are called the IP and Mac addresses devices can communicate on two types of network a local area network also

known as a lan and a wide area network also known as a Wan a local area network or Lan spans a small area like an office building a school or a home for example when a personal device like your cell phone or tablet connects to the Wi-Fi in your house they form a land the landan then connects to the internet a wide area network or when spans a large geographical area like a city state or country you can think of the internet as one big win an employee of a company in San Francisco can communicate

and share resources with another employee in Dublin Ireland over the WAN now that you've learned about the structure and types of networks meet me in an upcoming video to learn about the devices that connect to them my name is Tina and I'm a software engineer at Google as a software engineer I work on a internal tool that uh serves the security engineers and network engineers at Google network security is important because we want to make sure that our Network systems are safe and resilient to be able to defend against malicious hackers and that we have

the ability to protect our user data working network security allows you to see the overview of the whole company's Network systems which is super cool my favorite part of my job is the impact I get to have on the community that I serve at Google I would say most of my day is a lot of coding design talking to security teams and network teams on their priorities and their blockers and being able to come up with a solution there are often going to be requests that's that come from network teams and security teams that have

specific requirements on certain platforms or on a feature that a need in one of the network policies and usually we would escalate that and try to work on a fix for that one piece of advice I would give for someone who wants to take on the cyber security journey is to be able to always keep learning and be curious about how things work because security is an Ever Changing field cyber security is definitely a team sport everybody has something to contribute and especially on cyber security problems there can be a lot of possibilities and a

lot of different solutions to one problem it's always great to be able to have people to brainstorm with and to track down issues together because things can get very complex sometimes but it's also a fun process to be able to work on things together my name is Emanuel and I am a offensive security engineer at Google for offensive security my job is to simulate adversaries and threats that are targeting you know various companies and I look at defending how we can protect Google's infrastructure I make it harder to hack Google by actually hacking Google so

the technical skills that I use is a lot of programming as well as learning about operational and platform security so knowing how these computers work what is under the hood and understanding the components that create this infrastructure and L cyber security analyst would look at using command Line's log parsing and network traffic analysis in their everyday scope of work so command line allows you to interact with various levels of your uh operating system whether it's the low-level things like the memory and the kernel or if it's high level things like the applications and the programs

that you're running on your computer and with log parsing there are going to be times where you may need to figure out and debug what is going on in your in your program or application and these logs are there to help you and support you in in in finding the root issue and then resolve it from there and with this network traffic analysis there may be times where you need to figure out why is my internet going slow why is traffic not uh being routed to the appropriate destination what can I do to ensure that

my network is up and running Network traffic analysis is looking at Network across various application and network layers and seeing what that traffic is doing how we can secure that traffic as well as identify any vulnerabilities and concerns in the context for for me for security I look at our passwords being leaked in the traffic that's being sent across the network our infrastructure is being secure our firewalls being readily uh configured and configured safely so one skill that that has continued to grow with me in my current role has been communicating effectively to product teams

engineers and identifying an issue that is influencing or affecting the business and communicating to those teams effectively to fix it so being able to take on these mini hats and explain things with the right business approach to things to ensure that the issues that I do find in my work are identified but they're also fixed my advice to folks who are taking this certificate take things apart feel uncomfortable learn and grow and find Opportunities to learn and understand how things work and that skill set will benefit you for the remainder of your your journey in

this video you'll learn about the common devices that make up a network let's get started a hub is a network device that broadcasts information to every device on the network think of a hub like a radio tower that broadcasts a signal to any radio tuned to the correct frequency another Network device is a switch a switch makes connections between specific devices on a network by sending and receiving data between them a switch is more intelligent than a hub it only passes data to the intended destination this makes switches more secure than hubs and enables them

to control the flow of traffic and improve Network performance another device that we'll discuss is a router a router is a network device that connects multiple networks together for example if a computer in one network wants to send information to a tablet on another Network then the information will be transferred as follows first the information travels from the computer to the router then the router reads the destination address and forwards the data to the intended networks router finally the receiving router directs that information to the tablet finally let's discuss modems a modem is a device

that connects your router to the internet and brings internet access to the land for example if a computer from one network wants to send information to a device on a network in a different geographic location it would be transferred as follows the computer would send information to the router the router would then transfer the information through the modem to the internet the intended recipients modem receives the information and transfers it to the router finally the recipients router forwards that information to the destination device Network Tools such as hubs switches routers and modems are physical devices

however many functions performed by these physical devices can be completed by virtualization tools virtualization tools are pieces of software that perform network operations virtualization tools carry out operations that would normally be completed by a hub switch router or modem and they are offered by cloud service providers these tools provide opportunities for cost savings and scalability you'll learn more about them later in the certificate program now you've explored some common devices that make up a network coming up you're going to learn more about cloud computing and how networks can be designed using cloud services companies have

traditionally owned their network devices and kept them in their own Office Buildings but now a lot of companies are using third-party providers to manage their networks why well this model helps companies save money while giving them access to more network resources the growth of cloud computing is helping many companies reduce costs and streamline their network operations cloud computing is the practice of using remote servers applications and Network Services that are hosted on the internet instead of on local physical devices today the number of businesses that use cloud computing is increasing every year so it's important

to understand how Cloud networks function and how to secure them Cloud providers offer an alternative to traditional on premise networks and allow organizations to have the benefit of a traditional Network without storing the devices and managing the network on their own a cloud network is a collection of servers or computers that stores resources and data in a remote Data Center and can be accessed via the Internet because companies don't house the servers at their physical location these servers are referred to as being in the cloud traditional Network hosts web servers from a business in its

physical location however Cloud networks are different from traditional networks because they use remote servers which allows online services and web applications to be used from any geographic location Cloud Security will become increasingly relevant to many security professionals as more organizations migrate to cloud services cloud service providers offer cloud computing to maintain applications for example they provide OnDemand storage and processing power that their customers only pay as needed they also provide business and web analytics that organizations can use to monitor their web traffic and sales with a transition to Cloud networking I have witnessed an overlap

of identity-based security on top of the more traditional network-based Solutions this meant that my focus needed to be on verifying both where the traffic is coming from and the identity that is coming with it more organizations moving their Network Services to the cloud to save money and simplify their operations as this trend has grown Cloud security has become a significant aspect of network security networks help organizations communicate and connect but communication makes Network attacks more likely because it gives a malicious actor an opportunity to take advantage of vulnerable devices and unprotected networks communication over a

network happens when data is transferred from one point to another pieces of data are typically referred to as data packets a data packet is a basic unit of information that travels from one device to another within a network when data is sent from one device to another across a network it is sent as a packet that contains information about where the packet is going where it's coming from and the content of the message think about data packets like a piece of physical mail imagine you want to send a letter to a friend the envelope will

need to have the address where you want the letter to go and your return address inside the envelope is a letter that contains the message that you want your friend to read a data packet is very similar to a physical letter it contains a header that includes the Internet Protocol address the IP address and the media access control or Mac address of the destination device it also includes a protocol number that tells the receiving device what to do with the information in the packet then there's the body of the packet which contains the message that

needs to be transmitted to the receiving device finally at the end of the packet there's a footer similar to a signature on a letter the footer signals to the receiving device that the packet is finished the movement of data packets across a network can provide an indication of how well the network is performing Network performance can be measured by bandwidth bandwidth refers to the amount of data a device receives every second you can calculate bandwidth by dividing the quantity of data by the time and seconds speed refers to the rate at which data packets are

received or downloaded security Personnel are interested in network bandwidth and speed because if either are irregular it can be an indication of an attack packet sniffing is the practice of capturing and inspecting data packets across the network communication on a network is important for sharing resources and data because it allows organizations to function effectively coming up you'll learn more about the protocols to support network communication hello again in this video you'll learn more about communication protocol that devices use to communicate with each other across the internet this is called the TCP IP model TCP IP

stands for transmission control protocol and Internet Protocol tcpip is the standard model used for network communication let's take a closer look at this model by defining TCP and IP separately first TCP or transmission control protocol is an internet communication protocol that allows two devices to form a connection and stream data the protocol includes a set of instructions to organize data so it can be sent across a network it also establishes a connection between two devices and make sure the packet reaches the appropriate destination the IP in tcpip stands for Internet Protocol IP is a set

of Standards used for routing and addressing data packets as they travel between devices on a network included in the Internet Protocol is the IP address that functions as an address for each private Network you'll learn more about IP addresses a bit later when data packets are sent and received across a network they are assigned to Port within the operating system of a network device a port is a software-based location that organizes the sending and receiving of data between devices on a network ports divide Network traffic into segments based on the service they will perform between

two devices the computer sending and receiving these data segments knows how to prioritize and process these segments based on their port number this is like sending a letter to a friend who lives in an apartment building the mail delivery person not only knows how to find the building but they also know exactly where to go in the building to find the apartment number where your friend Liv data packets include instructions to tell the receiving device what to do with the information these instructions come in the form of a port number port numbers allow computers to

split the network traffic and prioritize the operations they will perform with the data some common port numbers are Port 25 which is used for email Port 443 which is used for secure internet communications and Port 20 for large file transfers as you've learned in this video a lot of information and instructions are contained in data packets as as they travel across the network coming up you'll learn more about the TCP IP model now that we've discussed the structure of a network and how Communications takes place it's important for you to know how the Security Professionals

identify problems that might arise the tcpip model is a framework that is used to visualize how data is organized and transmitted across the network the tcpip model has four layers the four layers are the network access layer the internet layer the transport layer and the application layer knowing how the tcpip model organizes network activity allows Security Professionals to Monitor and secure against risks let's examine these layers one at a time layer one is the network access layer the network access layer deals with creation of data packets and their transmission across a network this includes Hardware

devices connected to physical cables and switches that direct the data to its destination layer to is the internet layer the internet layer is where IP addresses are attached to data packets to indicate the location of the sender and receiver the internet layer also focuses on how networks connect to each other for example data packets containing information that determine whether they will stay on the land or be sent to a remote Network like the internet the transport layer includes protocols to control the flow of traffic across a network these protocols permit or deny communication with other

devices and include information about the status of the connection activities of this layer include error control which ensures data is Flowing smoothly across the network finally at the application layer protocols determine how the data packets will interact with receiving devices functions that are organized at application layer include file transfers and email Services now you have an understanding of the TCP IP model and its four layers meet you in the next video let's learn about how IP addresses are used to communicate over a network IP stands for Internet Protocol an Internet Protocol address or IP address

is a unique string of characters that identifies the location of a device on the internet each device on the internet has a unique IP address just like every house on a street has its own mailing address there are two types of IP addresses IP version 4 or ipv4 an IP version 6 or IPv6 let's look at examples of an ipv4 address ipv4 addresses are written as four one two or three-digit numbers separated by a decimal point in the early days of the internet IP addresses were all ipv4 but as the use of the internet grew

all the ipv4 addresses started to get used up so IPv6 was developed IPv6 addresses are made up of 32 characters the length of the the IPv6 address will allow for more devices to be connected to the internet without rounding out of addresses as quickly as ipv4 IP addresses can be either public or private your internet service provider assigns a public IP address that is connected to your geographic location when network communications goes out for your device on the internet they all have the same public facing address just like all the roommates in one home share

the same mailing address all the devices on a network share the same public face IP address private IP addresses are only seen by other devices on the same local network this means that all the devices on your home network can communicate with each other using unique IP addresses that the rest of the internet can't see another kind of address used in network communications is called a MAC address a MAC address is a unique alpha numeric identifier that is assigned to each physical device on a network when a switch receives a data packet it reads the

MAC address of the destination device and maps it to a port it then keeps this information in a MAC address table think of the MAC address table like an address book that the switch uses to direct data packets to the appropriate device in this video you learned about IP version 4 and IP version 6 addresses you learned how IP and Mac addresses are used in network communication and the difference between a public and a private IP address hey you made it well done let's wrap up what you've learned in this section of the course we

explored the structure of a network including ws and lands we also discussed standard networking tools like hubs switches routers and modems we briefly introduce Cloud networks and we discuss their benefits we also spend some time on the tcpip model as a reminder technicians and security analysts often use this framework when communicating where network problems have occurred that wraps up this section next you'll learn more about network operations and how data is transmitted over wireless networks congratulations on the progress you've made so far in this section you'll learn about how networks operate using tools and protocols

these are the concepts that you'll use every day in your work as a security analyst the tools and protocols you'll learn in this section of the program will help you protect your organizations network from Attack did you know that malicious actors can take advantage of data moving from one device to another on a network thankfully there are tools and protocols to ensure the network stays protected against this type of threat as an example I once identified an attack based solely on the fact they were using the wrong protocol the network traffic volumes were right it

was coming from a trusted IP but it was on the wrong protocol which tipped us off enough to shut down the attack before they caused real damage first we'll discuss some common Network protocols then we'll discuss virtual private networks or VP PN and finally we'll learn about firewalls security zones and proxy servers now that you have an idea of where we're headed let's get started networks benefit from having rules rules ensure the data sent over the network gets to the right place these rules are known as Network protocols Network Protocols are a set of rules

used by two or more devices on a network to describe the order of delivery and the structure of the data let's use a scenario to demonstrate a few different types of network protocols and how they work together on a network say you want to access your favorite recipe website you go to the address bar of the top of your browser and type in the website's address for example www. yummy recipes for me.org before you gain access to the website your device will establish Communications with a web server that communication uses a protocol called the transmission

control protocol or TCP TCP is an internet communications protocol that allows two devices to form a connection and stream data TCP also verifies both devices before allowing any further Communications to take place this is often referred to as a handshake once communication is established using a TCP handshake a request is made to the network using our example we have requested data from the yummy recipe for me server their servers will respond to that that request and send data packets back to your device so that you can view the web page as data packets move across

the network they move between network devices such as routers the address resolution protocol or ARP is used to determine the MAC address of the next router or device in the path this ensures that the data gets to the right place now the communication's been established and the destination devices known it's time to access the yummy recipe Forme website the hypertext transfer protocol secure or https is a network protocol that provides a secure method of communication between client and website servers it allows your web browser to securely send a request for a web page to the

yummy recipes Forme server and receive a web page as a response next comes a protocol called the domain name system or DNS which is a network protocol that translate Internet domain names into IP addresses the DNS protocol sends the domain name in the web address to a DNS server that retrieves the IP address of the website you are trying to access in this case yummy recipes for me the IP address is included as a destination address for the data packets traveling to the yummy recipes Forme web server so just by visiting one website the device

on your networks are using four different protocols TCP ARP htps and DNS these are just some of the protocols used in network communications to help you learn more about the different protocols we'll discuss them further in an upcoming course material but how do these protocols relate to security well in the yummy recipes for me website example we used https which is a secure protocol that requests a web page from a web server https encrypts data using the secure socket layer and transport layer security otherwise known as SSL TLS this helps keep the information secure from

malicious actors who want to steal valuable information that's a lot of information and a lot of protocols to remember throughout your career as a security analyst you'll become more familiar with network protocols and use them in your daily activities so far you've learned about a variety of network protocols including Communications protocols like tcpip now we're going to go more in depth into a class of communications protocols called the i e 802.11 i e 802.11 commonly known as Wi-Fi is a set of standards that Define Communications for wireless lands i e stands for The Institute of

electrical and electronics Engineers which is an organization that maintains Wi-Fi standards and 802.11 is a suite of protocols used in Wireless Communications Wi-Fi protocols have adapted over the years to become more secure and reliable to provide the same level of security as a wired connection in 2004 a secure protocol called the Wi-Fi protected access or WPA was introduced WPA is a wireless security protocol for devices to connect to the internet since then WPA has evolved into newer versions like WPA 2 and WPA 3 which include further security improvements like more advanced encryption as a security

analyst you might be responsible for making sure that the wireless connections in your organization are secure let's learn more about security measures in this video you'll learn about different types of firewalls these include Hardware software and cloud-based firewalls you'll also learn the difference between a stateless and stateful firewall and cover some of the basic operations that a firewall performs finally you'll explore how proxy servers are used to add a layer of security to the network a firewall is a network security device that monitors traffic to and from your network it either allows traffic or it

blocks it based on a defined set of security rules a firewall can use port filtering which blocks or allows certain port numbers to limit unwanted communication for example could have a rule that only allows Communications on Port 443 for htps report 25 for email and blocks everything else these firewall settings will be determined by the organization's security policy let's talk about a few different kinds of firewalls a hardware firewall is considered the most basic basic way to defend against threats to a network a hardware firewall inspects each data packet before it's allowed to enter the

network a software firewall performs the same functions as a hardware firewall but it's not a physical device instead it's a software program installed on a computer or on a server if the software firewall is installed on a computer it will analyze all the traffic received by that computer if the software firewall is installed on a server it will protect all the devices connected to the server a software firewall typically costs less than purchasing a separate physical device and it doesn't take up any extra space but because it is a software program it will add some

processing burden to the individual devices organizations may choose to use a cloud-based firewall cloud service providers offer firewalls as a service or FAS for organizations cloud-based firewalls are software firewalls hosted by a cloud service provider organizations can configure the firewall rules on the cloud service providers interface and the firewall will perform security operations on all incoming traffic before it reaches the organization's on-site Network cloud-based firewalls also protect any assets or processes that an organization might be using in the cloud all the firewalls we have discussed can be either stateful or stateless the term stateful and

stateless refer to how the firewall operates stateful refers to a class of firewall that keeps track of information p passing through it and proactively filters out threats a stateful firewall analyzes Network traffic for characteristics and behavior that appears suspicious and stops them from entering the network State less refers to a class of firewall that operates based on predefined rules and does not keep track of information from data packets a stateless firewall only acts according to preconfigured rules set by the firewall administrator the rules programmed by the firewall administrator tell the device what to accept and

what to reject a stateless firewall doesn't store analyze information it also doesn't Discover suspicious trends like a stateful firewall does for this reason stateless firewalls are considered less secure than stateful firewalls a Next Generation firewall or ngfw provides even more security than a stateful firewall not only does an ngfw provide stateful inspection of incoming and outgoing traffic but it also performs more in-depth security functions like deep packet inspection and intrusion protection some ngfw connect to cloud-based threat intelligence services so they can quickly update to protect against emerging cyber threats now you have a basic understanding

of firewalls and how they work we learned that firewalls can be Hardware or software we also discussed the difference between a stateless and stateful firewall and the security benefits of a stateful firewall finally we discuss Next Generation firewalls and the security benefits they provide coming up we'll learn more about virtual Networks in this video we're going to discuss how virtual private networks or vpns add security to your network when you connect to the internet your internet service provider receives your Network's requests and forwards it to the correct destination server but your internet requests include your

private information that means if the traffic gets intercepted someone could potentially connect your internet activity with your physical location and your personal information this includes some information that you want to keep private like bank accounts and credit card numbers a virtual private Network also known as a VPN is a network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you're using a public network like the internet vpns also encrypt your data as it travels across the internet to preserve confidentiality a VPN service

performs encapsulation on your data in transit encapsulation is a process performed by a VPN service that protects your data by wrapping sensitive data in other data packets previously you learned how the mac and IP address of the destination device is contained in the header and footer of a data packet this is a security threat because it shows the IP and virtual location of your private Network you could secure a data packet by encrypting it to make sure your information can't be deciphered but then Network routers won't be able to read the IP and Mac address

to know where the send it to this means you won't be able to connect to the Internet site or the service that you want and encapsulation solves this problem while still maintaining your privacy VPN Services encrypt your data packets and encapsulate them in other data packets that the routers can read this allows your network requests to reach their destination but still encrypts your personal data so it's unreadable while in transit a VPN also uses an encrypted tunnel between your device and the VPN server the encryption is unhackable without a cryptographic key so no one can

access your data VPN services are simple and offer significant protection while you're on the internet with a VPN you have the added assurance that your data is encrypted your IP address and virtual location are unreadable to malicious actors in This section we'll discuss a type of network security feature called a security Zone security zones are a segment of a network that protects the internal network from the internet they are part of the security technique called Network segmentation it divides the network into segments each Network segment has its own access permissions and security rules security zones

control who can access different segments of a network security Zones Act as a barrier to internal networks maintain privacy within corporate groups and prevent issues from spreading to the whole network one example of network segmentation is a hotel that offers free public Wi-Fi the un secured guest network is kept separate from another encrypted Network used by the hotel staff additionally an organization's Network can be divided into subn networks or subnets to maintain privacy for each department in Organization for instance at a university there may be a faculty subnet and a separate student subnet if there

is contamination on the student subnet Network administrators can isolate it and keep the rest of the network free from contamination an organization's network is classified into two types of security zones first there's the uncontrolled Zone which is any network outside the organization's control like the internet then there's the controlled Zone which is a subnet that protects the internal network from the uncontrolled Zone there are several types of network within the controlled Zone on the outer layer is the demilitarized zone or DMZ which contains public facing services that can access the internet this includes web servers

proxy servers that host websites for the public and DNS servers that provide IP addresses for internet users it also includes email and file servers that handle external Communications the DMZ acts as a network perimeter to the internal Network the internal Network contains private servers and data that the organization needs to protect inside the internal network is another Zone called the restricted Zone the restricted Zone protects highly confidential information that is is only accessible to employees with certain privileges now let's try to picture these security zones ideally the DMZ is situated between two firewalls one of

them filters traffic outside the DMZ and one of them filters traffic entering the internal Network this protects the internal network with several lines of Defense if there's a restricted Zone that too would be protected with firewall this way attacks that penetrate into the DMZ Network cannot spread to the internal Network and attacks that penetrate the internal Network cannot access the restricted Zone as a security analyst you may be responsible for regulating Access Control policies on these firewalls security teams can control traffic reaching the DMZ and the internal Network by restricting IPS and ports for example

an analyst May ensure that only https traffic is allowed to access web servers in the DMZ security zones are an important part of securing Networks espec especially at large organizations understanding how they are used is essential for all security analysts coming up we'll learn about securing internal networks previously we discussed how firewalls vpns and security zones help to secure networks next we'll cover how to secure internal networks with proxy servers proxy servers are another system that helps secure networks the definition of a proxy proxy server is a server that fulfills the request of a client

by forwarding them on to other servers the proxy server is a dedicated server that sits between the internet and the rest of the network when a request to connect to the network comes in from the internet the proxy server will determine if the connection request is safe the proxy server uses a public IP address that is different from the rest of the private Network this hides the private Network's IP address from malicious actors on the internet and adds a layer of security let's examine how this will work with an example when a client receives an

https response they will notice a distorted IP address or no IP address rather than the real IP address of the organization's web server a proxy server can also be used to block unsafe websites that users aren't allowed to access on an organization's Network a proxy server uses temporary memory to store data that's regularly requested by external servers this way it doesn't have to fetch data from an organization's internal servers every time this enhances security by reducing contact with the internal server there are different types of proxy servers that support network security this is important for

security analysts who monitor traffic from various proxy servers and may need to know what purpose they serve let's explore some different types of proxy servers a forward proxy server regulates and restricts a person's access to the internet the goal goal is to hide a user's IP address and approve all outgoing requests in the context of an organization a forward proxy server receives outgoing traffic from an employee approves it and then forwards it on to the destination on the internet a reverse proxy server regulates and restricts the internet's access to an internal server the goal is

to accept traffic from external parties approve it and forward it to the internal servers this setup is useful for protecting internal web servers containing confidential data from exposing their IP address to external parties an email proxy server is another valuable security tool it filters spam email by verifying whether a sender's address was forged this reduced the risk of fishing attacks that impersonate people known to the organization let's talk about a real world example of an email proxy several years ago when I was working at a large US Broadband ISP we used a proxy server to

implement multiple layers of anti-spam filtering before the message was allowed in for delivery it ended up tagging around 95% of messages is spamed the proxy servers would allowed us to filter and then scale those filters without impacting the underlying email platform proxy servers play an important part in network security by filtering incoming and outgoing traffic and staying alert to network attacks these devices add a layer of protection from unsecured public network that we call the internet you've learned a lot about some complex topics I want to congratulate you for coming this far in the program

let's recap what we've covered in this section first we discussed common Network protocols like TCP ARP https and DNS and then we covered how virtual private networks or vpns can be used to maintain privacy on a public network finally we explored how firewalls security zones and proxy servers help to secure network infrastructure overall Network op operations is a vast topic involving various tools protocols and techniques that help networks run smoothly and securely feel free to come back and review these videos at any time you'll use this information in any type of role as a security

analyst hey there welcome to this video about securing networks from attacks you've come a long way already in your understanding of networks and network security now you'll learn how to secure networks so that the valuable information they contain doesn't get into the wrong hands we're going to discuss how Network intrusion tactics can present a threat to networks and how a security analyst can protect against Network attacks let's get started let's start by answering the question why do we need a secure networks as you've learned networks are constantly at risk of attack from malicious actors attackers

can infiltrate networks via malware spoofing or packet sniffing network operations can also be disrupted by attacks such as packet flooding as we go along you're going to learn about these and other common Network intrusion attacks in more detail protecting a network from these types of attacks is important if even one of them happens it could be a catastrophic impact on an organization attacks can harm an organization by leaking valuable or confidential information they can also be damaging to an organization's reputation and impact customer retention mitigating attacks may also cost the organization money and time over

the last few years there have been a number of examples of damage that cyber attacks can cause one notorious example was an attack against the American Home Improvement chain Home Depot in 2014 a group of hackers compromised and infected Home Depot servers with malware by the time network administrator shut down the attack that hackers had already taken the credit and debit card information for over 56 million customers now you know why it's so important to secure a network but to keep a network secure you need to know what kinds of attacks to protect it from

coming up you learn about some common Network attacks welcome back in this video we are going to discuss denial of service attacks a denial of service attack is an attack that targets a network or server and floods it with network traffic the objective of a denial of service attack or a Dos attack is to disrupt the normal business operations by overloading an organization's Network the goal of the attack is to send so much information to a network device that it crashes or is unable to respond to legitimate users this means that the organization won't be

able to conduct their normal business operations which can cost them money and time a network crash can also leave them vulnerable to other security threats and attacks a distributed denial of service attack or dos is a kind of Dos attack that uses multiple devices or servers in different locations to flood the target network with unwanted traffic use of numerous devices makes it more likely that the total amount of traffic sent will overwhelm the target server remember dos stands for denial of service so it doesn't matter what part of the network the attacker overloads if they

overload anything they win an unfortunate example I've seen is an attacker who crafted a very careful packet that caused a router to spend extra time processing the request the overall traffic volume didn't overload the router the specifics within the packet did now we'll discuss Network level Doss attacks the target Network bandwidth to slow traffic let's learn about three common Network level dos attacks the first is called a sin flood attack a sin flood attack is a type of Dos attack that simulates the TCP connection and floods a server with sin packets so let's break this

definition down a bit more by taking a closer look at the handshake process that is used to establish a TCP connection between a device and a server the first step in the handshake is for the device to send a sin or synchronize request to the server then the server responds with a sinac packet to acknowledge the receipt of the device's request and leaves a port open for the final step of the handshake once the server receives the Final Act packet from the device a TCP connection is established malicious actors can take advantage of the protocol

by flooding a server with sin packet requests for the first part of the handshake but if the number of sin requests is larger than the number of available ports on the server then the server will be overwhelmed and become unable to function let's discuss two other common Doss attacks that use another protocol called icmp icmp stands for internet control message protocol icmp is an Internet Protocol used by devices to tell each other about data transmission errors across the network think of icmp like a request for a status update from a device the device will return

error messages if there is a network concern you can think of this like the icmp request checking in with the device to make sure that all is well an icmp flood attack is a type of Dos attack performed by an attacker repeatedly sending icmp packets to a network server this forces the server to send an icmp packet this eventually uses up all the bandwidth for incoming and outgoing traffic and causes the server to crash both of the attacks we've discussed so far sin flood and icmp flood take advantage of communication protocols by sending an overwhelming

number of requests there are also attacks that can overwhelm a server with one big request one example that we'll discuss is called the Ping of death a ping of death attack is a type of Dos attack that is caused when a hacker pings a system by sending in an oversized icmp packet that is bigger than 64 kilobytes the maximum size for a correctly formed icmp packet pinging a vulnerable Network server with an oversized icmp packet will overload the system and cause it to crash think of this like dropping a rock on a small antill each

individual ant can carry a certain amount of weight while transporting food to and from the anill but if a large rock is dropped on the anill then many ants will be crushed and the colony is unable to function until it rebuilds its operations elsewhere now that's it for Doss and DS attacks coming up we'll continue to discuss common Network attacks in this video we'll discuss packet sniffing with a focus on how thread actors may use this Tech technique to gain unauthorized access to information previously you learned about the information and data packets that travel across

the network packets include a header which contains the senders and receivers IP addresses packets also contain a body which may contain valuable information like names date of birth personal messages financial information credit card numbers packet sniffing is the practice of using software tools to observe data as it moves across a network as a security analyst you may use packet sniffing to analyze and capture packets when investigating ongoing incidents or debugging network issues later in this certificate program you'll gain Hands-On practice with some packet sniffing software however malicious actors may also use packet sniffing to look

at data that has not been sent to them this is a little bit like opening somebody else's mail it's important for you to learn about how thread actors use packet sniff with harmful intent so you can be prepared to protect against these malicious acts malicious actors May insert themselves in the middle of an authorized connection between two devices then they can use packet sniffing to spy on every data packet as it comes across their device the goal is to find valuable information in the data packets that they can then use in their advantage attackers can

use software applications or a hardware device to look into Data packets malicious actors can access a network packet with a packet sniffer and make changes to the data they may change the information in the body of the packet like altering a recipient's bank account number packet sniffing can be passive or active passive packet sniffing is a type of attack where data packets are read in transit since all the traffic on a network is visible to any host on the Hub malicious actors can view all the information going in and out of the device they are

targeting thinking back to the example of a letter being delivered we can compare a past mive packet sniffing attack to a postal delivery person maliciously reading somebody's mail the postal worker or packet sniffer has the right to deliver the mail but not the right to read the information inside active packet sniffing is a type of attack where data packets are manipulated in transit this may include injecting internet protocols to redirect the packets to an unintended port or changing the information the packet contains an active packet sniffing attack would be like a neighbor telling the delivery

person I'll deliver that mail for you and then reading the mail or changing the letter before putting it in your mailbox even though your neighbor knows you and even if they deliver it to the correct house they are actively going out of their way to engage in malicious behavior the good news is that malicious packet sniffing can be prevented let's look at a few ways the network security professional can prevent these attacks one way to protect against malicious packet sniff is to use a VPN to encrypt and protect data as it travels across the network

if you don't remember how vpn's work you can revisit the video about this topic in the previous section of the program when you use a VPN hackers might interfere with your traffic but they won't be able to decode it to read it and read your private information another way to add a layer of protection against packet sniffing is to make sure the websites you have use https at the beginning of the domain address previously we discussed how HT gtps uses SSL TLS to encrypt data and prevent eavesdropping when malicious actors spy on network Transmissions one

final way to help protect yourself against malicious packet sniffing is to avoid using unprotected Wi-Fi you usually find unprotected Wi-Fi in public places like coffee shops restaurants or airports these networks don't use encryption this means that anyone on the network can access all of the data traveling to and from your device one precaution you can take is avoiding free public Wi-Fi unless you have a VPN service already installed on your device okay now you know how thread actors may use packet sniffing and how to protect a network from these attacks let's move on to discuss

other network intrusions next let's learn about another kind of network attack called IP spoofing IP spoofing is a network attack perform when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network in this kind of attack the hacker is pretending to be someone they are not so they can communicate over the network with the target computer and get past firewall rules that may prevent outside traffic some common IP spoofing attacks are onpath attacks replay attacks and Smurf attacks let's discuss these one at a time

an onpath attack is an attack where the malicious actor places themselves in the middle of an authorized connection and intercepts or Alters the data in transit onpath attackers gain access to the network and put themselves between two devices like a web browser and a web server then they sniff the packet information to learn the IP and Mac addresses of the two devices that are communicating with each other after they have this information they can pretend to be either of these devices another type of attack is a replay attack a replay attack is a network attack

performed when a malicious actor intercepts a data pack in transit and delays it or repeats it at another time a delayed packet can cause connection issues between Target computers or a malicious actor may take a network transmission that was sent by an authorized user and repeat it at a later time to impersonate the authorized user a Smurf attack is a combination of a Dos attack and an IP spoofing attack the attacker sniffs an authorize user IP address and floods it with packets this over welms the target computer and can bring down a server or the

entire network now that you've learned about different kinds of Ip spoofing let's talk about how you can protect a network from this kind of attack as you previously learned encryption should always be implemented so that the data in your network transfers can't be read by malicious actors firewalls can be configured to protect against IP spoofing IP spoofing makes it seem like the malicious actor is an authorized user by changing the sender address of the data packet to match the target Network's address so if a firewall receives a data packet from the internet where the sender's

IP address is the same as the private Network then the firewall will deny the transmission since all the devices with that IP address should already be on the local network you can make sure that your firewalls configure correctly by creating a rule to reject all incoming traffic that has the same IP address as the local network that's it for IP spoofing you've learned how IP spoofing is used in some common attacks like onpath attacks replay attacks and Smurf attacks nice job finishing this section let's review what you've learned so far we discussed how to secure

networks we also learned about Network intrusion tactics like malicious packet sniffing and IP spoofing finally we discussed how a security analyst can protect against these kind of attacks you've learned about dos and dos attacks like icmp flooding sin attacks and the Ping of death which try to overwhelm a network by flooding it with unwanted data packets W just think about everything you know already about Network attacks what you've learned in these videos will be essential in your work as a security analyst coming up you'll learn about how security analysts can protect a network using various

security hardening techniques I want to take a moment to congratulate you on your progress so far first you learned about network operations then you learned about the tools and protocols that help network systems function next you learned how vulnerabilities and networks expose them to various security intrusions now we'll discuss security hardening then we'll learn about OS hardening explore Network hardening practices and discuss Cloud hardening practices security hardening can be implemented in devices networks applications and Cloud infrastructure security analysts May perform tasks such as patch updates and backups as part of security hardening we'll discuss these

tasks as you progress through the course as a security analyst hardening will play a major role in your day-to-day tasks which is why it's important for you to understand how it works I'm excited to accompany you in this journey meet you in the next video security analyst and the organizations they work with have to be proactive about protecting systems from Attack this is where security hardening comes in security hardening is the process of strengthening a system to reduce its vulnerability and attack surface all the potential vulnerabilities that a threat actor could exploit are referred to

as a system's attack surface let's use an example that compares a network to a house the attack surface would be all the doors and windows that a robber could use to gain access to that house just like putting locks on all the doors and windows in a house security hardening involves minimizing the attack surface or potential vulnerabilities and keeping a network as secure as possible as part of security hardening security analysts perform regular maintenance procedures to keep a network device and systems functioning securely and optimally security hardening can be conducted on any device or system

that can be compromised such as Hardware operating systems applications computer networks and databases physical security is also a part of security hardening this may include securing a physical space with security cameras and security guards some common types of hardening procedures includes software updates also called patches and device or application configuration changes these updates and changes are done to increase security and fix security vulnerabilities on a network and example of a security configuration change would be requiring longer passwords or more frequent password changes this makes it harder for a malicious actor to gain login credentials an

example of configuration check is updating the encryption standards for data that is stored in a database keeping encryption up to date makes it harder for malicious actors to access the database other examples of security hardening include removing or disabling unused applications and services disabling unused ports and reducing ing access permissions across devices and network minimizing the number of applications devices ports and access permissions makes Network and device monitoring more efficient and reduces the overall attack surface which is one of the best ways to secure an organization another important strategy for security hardening is to conduct

regular penetration testing a penetration test also called a pent test is a simulated attack that helps identify vulnerabilities in a system Network website application and process penetration testers document their findings in a report depending on where the test fails security teams can determine the type of security vulnerabilities that require fixing organizations can then review these vulnerabilities and come up with a plan to fix them coming up you'll learn more about how security hardening is an essential aspect of securing networks it's a foundational part of network security that strengthens a network in order to reduce the

number of success uccessful attacks hi there in this video we'll discuss operating system or Os hardening and why it's essential to keep the entire network secure the operating system is the interface between computer hardware and the user the OS is the first program loaded when a computer turns on the OS acts as an intermediary between software applications and the computer hardware it's important to secure the OS in each system because of one secure OS can lead to a whole network being compromised there are many types of operating systems and they all share similar security hardening

practices let's talk about some of those security hardening practices that are recommended to secure an OS some OS hardening tasks are performed at regular intervals like updates backups and keeping an up-to-date list of devices and authorized users other tasks are performed only once as part of preliminary safety meas one example would be configuring a device setting to fit a secure encryption standard let's begin with OS hardening tasks that are performed at a regular interval such as patch installation also known as patch updates a patch update is a software and operating system or OS update that

addresses security vulnerabilities within a program or product now we'll discuss patch updates provided to the company by the OS software vendor with patch updates the Theos should be upgraded to its latest software version sometimes patches are released to fix the security vulnerability in the software as soon as OS vendors publish a patch and the vulnerability fix malicious actors know exactly where the vulnerability is in the system running the out-of-date OS this is why it's important for organizations to run patch updates as soon as they are released for example my team had to perform an emergency

patch to address a recent vulnerability found in a commonly used programming Library the library is used almost everywhere so we had to quickly patch most of our servers and applications to fix the vulnerability the newly updated OS should be added to the Baseline configuration also called the Baseline image a baseline configuration is a documented set of specifications within a system that is used as a basis for future builds releases and updates for example a baseline may contain a firewall rule with a list of allowed and disallowed Network ports if a security team suspects unusual activity

affecting the OS they can compare the current configuration to the Baseline and make sure that nothing has been changed another hardening tasks perform regularly is hardware and software disposal this ensures that all old Hardware is properly wiped and disposed of it's also a good idea to delete any unused software applications since some popular programming languages have known vulnerabilities removing unused software makes sure that there aren't any unnecessary vulnerabilities connected with the programs that the software uses the final OS hardening technique that we'll discuss is implementing a strong password policy strong password policies require that passwords

follow specific rules for example an organization May set a password policy that requires a minimum of eight characters a capital letter a number and a symbol to discourage malicious actors a password policy usually states that a user will lose access to the network after entering the wrong password a certain number of times in a row some systems also require multiactor authentication or MFA MFA is a security measure which requires a user to verify their identity in two or more ways to access a system or network ways of identifying yourself includes something you know like a

password something you have like an ID card or something unique about you like your fingerprint to review OS hardening is a set of procedures that maintains OS security and improves it security measures like access Privileges and password policies frequently undergo regular Security checks as part of os hardening coming up we'll discuss Network hardening practices earlier you learned that OS hardening focuses on device safety and uses patch updates secure configuration and account access policies now we'll focus on network hardening Network hardening focuses on network related security hardening like Port filtering network access Privileges and encryption over

networks certain Network hardening tasks are performed regularly While others are performed once and then updated as needed some tasks that are regularly performed are firewall rule maintenance Network log analysis patch updates and server backups earlier you learned that a log is a record of events that occurs within an organization systems Network log analysis is the process of examining Network logs to identify events of Interest security teams use a log analyzer tool or a security information and event management tool also known as a Sim to conduct Network log analysis a Sim tool is an application that

collects and analyzes log data to monitor critical activities in an organization it gathers security data from a network and presents that data on a single dashboard the dashboard interface is sometimes called a single pane of glass a Sim helps analysts to inspect analyze and react to security events across the network based on their priority reports from the Sim provide a list of new or ongoing Network vulnerabilities and list them on a scale of priority from high to low where high priority vulnerabilities have a much shorter deadline for mitigation now that we've covered tasks that are

performed regularly let's examine tasks that are performed once these tasks include Port filtering on firewalls network access Privileges and encryption for communication among many things let's start with Port filtering Port filtering can be formed over the network Port filtering is a firewall function that blocks or allows C certain port numbers to limit unwanted communication a basic principle is the only ports that are needed are the ones that are allowed any port that isn't being used by the normal network operations should be disallowed this protects against Port vulnerabilities networks should be set up with the most

up-to-date Wireless protocols available and older Wireless protocols should be disabled security analysts also use Network segmentation to create isolated subnet for different departments in an organization for example they might make one for the marketing department and one for the finance department this is done so that issues in each subnet don't spread across the whole company and only specified users are given access to the part of the network that they are require for their role Network segmentation may also be used to separate different security zones any restricted Zone on a network containing highly classified or confidential

data should be be separate from the rest of the network lastly all network communication should be encrypted using the latest encryption standards encryption standards are rules or methods used to conceal outgoing data and uncover or decrypt incoming data data in restricted zones should have much higher encryption standards which makes them more difficult to access you've learned about the most common hardening practices this knowledge will be useful as you complete the certificate program and it's essential to your career as a security analyst in recent years many organizations are using Network Services in the cloud so in

addition to securing on premises networks a security analyst will need to secure Cloud networks in a previous video you learned that a cloud network is a collection of servers or computers that stores resources and data in a remote data center that can be accessed via the Internet they can host Post company data and applications using cloud computing to provide OnDemand storage processing power and data analytics just like regular web servers Cloud servers also require proper maintenance done through various security hardening procedures although Cloud servers are hosted by a cloud service provider these providers cannot prevent

intrusions in the cloud especially intrusions from malicious actors both internal and external to an organization one distinction between Cloud Network hardening and traditional Network hardening is the use of a server Baseline image for all server instances stored in the cloud this allows you to compare data in the cloud servers to the Baseline image to make sure there haven't been any unverified changes an unverified change could come from an intrusion in the cloud Network similar to OS hardening data and applications on a cloud Network are kept separate depending on their service category for for example older

applications should be kept separate from newer applications and software that deals with internal functions should be kept separate from front-end applications seen by users even though the cloud service provider has a shared responsibility with the organization using their services there are still security measures that need to be taken by the organization to make sure their Cloud network is safe just like traditional networks operations in the cloud need to be secured you're doing great meet you in the next [Music] video I'm Kelsey I'm a distinguished engineer at Google Cloud I work on compute platforms and security

related topics when I was starting the only jobs I had previous the only jobs I was confident were accessible to me were fast food jobs I wanted a career I wanted more more than just a job so when I zoomed out and asked myself what were my career options I couldn't think of a better place in the year 1999 than going into the world of Technologies I mean on the news people were lining up for the latest operating system all the tech people were the new rock stars and I remember flipping through the opening jobs

or the job openings in the classified section and it said anyone that has one of these certifications let us know because were hiring the Delta between getting started and getting your first job into that career that I always wanted it was $35 away in a certification book so let's talk about Cloud so before the time of cloud most companies had their own data center imagine it's just you alone in your house you can put anything wherever you want you may choose to never lock the doors on the inside it's just you and for a long

time in our industry that's the way people ran their data centers now we just call that private Cloud it's just you there but cloud is public and so the analogy would be imagine getting roommates now you start to think differently about your stuff you start to lock things up even while you're inside of the house and your security discipline is going to be very different as more and more companies moving to Cloud you may just be the person who can help one of those organizations finally make that leap because they have a professional on their

team all right so you've gotten the certification you've gotten the fundamental skills how do you make sure that you can actually use them in the cloud I'm going to let you in a little secret go use the cloud go take existing software throw it in a cloud and find all the tools that poke and prod at the thing you just got running and it's going to tell you where you're weak learn those tools because those are the tools that the professionals use learning is a superpower it gives you the ability to not only get that

job that you've been looking at but it also gives you the ability to define the next one great work on learning about security hardening let's take a few minutes to wrap up what you've learned you learned about security hardening and its importance to an organization's infrastructure first we discussed how security hardening strengthens systems and networks to reduce the likelihood of an attack next we covered the importance of os hardening including patch updates Baseline configurations and hardware and software disposal then we explored Network hardening practices such as Network log analysis and firewall rule maintenance finally we

examine Cloud Network hardening and the response responsibilities of both organizations and cloud service providers in maintaining security as a security analyst you'll be working with operating systems on premise networks and Cloud networks you'll be using all the knowledge that we learn in this section in your career as a security analyst wow we have covered a lot in this course let's review everything we've discussed you learned about networks Network architecture and the best practices used by Security Professionals to secure a network against security breaches as we bring this course to a close let's review what you've

learned about security networks so far first we explore the structure of a network a security analyst must understand how a network is designed to be able to identify parts of a network that present vulnerabilities and need to be secured next we learned about network operations and how they affect the communication Data Network protocols determine how the data is transmitted over the network as communication takes place over the network malicious actors may use tactics such as denial of service attacks packet sniffing and IP spoofing security analysts employ tools and measures such as firewall rules to protect

against these attacks we also discussed security hardening security hardening is used to reduce the attack area of a network this means the attack does not disable an entire network network security hardening can be done at the hardware level the software level or the network level securing networks is an essential part of a security analyst duties knowledge of a network and its operations and security practices will ensure that you are successful in your career as a security analyst and that brings us to the topic of our next course which will cover Computing basics for security analysts

in that course you'll learn how to use the Linux command line to authenticate and authorize users on a network and to use SQL otherwise known as SQL to communicate with databases great work getting here all the concepts you've learned in this section will be essential for success in your role as a security analyst now you can move on to the next course enjoy hi welcome to this course on Computing basics for security my name is Kim and I work as a technical program manager in security I grew up with computers and the internet but didn't

really consider security as a career opportunity until I saw how it was interwoven into technology before my first security job I worked on a cloud application team and had to regularly interact with a security team it was my first experience working with security but the idea of protecting information and working with others towards that goal was exciting to me as a result I decided to work towards my cissp which led me to some new job opportunities at my company and and I was then able to move into security at this point if you've been following

along you've already explored a variety of Concepts useful to the security field including security domains and networking I'm excited to join you during the next part of the program we'll take it slow so that you can understand these topics in practical ways the focus of this course is Computing Basics when you understand how the machines in an organization system work it helps you do your job as a security analyst more efficiently part of your job as a security analyst is to keep systems protected from possible attacks you're one of the first levels of Defense in

protecting an organization's data to do this effectively it's helpful to understand how the system you're protecting Works in addition you may need to investigate events to help correct errors in the system being familiar with Linux operating system and its Associated commands and also being able to interact with an organization's data through SQL will help you with that in this course you'll learn about operating systems and how they relate to applications and Hardware next you'll explore the Linux operating system in more detail then you'll use the Linux command line within a security context finally we'll discuss

how you can use SQL to query databases while working as a security analyst I'm excited to explore all of these topics with you let's get started how many times a week do you use a computer computer for some of us the answer might be a lot they're incredible machines that let us do everything from using specialized applications when completing a task at work to sending emails to loved ones in a distant Place have you ever thought about how computers can do all of this well that's where operating systems come in in this section we'll learn

about common operating systems and we'll explore the main functions of an operating system then we'll learn the relationship between operating systems applications and Hardware finally we'll compare graphical user interfaces and command line interfaces the command line interface will be an essential part of your job as a security analyst understanding operating systems is an important foundation for your career in security there's so much to explore let's begin hi I'm Kim I'm a technical program manager at Google I'm currently working in the security mergers and Acquisitions team where I work with other companies that we purchase and

I help them integrate into the Google environment I've held multiple roles before getting into cyber security and even technology I first started working as a restaurant worker and then I became an English tutor for international students at my local College after doing multiple internships and graduating from University I had my first opportunity to work in technology and that's where my interest in technology and eventually cyber security began I was I want to tell everyone with any type of background that you can get into cyber security if you're interested in protecting information if you're interested in

protecting people in the future security is there for you there are so many different roles you can do and all of the skills that you've have now and that you've gathered previously can be applicable with insecurity the skill that I use the most is connecting with people every day I can't get anything done unless I connect with them the right way so that's actually the biggest skill I lean on the most working in security a piece of advice I would give for someone new starting in the cyber security field is to keep an open mind

I started out with a degree in business so I didn't even feel like I was technical enough to be where I am today and before that all of my experiences were either restaurant work or marketing work or just something that felt like it was unrelated to technology but all of that helped me and motivated me to actually kind of get my feet more wet into technology and then eventually security and before I knew it that self-doubt was really replaced with more of a support from my peers and respect from other people that I've worked with

devices like computers smartphones and tablets all have operating systems if you've used a desktop or laptop computer you may have used the Windows or Mac OS operating systems smartphones and tablets run on mobile operating systems like Android and iOS another popular operating system is Linux Linux is used in the security industry and as a security professional it's likely that you'll interact with the Linux OS so what exactly is an operating system it's the interface between the computer hardware and the user the operating system or the OS as it's commonly called is responsible for making the

computer run as efficiently as possible while also making it easy to use Hardware may be another new term Hardware refers to the physical components of a computer the OS interface that we now rely on every day is something that early computers didn't have in the 1950s the biggest challenge with early computers was the amount of time it took to run a computer program at the time computers could not run multiple programs simultaneously instead people had to wait for a program to finish running reset the computer and load up the new program and imagine having to

turn your computer on and off each time you had to open a new application it would take a long time to complete a simple task like sending an email since then operating systems have evolved and we no longer have to worry about wasting time in this way thanks to operating systems and their evolution today's computers run efficiently they run multiple applications at once and they also access external devices like printers keyboards and mice another reason why operating systems are important is that they they help humans and computers communicate with each other computers communicate in a

language called binary which consists of zeros and ones the OS provides an interface to bridge this communication gap between the user and the computer allowing you to interact with the computer in complex ways operating systems are critical for the use of computers likewise OS security is also critical for the security of a computer this involves securing files data access and user Authentication to help protect and prevent against threats such as viruses worms and malware knowing how operating systems work is essential for completing different security related tasks for example as a security analyst you may be

responsible for configuring and maintaining the security of a system by managing access you may also be responsible for managing and configuring firewalls setting security policies enabling virus protection and Performing auditing accounting and logging to detect unusual behavior all these tasks require a deep understanding of operating systems and as we continue this course we'll explore operating systems in Greater detail previously you learned about what operating systems are now let's discuss how they work in this video you'll learn what happens with an operating system or Os when someone uses a computer for a task think about when

someone drives a car they push the gas pedal and the car moves forward they don't need to pay attention to all the mechanics that allow the car to move just like a car can't work without its engine a computer can't work without its operating system the job of an OS is to help other computer programs run efficiently the OS does this by taking care of all the messy details related to controlling the computer's Hardware so you don't have to first let's see what happens when you turn on the computer when you press the power button

you're interacting with the hardware this Boots the computer and brings up the operating system booting the computer means that a special microchip called the BIOS is activated on many computers built after 2007 the chip was replaced by the UEFI both bios and UEFI contain booting instructions that are responsible for loading a special program called the bootloader then the bootloader is responsible for starting the operating system and just like that your computer is on as a security analyst understanding these processes can be helpful for you vulnerabilities can occur in something like a booting process often the

BIOS is not scanned by the anti-ir software so it can be vulnerable to malware infection now that you learned how to boot the operating system let's look at how you and all users communicate with the system to complete a task the process starts with you the user and to complete tasks you use applications on your computer an application is a program that performs a specific task when you do this the application sends your request to the operating system from there the operating system interprets this request and directs it to the appropriate component of the computer's

Hardware in the previous video we learned that the hardware consists of all the physical components of the computer the hardware will also send information back to the operating system and this in turn is sent back to the application let's give a simple overview of how this works when you want to use the calculator on your computer you use your mouse to click on the calculator application on your computer when you type in the number you want to calculate the application communicates with the operating system your operating system then sends the calculation to a component of

the hardware the central processing unit or CPU once the hardware does the work of determining the final number it sends the answer back to your operating system then it can be displayed in your calculator application understanding this process is helpful when investigating security events security analysts should be able to trace back through this process flow to analyze where security event could have occurred just like a mechanic needs to understand the inner workings of a car more than an average driver recognizing how operating systems work is important knowledge for a security analyst now we're ready to

discuss a different aspect of your operating system not only does the OS interact with other parts of your computer but it's also responsible for managing the resources of the system this is a big task that requires a lot of balance to make sure all the resources of the computer are used efficiently think of this like the concept of energy a person needs energy to complete different task some tasks need more energy while others require less for example going for a run requires more energy than watching TV a computer's OS also needs to make sure that

it has enough energy to function correctly for certain tasks running an antivirus scan on your computer will use more energy than using the calculator application imagine your computer is an orchestra many different instruments like violins drums and trumpets are all part of the orchestra an orchestra also has a conductor to direct the flow of the music in a computer the OS is the conductor the OS handles resource and memory management to ensure The Limited capacity of the computer system is used where it's needed most a variety of programs tasks and processes are constantly competing for

the resources of the central processing unit or CPU they all have their own reasons why they need memory storage and input output bandwidth the OS is responsible for ensuring that each program is allocating and deallocating resources all this occurs in your computer at the same time so that your system functions efficiently much of this is hidden from you as a user for example your browser's task manager will list all of the tasks that are being processed along with their memory and CPU usage as an analyst it's helpful to know where A System's resources are used

understanding usage of resources can help you respond to an incident and troubleshoot applications in the system for example if a computer is running slowly an analyst might discover its allocating resources to malware a basic understanding of how operating systems work will help you better understand the security skills you will learn later in this program now that you've learned the inner workings of computers let's discuss how users and operating systems communicate with each other so far you've learned that a computer has an operating system hardware and applications remember the operating system communicates with the hardware to

execute tasks in this video you'll learn how the user that's you interacts with the operating system in order to send tasks to the hardware the user communicates with the operating system via an interface a user interface is a program that allows the user to control the functions of the operating system two user interfaces that we'll discuss are the graphical user interface or GUI and the command line interface or CLI let's cover these interfaces in more detail aui is a user interface that uses icons on the screen to manage different tasks on the computer most operating

systems can be used with a graphical user interface if you've used a personal computer or a cell phone you have experiened operating a GUI most guies include these components a start menu with program groups a taskbar for launching programs and a desktop with icons and shortcuts all these components help you communicate with the OS to execute tasks in addition to clicking on icons when you use a guy you can also search for files or applications from the start menu you just have to remember the icon or name of the program to activate an application now

let's discuss the command line interface in comparison the commandline interface or CLI is a text based user interface that uses commands to interact with the computer these commands communicate with the operating system and execute tasks like opening programs the command line interface is a much different structure than the graphical user interface when you use a CLI you'll immediately notice a difference there are no icons or graphics on the screen the command line interface looks similar to lines of code used in certain text languages a CLI is more flexible and more powerful than a guey think

about using a CLI like creating whatever meal you'd like from ingredients spot at a grocery store the this gives you a lot of control and customization about what you're going to eat in comparison using the guy is more like ordering food from a restaurant you can only order what's on the menu if you want both a noodle dish and pizza but the first restaurant you go to only has pizza you'll have to go to another restaurant to order the noodles with a graphical user interface you must do one task at a time but the command

line interface allows for customization which lets you complete multiple tasks simultaneously for example imagine you have a folder with hundreds of files of different file types and you need to move only the JPEG files to a new folder think about how slow and tedious this would be as you use the GUI to find each JPEG file in this folder and move it into the new one on the other hand the CLI would allow you to streamline this process and move them all at once as you can see there are very big differences in these two

types of user interfaces as a security analyst some of your work may involve command line interface when analyzing logs or authenticating and authorizing users security analysts commonly use a CLI in their everyday work in this video we discuss two types of user interfaces you learn that you already have experience using a graphical user interface as most personal computers and cell phones use a GUI and you are introduced to the command line interface later in the program you'll learn how to use a CLI in Linux and how relevant it is to your daily work as a

security analyst you'll get practical experience communicating through the command line pretty exciting [Music] right my name is Ellen and I am a security engineering manager at Google focused in on how Google uses the cloud cyber security wasn't a field when I got started in technology um it's something I came to later um I got started in technology when I was working retail at a poster store and we needed to build a website and my feet hurt and I really needed to sit down and so I asked friends to teach me how to do HTML so

I could sit down while working and I could let my blisters have a rest while I was at the poster store one of our customers worked at a startup and used to get employee photos framed and I asked them for feedback on my website and they ended up giving me an internship one of the Specialties that I ended up having was API design or designing the interface by which a developer communicates with machine as part of that I got into a job where I was designing a miniature version of an operating system for security technology

and started learning security from there most of the people I know from cyber security especially in the early days do not have a degree at all or if they do they have a degree like I do in something like philosophy or poetry almost everyone learned on their own by experimenting by talking to People by reading um and so I would say no technical background is required and in fact having a background where you're used to being out in the real world can sometimes make cyber security make more sense and help you make a more balanced

choices in almost all areas there is a security community that you can find figure out where they are look for local conferences start talking to people it's a lot more fun to learn that way than it is in a vacuum I found that most people if you come to them and say hey you're really good at this thing would you mind if I bought you a coffee and you showed me how to do it that they'll always pretty much say yes the advice I give to people who don't have technical backgrounds the first one is

I wouldn't be afraid of the technology it can seem like only somebody with a computer science degree could ever understand things but these Concepts these Technologies are understandable by anyone and so never let the fact that you might not have a technical background to get in the way just pick an area that interests you and start diving in and as long as curious and as long as you find it interesting you you'll learn the technology we did it what agree section of learning the best thing is that we did this together and covered some very

useful topics let's recap this section's lessons as a security analyst it's important that you understand the systems that you're working with understanding computer Basics will help you do your job more effectively and efficiently in this section we covered common operating systems we also discussed the main functions of an operating system importantly you learn about the relationship between operating systems applications and Hardware it was nice to learn how they flow together like an orchestra in addition you learn about the differences between the graphical user interface and the commandline interface understanding the command line interface will be

very important for your work I enjoyed exploring the world of operating systems with you knowing how operating systems work is an important step in preparing for position as a security analyst you're doing great let's keep moving forward with this program in the next section we'll focus specifically on the Linux operating system welcome back we have another important topic to explore previously you learned about operating systems and user interfaces you learned how operating systems work and how resources are allocated in computers we also reviewed several common operating systems you may already have a favorite operating system

it's common to hear that people are fans of one over another but in the security World Linux is commonly used in this section you'll be learning more about the Linux operating system and how it's used in everyday tasks and Security First you'll learn about the architecture of Linux after this we'll compare the different distributions of Linux that are available lastly you'll explore the shell a key Linux component that allows you to communicate with with the system I remember when I first learned about the Linux OS and I'm really happy to explore it with you now

you might have seen or heard the name Linux in the past but did you know Linux is the most used operating system in Security today let's start by taking a look at Linux and how it's used in security Linux is an open-source operating system it was created in two parts in the early 1990s two different people were working separately on projects to improve Computer Engineering the first person was lonus Torvalds at the time the Unix operating system was already in use he wanted to improve it and make it open source and accessible to anyone what

was revolutionary was his introduction of the Linux kernel we're going to learn what the colel does later around the same time Richard solman started working on ganu ganu was also an operating system based on Unix stman shared Tal's goal of creating software that was free and open to anyone after working on ganu for a few years the missing element for this software was the kernel together torold installments Innovations made what is commonly referred to as Linux now that you've learned a history behind Linux let's take a look at what makes Linux unique as mentioned before

Linux is open source meaning anyone can have access to the operating system and the source code Linux and many of the programs that come with Linux are licensed under the terms of the ganu public license which allow you to use share and modify them freely thanks to linux's open- Source philosophy as well as a strong feature set an entire community of developers has adopted this operating system these developers are able to collaborate on projects in advance Computing together as a security analyst you'll discover that Linux is used at different organizations more specifically Linux is used

in many Security Programs another unique feature about Linux is a different distributions or varieties that have been developed because of the large community contribution there are over 600 distributions of Linux later you'll learn more about distributions finally let's take a look at how you would use Linux in an entry-level security position as a security analyst you'll use many tools and programs in everyday work you you might examine different types of logs to identify what's going on in a system for example you might find yourself looking at an error log when investigating an issue another place

where you will use Linux is to verify access and authorization and an identity and access management system in security managing access is key in order to ensure a secure system we'll take a closer look into access and authorization later finally as an analyst you might find yourself working with specific distributions designed for a particular task for example you might use a distribution that has a digital forensic tool to investigate what happened in an event alert you might also use a distribution that's for pen testing in offense of security to look for vulnerabilities in the system

distributions are created to fit the needs of their users I hope you're excited to learn more about Linux this will be a very useful skill in the security field [Music] hi I'm Phil I'm the Chief Information Security Officer for Google cloud and a big part of that is of course cyber security so in cyber you you've always got to learn you've always got to stay up to date for the simple reason that technology and business and the world of our kind of digital lives is is just always changing the online services that you use today

are probably very different even just from what they were 12 months ago in the mid 90s I worked on one of the world's first internet banking systems um and essentially we were building and coding all of the security ourselves I remember working on you know the first web browsers the first web servers the first implementations of encryption on the internet this was even before Google even existed and so this was at the very beginning of the internet we were literally kind of assembling and building this and learning how to do it as we uh as

we went along when you're first getting into cyber security it's important to not get overwhelmed it's a very big space and all of us started off at where you are today and we had to learn into that at one point I didn't know Linux I didn't know how to program I didn't know various parts of other operating systems and I had to learn by step by step how all of that worked and gradually built up that knowledge o over time and even now I still have to look things up occasionally because it's I don't keep

everything in my head all at once and that's totally fine when you're approaching a new situation you're always going to have a degree of anxiety about whether you're going to be able to learn it quickly enough and generally with enough experience you gradually get comfortable that you will but again this is important to remember that you don't have to learn everything about everything all at once most of the time you learn enough to be enough of value in the initial part of the process then you learn as you go start off by writing a few

lines of simple code or looking at somebody else's code and trying to understand what it does then then change it a little bit and just incrementally work into this build that Foundation of knowledge that gives you the ability to learn other things and I think things will uh things will stem from there let me start with a quick question that may seem unrelated to security do you have a favorite building and what is it about it architecture that impresses you the most the windows the structure of the walls just like buildings operating systems also have

an architecture and are made made up of discrete components that work together to form the whole in this video we're going to look at all the components that together make up Linux the components of Linux include the user applications the shell the file system hierarchy standard the kernel and the hardware don't worry we'll go into these components one by one together first you're the user the user is the person interacting with a computer in Linux you're the first element to the architect of the operating system you're initiating the tasks or commands that the OS is

going to execute Linux is a multi-user system this means that more than one user can use A System's resources at the same time the second element of the architecture is the applications within a system an application is a program that performs a specific task such as a word processor or a calculator you might hear the word application and programs used interchangeably as an example one popular Linux application that we'll learn more about later is Nano Nano is a text editor this simple application helps you keep notes on the screen Linux applications are commonly distributed through

the package managers we'll learn more about this process later the next component in the architecture of Linux is the shell this is an important element because it is how you will communicate with the system the shell is a command line interpreter it processes commands and outputs the results this might sound familiar previously we learned about the two types of user interfaces the GUI and the CLI you can think of the shell as a CLI another element of the architecture of Linux is a file system hierarchy standard or FHS it's the component of the Linux OS

that organizes data an easy way for you to think about the FHS is to think about it as a filing cabinet of data the FHS is how data is stored in a system it's a way to organize data so that it can be found when the data is accessed by the system that brings us to the kernel the kernel is a component of the Linux OS that manages processes and memory the kernel communicates with the hardware to execute the commands sent by the shell the kernel uses drivers to enable applications to execute Tas the Linux

kernel helps ensure that the system allocates resources more efficiently and makes the system work faster finally the last component of the architecture is the hardware Hardware refers to the physical components of a computer you can compare this to software applications which can be downloaded into a system the hardware in your computer are things like the CPU mouse and keyboard congratulations we've now covered the architecture of Linux an understanding of these components will help you become increasingly familiar with Linux let's learn a little bit more about Linux and what you need to know about this operating

system when working as a security analyst Linux is a very customizable operating system unlike other operating systems there are different versions available for you to use these different versions of Linux are called distributions you might also hear them called distros or flavors of Linux it's essential for you to understand the distribution that you're using so you know what tools and apps are available to you for example Debian is a distro that has different tools than the auntu distribution let's use an analogy to describe Linux distributions think of the OS as a vehicle first we'll start

with its engine that would be the kernel just as the engine makes the vehicle run the kernel is the most important component of the Linux OS because the Linux kernel is open source anyone can take the kernel and modify it to build a new distribution this is comparable to a Vehicle Manufacturer taking an engine creating different types of vehicles trucks cars Vans convertibles buses airplanes and so on these different types of vehicles can be compared to different Linux distributions a bus is used to transport lots of people a truck is used to transport a large

number of goods across vast distances an aircraft transports passengers or Goods by air just as each vehicle serves its own purpose different distributions are used for different reasons additionally Vehicles all have different components which distinguish them from each other aircrafts have control panels with buttons and knobs regular cars have four tires but trucks can have more similarly different Linux distributions contain different pre-installed programs user interfaces and much more a lot of this is based on what the Linux user needs but some dros are also chosen based on preference the same way a sports car might

be chosen as a vehicle the advantage of using Linux as an OS is that you can customize it distributions include the Linux kernel utilities a package management system and an installer we learned earlier that Linux is open source and anyone can contribute to adding to the source code that is how new distributions are created all dros are derived from another drro but there are a few that are considered parent distributions red hat is a parent of centas and slacker is a parent of Susa both uban and Cali Linux are derived from Debian as we continue

we're going to take a look at some of the distributions most commonly used by security analysts the more you understand these distributions the easier your work will be in this section we're going to cover a Linux distribution that's widely used in security and discuss Cali Linux C Linux is a trademark of offensive security and is Debian derived this open- Source Dro was made specifically with penetration testing and digital forensics in mind there are many tools pre-installed into Cali Linux it's important to note that c Linux should be used on a virtual machine this prevents damage

to your system in the event its tools are used improperly an additional benefit is that using a virtual machine gives you the ability to revert to a previous state as Security Professionals advanc in their careers some specialize in penetration testing a penetration test is a simulated pack that helps identify vulnerabilities in systems networks websites applications and processes C linix has numerous tools that are useful during penetration testing let's look at a few examples to begin menis can be used to look for and exploit vulnerabilities on machines burp Suite is another tool that helps to test

for weaknesses in web applications and finally John the Ripper is a tool used to guess passwords as a security analyst your work might involve digital forensics digital forensics is a practice of collecting and analyzing data to determine what has happened after an attack for example you might take an investigative look at data related to a network activity KY Linux is also a useful distribution for Security Professionals who are involved in digital forensic work it has a large number of tools that can be used for this as one example TCP dump is a commandline packet analyzer

it's used to capture Network traffic another tool commonly used in the security profession is wire shark it has a graphical user interface that can be used to analyze live and captured Network traffic and as a final example autopsy is a forensic tool used to analyze hard drives and smartphones these are just a few tools included with Cali Linux this distribution has many tools used to conduct pen testing and digital forensics we've explored how Ki Linux is an important distribution that's widely used in security but there are other distributions that Security Professionals use as well next

we'll explore a few more distributions welcome back in this video we're going to discuss the Linux shell this part of the Linux architecture is where the action will happen for you as a security analyst we introduced the Shell with other components of the Linux OS earlier but let's take a deeper look at what the shell is and what it does the shell is the command line interpreter that means it helps you communicate with the operating system through the command line previously we discuss a command line interface this is essentially the shell the shell provides the

command line interface for you to interact with the OS to tell the OS what to do you enter the commands into this interface a command is an instruction telling the computer to do something the shell communicates with the colel to execute these commands ear eariler we discussed how the operating system helps humans and computers speak with each other the shell is part of the OS that allows you to do this think of this as a very helpful language interpreter between you and your system since you do not speak computer language or binary you can't directly

communicate with your system this is where the shell comes in to help you your OS doesn't need the shell for most of its work but it is an interface between you and what your system can offer it allows you to perform math math run tests and execute applications more importantly it allows you to combine these operations and connect applications to each other to perform complex and automated tasks just as there are many Linux distributions there are many different types of shells we'll primarily focus on the bash shell in this course let's continue to learn more

about the shell hello again in this video we're going to learn a little more about the shell and how to communicate with it communicating with a computer is like having a conversation with your friend one person asks a question and the other person answers with the response if you don't know the answer you can just say you don't know the answer when you communicate with the shell the commands in the Shell can take input give output or give error messages let's explore standard input standard output and the error messages in more detail standard input consists

of information received by the OS via the command line this is like you asking your friend a question during a conversation the information is input from your keyboard to the Shell if the shell can interpret your requests it asks the konel for the resources it needs to execute the related task let's take a look at this through Echo a Linux command that outputs a specified string of text string data is data consisting of an order sequence of characters in our example we'll just have it output the string of hello so as input we'll type Echo

hello into the shell later when we press enter we'll get the output but before we do that let's first discuss the concept of output in more detail standard output is the information returned by the OS through the shell in the same way that your friend gives an answer to your question output is a computer's response to the command you input output is what you receive let's pick up where we left off in our example and send the input of echo hello to the OS by pressing enter immediately the shell Returns the output of hello finally

standard error contains error messages returned by the OS through the shell just like your friend might indicate that they can't answer a question the system responds with an error message if they can't respond to your command sometimes this might occur when we misspell a command or the system doesn't know the response to the command other times it might happen because we don't have the appropriate permissions to perform a command we'll explore another example that demonstrates standard error let's input Echo hello into the shell notice I intentionally misspelled Echo as Eco when we press enter an

error message appears to wrap up we've covered the basics of communication with the shell communication with the shell can only go in one of three ways the system receives a command this is input the system responds to the command and produces output and finally the system doesn't know how to respond resulting in an error later you'll become much more familiar with this as we explore commands useful for Security Professionals we've made it to the end of this section great work let's recap what you've just completed in this section you learned about the Linux operating system

We examined the architecture of Linux in our exploration of the different distributions of Linux we discuss some of the most widely used dros in security you were introduced to Cali Linux Ubuntu parrot red hat and centas distributions finally you learned about the shell and its role as an interpreter between the user and operating system congratulations you're doing great and we have more useful topics to come in the next part of the program you'll learn specific commands to use within the shell while working as a security analyst let's continue on learning to communicate in a new

way can be exciting maybe you've learned a new language and can remember this feeling perhaps a lot of us Shar this excitement with young children as they are expanding their vocabulary others including me remember a sense of wonder when we first use a specialized language to communicate with a computer in this section we'll continue to learn more about Linux and how to communicate with the OS through its shell you will utilize the command line to communicate with the OS you'll learn how to input commands in the shell and learn about some of the core Linux

commands that you'll use as a security analyst specifically this includes navigating and managing the file system you'll also focus on authenticating and authorizing users this means you'll be able to use a command line to add and delete users from the system and to control what they have access to finally there's always more to learn so we'll cover accessing resources that support learning new Linux commands I remember when I first learned about the command line and was shocked at the capabilities it provided I didn't need to click through multiple screens to get tasks done although it

took some practice and time to get used to it has been one of the biggest tools at my disposal after this section you'll have a practical experience in an area important to the work of a security analyst using Linux commands welcome back before we get into specific Linux commands let's explore in more detail the basics of communicating with the OS through the shell being able to utilize Linux commands is a foundational skill for all Security Professionals as a security analyst you'll work with server logs and you'll need to know how to navigate manage and analyze

files remotely without a graphical user interface in addition you'll need to know how to verify and configure users during group access you'll also need to give authorization and set file permissions that means that developing skills with the command line is essential for your work as a security analyst when we learned about the Linux architecture we learned that the shell is one of the main components of the operating system we also learn that there are different shells in this section we'll utilize The Bash shell bash is the default shell in most Linux distributions for the most

part the key Linux commands that you'll be learning in this section are the same across shells now that you know what shell you'll be using let's go into how to write and Bash as we discussed in the previous section communicating with your OS is like a conversation you type in commands and the OS responds with an answer to your command a command is an instruction telling the computer to do something we'll try out a command in bash notice a dollar sign before the cursor this is your prompt to enter a new command some commands might

tell the computer to find something like a specific file others might tell it to launch a program or it might be to Output a specific string of text in the last section when we discussed input and output we explored how the echo command did this let's put the echo command again you may notice that the command we just input is not complete if we're going to use the echo command to Output a specific string of text we need to specify what the string of text is this is what arguments are for an argument is specific

information needed by a command some commands take multiple arguments so now let's complete the echo command with an argument we're learning some pretty technical stuff so how about we out put the words you are doing great we'll add this argument and then we'll press enter to get the output in this example our argument was a string of text arguments can provide other types of information as well one thing that is really important in Linux is that all commands and arguments are case sensitive this includes file on directory names keep that in mind as you learn

more about how to use Linux in your day-to-day task as a security analyst okay now that we've covered the basics of entering Linux commands and arguments through the bash shell we're ready to learn some specific commands this is exciting so let's get to our next video Welcome Back I hope you're learning a lot about how to communicate with the Linux OS as we continue our journey into utilizing the Linux command line we'll focus on how to navigate the Linux file system now I want you to imagine a tree what did you notice first about the

tree would you say the trunk or the branches these might definitely get your attention but what about its roots everything about a tree starts in The Roots something similar happens when we think about the Linux file system previously we learned about the components of the Linux architecture the file system hierarchy standard or FHS is a component of the Linux OS that organizes data this file system is a very important part of Linux because everything we do in Linux is considered a file somewhere in the system's directory the FHS is a hierarchical system and just like

with the tree everything grows and branches out from the root the root directory is the highest level directory in Linux it's designated by a single slash subdirectories Branch off from the root directory the subdirectories branch out further and further away from the root directory when describing the directory structure in Linux slashes are used when tracing in back through these branches to the rout for example here the first slash indicates the root directory then it branches out a level into the home subdirectory another slash indicates it is branching out again this time is to the analyst

subdirectory that is located within home when working in security it is essential that you learn to navigate a file system to locate and analyze logs such as log files you'll analyze these log files for application usage and authentication with that background we're now ready to learn the commands commonly used for navigating the file system first PWD prints the working directory onto the screen when you use this command the output tells you which directory you're currently in next LS displays the names of files and directories in the current working directory and finally c d navigates between

directories this is the command you'll use when you want to change directories let's use these commands in bash first we'll type the command PWD to display the current location and then press enter the output is the path to the analyst directory where we're currently working next let's input LS to display the files and directories within the analyst directory the output is the name of for directories logs old reports projects and reports and one file named updates. txt so let's say we now want to go into the logs directory to check for unauthorized access we'll input

CD logs to change directories we won't get any output on the screen from the CD command but if we enter PWD again it's output indicates the working directory is logs logs is the subdirectory of the analyst directory as a security analyst you'll also need to know how to read file content in Linux for example you may need to read files that contain configuration settings to identify potential vulnerabilities or you might look at user access reports while investigating unauthorized access when reading file content there are some commands that will help you first cat displays a content

of a file this is useful but sometimes you won't want the full contents of a large file in these cases you can use the head command it displays just the beginning of a file by default 10 lines let's try out these commands imagine that we want to read the contents of access.txt and we're already in the working directory where it's located first we input the cat command and then follow it with the name of the file access.txt and Bash Returns the full contents of this file let's compare that to the Head command when we input

the head command followed by our our file name only the first 10 lines of this file are displayed wow this section had lots of action and it's just the beginning I'm glad you learned how security analysts can use essential commands to navigate the system next we'll explore how to manage this system now that we covered PWD LS and CD and are familiar with these basic commands for navigating the Linux file system system let's look at a couple of ways to find what you need within this system as a security analyst your work will likely involve

filtering for the information you need filtering means searching your system for specific information that can help you solve complex problems for example imagine that your team determines a piece of malware contains a string of characters you might be tasked with finding other files with the same string to determine if those files contain the same malware later we'll learn more about how you can use SQL to filter a database but Linux is a good place to start basic filtering first we'll start with GP the grep command searches a specified file and returns all lines in the

file containing a specified string here's an example of this let's say we have a file called updates. txt and we're currently looking for lines that contain the word OS if the file is large it would take a long time to visually scan for this instead after navigating to the directory that contains updates. txt we'll type the command gpos updates. txt into the shell notice how the GP command is followed by two arguments the first argument is a string we're searching for in this case OS the second argument is the name of the file we're searching

through updates. txt when we press enter bash returns all lines containing the word OS now let's talk about piping piping is a Linux command that can be used for a variety of purposes in a moment we'll focus on how it can be used for filtering but first let's talk about the general idea of piping the piping command sends the standard output of one command as standard input into another command for further proc processing it's represented by the vertical bar character in our context we can refer to this as the pipe character take a moment and

imagine a physical pipe physical pipes have two ends on one end for example water might enter the pipe from a hot water tank then it travels through the pipe and comes out on the other end in a sink similarly in Linux piping also involves redirection output from one command is sent through the pipe and then is used on the other side of the pipe earlier in this video I explained how GP can be used to filter for strings of characters within a file GP can also be incorporated after a pipe let's focus on this example

the First Command LS instructs the operating system to Output the file and directory contents of the reports subdirectory but because the command is followed by the pipe the output isn't returned to the screen instead it's sent to the next command as we just learned greb searches for a specified string of characters in this case it's users but where is it searching since grap follows a pipe the output of the previous command indicates where to search in this case that output is a list of files and directories within the reports subdirectory it will return all files

and directories that contain the word users okay let's explore this in bash so we can better understand understand how the Filter Works let's first output everything in the reports directory if we were already in the directory we would just need to input LS but since we're not we'll also specify the path to this directory when we press enter the output indicates there are seven files in the reports directory because we want to return only the files that contain the word users we'll combine this LS command with piping and the grep command as the output demonstr

rates Linux has been instructed to return only files that contain the word users the two files that don't contain this string no longer appear so now you have two different ways that you can filter in Linux while working as an analyst navigating through files and filtering are just part of what you need to know let's keep exploring the Linux command line let's make someon branches what do I mean by that well in a previous video we discussed root directories and how other subdirectories Branch off of the root directory let's think again about the file directory

system as a tree the subdirectories are the branches of the tree they are all connected from the same route but can grow to make a complex Tree in this video we'll create directories and files and learn how to modify them when it comes to working with data in security organization is key if we know where information is located it makes it easier to detect issues and keep information safe in a previous video we've already discussed navigating between directories but let's take a moment to examine directories more closely it's possible you're familiar with the concept of

folders for organizing information in Linux we have directories directories help organize files and subdirectories for example within a directory for reports and analysts may need to create two subdirectories one for drafts and one for final reports now that we know why we need directories let's take a look at some essential Linux commands for managing directories and files first let's take note of commands for creating and removing directories the mkd command creates a new directory in contrast rmdir removes or deletes a directory a helpful feature of this command is its built-in warning that lets you know

a directory is not empty this saves you from accidentally deleting files next you'll use other commands for creating and removing files the touch command creates a new file and then the RM command removes or deletes a file and last we have our commands for copying and moving files or directories the MV command moves a file or directory to to new location and CP copies a file or directory into a new location okay now we're ready to try out these commands first let's use the PWD command and then let's display the names of the files and

directories in the analyst directory with the ls command imagine that we no longer need the old reports directory that appears among the file contents let's take a look at how to remove it we input the rmd command and follow it with the name of the directory we want to remove old reports we can use the ls command to confirm that all reports has been deleted and no longer appears among the contents now let's make another change we want a new directory for drafts of reports so we need to use a command mkd and specify a

name for this directory drafts if we input LS again we'll notice the new directory draft included among the contents of the analyst directory let's change into this new directory by entering CD drafts if we run LS it doesn't return any output indicating that this directory is currently empty but next we'll add some files to it let's say we want to draft new reports on recently installed email and Os patches to create these files we input touch email patches. txt and then touch osore patches. txt running LS indicates that these files are now in the drafts

directory what if we realize that we only need a new report on OS patches and we want to delete the email patchers report to do this we input the RM command and specify the file to delete as email patches. txt running LS confirms that it's been deleted now let's focus on our commands for moving and copying we realize that we have a file called email policy in the reports folder that is currently in draft format so we want to move it into the newly created drafts folder to do this we need to change into the

directory that currently has that file running LS in that directory indicates that it contains several files including email policy. txt then to move that file we'll enter the MV command followed by two arguments the first argument after MV identifies the file to be moved the second argument indicates where to move it if we change directories into drafts and then display contents we'll notice that the email policy file has been moved to this directory we'll change back into reports displaying the file contents confirms that email policy is no longer there okay one more thing vulnerabilities txt

is a file that we want to keep in the reports directory but since it affects an upcoming project we also want to copy it into the project objects directory since we're already in the directory that has this file we'll use the CP command to copy it into the Project's directory notice that the first argument indicates which file to copy and the second argument provides the path to the directory that it will be copied into when we press enter this copies the vulnerabilities file into the projects directory while also leaving the original within reports isn't it

cool what we can do with these commands now let's focus on One More Concept related to modifying files in addition to using commands you can also use applications to help you edit files as a security analyst file editors are often necessary for your daily task like writing or editing reports a popular file editor is nano it's good for beginners you can access this tool through the Nano command let's get familiar with Nano together we'll add a title to our new draft report _ patches. txt first we change into the directory containing that file then we

input Nano followed by the name of the file we want to edit osore patches. txt this brings up the Nano file editor with that file open for now we'll just enter the title OS Patches by typing this into the editor we need to save this before returning to the command line and to do so we press crol o and then enter to save it with the current file name then to exit we press contrl X great work we've covered a lot of topics here from creating and removing directories and files to copying or moving them

and just now we've added editing files you're well on your way to learning Linux commands hi there it's great to have you back let's continue to learn more about how to work in Linux as a security analyst in this video we'll explore file and directory permissions we'll learn how Linux represents permissions and how you can check the permissions associated with files and directories permissions are the type of access granted for a file or directory permissions are related to authorization authorization is the concept of granting access to specific resources in a system authorization allows you to

limit access to specified files or directories A good rule to follow is that data access is on a need to know basis you can imagine the security risk it would impose if anyone could access or modify anything they wanted to on a system there are three types of permissions in Linux that an authorized user can have the first type of permission is read on a file file read permissions means contents on the file can be read on a directory this permission means you can read all files in that directory next are write permissions write permissions

on a file allow modifications of contents of the file on a directory write permissions indicate that new files can be created in that directory finally there are also execute permissions execute permissions on files mean that the file can be executed if it's an executable file execute permissions on directories allow users to enter into a directory and access its files permissions are granted for three different types of owners the first type is the user the user is the owner of the file when you create a file you become the owner of the file but the ownership

can be changed group is the next type every user is a part of a certain group a group consists of several users and this is one way to manage a multi-user environment finally there is other other can be considered all other users on the system basically anyone else with access to the system belongs to this group in Linux file permissions are represented with a 10 character string for a directory with full permissions for the user group this string would be D rwx RW WX rwx let's examine what this means more closely the first character indicates

the file type as shown in this example D is used to indicate it is a directory if this character contain a hyphen instead it would be a regular file the second third and fourth characters indicate the permissions for the user in this example R indicates the user has read permissions w indicates the user has WR permissions and X indicates the user has execute permissions if one of these permissions was missing there would be a hyphen instead of the letter in the same way the fifth sixth and seventh characters indicate permissions for the next owner type

group as this shows here the type group also has read write and execute permissions there are no hyphens to indicate that any of these permissions haven't been granted finally the 8th through 10th characters indicate permissions for the last owner type other they also have read write and execute permissions in this example ensuring files and directories are set with their appropriate access permissions is critical to protecting sensitive files and maintaining the overall security of a system for example payroll departments handle sensitive information if someone outside of the payroll group could read this file this would be

a privacy concern another example is when the user the group and other can all write to a file this type of file is considered a World writable file World writable files can POS significant security risk so how do we check permissions first we need to understand what options are options modify the behavior of the command the options for a command can be a single letter or a full word checking permissions and involves adding options to the ls command first ls- L displays permissions to files and directories you might also want to display hidden files and

identify their permissions hidden files which begin with a period before their name don't normally appear when you use LS to display file contents entering ls- a displays hidden files then you can combine the these two options to do both entering ls- laa displays permissions to files and directories including hidden files let's get into bash and try out these options right now we're in the project subdirectory first let's use the ls command to display its contents the output displays the files in this directory but we don't know anything about their permissions by using l L s-l

instead we get expanded information on these files let's do this the file names are now on the right side of each row the first piece of information in each row shows the permissions in the format that we discussed earlier since these are all files and not directories notice how the first character is a hyphen let's focus on one specific file project 1.txt the second through fourth characters of its permissions show us the user has both read and write permissions but lacks execute permissions in both the fifth through seventh characters and 8 through 10th characters the

sequence is R hyphen hyphen this means group and other have only read privileges after the permissions ls- L first displays the username here that's us and analyst next comes the group name in our case the security group now let's use ls- a the output includes two more files hidden files with the names. hidden one.txt and hidden 2.txt finally we can also use ls- laa to show the permissions for all files including these hidden files I thought that was pretty interesting did you you now know a little more about file permissions and ownership this will be

helpful when working in security because monitoring and setting correct permissions is essential for protecting information take a small break and meet me in the next video hi there in the previous video you learned how to check permissions for a user in this video we're going to learn about changing permissions when working on a security analyst there may be many reasons to change permissions for a user a user may have changed departments or been assigned to a different workg group a user might simply no longer be working on a project that requires certain permissions these changes

are necessary in order to protect system files from being accidentally or deliberately altered or deleted let's explore a related command that helps control this access in this video we'll learn about C mod chod changes permissions on files and directories the command chod stands for change mode there are two modes for changing permissions but we'll focus on symbolic the best way to learn about how CH mod works is through an example I know this has a lot of details but we'll break this down also please keep in mind that like many Linux commands you don't have

to memorize the information it can always find a reference with chod you need to identify which file or directory you want to adjust permissions for this is the final argument in this case a file named access.txt the first argument added directly after the CH mod command indicates how to change permissions right now this might seem hard to interpret but soon we'll understand why this is called symbolic mode previously we learned about the three types of owners user group and other to identify these with chod we use U to represent the user G to represent the

group and O to represent other in this particular example G indicates we will make some changes to group permissions and O to permissions for other these owner types are separated by a comma in this argument but do we want to add or take away permissions well for this we use mathematical operators so the plus sign after g means we want to add permissions for group and the minus sign after o means we want to take them away from other and the last question is what kind of changes we've already learned that R represents read permissions

W represents write permissions and X represents execute permissions so in this case the W indicates that we are adding right permissions to the the group and R indicates that we are taking away rep permissions from other this is still very complex but now that we've broken it down perhaps it doesn't seem quite so much like a foreign language and remember you don't have to memorize this all let's give this new command a try we'll start out in the log subdirectory if we use the ls DL command it will output the permissions for the file it

shows the permissions for the only file in this directory access.txt previously we learned how to read these permissions the second through fourth characters indicate that the user has read and write permissions the fifth through seventh characters show the group only has read permissions and the 8th through 10th characters show that other only has rep permissions we need to adjust these permissions we want to ensure analysts in the security group have write permission by take away read permissions from the owner type other so we add write permissions for group and remove read permissions for other let's

run ls- L again this shows a change in the permissions for access.txt notice how in the middle segment of permissions for the group W has been added to give right permissions and another change is that the r has been removed in the last segment indicating that read permissions for other have been removed as mentioned earlier these hyphens indicate a lack of permissions now other is lacking all permissions though it requires practice working in Linux becomes more natural with time I'm glad you're learning a little more about how to use Linux welcome back in this video

we are going to discuss adding and deleting users this is related to the concept of authentication authentication is the process of a user proving that they are who they say they are in the system just like in a physical building not all users should be allowed in not all users should get access to the system but we also want to make sure everyone who should have access to the system has it that's why we need to add users new users can be new to the organization or new to a group this could be related to

a change an organizational structure or simply a directive for management to move someone and also when users leave the organization they need to be deleted they should no longer have access to any part of the system or if they simply changed groups they should be deleted from groups that they are no longer a part of now that we've sorted out why it's important to add and delete users let's discuss a different type of user the root user a root user or super user is a user with elevated privileges to modify the system regular users have

limitations where the root does not individuals who need to perform specific tasks can be temporarily added as root users root users can create modify or delete any file and run any program only root users or accounts with root privileges can add new users so you may be wondering how you become a super user well one way is logging in as the root user but running commands as the root user is considered to be bad practice when using Linux while why is running commands as the root user potentially problematic the first problem with logging in as

root is a security risks malicious actors will try to breach the root account since it's the most powerful account to stay safe the root account should have logins disabled another problem is that it's very easy to make irreversible mistakes it's very easy to type the wrong command in the CLI and if you're running as the root user you run a higher risk of making irreversible mistake such as permanently deleting a directory finally there's the concern of accountability in a multi-user environment like Linux there are many users if a user is running as root there is

no way to track who exactly ran a command one solution to help solve this problem is pseudo pseudo is a command that temporarily grants elevated permissions to specific users this provides more of a controlled approach compared to root which runs every command with root privileges pseudo solves lots of problems associated with running as root pseudo comes from super user do and lets you execute commands as an elevated user without having to sign in and out of another account running pseudo will prompt you to enter the password for the user you're currently logged in as not

all users on a system can become a super user users must be granted pseudo access through a configuration file called the pseudo file now that we've learned about pseudo let's learn how we can use it with another command to add users this command is user ad user ad adds a user to the system only root or users with pseudo privileges can use a user add command let's look at a specific example in which we need to add a user we'll imagine a new representative is joining the sales department and will be given the username of

sales rep 7 we're tasked with adding them to the system let's try adding the new user first we need to use the pseudo command followed by the user ad command and then last the username we want to add in this case sales rep 7 this command doesn't display anything on the screen but since we get a new bash cursor and not an error message we can feel confident that the command worked successfully if it didn't an error message would have appeared sometimes an error has has to do with something simple like misspelling user ad or

it might be because we didn't have pseudo privileges now let's learn how to do the opposite let's learn how to delete a user with user Dell user Dell deletes a user from the system similarly we need root permissions that will access through pseudo to use user Dell let's go back to our example of the user we added let's imagine 2 months later the sales representative we just added to the system leaves the company that user should no longer have access to the system let's delete that user from the system again the pseudo command is used

first then we add the user Dell command last we add the name of the user we want to delete again we know it ran successfully because there is a new bash cursor and not an error message now we've covered how to add and delete users and how these actions require pseudo when using pseudo we have to use our best judgment these special privileges must be used responsibly to ensure a secure [Music] system my name is dear I'm a security engineer here at Google I've always wanted to get into cyber security since I was a kid

a lot of the cartoons I watch they had like floppy disc or flash drives and they would put that in the computer and kind of like cause Havoc um so I always thought that was really cool had quite a bit of jobs before coming to Google I've uh originally started out making smoothies of Jamba Juice I got my first like it technological kind of job at Geek Squad and then eventually I came here and became a security engineer my advice to people trying to get into cyber security is it may be a lot easier than

you think it it definitely was a lot easier than I thought something that I learned jumping in myself is that you're not going to be able to learn everything all at once and you're not going to need to know everything all at once l Linux is very important because it's broadly used across pretty much every company you may use Linux to curate logs uh it's a very common practice uh you may also use Linux to set up bass jobs that will help with routine task within Linux I first got interested in learning Linux from the

Jurassic Park movie there's a scene in the movie um where they need to act reactivate the uh the electrical doors and they have to use a Unix oper opting system to do so later on I learned what Unix was and how Linux came from it and it inspired me to learn more about Linux the best advice I can give someone that's trying to learn Linux and Linux commands is don't get discouraged by any small hiccups that come up just keep with it stick with it think of it as when you first learned to swim right

you probably weren't that great at it it was frustrating and you were probably a little scared um but you stuck with it and I hope that you're able to swim now there are a plethora of support resources when learning Linux uh one good example is the uh discussion forum in the certificate course another Avenue of support for learning Linux is just Googling answers using stack Overflow um maybe even making a Reddit post I love working in cyber security it's pretty satisfying to know that me and my team and then like all of the other security

teams here at Google are helping protect people online from things they may not even know about there are so many others just like you who will be using the command line linux's popularity and ease of use has created a large online community that constantly publishes information to help users learn how to operate Linux since Linux is open source it has become a global community of users that contribute frequently This Global Community is a huge resource for all Linux users because users can find answers for everyday tasks just searching on the internet will provide many answers

the easiest way to troubleshoot a task is to search and read about how someone else has done it looking for resources on how to execute a task is a good way for beginners to continue learning so far you've learned how to add users but imagine if later you wanted to add a new group one way to learn how to do this is to search online let's give this a try through Google search the search results give us many options for adding a group in Linux another reputable source is a Unix and Linux stack exchange their

answers are ranked with points to display high quality answers many questions relate to more advanced users and are geared towards troubleshooting well now you know where to get some extra support whenever in doubt about Topics in Linux there is a lot of support just to click away coming up we'll learn how to get support from within the command line itself join me welcome back in this video we're going to discuss some resources that are available directly through the shell and can help you while working in Linux one of the great things about Linux is that

you can get help right through the command line the First Command that can help you in this way is man man displays information on other commands and how they work the name of this command comes from the word manual let's examine this more closely by using man to get information about the user mod command after man we type the name of this command the information that man returns includes a general description it also contains information about each of user Mod's options for example the option-d can be added to user mod to change a user's home

directory man provides a lot of information but sometimes we just need a quick reference on what a command does in that case you use what is what is displays a description of a command on a single line let's say you heard a coworker mention a command like tail you've never heard of this command before but you can find out what it does simply use the command what is tail and learn that it outputs the last part of files sometimes times we might not even know what command to look up this is where appoo can help

us appoo searches the manual page descriptions for a specified string let's try it out let's say you have a task that requires you to change a password but you're not quite sure how to do this if we use the appropo command with the string password this will display a large number of commands with that word this helps somewhat but it still may be difficult to find what we need but we can filter this by adding the- a option option and an additional string this option will return only the commands that contain both strings in our

case since we want to change the password let's look for commands with both change and password now the output has been limited to the most relevant commands these commands make it a lot easier to navigate the Linux command line as a new analyst you won't have all the answers all the time but you can learn where to find them congratulations you completed another section in this course take a minute to think about what you achieved you learned a lot in this section let's recap what we covered in this section you utilize the command line to

communicate with the OS part of this was using commands for navigating and managing the file system and you use other commands for authenticating and authorizing users these are all tasks that a security analyst is likely to encounter finally you learned about accessing resources that support learning new Linux commands with this knowledge you'll be able to continue learning more and more about using the command line we did it we learned how to communicate with Linux that's a great accomplishment and one that will be very useful to you in your career as a security analyst you should

be proud of the work that you've done so far in the world of security diversity is important diverse perspectives are often needed to find effective Solutions this is also true of the tools we use your job will often require you to use a lot of diverse tools in the last section we studied the Linux command line and learned how this tool can help you search and filter through data navigate through the Linux file system and authenticate users now we'll learn about another tool in this section we'll explore SQL and how it allows you to analyze

data in a way needed for your role as a security analyst we're going to start off by learning about relational databases and how they're structured from there we're going to introduce SQL queries and how to use them to access data from databases we then move on to SQL filters which help us refine our queries to get the exact information we need lastly we'll explore SQL joins which allow you to combine tables together when I'm presented with a problem or project at work I often have to sift through a large amount of data when I use

SQL I'm able to review data quickly and provide results with confidence since the queries are consistent and easily executed SQL is a very powerful and flexible tool throughout this section you'll learn how to use the parts of it you need as a security analyst and gain hands-on experience good luck and I'll join you for the rest of the course our modern world is filled with data and that data almost always guides Us in making important decisions when working with large amounts of data we need to know how to store it so it's organized and quick

to access and process the solution to this is through databases and that's what we're exploring in this video to start us off we can define a database as an organized collection of information or data databases are often compared to spreadsheets some of you may have used Google Sheets or another common spreadsheet program in the past while these programs are convenient ways to store data spreadsheets are often designed for a single user or a small team to store less data in contrast databases can be accessed by multiple people simultaneously and can store massive amounts of data

databases can also perform complex tasks while accessing data as a security analyst you'll often need to access databases containing useful information for example these could be databases containing information on login attempts software and updates or machines and their owners now that we know how important databases are for us let's talk about how they're organized and how we can interact with them using databases allow us to store large amounts of data while keeping it quick and easy to access there are lots of different ways we could structure a database but in this course we'll be working

with relational databases a relational database is a structured database containing tables that are related to each other let's learn more about what makes a relational database we'll start by examining an individual table and a larger database of organizational information each table contains fields of information for example in this table on employees these would include Fields like employee ID device ID and username these are The Columns of the tables in addition tables contain rows also called records rows are filled with specific data related to the column colums in the table for example our first row is

a record for an employee whose ID is 1,000 and who works in the marketing department relational databases often have multiple tables consider an example where we have two tables from a larger database one with employees of the company and another with machines given to those employees we can connect two tables if they share a common column in this example we establish a relationship between them with a common employee ID column The Columns that relate two tables to each other are called keys there are two types of keys the first is called a primary key the

primary key refers to a column where every row has a unique entry the primary key must not have any duplicate values or any null or empty values the primary key allows us to uniquely identify every Row in our table for the table of employees employee ID is a primary key every employee ID is unique and there are no employee IDs that are duplicate or empty the second type of key is a foreign key the foreign key is a column in a table that is a primary key in another table foreign Keys unlike primary keys can

have empty values and duplicates the foreign key allows us to connect two tables together in our example we can look at the employee ID column in the machines table we previously identified this as a primary key in the employees table so we can use es to connect every machine to their corresponding employee it's also important to note that a table can only have one primary key but multiple foreign keys with this information we're ready to move on to the basics of SQL the language that lets us work with databases throughout this section we'll gain hands-on

experience working with the concepts we just covered as a security analyst you'll need to be familiar both with databases and the tools used to access them now that we know the basics of databases let's focus on an important tool used to work with them SQL and learn more about how analysts like yourself might utilize it SQL or as it's also pronounced SQL stands for structured query language SQL is a programming language used to create interact with and request information from a database before learning more about SQL we need to Define what query means a query

is a request for data from a datab based table or a combination of tables nearly all relational databases rely on some version of SQL to query data the different versions of SQL only have slight differences in their structure like where to place quotation marks whatever variety of SQL you use you'll find it to be a very important tool in your work as a security analyst first let's discuss how SQL can help you retrieve logs a log is a record of events that occur within an organization systems as a security analyst you might be tasked with

reviewing logs for various reasons for example some logs might contain details on machines used in a company and as an analyst you would need to find those machines that weren't configured properly other logs might describe the visitors to your website or web app and the tasks they perform in that case you might be looking for unusual patterns that may point to malicious activity security logs are often very large and hard to process there are millions data points and it's very timeconsuming to find what you need but this is where SQL comes in it can search

through millions of data points to extract relevant rows of data using one query that takes seconds to run that's pretty useful right SQL is also a very common language used for basic data analytics another set of skills that will set you apart as a security analyst as a security analyst you can use sqls filtering to find data to support security related decisions and analyze when things may go wrong for instance you can identify What machines haven't received the latest patch this is important because patches are updates that help secure against attacks as another example you

can use SQL to determine the best time to update a machine based on when it's least used now that we know why SQL is important to us we're going to start making basic queries to a sample database this is definitely exciting and I'll meet you in the next video hi my name is adid Dao and I'm a security engineer at Google a lot of people think you need to have a degree in computer science right to be able to get into cyber security I think that's true take me for an example I started learning it

from Lagos Nigeria where I was born and raised and then I'm all the way here now in Silicon Valley working for Google and I think that's just amazing and the dream come true you taking this certificate is a first step to you making a commitment to switching your career to cyber security so kudos to you and that SQL is one of the skill set you need to have in your toolbox as a cyber security professional because you can very quickly make decisions not just of the bat but make decisions with data back in you and

be able to communicate with your team with stakeholders about why you made a decision because it's one thing to be able to say we need to do this right it's another thing to say we need to do this and here's the data that I wrote my SQL statements about I learned SQL by first as a cwork in school that was really great but I think I kind of forgot everything about that after school um The Next Step that I took was taking online courses such as the one you're taking right now to learn SQL and

the fundamentals about it and how to really use it then the first time I used SQL practically was like Google you really need to practice I think with anything else practice makes perfect right so being able to even if it's just a few hours a week put aside time to practice writing ski um sequel statement having that skill is something that will be very applicable to your first job and you can use that to make data driven decisions I feel very fulfilled working in cyber security I feel very energized coming to work every day not

only because I get to work on really complex problems and try to figure solutions for them but I also have great teammates that we all come together and tackle the problem being able to go to bed at night knowing that the work that I do is for the better of Google users and Google employees is a very rewarding feeling for me in this video we're going to be running our very first SQL query this query will be based on a common work task that you might encounter as a security analyst we're going to determine which

computer has been assigned to a certain employee let's say we have access to the employees table and the employees table has five columns two of them employee ID and device ID contain the information that we need we'll write a query to this table that returns only those two columns from the table the two SQL keywords we need for basic SQL queries are select and from select indicates which columns to return from indicates which table to query the use of these keywords in SQL is very similar to how we would use these words in everyday language

for example we could ask a friend to select apples and bananas from the big box when going out to buy fruit this is already very similar to SQL so let's go ahead and use select and from in SQL to return the information we need on employees and the computers they use we start off by typing in the SQL statement after from we've identified that the information will be pulled from the employees table and after select employee ID and device ID indicate the two columns we want to return from this table notice how a comma separates

the two columns that we want to return it's also worth mentioning a couple of key aspects related to the syntax of SQL here syntax refers to the rules that determine what is correctly structured in a Computing language in SQL keywords are not case sensitive so you could also write select and from in lower case but we're placing them in capital letters because it makes the query easier to understand another aspect of the syntax is that some my colons are placed at the end of the statement and now we'll run the query by pressing enter the

output gives us the information we need to match employees to their computers we just ran our very first SQL query suppose we wanted to know what department the employee using the computer is from or their username or the office they work in to do that we can use SQL to make another statement that prints out all of the columns from the table we can do this by placing an aster after select this is commonly referred to as select all now let's run this query to the employees table in SQL and now we have the full

table in the output you just made it through a basic query and SQL congratulations in the next video we'll learn how to add filters to our queries so I'll meet you there one of the most powerful Fe features a SQL is its ability to filter in this video we're going to learn how this helps us make better queries and select more specific pieces of data from a database filtering is selecting data that match a certain condition think of filtering as a way of only choosing the data we want let's say we wanted to select apples

from a fruit cart filtering allows us to specify what kind of apples we want to choose when we go buy apples we might explicitly say choose only apples that are fresh this removes apples that aren't fresh from the selection this is a filter as a security analyst you might filter a login attempts table to find all attempts from a specific country this could be done by applying a filter on the country column for example you could filter to just return records containing Canada before we get started we need to focus on an important part of

this syntax of SQL let's learn about operators an operator is a simp or key word that represents an operation an example of an operator would be the equal to operator for example if we wanted to find all records that have USA in the country column we use country equals USA to filter query and SQL we simply add an extra line to the select and from statement we used before this extra line will use a wear clause in SQL wear indicates the condition for a filter after the keyword where the specific condition is listed using operators

so if we wanted to find all of the login attempts made in the United States we would create this filter in this particular condition we're indicating to return all records that have a value in the country column that is equal to USA let's try putting it all together in SQL we're going to start with selecting all the columns from the the logor inore attempts table and then add the wear filter don't forget the semicolon this tells us we finished the SQL statement now let's run this query because of our filter only the rows where the

country of the login attempts was USA are returned in the previous example the condition for our filter was based simply on returning records that are equal to a particular value we can also make our conditions more complex by searching for a pattern instead of an exact word for example in the employees table we have a column for office we could search for records in this column that match a certain pattern perhaps we might want all offices in the East Building to search for a pattern we use a percentage sign to act as a wild card

for unspecified characters if we ran a filter for East percentage sign this would return all records that start with East for example the offices East 120 East 290 and East 435 when searching for patterns with the percentage sign we cannot use the equals operator instead we use another operator like like is an operator used with where to search for a pattern in a column since like is an oper operator similar to the equal sign we use it instead of the equal sign so when our goal is to return all values in the office column that

start with the word East like would appear in a wear Clause let's go back to the example in which we wanted to filter for login attempts made in the United States imagine that we realize our database contains inconsistencies with how the United States is represented some entries use us While others use USA let's get into SQL and apply this new type of filter with like we're going to start with the same first two lines of code because we want to select all columns from the login attempts table and we're going to add a filter with

like so that records will be returned if they contain a value in the country column beginning with the characters us this includes both us and USA let's run this query to check if the output changes this returns all the entries where the user location was in the United States and now we can use the like Clause to filter columns based on a pattern wow we've already learned how to get very precise with our database and get exactly the data we need with one single query I'm excited for what's next in this video we're going to

continue using SQL queries and filters but now we're going to apply them to new data types first let's explore the three common data types that you will find in databases string numeric and date and time string data is data consisting of an order sequence of characters these characters could be numbers letters or symbols for example you'll encounter string data in usernames such as a username analyst 10 numeric data is data consisting of numbers such as a count of login attempts unlike strings mathematical operations can be used on numeric data like multiplication or addition date and

time data refers to data representing a date and or time previously we applied filters using string data but now let's work with numeric and date and time data as a security analyst you'll often need to query numbers and dates for example we could filter patch dates to find machines that need an update or we could filter login attempts to return only those made in a certain period of time we learned about operators in the last video and we're going to use them again for numbers and dates common operators for working with numeric or date and

time data types include equals greater than less than not not equal to greater than or equal to and less than or equal to let's say you want to find the login attempts made after 6: p.m. because this is past normal business hours you want to look for suspicious patterns you can identify these attempts by using the greater than operator in your filter we'll start writing our query in SQL We Begin by indicating that we want to select all columns from the logor inore temps table then we'll add our filter with where our condition indicates that

the value in the time column must be greater than or for dates and times later than 1800 which is how 6 p.m is written in SQL let's run this and examine the output perfect now we have a list of login attempts made after 6 p.m. we can also filter for numbers and dates by using the between operator between is an operator that filters for numbers or dates within a range an example of this would be when looking for all patches installed within a certain range let's do this let's find all the patches installed between March

1st 2021 and September 1st 2021 in our query we start with selecting all records from the machines table and we add the the between operator in the wear statement let's bring down the statement first after where we indicate which column to filter in our case osore patchcore date next comes our operator between we then add the beginning of our range type and then finish by adding the end of our range in a semicolon now let's run this and explore the output and now we have a list of all machines patched between those two dates before

we wrap up an important thing to note is that when we filter for Strings dates and times we use quotation marks to specify what we're looking for however for numbers we don't use quotation marks with this new knowledge you're now ready to work on all sorts of interesting filters for numbers and dates in the next video video we'll be able to expand our filtering even further by using multiple conditions in one query in the previous lesson we learned about even more ways to filter queries in SQL to work with some typical security analyst tasks however

when working with real security questions we often have to filter for multiple conditions vulnerabilities for instance might depend on more than one factor for example a security vulnerability might be related to machines using a specific email client on a specific operating system so to find the possible vulnerabilities we need to find machines using both the email client and the operating system to make a query with multiple conditions that must be met we use the and operator between two separate conditions and is an operator that specifies that both conditions must be met simultaneously bringing this back

to our fruit and vegetable analogy this is the same as asking someone to select apples from The Big Box where the apples are large and fresh this means our results won't include any small apples even if they're fresh or any rotten apples even if they're large they'll only include large fresh apples the apples must meet both conditions going back to our dat database the machines table lists all operating systems and email clients we want a list of machines running operating system one and a list of machines using email client one we'll use the left and

right circles in the v diagram to represent these groups we need SQL to select the machines that have both os1 and email client one the filled-in area at the intersection of these circles represents this condition let's take this and implement it in SQL first we're going to start by building the first lines of the query telling SQL to select all columns from the machines table then we'll add the wear Clause let's examine this more closely first we indicate the first condition that it must meet that the operating system column has a value of os1 then

we use and to join this to another condition and finally we enter the other condition in this case that the email client column should have a value of email client one and this is how you use the and operator in SQL let's run this to get the query results perfect all the results match both our conditions let's keep going and explore more ways to combine different conditions by working with the or operator the or operator is an operator that specifies that either condition can be met in a V diagram let's say each circle represents a

condition when they are joined with or SQL would select all rows that satisfy one of the conditions and it's also okay if it meets both conditions let's run another query and use the or operator let's say that we wanted the filter to identify machines that have either os1 or os3 because both types need a patch we'll type in these conditions let's examine this more closely after where our first condition indicates we want to filter so that the query selects machines with os1 we use the or operator because we also want to find find records that

match another condition this additional condition is placed after or and indicates to also select machines running os3 executing the query our results now include records that have a value of either os1 or os3 in the operating system column good job we're running some complex queries the last operator we're going to go into is a not operator not negates the condition in a diagram we can show this by selecting every entry that does not match our condition the condition is represented by the circle the fill-in portion outside the circle represents what gets return this is all

data that does not match the condition for example when picking out fruit you could be looking for any fruit that is not an apple that is a lot more efficient than telling your friend you want a banana or an orange or a lime and so on suppose you wanted to update all the devices in your company except for the ones using os3 bringing this into SQL we can write this query we place not after where and before the condition of the filter executing these queries gives us the list of all the machines that aren't running

OS three and now we know which machines to update that was a lot of new content that we just looked into but you're learning more and more SQL that you can use on your journey to become an analyst in the next video we'll be learning how to combine and join two tables together to expand the kinds of queries we can run I'll meet you there you've already learned a lot about SQL queries and filters nice work the last concept we're introducing in this section is joining tables when querying a database this is helpful when you

need information from two different tables in a database let's say we have two tables one that tells us about security vulnerabilities of different operating systems and one about different machines in our company including their operating systems having the ability to combine them gives us a list of vulnerable machines that's pretty cool right first let's start talking about the syntax of joins since we're working with two tables now we need a way to tell SQL what table we're picking columns from in our example database we have an employee ID column in both the employees table and

the machines table in SQL statements that contain two columns SQL needs to know which column we referring to the way to resolve this is by writing the name of the table first then appear period and then the name of the column so we would have employees followed by a period follow by the column name this is the employee ID column for the employees table similarly this is the employee ID colum for the machines table now that we understand the syntax let's apply it to a join imagine that we want to get a deeper understanding of

the employees accessing the machines in our company by joining the employees and the Machine cables we can do this we first need to identify the shared column that we'll use to connect the two tables in this case we'll use a primary key in one table to connect to another table where it's a foreign key the primary key of the employees table is employee ID which is a foreign key in the machine's table employee ID is a primary key in the employees table because it has a a unique value for every Row in the employees table

and no empty values we don't have a guarantee that the employee ID column in the machines table follows the same criteria since it's a foreign key and not a primary key next we'll use a type of join called an inner join an inner join returns rows matching on a specified column that exists in more than one table tables usually contain many more rows but to further explain what we mean by Inner join let's focus on just four rows from the employees table and four rows from the machines table we'll also look at just a few

Columns of each table for this example let's say we choose employee ID in both tables to perform an inner join let's look at the two rows where there is a match both tables have 1188 and 1189 in their respective employee ID columns so they are considered a match the result of the join is the two rows that have 1188 and 1189 and all columns from both tables before we move on to the queries we have to talk about the null values in the tables in SQL null represents a missing value due to any reason in

this case this might be machines that are not assigned to any employee now let's bring this into SQL and do an inner join on the full tables let's imagine we want to join these tables in order to get a list of users and their office location that also shows what operating system they use on their machines employee ID is a common column between these tables and we can use this to join them but we won't need to show this column in the results first let's start with a basic query that indicates we want to select

the username office and operating system columns we want employees to be our first or left table so we'll use that in our from statement now we write the part of the query that tells SQL to join the machines table with the employees table let's break down this query inner join tells SQL to perform the inner join then we name the second table we want to combine with the first this is called the right table in this case case we want to join machines with the employees table that was already identified after from lastly we tell

SQL what column to base the join on in our case we're using the employee ID column since we're using two tables we have to identify the table and follow that with the column name so we have employees. employee ID and machines. employee ID let's review the output perfect we have now joined two tables the results of our query displays the records that match on the employee ID column notice that these records contain columns from both tables but only the ones we indicated through our select statement there are other types of joins that don't require a

match to join two tables and we're going to discuss those in the next video I'll meet you there welcome back I hope you enjoyed working on inner joins in the previous video and exercises we saw how inner joins can be useful by only returning records that share a value in specified columns however in some situations we might need all of the entries from one or both of our tables this is where we need to use outer joins there are three types of outer joins left join right join and full outer join similar to Inner joins

outer joins combine two tables together however they don't necessarily need to match between columns to return a row which rows or return depends on the type of join left join returns all of the records of the first table but only returns rows of the second table that match on a specified column like we did in the previous video Lex examined this type of join by looking at just four rows of two tables with a small number of columns employees is the left table or the first table and the machines is the right table or the

second table let's join on employee ID there's a matching value in this column for two of four records when we execute the join SQL returns these rows with the matching value all other rows from the left table and all columns from both tables records from the employees table that didn't match but were returned through the left join contain null values in columns that came from the machines table next let's talk about right joins right join returns all of the records of the second table but only returns rows from the first table that match on a

specified column with the right joint on the previous example the full result returns matching rows from both all the rows from the second table and all the columns in both tables for the values that don't exist in either table we are left with a null value last we'll discuss full outer joins full outer join returns all records from both tables using our same example a full outer join returns all columns from all tables if a row doesn't have a value for a particular column it returns null for example the machine table did not have any

rows with employee ID 1190 so the values for that Row in the columns that came from the machines table is null to implement left joins right joins and full outer joints in SQL you use the same syntax structure as the inner join but use these keywords left join right join and full outer join as a security analyst you're not required to know all of these for memory once you understand the type of join you need you can quickly search and find all the information you need to execute these queries with this information on joins we've

now covered some very important information you'll need as a security analyst using SQL thank you for joining me in this video congratulations we've made it together through the end of our focus on SQL you've put in a lot of work and learned an important tool that will help you on your journey as a security analyst let's take a moment to go through all of the topics you learned in this section we started by learning about the structure of relational databases and how we can access them by using the query language SQL we then got Hands-On

practice with writing our own SQL queries we use SQL to bring up information you might need on the job when working as an analyst we then focus on SQL filters we started with simple conditions with strings and by the end we learned how to use multiple filters in one query we concluded the unit with SQL joins and learn how to join multiple tables giving us even more information at once by completing this course you just took a very big step in your future career as a security analyst you have been introduced to a powerful tool

that can help you in your work and whenever you need to I encourage you to revisit the materials in this course learn learning a querying language like SQL takes time thank you again for joining me in this journey I hope you'll enjoy using SQL as much as I do you made it to the end of this course congratulations you did it I hope you are proud of all you learned the focus of this course was Computing Basics understanding the basics of computing is a valuable skill as you transition into your career as a security analyst

let's recap what you learned in this course we first focus on operating systems and how they relate to applications and Hardware understanding how the system you're protecting works is essential for doing your job effectively that brings us to the Linux operating system when working in the security profession familiarity with Linux is important we first discuss its architecture and various distributions then we use a Linux command line to carry out tasks you might encounter as a security analyst finally we looked at another useful tool and use SQL to query databases after this course I hope you

have a better understanding of how these foundations of computing support a security analyst in their daily work I also hope you continue your path with this program there are a lot of other useful and exciting topics ahead once again congratulations you finished another course building skills is something you should be proud of keep it up as you progress through this this program what do you picture when you think about the security fill this might make you think of a dark room with people hunched over their computers maybe you picture a person in a lab carefully

analyzing evidence or maybe you imagine a guard standing watch in front of a building the truth is no matter what thoughts cross your mind all of these examples are part of the wide world of security hi my name is daquisha I have worked as a sec SEC engineer for four years I'm excited to be your instructor for this course and share some of my experience with you at Google I'm part of a diverse team of Security Professionals who all have different backgrounds and unique perspectives for example in my role I work to secure Gmail part

of my daily activities include developing new security features and fixing vulnerabilities in the application to make emails safer for our users some members of my team begin working in security after graduating for college many others found their way into the field after years of working in another industry security teams come in all different shapes and sizes each member of a team has a role to play while our specific functions within the group differ we all share the same objective protecting valuable assets from harm accomplishing this Mission involves a combination of people processes and tools in

this course you'll learn about each of these in detail first you'll be introduced to the world of of asset security you'll learn about the variety of assets that organizations protect and how these factor into a company's overall approach to security then you'll begin exploring the security systems and controls that teams use to proactively protect people and their information all systems have weaknesses that can be approved upon when those weaknesses are neglected or ignored they can lead to serious problems in this section of the course you'll focus on common vulnerabilities and systems and the way security

teams stay ahead of potential problems finally you'll learn about the threats to asset security you'll also be introduced to the threat modeling process that security teams use to stay one step ahead of potential attacks in this field we try to do everything possible to avoid being put in a compromised position by the end of this course you'll have a clearer picture of the ways people processes and Technology work together to protect all that's important throughout the course you'll also get an idea of the exciting career opportunities Available to You security truly is an interdisciplinary field

your background and perspective is an asset whether you're a recent college graduate or starting a new career path the security field presents a wide range of possibilities so what do you say are you ready to go on this journey with me hi my name is daquisha I'm a security engineer engineer that basically means I work securing Google's products so users like you aren't vulnerable before I entered cyber security I worked installing internet I also worked at a chip factory I worked in fast food I sold shoes at the mall I did a lot of things

before I made it here a lot of what I learned in my past jobs I actually use every day and some of it is my soft skills like time management people skills and communication as a news cybercity analyst it's important to be able to communicate take feedback and feel uncomfortable not with the people around you but with the problems you're trying to solve because sometimes it requires you to think outside of the box and be challenged I would describe my job as Google security guard because I work on the Gmail security team it's my job

to protect Gmail some of those threats are people who are sending you Bad Emails who are trying to get your user credentials or get you to click on a fishing link and when it comes to vulnerability some of those could be something like unsanitized input which can lead to trouble my typical workday starts like everyone else I check my emails and then from there I go into my bug queue it's essentially when people tell me there's a problem with one of our products I started doing a little bit of research and then I like to

explore the bug a little bit more I like to figure out if this can break this can it also break this and if it can what else can I do with it and then from there I look for a solution to make sure that I fix that hole and then any other holes that we might have in our security some of the things you learned about in this course is threat modeling and that's something I use every day whenever I get a bug it's part of my job to figure out the attack tree and what

type of vectors can be use to take advantage of vulnerabilities no one is boring nor an everything and I know that might sounds like really cliche or like super obvious but it helps me because it help person's perspective the time and effort that everyone has to put in in order to learn something new so be patient with yourself don't let anyone discourage you from cyber security taking this course is one step closer to getting you to your goal don't get discouraged now keep going we all depend on technology so much nowadays examples of this are

all around us personal devices like smartphones help keep us in touch with friends and families across the globe weabo Technologies help us Achieve Personal goals and be more productive businesses have also come to embrace technology in everyday life from streamlining operations to automating processes our world is more connected because of Technology the more we rely on technology the more information we share as a result an enormous amount of data is created every day this huge surge in data creation presents unique challenges as businesses become more reliant on technology cyber criminals become more sophisticated in how

they affect organizations data breaches are becoming increasingly serious due to all the sensitive data businesses are storing one positive aspect of these challenges is a growing need for individuals like you security is a team effort unique perspectives like yours are an asset to any organization a team filled with diverse backgrounds cultures and experiences is more likely to solve problems and be Innovative as breach after breach hits the headlines it's clear that organizations need more professionals focused on security companies around the globe are working hard to keep up with the demands of a rapidly changing digital

landscape as the environment continues to transform the more your personal experience is valuable in this section we'll start by exploring how assets threats and vulnerabilities factor into security plans after that we'll discuss the use of asset inventories in protecting the wide range of assets that companies have then we'll consider the challenges in this rapidly changing digital world and finally you'll gain an understanding of the building blocks of security plan its policies standards and procedures we'll examine the N cyber security framework that companies use to create security plans that protects their customers and their brands I

hope you're as excited to go on this journey into this world of security as I am now let's get started painting a portrait perfecting a new basketball move playing a solo on guitar they all share something in common can you guess what it it is if you thought practice you're absolutely correct it takes time dedication and focus to improve these skills the security profession is no different planning for the future is a core skill that you'll need to practice all the time in security we all deal with uncertainty by trying to solve problems before they

arise for example if you're going on a trip you might think about the length of the trip and how much to pack maybe you're traveling somewhere cold you might bring coats and sweaters to help keep you warm we all want to feel the security of knowing that there's a plan if something goes wrong businesses are no different just like you organizations try their best to plan ahead by analyzing risks security teams help companies by focusing on risks insecurity a risk is anything that can impact the confidentiality Integrity or availability of an asset our primary focus

as security practitioners is to maintain confidentiality integrity and availability which are the three components of the CIA Triad the process of security risk planning is the first step towards protecting these cornerstones each organization has their own unique security plan based on the risk they face thankfully you don't need to be familiar with every possible security plan to be a good security practitioner all you really need to know are the basis of how these plans are put together security plans are based on the analysis of three elements assets threats and vulnerabilities organizations measure security Risk by

analyzing how each can have an effect on confidentiality integrity and availability of their information and systems basically they each represent the what why and how of security let's spend a little time exploring each of these in more detail as you might imagine an asset is an item perceived as having value to an organization this often includes a wide range of things buildings equipment data and people are all examples of assets that businesses want to protect let's examine this idea more by analyzing the assets of a home inside a home there's a wide range of assets

like people and personal belongings the outside structure of a home is made of assets too like the walls roof windows and doors all of these assets have value but they differ in how they might be protected someone might place a lower priority on protecting the outside walls than on the front door for example this is because a burglar is more likely to enter through the front door than a wall that's why we have locks with so many types of assets to think of security plans need to prioritize resources after all no matter how large a

security team is it would be impossible to monitor every single asset at all hours of the day security teams can prioritize their efforts based on threats in security a threat is any circumstance or event that can negatively impact assets much like assets threats and include a wide range of things going back to the example of a home a threat can be a burglar who's trying to gain access burglaring aren't the only type of threats that affect the security of Windows and Doors what if either broke by accident strong winds can blow the door open during

a bad storm or kids playing with a ball nearby can accidentally damage a window if any of these thoughts cross your mind great job you're already demonstrating a security mindset the final element of a security plan that we're going to cover are vulnerabilities insecurity a vulnerability is a weakness that can be exploited by a threat a weak lock on a front door for example is a vulnerability that can be exploited by a burglar and old crack wood is a different vulnerability on that same front door that can increase the chances of storm damage in other

words think of vulnerabilities as flaws within an asset assets can have many different types of vulnerabilities that are an easy target for attackers we'll explore different types of threats and vulnerabilities in Greater detail later for now just understand that security teams need to account for a wide range of assets threats and vulnerabilities to effectively plan for the future I'm tree a security engineer at Google my department is detection and response let's see what does my everyday look like well of course I have the free lunch and coffee which is nice and then I finally get

to my desk and I open up the Sim to see what kind of exciting events are there for me to look into and what threats there could be out there for me to analyze also I work on improving our analysis for detection of potential threats so my security passion developed at a young age I was a victim of a hack believe it or not after school every day at that time I would go home and play a computer game one day I got home I brought it up and it said your CD key is in

use by and then it gave some strange name there that I didn't recognize At first I felt shocked I had bought this game myself and somebody stole my CD key but it did provide me this motivation to start to learn how to defend myself for example um I learned about manual removal of malware and that became one of my favorite topics also for fun I started doing some white hack hacker activity and some of my friends asset security is a very important field and there's many varieties of assets that you could be looking into to

protect my favorite part is building the detections that actually have the potential to catch malicious behavior in Asset Management security you have the ability to accurately inventory all of the assets which include IP user data employee machines and to make sure you have a security posture that's on par with what you need there's always new technology coming on the scene new hardware and we are responsible for understanding what potential new threats are out there problem solving ability and creative thinking is important in cyber security cuz there's always complex problems and people need to be able

to think outside of the box think creatively and think holistically as they approach their solutions to mitigate risks cyber security is a noble occupation many things can happen many bad things can happen on the internet but we can be there to stand up against it and we can be there to do something about it we can be there to protect our users or family members or friends that responsibility is heavy yes but also of course it's a very important Mission and I am proud to be within the security team it can be really stressful when

you have trouble finding something important you're late to an appointment and can't find your keys we all find ourselves in situations like these at one time or another Believe It or Not organizations deal with the same kind of trouble take a few seconds to think of the number of important assets you have nearby I'm thinking of my phone wallet and keys for example next imagine that you're just joined a security team for a small online retailer the company has been growing over the past few years adding more and more customers as a result they're expanding

their security department to protect the increasing numbers of assets they have let's say each of you are responsible for 10 assets that's a lot of assets even in the small business setting that's an incredible amount of things that needs protecting a fundamental truth of security is you can only protect the things you account for asset management is the process of tracking assets and the risk that affects them all security plans revolve around Asset Management recall that assets include any item perceived as having value to our organization equipment data and intellectual property are just a few

of the wide range of assets businesses want to protect a critical part of every organization security plan is keeping track of its assets asset man management starts with having an asset inventory a catalog of assets that need to be protected this is an essential part of protecting organizational assets without this record organizations runs the risk of losing track of all that's important to them a good way to think of asset inventories is as a Shepherd protecting sheep having an accurate count of the number of sheep help in a lot of ways for example it would

be easier to allocate resources like food to take care of them another benefit of asset inventory might be that you get an alert if one of them goes missing once more think of the important assets you have nearby just like me you're probably able to rate them according to the level of importance I would rank my wallet ahead of my shoes for example in security this practice is known as asset classification in general asset classification is the practice of labeling assets based on the sensitivity and importance to an organization organizations label assets differently many of

them follow a basic classification scheme public internal only confidential and restricted public assets can be shared with anyone internal only can be shared with anyone in the organization but should not be shared outside of it and confidential assets should only be accessed by those working on a specific project assets classified as restricted are typically highly sensitive and must be protected assets with this label are considered need to know examples include intellectual property and health or payment information for example a growing online retailer might Mark internal emails about a new product as confidential because those working

on the new product should know about it they might also label the doors at their offices with a restricted sign to keep everyone out who doesn't have a specific reason to be in there these are just a couple of everyday examples that you may be familiar with from your prior experience for the most part classification determines whether an asset can be disclosed altered or destroyed asset management is a continuous process one that helps uncover unexpected gaps in security for potential risks keeping track of all that's important to our organization is an essential part of security

planning welcome back we've covered a lot of information so far far I hope you're having as much fun exploring the role of security as I am we've explored what organization assets are and why they need protection you've also gotten a sense of the tremendous amount of asset security teams protect previously We Begin examining security asset management and the importance of keeping track of everything that's important to an organization security teams classify assets based on value next let's expand our security mindset and think about this question question what exactly is valuable about an asset these days

the answer is often information most information is in a digital form we call this data data is information that is translated processed or stored by a computer we live in a connected World billions of devices around the world are linked to the internet and are exchanging data with each other all the time in fact millions of pieces of data are being passed to your device right now now when compared to physical assets digital assets have additional challenges what you will need to understand is that protecting data depends on where that data is and what it's

doing security teams protect data in three different states in use in transit and at rest let's investigate this idea in Greater detail data in use is data being accessed by one or more users imagine being at a part with your laptop it's a nice sunny day and you stop at a bench to check your email this is an example of data in use as soon as you log in your inbox is considered to be in use next is data in transit data in transit is data traveling from one point to another while you're signed into

your account a message from one of your friends appear they sent you an interesting article about the growing security industry you decide to reply thanking them for sending this to you when you click Send this is now an example of data in transit finally there's data at rest data at rest is data not currently being accessed in this state data is typically stored on a physical device an example of data at rest would be when you finish checking your email and close your laptop you then decide to pack up and go to a nearby cafe

for breakfast as you make your way from the park towards the cafe the data in your laptop is at rest so now that we understand these states of data let's connect this back to Asset Management earlier I mentioned that information is one of the most valuable assets that companies can have information security or infos SEC is the practice of keeping data in all states away from unauthorized users weak information security is a serious problem it can lead to things like identity theft Financial loss and reputational damage these events have potential to harm organizations their partners

and their customers and there's more to consider in your work as a security analyst as our Digital World continually changes we are adapting our understanding of data at rest physical devices like our smartphones more commonly store data in the cloud meaning that our information isn't necessarily at rest just because our phone is resting on a table we should always be mindful of new vulnerabilities as our world becomes increasingly connected remember protecting data depends on where the data is and what it's doing keeping track of information is part of the puzzle that companies solve when considering

their security plan understanding the three states of data enable security teams to analyze risk and determine an asset management plan for different situations security is all about people processes and Technology it's a team effort and I mean that literally protecting assets extends well beyond one person or a group of people in an IT department the truth of the matter is that security is a culture it's a shared set of values that spans all levels of an organization these values touch everyone from employees to vendors to customers protecting digital and physical assets requires everyone to participate

which can be a challenge that's what security plans are for plans come in many shapes and sizes but they all share a common goal to be prepared for risks when they happen placing the focus on people is what leads to the most effective security plans considering the diverse backgrounds and perspectives of everyone involved ensure that no one is left out when something goes wrong we talked earlier about the risk as being anything that can impact the confidentiality Integrity or availability of an asset most security plans address risks by breaking them down according to categories and

factors some common risk categories might include the damage disclosure or loss of information any of these can be due to factors like the physical damage or malfunctions of a device there are also factors like attacks and human error for example a new school teacher may be asked to sign a contract before their first day of class the agreement may warn against some common risk associated with human era like using a personal email to send sensitive information a security plan may require that all new hires sign off on this agreement effectively spreading the values that ensure

everyone's in alignment this is just one example of the types and causes of risk that a plan might address these things vary widely depending on the company but how these plans are communicated is similar across Industries security plans consist of three basic elements policies standards and procedures these three elements are how companies share their security plans these words tend to be used interchangeably outside of security but you'll soon discover that they each have a very specific meaning and function in this context a policy in security is a set of rules that reduce risk and protects

information policies are the foundation of every security plan they give everyone in and out of an organization guidance by addressing questions like what are we protecting and why policies focus on the Strategic side of things by identifying the scope objectives and limitations of a security plan for instance newly hired employees at many companies are required to sign off on acceptable use policy or a these Provisions outline secure ways that employee May access corporate systems standards are the next part these have a tactical function as they concern how well we're protecting Assets in security standards are

references that inform how to set policies a good way to think of Standards is that they create a point of reference for example many companies use the password management standard identified in N special publication 800 00- 63b to improve their security policies by specifying that employees passwords must be at least eight characters long the last part of a plan is its procedures procedures are step-by-step instructions to perform a specific security tasks organizations usually keep multiple procedure documents that are used throughout the company like how employees can choose secure passwords or how they can securely reset

a password if it's been locked sharing clear and actionable procedures with everyone creates accountability consistency and efficiency across an organization policies standards and procedures vary widely from one company to another because they are tailored to each organization's goals simply understanding the structure of security plans is a great start for now I hope you have a clear picture of what policies standards and procedures are and how they are essential to making security a team effort having a plan is just one part of securing assets once the plan is in action the other part is making sure

everyone's following along in security we call this compliance compliance is the process of adhering to internal standards and external regulations small companies and large organizations around the world Place security compliance at the top of their list of priorities at a high level maintaining trust reputation safety and the Integrity of your data are just a few reasons to be concerned about compliance fines penalties and lawsuits are other reasons this is particularly true for companies in highly regulated Industries like Health Care energy and finance being out of compliance with a regulation can cause long lasting financial and

reputational effects that can seriously impact a business regulations are rules set by a government or other authority to control the way something is done like policies regulations exist to protect people and their information but on a larger scale compliance can be a complex process because of the many regulations that exist all around the world for our purpose we're going to focus on a framework of security compliance the us-based NIS cyber security framework early in the program you learned the National Institute of Standards and technology or NIS one of the primary roles of NIS is to

openly provide companies with a set of Frameworks and security standards that reflect key security related regulations the NIS cyber security framework is a voluntary framework that consists of Standards guidelines and best practices to manage cyber security risk commonly known as the CSF this framework was developed to help businesses secure one of their most important assets information the CSF consists of three main components the core its tiers and its profile let's explore each of these together to build a better understanding of how NIS CSF is used the core is basically a simplified version of the functions

or duties of a security plan the CSF core identifies five broad functions identify protect detect respond and recover think of these categories of the core as a security checklist after the core the next n component we'll discuss is its tiers these provide security teams with a way to measure performance across each of the five functions of the core tiers range from level one to level four level one or passive indicates a function is reaching bare minimum standards level four or adaptive is an indication that a function is being performed at a emporary standard you may

have noticed that CSF tiers aren't a yes or no proposition instead there's a range of values that's because tiers are designed as a way of showing organization what is and isn't working with their security plans lastly profiles are the final component of CSF these provide insight into the current state of a security plan one way to think of profiles is like photos capturing a moment in time comparing photos of the same subject taken at different times can provide useful insights for example without these photos you might not notice how this tree has change it's the

same with n profiles good security practice is about more than avoiding fines and attacks it demonstrates that you care about people and their information before we go let's visit the course functions one more time to look at where we've been and where we're going the first function is identify our previous discussions on asset management and risk assessment relates to that function coming up we're going to focus on many of the categories of the second function the protect function meet you there well done you made it to the end of this section being a security practitioner

takes commitment and a desire to learn a big part of the job involves keeping current with the best practices and emerging Trends thinking back of my own journey into the world of security I'm so proud of you for your continued commitment we've covered a lot of material this week and this is a good time to reflect and look back on the key Concepts we explored together we covered the building blocks of organizational risk management assets threats and vulnerabilities we also spent some time demonstrating the importance of asset inventories it's much easier to protect company's assets

if you know where they are and who's responsible for them after that we moved on to explore the challenges in a rapidly changing Digital World part of protecting data in this world is understanding if it's in use in transit or at rest finally in our high level exploration of policies standards and procedures we talked about how each of them factor into achieving security goals there's no one-size fitall approach to achieving security while exploring the N cyber security framework you gain an appreciation of how it supports good security practices attackers are also constantly building their skills

and finding new ways to break through the defenses we put up remember the landscape is always Chang changing there's always more to learn if you want to be a good security practitioner next up we're going to expand our security mindset by learning more about the different systems security teams use to protect organizational assets I'm looking forward to it I was fascinated by a worldwide malware event that happened in 2017 I started watching videos and preparing to take certification tests just like you I felt overwhelmed at first but my curiosity and passion has driven me to

continue learning in this field I always remind myself that no one is born knowing everything and everyone is on a Learning Journey even now I still remember what it was like to start out in this profession so believe me when I tell you that you're making great progress and I am proud of your effort now before looking ahead to where we're headed on our journey into the world of security let's take a moment to look back on where we've been previously we focused mostly on the concept of of assets and risk and security we covered

topics like the importance of managing assets and keeping them safe we discussed how the digital world presents new challenges and opportunities in the field of security we also spent some time exploring security plans with this solid foundation we're ready to keep expanding our security mindset in this section we'll cover the security controls that are used to proactively keep assets safe I use the word proactively there on purpose as you'll soon however these controls are the protections that we put in place to stop problems before they happen we're going to begin by taking an in-depth look

at privacy here you'll learn about the effective data handling processes that keep information safe next you explore the role of encryption in hashing and safeguarding information finally you'll learn about the standard access controls that companies use to authorize and authenticate users all right are you ready to keep moving ahead I know I am these days information is in so many places at once as a result organizations are under a lot of pressure to implement effective security controls that protects everyone's information from being stolen or exposed security controls are safeguards designed to reduce specific security risks

they include a wide range of tools that protect assets before during and after an event security controls can be organized into three types technical operational and manurial technical control types include the many Technologies used to protect assets this includes encryption authentication systems and others operational controls relate to maintaining the day-to-day security environment generally people perform these controls like awareness training and incident response manurial controls are centered around how the other two reduce risk examples of management controls include policies standards and procedures typically a organization security policy outlines the controls needed to achieve their goals information

privacy plays a key role in these decisions information privacy is the protection of unauthorized access and distribution of data information privacy is about the right to choose people and organizations alike deserve the right to decide when how and to what extent private information about them is shared security controls are the Technologies used to regulate information privacy for example imagine using a travel app to book a flight you might browse through a list of flights and find one at a good price to reserve a seat you enter some personal information like your name email and credit

card number for payment the transaction goes through successfully and you've booked your flight now you reasonably expect the airline company to access this information you enter when signing up to complete the reservation however should everyone at the company have access to your information a person working in the marketing department shouldn't need access to your credit card information it makes sense to share that information with a customer support agent ascept they should only need to access it while helping with your reservation to maintain privacy security controls are intended to limit access based on the user and

situation this is known as the principle of lease privilege security controls should be designed with the principle of least privilege in mind when they are they rely on differentiating between data owners and data custodians a data owner is a person who decides who can access edit use or destroy their information the idea is very straightforward except in cases where there are multiple owners for example the intellectual property of an organization can have multiple data owners a data custodian is anyone or anything that's responsible for the safe handling transport and storage of information did you notice

that I mentioned anything that's because aside from people organizations and their systems are also custodians of people's information there are other considerations besides these when implementing security controls remember that data is an asset like any other asset information privacy requires proper classification and handling as we progress in this section we'll continue exploring other security controls that make this possible [Music] possible hello my name is Heather and I'm the vice president of security engineering at Google pii is everywhere it's a fundamental part of how we are all working online all the time if you are using

online resources you are probably putting your pii out there somewhere there's some of your pii that lots of people know such as your name and then there's sensitive data that you don't want very many people to know such as your bank account number or your private medical health information and so we make these distinctions often because this kind of information needs to be handled differently everything that we do now from uh school to voting to registering our car um happens online and because of that it's so important that we have safety built-in by default into

all of our systems here are some tips you should always encrypt the data as much as you can when it's being stored at rust and secondly when it's transiting over the Internet we always want to encrypt it using TLS or SSL third within your company you should think very clearly about who has access to that data it should be almost no one if it's very sensitive and in the rare case cases where somebody does need to access that data there should be a record of that access who accessed it and a justification as to why

and you should have a program to look at the audit records for that data the most important thing to remember is if you have a situation where pii has been compromised remember that's someone's personal information and your response wants to be grounded in that reality they need to be able to trust the infrastructure the systems the websites the devices they need to be able to trust the experience they're having and for me that's the mission to help keep billions of people safe online every day the internet is an open public system with a lot of

data flowing through it even though we all send and store information online there's some information that we choose to keep private insecurity this type of data is known as personally identifiable information personally identifiable information or pii is any information that can be used to infer an individual's identity this can include things like someone's name medical and financial information photos emails or fingerprints maintaining the privacy of pii online is difficult it takes the right security controls to do so one of the main security controls used used to protect information online is cryptography cryptography is the process

of transforming information into a form that unintended readers can't understand data of any kind is kept secret using a two-step process encryption to hide the information and decryption to unhide it imagine sending an email to a friend the process starts by taking data in its original and readable form known as plain text encryption takes that information and scrambles it into an unreadable form known as Cipher text we then use decryption to unscramble the cipher text back into plain text form making it readable again hiding and unhiding private information is a practice that's been around for

a long time way before computers one of the earliest cryptographic methods is known as Caesar Cipher this method is named after a Roman general Julius Caesar who ruled the Roman Empire near the end of the first century BC he used it to keep messages between him and his military generals private Caesar Cipher is a pretty simple algorithm that works by shifting letters in the Roman alphabet forward by a fixed number of spaces an algorithm is a set of rules that solve a problem specifically in cryptography a cipher is an algorithm that encrypts information for example

a message encoded with Caesar Cipher using a shift of three would encode an a as a d a b as an e a c as an f and so on in this example you could send a friend a message that said hello using a shift of three and it would read k h o o r now you might be wondering how would you know the shift a message encrypted with Caesar Cipher is using the answer to that is you need the key a cryptographic key is a mechanism that decrypts Cipher text in our example the

key would tell you that my message is encrypted by three shifts with that information you can unlock the hidden message every form of encryption relies on both a cipher and key to secure the exchange of information Cesar Cipher is not widely used today because of a couple of major flaws one concerns the cipher itself the other relates to the key this particular Cipher relies entirely on the characters of the Roman alphabet to hide information for example consider a message written using the English alphabet which is only 26 characters even without the key it's pretty simple

to crack a message secured with Caesar Cipher by shifting letters 26 different ways in information security this tactic is known as Brute Force attack a trial and error process of discovering private information the other major flaw or Caesar Cipher is that it relies on a single key if that key was lost or stolen there's there's nothing stopping someone from accessing private information properly keeping track of cryptographic keys is an important part of security to start it's important to ensure that these keys are not stored in public places and to share them separately from the information

they will decrypt Caesar Cipher is just one of many algorithms used to protect people's privacy due to its limitations we rely on more complex algorithms to secure information online our next focus is exploring ing how modern algorithms work to keep information private computers use a lot of encryption algorithms to send and store information online they're all helpful when it comes to hiding private information but only as long as their keys are protected can you imagine having to keep track of the encryption Keys protecting all of your personal information online neither can I and we don't

have to thanks to something known as public key infrastructure rure public key infrastructure or pki is an encryption framework that secures the exchange of information online it's a broad system that makes accessing information fast easy and secure so how does it all work pki is a two-step process it all starts with the exchange of encrypted information this involves either asymmetric encryption symmetric encryption or both asymmetric encryption involves the use of a public private key pair for encryption and decryption of data let's imagine this as a box that can be opened with two keys one key

the public key can only be used to access the slot and add items to the box since the public key can't be used to remove items it can be copied and shared with people all around the world to add items on the other hand the second key the private key opens the Box fully so that the items inside can be removed only the owner of the box have access to the private key that unlocks it using a public key allows the people and servers you're communicating with to see and send you encrypted information that only

you can decrypt with your private key this two key system makes asymmetric encryption a secure way to exchange information online however it also slows down the process symmetric encryption on the other hand is a faster and simpler approach to Key Management symmetric encryption involves the use of a single secret key to exchange information let's imagine the lock box again instead of two keys symmetric encryption uses the same key the owner can use it to open the box add items and close it again when they want to share access they can give the secret key to

anyone else to do the same exchanging a single secret key may make web Communications faster but it also makes it less secure pki uses both asymmetric and symmetric encryption sometimes in conjunction with one another it all depends on whether speed or security is the priority for example mobile applications use asymmetric encryption to establish a connection between people at the start of a conversation when security is the priority afterwards when the speed of communications back and forth is the priority symmetric encryption takes over while both have their own strengths and weaknesses they share a common vulnerability

establishing trust between the s and receiver both processes rely on sharing keys that can be misused lost or stolen this isn't a problem when we exchange information in person because we can use our senses to tell the difference between those we trust and those we don't trust computers on the other hand aren't naturally equipped to make this distinction that's where the second step of pki applies pki addresses the vulnerability of key sharing by establishing trust using a system of digital certificates between computers and networks a digital certificate is a file that verifies the identity of

a public keyh holder most online information is exchange using digital certificates users companies and networks hold one and exchange them when communicating information online as a way of signaling trust let's look at an example of how digital certificates are created let's say an online business is about to launch their website and they want to obtain a digital certificate when they register their domain the hosting company sends certain information over to a trusted certificate Authority or CA the information provided is usually basic things like the company name and the country where its headquarters are located a

public key for the site is also provided the certificate Authority then uses this data to verify the company's identity when it's confirmed the ca encrypts the data with its own private key finally they create a digital certificate that contains the encrypted company data it also contains CA digital signature to prove that it's authentic digital certificates are a lot like a digital ID badge that's used online to restrict or Grant access to information this is how pki solves the trust issue combined with asymmetric and symmetric encryption this two-step approach to exchanging secure information between trusted sources

is what makes pki such a useful security control Security Professionals are always thinking about vulnerabilities it's how we stay ahead of threats we spent some time together exploring a couple forms of encryption the two types we've discussed produce keys that are shared when communicating information encryption keys are vulnerable to being lost or stolen which can lead to sensitive information at risk let's explore another security control that helps companies address this weakness a hash function is an algorithm that produces a code that can't be decrypted unlike asymmetric and symmetric algorithms hash functions are one-way processes that

do not generate decryption Keys instead these algorithms produce a unique identifier known as a hash value or digest here's an example to demonstrate this imagine a company has an internal application that is used by employees and is stored in a shared drive after passing through a hashen function the program receives is Hash value for example purposes we created this relatively short hash value with the md5 hashing function generally standard hash functions that produce longer hashes are preferred for being more secure next let's imagine a Tor replaces the program with a modified version that performs malicious

actions the malicious program may work like the original however if so much as one line of code is different from the original it will produce a different hash value by comparing the hash values we can validate that the programs are different attackers use tricks like this often because they're easily overlooked fortunately hash values help us identify when something like this is happening in security hashes are primarily used as a way to determine the Integrity of files and applications data Integrity relates to the accuracy and consistency of information this is known as non-repudiation the concept that

the authenticity of information can't be denied hash functions are important security controls that make proven data Integrity possible analysts use them frequently one way to do this is by finding the hash value of files or applications and comparing them against known malicious files for example we can use the Linux command line to generate the hash value for any file on your computer we just launch the shell and type the name of the hashing algorithm we want to use in this case we're using a common one known as Shaw 256 next we need to enter the

file name of any file we want to Hash let's hash the contents of new file.txt now we'll press enter the terminal generates this unique hash value for the file these tools can be compared with the hash values of known online viruses one such database is virus total this is a popular tool among security practitioners that's useful for analyzing suspicious files domains IPS and URLs as we've explored even the slightest change in input results in a totally different hash value hash functions are intentionally designed this way to assist with matters of non-repudiation they equip computers with

a quick and easy way to compare input and output values and validate data Integrity pretty cool right protecting data is a fundamental feature of security controls when it comes to keeping information safe and secure hashing and encryption are powerful yet limited tools managing who or what has access to information is also key to safeguarding information the next series of controls that we'll be exploring are access controls the security controls that manage access authorization and accountability of information when done well asset controls maintain data confidentiality integrity and availability they also get users the information they need

quickly these systems are commonly broken down into three separate yet related functions known as the authentication authorization and accounting framework each control has its own protocol and systems that make them work in this video let's get comfortable with the basics of the first one on the list authentication authentication systems are access controls that serve a very basic purpose they ask anything attempting to access information this simple question who are you organizations go about collecting answers to these questions differently depending on the objectives of their security policy some are more thorough than others but in general

responses to this question can be based on three factors of authentication the first is knowledge authentication by knowledge refers to something the user knows like a password or the answer to a security question they provided previously another factor is ownership referring to something the user possesses a commonly used type of authentication by ownership is a one-time passcode or OTP you probably experience these at one time or another they're a random number sequence that an application or website will send you via text or email and ask you to provide last is characteristic authentication by this factor

is something the user is Biometrics like fingerprint scans on your smartphone are example of this type of Authentication while not used everywhere this form of authentication is becoming more common because it's much tougher for criminals to impersonate someone if they have to mimic a fingerprint or facial scan as opposed to a password the information provided during authentication needs to match the information on file for these access controls to work when the credentials don't match authentication fails and access is denied when they match access is granted incorrectly denying access can be frustrating to anyone to make

access systems more convenient many organizations these days rely on single sign on single sign on or SSO is a technology that combines several different logins into one can you imagine having to reintroduce yourself every time you meet up with a friend that's exactly the sort of problem SSO solves instead of requiring users to authenticate over and over again SSO establishes their identity once allowing them to gain access to company resources faster while SSO systems are helpful when it comes to speeding up the authentication process they present a significant vulnerability when used alone denying access to

authorized users can be frustrating but you know what's even worse incorrectly granting access to the wrong user SSO technology is great but not if it relies on just a single factor of authentication adding more authentication factors strengthen these systems multiactor authentic ation or MFA is a security measure which requires a user to verify their identity in two or more ways to access a system or network MFA combines two or more independent credentials like knowledge and ownership to prove that someone is who they claim to be SSO and MFA are often used in conjunction with one

another to layer the defense capabilities of authentication systems when both are used organizations can ensure convenient access that is also secure now that we covered authentication we're ready to explore the second part of the framework next we'll learn about authorization access is as much about authorization as it is about authentication one of the most important functions of access controls is how they assign responsibility for certain systems and processes next up in our exploration of Access Control Systems are the mechanisms of authorization these protocols actually work closely together with authentication Technologies while one validates who the

user is the other determines what they're allowed to do let's take a look at the next part of authentication authorization and accounting framework that protects private information earlier we learned about the principle of lease privilege authorization is linked to the idea that access to information only lasts as long as needed authorization systems are also heavily influenced by this idea in addition to another important security principle the separation of Duties separation of Duties is the principle that users should not be given levels of authorization that will allow them to misuse a system separating duties reduces the

risk of system failures and inappropriate behavior from users for example a person responsible for providing customer service shouldn't also be authorized to rate their own performance in this position they could easily neglect their duties while continuing to give themselves High marks with no oversight similarly if one person was authorized to develop and test a security system they're much more likely to be unaware of its weaknesses both the principle of least privilege and the concept of separating duties apply to more than just people they apply to all systems including networks databases processes and any other aspect

of an organization ultimately authorization depends on a system or user's role when it comes to securing data over a network there are a couple of frequently used access controls that you should be familiar with HTT basic o and oo have you ever wondered what the HTTP and web addresses stood for it stands for hypertext transfer protocol which is how Communications are established over a network HTP uses what is known as basic off the technology used to establish a user's request to access access a server basic off works by sending an identifier every time a user

communicates with a web page some websites still use basic off to tell whether or not someone is authorized to access information on that site however the protocol is considered to be vulnerable to attacks because it transmits usernames and password openly over the network most websites today use https instead which stands for hypertext transfer protocol secure this protocol doesn't expose sensitive information like access credentials when communicating over the network another secure authentication technology used today is ooth ooth is an open standard authorization protocol that shares designated access between applications for example you can tell Google that

it's okay for another website to access your profile to create an account instead of requesting and sending sensitive usernames and passwords over the network ooth uses API tokens to to verify access between you and a service provider an API token is a small block of encrypted code that contains information about a user these tokens contain things like your identity site permissions and more o off sends and receives access requests using API tokens by passing them from a server to a user's device let's explore what's going on behind the scenes when you authorize a site to

create an account using your Google profile all of Google's usual login Protocols are still active if you have multiactor authentication enabled on your account and you should you'll still have the security benefits that it provides API tokens minimize risk in a major way these API tokens serve as an additional layer of encryption that helps to keep your Google password safe in the event of a breach on another platform basic o and oo are just a couple examples of authorization tools that are designed with the principles of least privilege and separation of Duty in mind there

are many other controls that help limit the risk of unauthorized access to information in addition to controlling access is also important to monitor it in our next video we'll focus on the third and final part of the authentication authorization and accounting framework have you ever wondered if your employer is keeping a record when you log into company systems well they are if they're implementing the third and final function of the the authentication authorization and accounting framework accounting is the practice of monitoring the access logs of a system these laws contain information like who accessed the

system and when they accessed it and what resources they use security analysts use access logs a lot the data they contain is a helpful way to identify trends like failed login attempts they also use to uncover hackers who have gained access to a system and for detecting an incident like a data breach in this fi access logs are essential often times analyzing them is the first procedure you'll follow when investigating a security event so How do access logs compile all this useful information let's examine this more closely anytime a user accesses a system they initiate

what's called a session a session is a sequence of network HTTP basic Au requests and responses associated with the same user like when you visit a website assess logs are essentially records of sessions that capture the moment a user enters a system until the moment they leave it two actions are triggered when the session begins the first is the creation of a session ID a session ID is a unique token that identifies a user and their device while accessing the system session IDs are attached to the user until they either close their browser or the

session times out the second action that takes place at the start of a session is an a shame change of session cookies between the server and a user's device a session cookie is a token that websites use to validate a session and determine how long that session should last when cookies are exchanged between your computer and a server your session ID is read to determine what information the website should show you cookies make web sessions safer and more efficient the exchange of tokens mean that no sensitive information like usernames and passwords are shared session cookies

prevent attackers from obtaining sensitive data however there's other damage that they can do with a stolen cookie an attacker can impersonate a user using their session token this kind of attack is known as session hijacking session hijacking is an event when attackers obtain a legitimate user session ID during these kinds of attacks cyber criminals impersonate the user causing all sorts of harm money or private data can be stolen if for example hijackers obtain a single sign on credential from stolen cookies they can even gain access to additional systems that otherwise seem secure this is one

reason why accounting and monitoring session logs is so important unusual activity on access logs can be an indication that information has been improperly accessed or stolen at the end of the day accounting is how we gain valuable Insight that makes information safer [Music] my name is Tim and I work on the detection of response team at Google you can think of us as the smoke detectors and the fire departments at Google so you know what our job is is to detect harmful activity that may affect Google and its users the sticks here are very very

high so imagine what you have on Google know whether it's docs it's pictures your financial information uh some of your you know some of your secrets some things that you don't want anybody to know those are the things that we're protecting cyber Security Professionals are there to protect the most valuable assets at a company you'll be there to protect that and that direct line from what you're doing to what the the company feels is most important and most valuable and protecting that I think provides a lot of purpose for folks and provides a lot of

motivation and provides the basis and the foundation for a very very satisfying career cyber security is a profoundly rewarding career right it is a function that is critical at many many companies and it is a career that is in high demand and there is an absolute shortage of talented labor out there so from that aspect if you're looking for a path to a viable long-term rewarding career this is as straight a path to that as you can imagine our focus in this section was on a major theme of security protecting assets a large part of

this relates to privacy we should all enjoy the right to decide who can access our information as we learned there are several controls in place that help secure assets We Begin the section by exploring effective data handling processes that are found on the principle of least privilege we then explored the role of encryption and hashing and safeguarding information we explored how symmetric and asymmetric encryption works and how hashes further Safeguard data from harm we then turned our attention to standard access controls properly authenticating and authorizing users is what maintaining the CIA Triad of information is

all about we use the AAA framework of security to take a detailed tour of identity and assess Management systems and the assess controls that validate whether or not someone is who they claim to be well done making it through the first half of the course you're making great progress so far and I hope you keep it up remember your background and experiences are valuable in this field this combined with the concepts we're covering would make you a valuable contributor to any security team up until this point we've been exploring the defensive side of security but

security isn't all about planning ahead and waiting for something to happen in the next part of our journey we're going to continue developing a security mindset by taking a more proactive look at security from the perspective of attackers I'll meet you there wow we've covered a lot together it's hard to believe we reached the midpoint of this course I hope you're getting a clearer picture of this exciting feel and all the opportunities it has to offer and most importantly I hope you're having fun doing it we've come a long ways from where we started when

we begin our journey together we were introduced to the three building blocks of every security program assets threats and vulnerabilities we focused a lot on assets early on and the wide range of things Security Professionals work to protect we then turned our attention to a core component of asset security protecting assets you learned about the importance of garden sensitive information you also learned about some security controls that protect information from being lost or stolen on the next part of our journey we're going to turn our Focus to vulnerabilities every asset we protect Tech has a

series of vulnerabilities or flaws that we need to be aware of staying informed of these things is a critical part of protecting people and organizations from harm in this next part of the course you will gain an understanding of the vulnerability management process first you'll explore a common approach to vulnerability management the defense and depth model then you will learn about how vulnerabilities are documented in online libraries like the cve list we'll discuss the tax surfaces security teams protect and lastly you will expand your attacker mindset by exploring the common attack vectors cyber criminals try

to exploit security analysts play an important role in identifying and correcting vulnerabilities and systems I know I'm excited to keep exploring are you then let's go for every asset that needs protecting there are dozens of vulnerabilities finding those vulnerabilities and fixing them before they become a problem is the key to keep an asset safe we've already covered what a vulnerability is recall that a vulnerability is a weakness that can be exploited by a threat that word can is an important part of this description why is that let's explore that together to find out more imagine

I handed you an important document and asked you to keep it safe how would you do that some of you might first think about locking it up in a safe place behind this is the understanding that because documents can be easily moved they are vulnerable to death when other vulnerabilities come to mind like how paper burns easily or doesn't resist water you might add other protections similar to this example security teams plan to protect assets according to their vulnerabilities and how they can be exploited in security and exploit is a way of taking advantage of

a vulnerability besides finding vulnerabilities security planning relies a lot on thinking of a exploits for example there are burglar out there who want to cause harm homes have vulnerable systems that can be exploited by a burglar an example are the windows glass is vulnerable to being broken a burglar can exploit this vulnerability by using a rock to break the window thinking of this vulnerability and exploit ahead of time allows us to plan ahead we can have an alarm system in place to scare the burglar away and alert the Police security teams spend a lot of

time finding vulnerabilities and thinking of how they can be exploited they do this with a process known as vulnerability management vulnerability management is the process of finding and patching vulnerabilities vulnerability management help keep assets safe it's a method of stopping threats before they can become a problem vulnerability management is a four-step process the first step is to identify vulnerabilities the next step is to consider potential exploits of those vulnerabilities third is to prepare defenses against threats and finally the fourth step is to evaluate those defenses when the last step ends the process starts again vulnerability

management happens in a cycle it's a regular part of what security teams do because there are always new vulnerabilities to be concerned about this is exactly why a diverse set of perspectives is useful having a wide range of background grounds and experiences only shengen security teams and their ability to find exploits however even large and diverse security teams can't keep track of everything new vulnerabilities are constantly being discovered these are known as zero day exploits a zero day is an exploit that was previously unknown the term zero day refers to the fact that the exploit

is happening in real time with zero days to fix it these kind of exploits are dangerous they represent threats that haven't been planned for yet for example we can anticipate the possibility of a burglar breaking into our home we can plan for this type of threat by having defenses in place like locks on the doors and windows a zero day exploit would be something totally unexpected like the lock on the door falling off from intense heat zero day exploits are things that don't normally come to mind for example this might be a new form of

spyware infecting a popular website when zero day EXP happen they can leave assets even more vulnerable to threats they already are vulnerability management is the process of finding vulnerabilities and fixing their exploits that's why the process is performed regularly at most organizations perhaps the most important step of the process is identifying vulnerabilities we'll explore this step in more details next time we get together I'll meet you again then a layer defense is difficult to penetrate when one barrier fails another takes its place to stop and attack defense in depth is a security model that makes

use of this concept it's a layered approach to vulnerability management that reduces risks defense in depth is commonly referred to as the castle approach because it resembles the layered defenses of a castle in the Middle Ages these structures were very difficult to penetrate they featured different defenses each unique in its design that POS different challenges for attackers for example a water-filled barrier called a moat usually formed a circle around the castle preventing threats like large groups of attackers from reaching the castle walls the few soldiers that made it pass the first layer of Defense were

then faced with a new challenge giant stone walls a vulnerability of these structures were that they could be climbed if attackers tried exploiting that weakness guess what they were met with another layer of Defense watchtowers filled with Defenders ready to shoot arrows and keep them from climbing each level of Defense of these mideval structures minimize the risk of attacks by identifying vulnerabilities and implementing a security control should one system fail defense and depth Works in a similar way the defense and depth concept can be used to protect any asset it's mainly used in cyber security

to protect information using a five layer design each layer features a number of security controls that protect information as it travels in and out of the model the first layer of defense and depth is the perimeter layer this layer includes some technologies that we've already explored like usernames and passwords mainly this is a user authentication layer that filters external access its function is to only allow assess to trusted Partners to reach the next layer of Defense second the network layer is more closely aligned with authorization the network layer is made up of other Technologies like

Network firewalls and others next is the endpoint layer endpoints refer to the devices that have access on a network they could be devices like a laptop desktop or a server some examples of technologies that protect these devices are antivirus software after that we get to the application layer this includes all the interfaces that are used to interact with technology at this layer security measures are programmed as part of an application one common example is multiactor authentication you may be familiar with having to enter both your password and a code sent by SMS this is part

of the application layer of defense and finally the fifth layer of defense is the data layer at this layer we've arrived at the critical data that must be protected like personally identif if iable information one security control that is important here in this final layer of defense is assets classification like I mentioned earlier information passes in and out of each of these five layers whenever it's exchanged over a network there are many more security controls aside from the few that I mentioned that are part of the defense in depth Model A lot of businesses design

their security systems using the defense in-depth model understanding this framework hopefully gives you a better sense of how an organization security controls work together to protect important assets we've discussed before that security is a team effort did you know the group extends well beyond a single security team protecting information is a global effort when it comes to vulnerabilities there are actually online public libraries individuals and organizations use them to share and document common vulnerabilities and exposures we've been focusing a lot on vulnerabilities exposures are similar but they have a key difference while a vulnerability is

a weakness of a system an exposure is a mistake that can be exploited by a threat for example imagine you're asked to protect an important document documents are vulnerable to being misplaced if you laid the document down near an open window it could be exposed to being being blown away one of the most popular libraries of vulnerabilities and exposures is the cve list the common vulnerabilities and exposures list or cve list is an openly accessible dictionary of known vulnerabilities and exposures it is a popular resource many organizations use the cve list to find ways to

improve their defenses the cve list was originally created by miter Corporation in 1999 merer is a collection of nonprofit research and development centers they're sponsored by the US government their focus is on improving security Technologies around the world the main purpose of the cve list is to offer a standard way of identifying and categorizing known vulnerabilities and exposures most cves in the list are reported by independent researchers technology vendors and ethical hackers but anyone can report one before a cve can make make it onto the cve list it first goes through a strict review process

by a cve numbering Authority or CNA a CNA is an organization that volunteers to analyze and distribute information on eligible cve all of these groups have an established record of researching vulnerabilities and demonstrating security advisory capabilities when a vulnerability or exposure is reported to them a rigorous testing process takes place the cve list tests four criteria that a vulnerability must have before it's assigned an ID first it must be independent of other issues in other words the vulnerability should be able to be fixed without having to fix something else second it must be recognized as

a potential security Risk by whoever reports it third the vulnerability must be submitted with supporting evidence and finally the report rep vulnerability can only affect one code base or in other words only one program source code for instance the desktop version of Chrome may be vulnerable but the Android application may not be if the reported flaw passes all of these tests it is assigned a cve ID vulnerabilities added to the cve list are often reviewed by other online vulnerability databases these organizations put them through additional tests to reveal how significant the flaws are and to

determine what kind of threat they pose one of the most popular is the NIS National vulnerabilities database the NIS National vulnerabilities database uses what's known as the common vulnerability scoring system or CVSs which is a measurement system that scores the severity of a vulnerability security teams use CVSs as a way of calculating the impact a vulnerability could have on a system they also use them to determine how quickly a vulnerability should be patched the N National vulnerabilities database provide a base score of cve on a scale of 0 to 10 base scores reflect the moment

of vulnerability is evaluated so they don't change over time in general a CVSs that scores below a 4.0 is considered to be low risk and doesn't require immediate attention however anything above 9.0 is considered to be a critical risk to company assets that should be addressed right away security teams commonly use to cve list and CVSs scores as part of their vulnerability management strategy these references provide recommendations for prioritizing security fixes like installing software updates before patches libraries like the cve list help organizations answer questions is a vulnerability dangerous to our business if so how

soon should we address it these online libraries bring together diverse perspectives from across the world contributing to this effort is one of my favorite parts of working in this field keep gaining experience and I hope you participate too our exploration of the vulnerability management process so far has been focused on a couple of topics we've discussed how vulnerabilities influence the design of defenses we've also talked about how common vulnerabilities are shared a topic we've yet to cover is how vulnerabilities are found in the first place weaknesses and flaws are generally found during a vulnerability assessment

a vulnerability assessment is the internal review process of an organization security systems these assessments work similar to the process of identifying and categorizing vulnerabilities on the cve list the main difference is an organization security team performs evaluates scores and fixes them on their own security analysts play a key role throughout this process overall the goal of a vulnerability assessment is to identify weak points and prevent attacks they're also how security teams determine whether their security controls meet regulatory standards organizations perform vulnerability assessments a lot because companies have so many assets to protect security teams sometimes

need to select which areas to to focus on through vulnerability assessments once they decide what to focus on vulnerability assessments typically follow a four-step process the first step is identification here scanning tools and manual testing are used to find vulnerabilities during the identification step the goal is to understand the current state of a security system like taking a picture of it a large number of findings usually appear after identification the next step of the process is vulnerability analysis during this step each of the vulnerabilities that were identified are tested like being a digital detective the

goal of vulnerability analysis is to find the source of the problem the third step of the process is risk assessment during this step of the process a score is assigned to each vulnerability this score is assigned based on two factors how severe the impact would be if the vulnerability were to be exploited and the likelihood of this happening vulnerabilities uncovered during the first two steps of this process often outnumber the people available to fix them risk assessments are a way of prioritizing resources to handle the vulnerabilities that need to be addressed based on their score

the fourth and final step of vulnerability assessment is remediation it's during this step that the vulnerabilities that can impact the organization are addressed remediation occurs depending on the severity score assigned during the risk assessment step this part of the process is normally a joint effort between the security staff and it teams to come up with the best approach to fixing the vulnerabilities that were uncovered earlier examples of remediation steps might include things like enforcing new security procedures updating operating systems or implementing system patches vulnerability assessments are great for identifying the flaws of a system most

organizations use them to search for problems before they happen but how do we know where to search when we get together again we'll explore how companies figure this [Music] out my name is Ahad I'm a corporate operations engineer at Google all I do is solve problems googlers have problems they need somebody to talk to they usually talk to us if you ask me at 18 years old where I'd be now I would have never told you I'd be working as a security engineer I would have told you I'd be working in a prison I'd be

working as a police officer some Township and just working the regular 9 to-5 shift after high school I went on to work at Trenton State Prison which is the only Maximum Security Prison in New Jersey it was very stressful but at the same time it's what I wanted to do at the time or at least that's what I thought I wanted to do at the time 5 years after becoming a correction officer I took the test again to be a sheriff's officer and on the last day of that Academy I decided this wasn't for me

I was tired of being on my face toing push-ups I was tired of being yelled at I went home and I did what everybody else would do do Google search and I saw one for Google and it was a residency program as the top of the list and I applied to it as a joke I even told my friends at times like oh I'm just going to apply this I'm not going to get in I had no reference no connections I knew nobody that worked at Google and within a couple days a recruiter reached out

to me she said I think you're a great fit you're a career changer I like your application I like your resume I think you'd be a great fit all the interviews like my background they like that I selftaught a lot of interviews were able to relate to me they said hey I did the same thing from there I was off for the job and I started my career career when I was in orientation uh somebody right next to me was actually the validator of Princeton here I am with no college degree no exposure no work

experience now I'm in the same company for career Changers what you have that other people don't have is a different mindset you're coming from experience outside the technical space that you can transfer into the technical space don't forget that we all have skill sets that can help you in the field that's what employees are looking for that's what hiring managers are looking for one thing I learned as a correction officer is how to risk every situation is different just like the security space every risk is different every vulnerability is different every threat is different you

can teach somebody Tech you can't teach them a life of skills outside of tech if I were to go back and tell my 18-year-old self one piece of advice it would be don't be scared do it the Korean cyber security is very fun it's very interesting it'll work your brain it change my life it'll change yours as well there's a wide range of vulnerabilities and systems that need need to be found assessing those weaknesses is a timeconsuming process to position themselves ahead of threats and make the most of their limited resources companies start by understanding

the environment surrounding their operations an important part of this is getting a sense of their attack surface an attack surface is all the potential vulnerabilities that a threat actor could exploit analyzing the attack surface is usually the first thing security teams do for example imagine being part of a security team of an old castle your team would need to decide how to allocate resources to defenses giant walls Stone towers and wooden gates are a few common security controls of these structures while these are all designed to protect the assets inside from attacks they don't exactly

account for all the possibilities what if the castle were near the ocean if it were these defenses would be vulnerable to long range attacks by ship a proper understanding of the attack surface would mean your security team equipped the castle with catapults that could deal with these kinds of threats modern organizations need to concern themselves with both a physical and digital attack surface the physical attack surface is made up of people in their devices this surface can be attacked from both inside and outside the organization which makes it unique for example let's consider an unattended

laptop in a public space like a coffee shop the person responsible for it walked away while sensitive company information was visible on the screen this information is vulnerable to external threats like a business competitor who can easily record the information and exploit it an internal threat of this attack surface on the other hand is often angry employees these employees might share an organization's private information on purpose in general the physical attack surface should be filled with obstacles that deter attacks from happening we call this process security hardening security hardening is the process of strengthening a

system to reduce its vulnerabilities and attack surface in other words hardening is the act of minimizing the attack Surface by limiting its points of Entry we do this a lot in security because the smaller the attack surface the easier it is to protect in fact some security controls that we've explored previously like organization policies and access controls are common ways that organizations Harden their physical attack surface the digital attack surface is a big tougher to harden the digital attack surface includes everything that's beyond an organization's firewall in other words it includes anything that connects to

an organization online in the past organizations stored their data in a single location this mainly consists of servers that were managed on site accessing the information stored on those servers required connecting to the network the workplace managed these days information is accessed outside of an organization's Network because it's stored in the cloud information can be accessed from anywhere in the world a person can be in one part of the world fly to another place and continue working all while outside of their organization's Network cloud computing has essentially expanded the digital attack surface quicker access to

information is something we all benefit from but it comes with a cost organizations of all sizes are under more pressure to defend against threats coming from different entry points when we get together next time we'll explore why this is such a [Music] challenge hi I'm Nero and I lead the red team at goo the red team at Google simulates attackers that are trying to hack into Google they function as a powering partner for the blue team that is the teams that build security controls detection pipelines or respond to incidents so we have test all of

those by simulating adversaries so we hack into Google to make it harder to hack into Google so it's like hey we found these issues with your system now here are some recommendations we have and how can we help you fix this thinking like an attacker is approaching a problem like an adversary I generally have a pred position to think like an attacker it started when I was a kid and I used to play video games and um I used to ask oh do I have to beat the game in the way it's intended do I

have to get the objective in the standard path looking at a system and asking the question can I break into it um how do I break into it what is likely to fail if it fails what does that give me it's about taking apart systems and trying to understand it threat modeling is integral to almost anything a security professional does it's about challenging assumptions it's about approaching things from a different perspective rather than looking at the system from the perspective of a developer uh who is thinking about how do I build the system in a

way that works for people you're putting on the the Hat of an attacker and saying if I looked at the system how would I break into it it's important for Security Professionals to think like an attacker because you code more defensively you build things more defensively and you break things more offensively um and what that means is you're building in this resilience into the system and you're building in all these safeguards that are going to help protect the data the systems and the people in order to build my um attacker mindset what I did is

I would go pick people's brains what that means is I can grab time with them and say Hey how do you approach the system uh what are the assumptions you're making um how do you build out the security safeguards that you're thinking about my advice for people who are trying to build their own attacker mindset is go talk to people uh be it in local meetups in conferences find yourself a CTF group uh and play these competitions with them uh see how each person in the team approaches certain things and solves for it almost everything

we do on a daily basis is online these days like banking is online grocery shopping is online the electricity grid the Water Supplies all of this has happened in a short span of time and now people are taking taking a step back and say what what does that mean for us and cyber security folks are the ones who help make sure these systems are locked down and protected against these adversaries if you're inquisitive if you like taking things apart if you like solving things um if you want to help make things secure you should join

cyber security to defend against attacks organizations need to have more than just the understanding of the growing digital landscape around them positioning themselves ahead of a cyber threat also takes understanding the type of attacks that can be used against them last time we begin exploring how the cloud has expanded the digital attack surface that organizations protect as a result cloud computing has led to an increase in the number of attacked vectors available attacked vectors refer to the pathways attackers use to penetrate security defenses like the doors and windows of a home these pathways are the

exploitable futures of an attacked surface one example of an attacked Vector would be social media another would be removable media like a USB drive most people outside of security assume that cyber criminals are the only ones out there exploiting attack vectors while attack vectors are used by malicious haors to steal information other groups use them too for example employees occasionally exploit attack vectors unintentionally this happens a lot with social media platforms sometimes employees post sensitive company news that shouldn't have been shared at times this same kind of thing happens on purpose social media platforms are

also vectors that disgruntled employees use to intentionally share confidential information that can harm the company we all treat attack vectors as critical risk to asset security attackers typically put forth a lot of effort planning their attacks before carrying them out it's up to us as Security Professionals to put an even greater amount of effort into stopping them security teams do this by thinking of each Vector with an attacker mindset this starts with a simple question how would we exploit this Vector we then go through a step-by-step process to answer our question first when practicing an

attacker mindset we identify a Target this could be specific information a system a person a group or the organization itself next we determine how the target can be accessed what information is available that an attacker might take advantage of to reach the target based on that information the third step is to evaluate the attack vectors that can be exploited to gain entry and finally we find the tools and methods of attack what will the attackers use to carry this out along the way practicing an attacker mindset provides valuable insight into the best best security controls

to implement and the vulnerabilities that need to be monitored every organization has a long list of attack vectors to defend and while there are a lot of ways to protect them there are a few common rules for doing this one key to defending attack vectors is educating users about security vulnerabilities these efforts are usually tied to an event for example advising them about a new fishing exploit that is targeting users in the organization another rule is a applying the principle of lease privilege we've explored lease privilege earlier in this section it's the idea that access

rights should be limited to what's required to perform a task like we previously explored this practice closes multiple security holes inside organization's attack surface next using the right security controls and tools can go a long way towards defending attack vectors even the most knowledgeable employees make security mistakes like accidentally clicking on a malicious Link in email having the right security tools in place like antivirus software helps to defend attack vectors more efficiently and reduce the risk of human error last but not least is building a diverse security team this is one of the best ways

to reduce the risk of attack vectors and prevent future attacks your own unique perspective can greatly improve a security team's ability to apply an attacker's mindset and stay one step ahead of potential threats keeping yourself informed is always always important in this field you're already off to a great start so keep up the good work here we are at the end of this section can you believe it I had so much fun exploring the world of vulnerabilities I hope you felt the same and more importantly I hope you got a better sense of how complex

a landscape the digital world is this environment is filled with gaps that attackers can use to gain unauthorized access to assets making it a challenge to defend we've explored a lot of information this time around so let's quickly recap what we've covered you've learned about the vulnerability management process starting with the defense and depth model you learned about the layers of this security framework and how each of them work together to build a stronger defense you then learned about the cve list that's used to find cataloged vulnerabilities this is a great addition to your growing

security toolbox after that you learned of the attack surface that businesses protect we discussed physical and digital surfaces and the challenges of defending the cloud we finished up by exploring common attack vectors where you learned how security teams use an attacker mindset to identify the security gaps that cyber criminals try to exploit every one of the vulnerabilities that we've discussed so far is faced with a number of threats when we get back together we're going to expand our attacker mindset even further by exploring specific type of attacks that cyber criminals commonly use we'll look at

things like malware and the techniques attackers use to compromise defense systems by exploring how these tools and tactics work you'll gain a clearer understanding of the threats they pose we'll then wrap up by investigating how security teams stop these threats from damaging our organizations's operations their reputation and most importantly their customers and employees you've done a fantastic job getting to this point when you're ready let's finish a journey together I'm looking forward to being back with you again here we are the final section of the course what an amazing job you've done so far putting

in the time dedication and hard work to get to this point is definitely something to celebrate but we're not through yet as we near the end of this course now is the time to focus and finish strong let's turn our attention to threats we've already explored assets vulnerabilities and the controls used to protect both a common theme between those two topics has been the wide range of assets and vulnerabilities out there the world of threats is no different if you recall threats are any circumstance or event that can negatively impact Assets in this part of

the course you're going to expand your security mindset by getting a high level view of the most dangerous threats facing organizations today first we're going to begin by exploring social engineering tactics psychological tricks that attackers use to gain unauthorized access to assets next we'll explore a common type of threat that's been around since the start of personal computers malware we're going to spend some time investigating the major types of malware after that we'll turn our attention to web-based exploits most organization these days operate in a digital space and many of them are new to it

in this section of the course you're going to learn about some of the most common threats that organizations face online finally after exploring common threats that organizations deal with we're going to wrap up by exploring the threat modeling process understanding threats is essential for a security analyst and there's a lot to cover so let's get started when you hear the word cybercriminal what comes to mind you may imagine a hacker hunched over a computer in a dark room if this is what came to mind you're not alone in fact this is what most people outside

of security think of but online criminals aren't always that different from those operating in the real world malicious hackers are just one type of online Criminal they are a specific kind that relies on sophisticated computer programming skills to pull off their attacks there are other ways to commit crimes that don't require programming skills sometimes criminals rely on a more traditional approach manip ulation social engineering is a manipulation technique that exploits human era to gain private information access or valuables these tactics trick people into breaking normal security procedures on the attacker's behalf this can lead to

data exposures widespread malware infections or unauthorized access to restricted systems social engineering attacks can happen anywhere they happen online in person and through other interactions threk actors use many different tactics to carry out their attacks some attacks can take a matter of seconds to perform for example someone impersonating text support asks an employee for their password to fix their computer other attacks can take months or longer such as threat actors monitoring an employees social media the employee might post a comment saying they've gotten a temporary position in a new role at the company an attacker

might use an opportunity like this to Target the temporary worker who is likely to be less knowledgeable about security procedures regardless of the time frame knowing what to look for can help you quickly identify and stop an attack in its tracks there are multiple stages of social engineering attacks the first is usually to prepare at this stage attackers gather information about their target using the Intel they're determined the best way to exploit them in the next stage attackers establish Trust this is often referred to as pretexting here attackers use the information they gather earlier to

open a line of communication they'll typically disguise themselves to trick their target into a false sense of trust after that attackers use persuasion tactics this stage is where the earlier preparation really matters this is when the attacker manipulates their target into volunteering information sometimes they do this by using specific vocabulary that makes them sound like a member of the organization the final stage of the process is to disconnect from the target after they collect the information they want attackers break communication with their target they disappear to cover their tracks criminals who use social engineering are

stealthy the digital world has expanded their capabilities it's also created more ways for them to go unnoticed still there are ways that we can prevent their attacks implementing manurial controls like policies standards and procedures are one of the first lines of defense for example businesses often follow the patch management standard defined in N special publication 80040 these standards are used to create procedures for updating operating systems applications and firmware that can be exploited staying informed of Trends is also a major priority for any security professional an even better defense against social engineering attacks is sharing

what you know with others attackers play on our Natural Curiosity and desire to help one another their hope is that targets won't think too hard about what's going on teaching the science of attack to others goes a long way towards preventing threats social engineering is a threat to the assets and privacy of both individuals and organizations malicious attackers use a variety of tactics to confuse and manipulate their targets when we get back together next time we're going to explore one of the most commonly used techniques that's a major problem for organizations of all sizes cyber

criminals prefer attacks that do the most amount of damage with the least amount of effort one of the most popular forms of social engineering that meets this description is fishing fishing is the use of digital Communications to trick people into revealing sensitive data or deploying malicious software fishing leverages many communication Technologies but the term is mainly used to describe attacks that arrive by email fishing attacks don't just affect individuals they are also harmful to organizations a single employee that falls for one of these tricks can give malicious attackers access to systems once inside attackers can

exploit sensitive data like customer names and product Secrets attackers who carry out these attacks commonly use fishing kits a fishing kit is a collection of software tools needed to launch a fishing campaign people with little technical background can use one of these kits each of the tools inside are designed to avoid detection as a security professional you should be aware of the three main tools inside a fishing kit so that you can quickly identify when they're being used and put a stop to it the first is malicious attachments these are fowls that are infected and

can cause harm to the organization systems fishing kits also include fake data collection forms these forms look like legitimate forms like a survey unlike a real survey they ask for sensitive information that isn't normally asked for in an email the third resource they include are fraudulent web links these open to malicious web pages that are designed to look like trusted Brands unlike actual websites these fraudulent sites are built to steal information like login credentials cyber criminals can use these tools to launch a fishing attack in many forms the most comment is through malicious emails however

they can use them in other forms of communication too most recently cyber criminals are using smishing and Vishing to trick people into revealing private information smishing is the use of text messages to obtain sensitive information or to impersonate a known source you probably received these type of messages before not only are smishing messages annoying to receive they're also difficult to prevent that's that's why some attackers send them some smishing messages are easy to detect they might show signs of being malicious like promising a cash reward for clicking an attached link that shouldn't be clicked other

times sming is hard to spot attackers sometimes use local area codes to appear legitimate some hackers can even send messages disguised as friends and families of their target to fool them into disclosing sensitive information Vishing is the exploitation of electronic voice communication to obtain sensitive information or impersonate a known source during vising attacks criminals pretend to be someone they're not for example attackers might call pretending to be a company representative they might claim that there's a problem with your account and they can offer to fix it if you provide them with sensitive information most organizations

use a few basic security measures to prevent these and any other types of fishing attacks from becoming a problem for example anti- fishing policies spread awareness and encourage users to follow data security procedures correctly employee training resources also help inform employees about things to look for when an email looks suspicious another line of defense against fishing is securing email inboxes email filters are commonly used to keep harmful messages from reaching users for example specific email addresses can be blocked using a block list organizations often use other filters like allow list to specify IP add addresses

that are approved to send mail within the company organizations also use intrusion prevention systems to look for unusual patterns in email traffic security analysts use monitoring tools like this to spot suspicious emails quarantine them and produce a log of events fishing campaigns are popular in dangerous forms of social engineering that organizations of all sizes need to deal with just a single compromised password that an attacker can get their hands on can lead to a costly data breach now that you're familiar with the tools these attackers use you're better equipped to spot fishing and prevent it

people and computers are very different from one another there is one way that we're alike you know how we're both vulnerable to getting an infection while humans can be infected by a virus that causes a cold or flu computers can be affected by malware malware is software designed to harm devices or networks malware which is short for malicious software can be spread in many ways for example it could be spread through an affected USB drive or also commonly spread between computers online devices and systems that are connected to the internet are especially vulnerable to infection

when a device becomes infected malware interferes with its normal operations attackers use malware to take control of the infected system without the user's knowledge or permission malware has been a threat to people and organizations for a long time attackers have created many different strains of malware they all vary in how they're spread five of the most common types of malware are a virus worm troen ransomware and spyware let's take a look at how each of them work a virus is malicious code written to interfere with computer operations and cause damage to data and software viruses

typically hide inside of trusted applications when the infected program is launched the virus clones itself and spreads to other files on the device an important characteristic of viruses is that they have to be activated by the user to start the infection the next kind of malware doesn't have this limitation a warm is malware that can duplicate and spread itself across systems on its own while viruses require users to perform an action like opening a file to duplicate worms use an infected device as a host they scan the connected Network for other devices worms then infect

everything on the network without requiring an action to trigger the spread viruses and worms are delivered through fishing emails and other methods before they infect a device making sure you click links only from trusted sources is one way to avoid these types of infection however attackers have have designed another form of malware that can get past this precaution a Trojan or trojan horse is M that looks like a legitimate file of program the name is a reference to an ancient Greek legend that set in the city of Troy in Troy a group of soldiers hid

inside a giant wooden horse that was presented as a gift to their enemies it was accepted and brought inside the city walls later that evening the soldiers inside the horse climbed out and attack the city like this ancient tail attackers designed Trojans to appear harmless this type of marware is typically disguised as files or useful applications to trick their target into installing them attackers often use Trojans to gain access and install another kind of malware called ransomware ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access

these kind of attacks have become very common these days a unique feature of ransomware attacks is that they make themselves known to their targets without doing this they couldn't collect the money they demand normally they decrypt the hidden data as soon as the sum of money is paid unfortunately there's no guarantee they won't return to demand more the last type of malware I want to mention is spyware spyware is malware that choose to gather and sell information with without consent consent is a key word in this case organizations also collect information about their customers like

their browsing habits and purchase history however they always give their customers the ability to opt out cyber criminals on the other hand use spyware to steal information they use spyware attacks to collect data like login credentials account pins and other types of sensitive information for their own personal gain there are many other types of malware besides these and new forms are always evolving they all pose a serious risk to individuals and organizations next time we'll explore how security teams detect and remove these kinds of threats maare has been around nearly as long as computers in

its earliest forms it was used by troublemakers as a form of digital vandalism in today's digital world malare has become a profitable crime that attackers use for their own financial gain as a security professional it's important that you remain aware of the latest Evolutions let's take a closer look at one way malare has evolved we'll then use this example to consider how maare can be spotted and how you can proactively protect against malware ransomware is one of the types of malware attackers used to steal money another and more recent type of malware is cryptojacking cryptojacking

is a form of malware that installs software to Il legally mind cryptocurrencies you may be familiar with cryptocurrency from the news if you're new to the topic cryptocurrencies are a form of digital money that have real world value like physical forms of currency there are many different types for the most part they're referred to as coins or tokens in simple terms crypto mining is a process used to obtain new coins crypto mining is similar to the process for mining for other resources like gold mining for something like gold involves Machinery such as trucks and bulldozers

that can dig through the Earth crypto coins on the other hand use computers instead rather than digging through the Earth the computers run software that dig through billions of lines of encrypted code but enough code is processed a cryptocoin can be found generally more computers mining for coins mean more cryptocurrency can be discovered criminals unfortunately figured this out beginning in 200 17 crypto jacket malware started being used to gain unauthorized control of personal computers to mine cryptocurrency since that time cryptojacking techniques have become more sophisticated criminals now regularly Target vulnerable servers to spread their mining

software devices that communicate with the infected server become infected themselves the malicious code then runs in the background mining for coins unknown to anyone cryptojacking software is hard to detect luckily Security Professionals have sophisticated tools that can help an intrusion detection system or IDs is an application that monitors system activity and alerts from possible intrusions when abnormal activity is detected like malware mining for coins the IDS alerts security Personnel despite their usefulness detection systems have a major drawback new forms of M can remain undetected fortunately there are sub up signs that indicate a device is

infected with cryptojack and software or other forms of malware by far the most telling sign of a crypto jacket infection is slow down other signs include increased CPU usage sudden system crashes and fast draining batteries another sign is unusually high electricity costs related to the resource intensive process of crypto mining it's also good to know that there are certain measures you can take to reduce the likelihood of experiencing a mare attack like cryptojacking these defenses include things like using browser extensions designed to block malware using ad blockers disabling JavaScript and staying alert on the latest

trends security analysts can also educate others in their organizations on malware attacks while crypto jacking is still relatively new attacks are becoming more common the type of malicious code cyber criminal spread is continually evolving it takes many years of experience to analyze new forms of malware nevertheless you're well on your way towards helping defend against these threats previously we explored a few types of malware whether it's it's installed on an individual computer or a network server all malicious software needs to be delivered to the Target before it can work fishing and other social engineering techniques

are common ways for malware to be delivered another way it spread is using a broad class of threats known as webbased exploits web-based exploits are malicious code or behavior that's used to take advantage of coding flaws in a web application cyber criminals Target web-based exploits to obtain sensitive personal information attacks occur because web applications interact with multiple users across multiple networks malicious hackers commonly exploit this high level of interaction using injection attacks an injection attack is malicious code inserted into a vulnerable application the infected application often appears to work normally that's because the injected code

runs in the background unknown to the user applications are vulnerable to injection attacks because they are programmed to receive data inputs this could be something the user types clicks or something one program is sharing with another when coded correctly application should be able to interpret and handle user inputs for example lessen application is expecting the user to enter a phone number this application should validate the input from the user to make sure the data is all numbers and not more than 10 digits if the input from the user doesn't meet these requirements the application should

know how to handle it web apps interact with multiple users across many platforms they also have a lot of interactive objects like images and buttons this makes it challenging for developers to think of all the ways they should sanitize their input a common and dangerous type of injection attack that's a threat to web apps is cross-site scripting cross-site scripting or xss is an injection attack that inserts code into a vulnerable website or web application these attacks are often delivered by exploiting the two languages used by most websites HTML and JavaScript both can give cyber criminals

access to everything that loads on the infected web page this can include session cookies geolocation and even webcams and microphones there are three main types of cross-site scripting attacks reflected stored and Dom base a reflected xss attack is an instance where malicious script is sent to the server and activated during the server's response a common example of this is the search bar of a website in a reflected xss attack criminals send their target a web link that appears to go to a trusted site when they click the link it sends a HTTP request to the

vulnerable site server the attacker script is then returned or reflected back to the innocent user's browser here the browser loads the militia script because it trusts the server's response with the script loaded information like section cookies are sent back to the attacker in a stored xss attack the milicia script isn't hidden in a link that needs to be sent to the server instead a stored xss attack is an instance when malicious script is injected directly on the server here attackers Target elements of a site that are served to the user this could be things like

images and buttons that load when the site is visited infected elements activate the malicious code when a user simply visits the site stored xss attacks can be damaging because the user has no way of knowing the site is infected beforehand finally there's D Bas xss Doom stands for document object model which is basically the source code of a website a dombas xss attack is an instance when malicious script exist in the web page of browser lows unlike reflected xss these attacks don't need to be sent to the server to activate in a dumb Bas attack

a malicious script can be seen in the UR URL in this example the website's URL contains parameter values the parameter values reflect input from the user here the site allows users to select color themes when the user makes a selection it appears as part of the URL in a dum based attack criminals change the parameter that suspecting an input for example they could hide malicious JavaScript in the HTML tags the browser would process the HTML and execute the JavaScript hackers use these methods of cross-site scripting to Ste sensitive information security analysts should be familiar with

this group of injection attacks however they're not the only ones as we'll discover next time let's keep exploring injection and tax by investigating another common type of web-based exploit the next one we're going to discuss as exploits the way websites access information from databases early in the program you may have learned about SQL you may recall SQL is a programming language used to create interact with and request information from a database SQL is used by most web applications for example shopping websites use it a lot imagine the databases of an online clothing store it lightly

contains a full inventory of all the items the company sells websites don't normally make users in the SQL queries manually instead they use things like menus images and buttons to show users information in a meaningful way for example when an online Shopper clicks a button to add a sweater to their cart it triggers a SQL query the query runs in the background where no one can see it you would never know from using the menus and buttons of a website but sometimes those backend queries are vulnerable to injection attacks a SQL injection is an attack

that executes unexpected queries on a database like cross-site scripting SQL injection occurs due to the lack of sanitized input the injections take place in an area of the website that are designed to accept user input a common example is the login form to access a site one of these forms might trigger a backend SQL statement like this when a user enters their credentials web forms like this one are designed to copy user input into the statement exactly as they're written the statement then sends a request to the server which runs the query websites that are

vulnerable to SQL injection inserts the user input exactly as is entered before running the code unfortunately this is a serious design flaw it commonly happens because web Developers expect people to use their inputs correctly they don't anticipate attackers exploiting them for example an attacker might insert additional SQL code this could cause the server to run a harmful query of code that wasn't expecting malicious hackers can Target these attack vectors to obtain sensitive information modifying tables and even gain administrative rights to the database the best way to defend against SQL in ctions is code that will

sanitize the input developer can write code to search for specific SQL characters this gives the server a clear idea of what inputs to expect one way this is done is with prepared statements a prepared statement is a coding technique that executes SQL statements before passing them into the database when the user input is unknown the best practice is to use these prepared statements with just a few extra lines of code a prepared statement executes the code before pass it onto the server this means the code can be validated before performing the query having well-written code

is one of the keys to preventing SQL injection security teams work with program developers to test applications for these sort of vulnerabilities like a lot of security TS it's a team effort injection attacks are just one of many types of web-based exploits that's security teams deal with we're going to explore how security teams prepare for injection attacks and other kinds of threats preparing for attacks is an important job that the entire security team is responsible for threat actors have many tools they can use depending on their target for example attacking a small business can be

different from attacking a public utility each have different assets and specific defenses to keep them safe in all cases anticipating attacks is the key to preparing for them in security we do that by performing an activity known as threat modeling threat modeling is a process of identifying assets their vulnerabilities and how each is exposed to threats we apply threat modeling to everything we protect entire systems applications or business processes all get examined from this security related perspective creating threat models is a lengthy and detailed activity they're normally performed by a collection of individuals with years

of experience in the field because of that it's considered to be an advanced skill in security however that doesn't mean you won't be involved there are several threat modeling Frameworks used in the field some are better suited for network security others are better for things like information security or application development in general there are six steps step of a threat model the first is to define the scope of the model at this stage the team determines what they're building by creating an inventory of assets and classifying them the second step is to identify threats here

the team defines all Potential Threat actors a threat actor is any person or group who presents a security risk threat actors are characterized as being internal or external for example an internal threat actor could be an employee who intentionally exposed an asset to harm an example of an external threat actor could be a malicious hacker or a competing business after threat actors have been identified the team puts together what's known as an attack tree an attack tree is a diagram that Maps threats to assets the team tries to be as detailed as possible when constructing

this diagram before moving on step three of the threat modeling process is to characterize the environment here the team applies an attacker mindset to the business they consider how the customers and employees interact with the environment other factors they consider are external partners and thirdparty vendors at step four their objective is to analyze threats here the team works together to examine existing protections and identify gaps they then rank threats according to their risk score that they assign during step five the team decides how to mitigate risks at this point the group creates their plan for

defending against threats the choices here are to avoid risk transfer it reduce it or accept it the sixth and final step is to evaluate findings at this stage everything that was done during the exercise is documented fixes are applied and the team makes note of any successes they had they also record any Lessons Learned so they can inform how they approach future threat models that's an overview of the general threat modeling process what we explored was just one of many methods that [Music] exist my name is Shantel I'm a security engineer here at Google and

I'm part of the security enablement and scaling team we secure in monitor systems um that contain sensitive information my background um initially I was going to be a heart surgeon and then I took chemistry I took chem1 and I was like nah that's not happening so my interest in cyber security came from a TV show called Mr Robot um is about a vigilante hacker trying to save the world and from there that kind of pequ my interest in security and it served as a great Foundation valuing diversity in security is important because we're exposed to

a broad range of thinking that helps to inspire a lot of creative ideas and different perspectives and different ways of tackling a problem and that kind of like leads us forward into being better security Engineers our manager um Lauren always steps in to tell us you know don't be so quick to find a solution don't be so quick to solve the problems yourselves you know we have a wide range of security engineers and connections to our disposal and she encourages us to go out and seek them out and then to come back and then have

US settle in and brainstorm all of these ideas that that we've collected after we've went out and tried to find it we've ultimately almost always come up with the best possible outcome that we can ever come up with my advice for people to get into the industry is get out there and be proactive I would definitely suggest um hack the Box um or try me hack.com um I definitely recommend joining up the security community on Twitter there's a huge security community on Twitter right now um that shares a bunch of like resources opportunities job positions

and are definitely open to talking to anyone that's interested in getting into into the field where just don't know how I recommend security as as a career definitely I think that for me personally I was able to to tap into my Rebel side a lot in insecurity I found I was able to express myself a bit more in insecurity it's just a whole ball of goodness let's finish exploring threat modeling by taking a look at real world scenarios this time we'll use a standard threat modeling process called pasta imagine that a fitness company is getting

ready to launch the their first mobile app before we can go live the company asked their security team to ensure the app will protect customer data the team decides to perform a threat model using the pasta framework pasta is a popular threat modeling framework that's used across many Industries pasta is short for a process for attack simulation and threat analysis there are seven stages of the pasta framework let's go through each of them to help this Fitness Company get their app ready stage one of the the threat model framework is to Define business and security

objectives before starting the threat model the team needs to decide what their goals are the main objective in our example with the Fitness Company app is protecting customer data the team starts by asking a lot of questions at this stage they'll need to understand things like how personally identifiable information is handled answering these questions is a key to evaluating the impact of threats that they'll find along the way stage two of the pasta framework is to define the technical scope here the team's focus is to identify the application components that must be evaluated this is

what we discussed earlier as the attack surface for a mobile app this will include technology that's involved while data is at rest and in use this includes Network protocols security controls and other data interactions at stage three of pasta the team's job is to decompose the application in other words we need to identify the existing controls that will protect user data from threats this normally means working with the application developers to produce a data flow diagram a diagram like this would show how data gets from a user's device to the company's database it would also

identify the controls in place to protect this data along the way stage for pasta is next the focus here is to perform a threat analysis this is where the team gets into their attacker mindset here research is done to collect the most up-to-date information on the type of attacks being used like other Technologies mobile apps have many attack vectors these change regularly so the team would reference resources to stay up to date stage five of pasta is performing a vulnerability analysis in this stage the team more deeply investigates potential vulnerabilities by considering the root of

the problem next is stage six of pasta where the team conducts attack modeling this is where the team tests the vulnerabilities that were analyzed in stage five by simulating attacks the team does this by creating an attack tree which looks like a flowchart for example an attack tree for our mobile app might load like this customer information like usernames and passwords is a target this data is normally stored in a database we've learned that databases are vulnerable to attacks like SQL injection so we will add this attack Vector to our attack tree a threat actor

might exploit vulnerabilities caused by unsanitized inputs to attack this Vector the security team uses attack trees like this to identify attack vectors that need to be tested to validate threats this is just one branch of this attack tree an application like a fitness app typically has lots of branches with a number of other attack vectors stage seven of pasta is to analyze risk and impact here the team assembles all the information they've collected in stages 1 through six by this stage the team is in position to make informed risk management recommendations to business stakeholders that

align with their goals and with that we made it all the way through a threat modeling exercise based on the pasta framework managing threats is a major part of what Security Professionals do in this part of the course we've explored some common types of cyber threats that you will likely encounter in the field let's review we started off discussing social engineering you learned that attackers have a variety of ways to trick their targets into sharing private information social engineering techniques rely on exploiting people's trust and willingness to help fishing attacks are one of the most

common ways that attackers go about manipulating their targets next we explored malware here we discussed the major classes of malware like viruses troan and worms you learned how to spot signs of infection you also learned how malware has evolved and become more sophisticated over the years after that we turned our attention to webbased exploits specifically injection attacks you learned about cross-site scripting and SQL injection two of the most common types of attacks facing organizations online we discuss how each of these attacks are carried out you also learned about how web applications can be protected from

malicious code finally we explored the threat modeling process you learned the process that security teams use to perform these exercises unfortunately cyber attacks and security breaches are reality that we're challenged with on a regular basis however being aware of the type of threats that exist and the threat modeling process provides an important foundation for your work as a security analyst congratulations on making it through the end of this course I can hardly believe our time together is over before moving on in the certificate program I'd like to reflect on all the amazing progress you've made

when we started you were introduced to a wide range of assets organizations protect our primary focus was information security specifically digital information here you learned how asset classification helps security teams Focus their efforts and prioritize resources we explore digital Assets in the three states of data we also learned how policies standards and procedures can mitigate organizational risks our focus on the NIS cyber security framework introduced you to a commonly used framework for managing risks afterwards you learned about fundamental security systems and controls you got to explore technology like encryption that's used to protect data in

all its states you also learned how Technologies like public key infrastructure and digital certificates are used to maintain the confidentiality integrity and availability of information online and you also explored access controls that make up the authentication authorization and accounting framework next we explored common vulnerabilities and systems during this part of the course you got an inside look into how security teams position themselves ahead of attacks with explored the defense and depth strategy that's applied to protect information as is exchanged between parties online you also learned about the common vulnerability and exposures list the vulnerability assessment

process and attack surfaces and attack vectors we then explore the major threats to asset security like social engineering malware and web-based exploits together we discuss how these attacks are carried out and the way security teams prevent them from doing damage we then finish up by exploring the process of threat modeling we covered so much I really appreciate your effort through it all when I first started my career in security my goal was to learn Network and embrace any opportunity I was able to attend security conferences received job tips earned references and volunteered to gain experience

at that time I would have never imagine that I'll be here teaching what I've learned to others that just goes to show you your security journey is only just beginning while our time together is over we covered a lot of complex topics many of which are areas of specialization in security with the foundation you built here you have a wide range of possibilities to continue growing in the field I'm so glad to have played a part in this step along your journey into the world of security and I wish you all the best as you

continue forward along your path security attacks are on the rise and new vulnerabilities are exploited and discovered every week no matter how prepared an organization may be in the event of a security attack at some point something goes wrong whether it's a data breach ransomware or a simple mistake made by an employee incidents happen and it's up to Security Professionals like you to effectively respond to security incidents hello and welcome to the course I'm Dave and I'm a principal security strategist for Google Cloud I have 20 years of experience as a security practitioner and leader

over the past eight years I've worked at industry-leading security vendors like foret Splunk and Google where I developed a specialty in security analytics I have a passion for helping analysts develop the skills necessary to succeed in their careers I'm so happy you're here you've done a great job so far you've learned a lot about security concepts best practices and types of security attacks now in this course we'll focus on incident detection analysis and response you'll have the opportunity to apply your learning using tools such as TCP dump wire shark surcot Splunk and Chronicle by the

end of this course you'll have an in-depth understanding of incident response first you'll learn about the incident response life cycle and how incident response teams work together you'll also learn about the types of tools used in detection and response including documentation you'll also be given your own incident handlers Journal that you'll use during your investigations next you'll apply your your knowledge in networking in Linux to Monitor and analyze Network traffic using packet sniffers like wire shark and TCP dump to capture and analyze packets for potential indicators of security incidents then you'll become familiar with the

common processes and procedures used during incident detection and response you'll learn how to use investigative tools to analyze and verify incidents and produce documentation finally you'll learn how to interpret logs and alerts you'll learn how detection tools produce logs and how these logs are analyzed in security information and event management tools ready to begin let's get started my name is Dave I'm a principal security strategist with Google cloud my job is to work directly with security practitioners to help them protect their organizations what I love about my job is the variety uh on one day

I might be troubleshooting a technical problem for a customer the next day I might be coding up a solution to a certain problem every day is something new and I never get bored I was a kid growing up in the midwest I went off to college to study engineering I thought um but I realized that I wasn't really into engineering but I loved computer science which I didn't even know was an option um I ended up working as a as a help desk person uh early in college but then I got a job as a

system administrator I found myself working at a start start up in the payments industry my job switched from from being a general it person to being a cyber security uh person I spent seven years in that job and did everything from a oneman security shop to to running a um a you know medium-sized security organization uh toward the end then I switched over to the other side of the table and started working for security vendors and that gave me the opportunity to see how literally hundreds of other organizations run their Security Programs and um that

was really eye openening cyber security is interesting because you can really bring your entire life experience to cyber security what you're doing is trying to protect an organization uh not necessarily like from an accident but you're protecting an organization from a human being on the other side who's trying to do your organization harm one thing that's becoming clear is that people from diverse backgrounds and diverse experiences typically uh bring um a great deal of improvement to to how we deal with that I highly recommend getting involved with security organizations it's a place to meet other

people who can help you along in your career I think people are surprised to learn just how much help is available in our industry there are lots of folks who are more senior more accomplished who are willing to be mentors I think the best thing that you can do as someone who's looking for for a mentor is to be assertive um have a plan so have have a few things in mind that you want to work on and then reach out to someone who maybe Works in that particular area of cyber security and ask them

for help and I think you'll be surprised at just how helpful folks will be welcome in my role as principal security strategist I've seen how the incident response operations that you'll learn about in this course are implemented in an organization one of the things I find so exciting about detecting and responding to incidents is the challenge of using data to understand what an adversary has done in my organization's environment no two investigations are ever the same but there are patterns of behavior that you can learn to spot as you hone your analytic skills previously you

established a solid understanding of asset security threats and vulnerabilities you explored the nist cyber security framework or CS f as a methodology for risk management you learned about mitigating organizational risk through classifying and securing assets and you also explored security and privacy controls to safeguard data you used tools like miter and cve to investigate common vulnerabilities and use techniques like threat modeling to develop an attacker's mindset next we'll revisit the nist CSF with a focus on the incident response life cycle you'll be given your own incident handlers Journal which you'll use throughout the rest of

the course you'll also be introduced to incident response teams including the different team roles and how they organize to respond to incidents and finally you'll learn about the different types of documentation detection and management tools you'll use as a security professional working in incident response later on you'll have an opportunity to use these tools are you ready to begin your journey in detection and response let's begin incident life cycle Frameworks provide a structure to support incident response operations Frameworks help organizations develop a standardized approach to their incident response process so that incidents are managed in

an effective and consistent way there are many different types of Frameworks that organizations can adopt and modify according to their needs in this course we'll focus on the nist CSF then we'll expand on the CSF and discuss the phases of the nist incident response life cycle to recall the five core functions of the nist CSF are identify protect detect respond and recover this course will explore the last three steps of this framework detect respond and recover these last three steps are critical stages during incident response and as an analyst you'll detect and respond to incidents

and Implement actions for Recovery the nist incident response life cycle is another nist framework with additional substeps dedicated to incident response it begins with preparation next detection and Analysis and then containment eradication and recovery and finally posst incident Activity one thing to note is that the incident life cycle isn't a linear process it's a cycle which means that steps can overlap as new discoveries are made this life cycle gives us a blueprint of how to effectively respond to incidents but before we dive into incident detection and response let's take some time to understand what an

incident is according to nist an incident Is An Occurrence that actually or imminently jeopardizes without lawful Authority the confidentiality Integrity or availability of information or an information system or constitutes a violation or imminent threat of violation of law security policies security procedures or acceptable use policies whoa that's a lot to take in let's break it down it's important to understand that all security incidents are events but not all events are security incidents what are events an event is an observable occurrence on a network system or device here's an example of an event a user attempts

to log into their email account but they can't because they forgot their password the user then requests a password reset and successfully changes their password this is an observable event well why because systems and applications log password password reset requests and logs provide evidence that something happened we know that someone successfully requested a password reset and that they did not violate security policies to access the account now imagine that instead of the rightful owner of the account a malicious actor trying to gain access to the account successfully initiated the password change request and changed the

account password this would be considered both an event and a security incident it's an event because it's an observable occurrence it's also a security incident because a malicious actor violated the security policy to unlawfully access an account that is not rightfully theirs remember all security incidents are events but not all events are security incidents just like detectives working a case carefully handle and document their evidence and findings security analysts are required to do the same when they investigate a security incident an incident investigation reveals critical information about the the five W's of an incident who

triggered the incident what happened when the incident took place where the incident took place and why the incident occurred keeping track of this information is essential not only during an incident investigation but also during the closure of an investigation when it comes time to write the final report as an analyst you'll need a method to document and reference this information for easy access when you need it a great way to do this is to use an incident Handler's Journal which is a form of documentation used in incident response throughout this course you'll be using your

own incident handlers journal to take notes of any incident details we'll discuss more on documentation in the upcoming lessons hi again in this section we'll discuss how incident response teams manage incidents you may have been part of a team before whether it was a sports team or a team in the workplace or at school teams are most successful when everyone uses their diverse strengths to work towards a common goal incident response teams aren't any different a successful response to security incidents doesn't happen in isolation it requires a team of both security and non-security professionals working

together with defined roles computer security incident response teams or certs are a specialized group of Security Professionals that are trained in Incident Management and resp response the goal of certs are to effectively and efficiently manage incidents provide services and resources for response and recovery and prevent future incidents from occurring security is a shared responsibility which is why certs must work cross functionally with other departments to share relevant information for example if an incident resulted in the breach of sensitive data like financial documents or pii then the legal team must be consulted some Regulatory Compliance measures

May require organizations to publicly disclose a security incident within a certain time frame this means that certs must collaborate with the organization's public relations team to coordinate efforts for public disclosure so how exactly does a ceser function first there's the security analyst the analyst's job is to investigate security alerts to determine if an incident has occurred if an incident has been detected the analyst will determine the criticality rating of the incident some inci can be easily remediated by the security analyst and don't require escalation but if the incident is highly critical it gets escalated to

the technical lead who provides technical leadership by guiding security incidents through their life cycle during this time the incident coordinator tracks and manages the activities of the seeser and other teams involved in the response effort their job is to ensure that incident response processes are followed and that teams are regularly updated on the incident status not all certs are the same depending on the organization a seert can also be referred to as an incident handling team or iht or security incident Response Team sirt depending on an organization's structure some teams can also have a broader

or specialized Focus for example some teams may be solely dedicated to crisis management and others may be incorporated with a sock roles can have different names too for example a technical lead can also be known as an Ops lead regardless of the team's title or Focus they all share the same goal Incident Management and response now that you know a bit about incident response teams we'll continue to learn about how incident response teams plan organize and respond to incidents I'll meet you in the next [Music] video my name is Fatima and I'm a tech lead

manager on Google's detection and response team if there is hacker on the network our job is to find them working in detection it's really like an artist preparing for a show we spend all these time developing all of these signatures to detect hackers and then one day it's time for the show you get that same nervous energy and you question whether you're ready for the performance or not but you really don't have a choice the hackers are going to come and you have to be ready for them I would say cyber security is very exciting

you never know when the next vulner ability is going to be released you never know when the next incident is going to happen a great example of an incident would be the lock for J vulnerability that happened in 2021 the entire company came together to investigate whether or not we were affected by this vulnerability it was my team's job to make that determination so we ingest uh Millions hundreds of millions of lines of logs per second uh and after we have these logs it requires hunting and log diving through them creating uh different signatures to

match against these logs uh for signs of compromise we were able to say you know all clear we are not impacted by this and we are safe like those are the moments those are the highlights uh that's where everything comes together teamwork in an incident response scenario is key you cannot run an incident response without a really a really solid team a team that works really well together a team that really trusts each other the way to maintain clear and effective communication is by communicating a lot so during an incident it's a little bit counterintuitive

but the people who are the more senior Engineers these people become the operational leads and they are the people who are responsible for making sure that the communication is not breaking down within their function so we shift roles from being very technical to really focusing on the communication aggregating the data and surfacing the data to the right people who need to know about it I definitely recommend cyber security as a career field because really the attackers they're not going to let you get bored because they are very creative so we have to be creative in

the way that we go out looking for them being a person who likes to learn knowing that there's always going to be a thing for me to learn and become good at uh that's exciting and that keeps me motivated so you've learned about incident response teams the different types of roles and their respective respons responsibilities now let's talk about how teams respond to incidents using incident response plans when an incident occurs incident response teams must be prepared to respond quickly efficiently and effectively whether it's a data breach dos attack or ransomware incidents have the potential

to cause significant damage to an organization like we previously mentioned regulations may require organizations to report incidents within a certain time frame so it's crucial for organizations to have a formal incident response plan in place so there's a prepared and consistent process to quickly respond to incidents once they occur you may remember learning that security plans consist of three basic elements policies standards and procedures an incident response plan is a document that outlines the procedures to take in each step of incident response response plans just like response teams are not all the same organizations tailor

their plans to meet their unique requirements such as their mission size culture industry and structure for example smaller organizations may choose to include their incident response plan in their security plan While others may choose to have them as separate documents although not all incident plans are the same there are common elements that they share incident plans have incident response procedures these are step-by-step instructions on how to respond to incidents system information these are things like network. diagrams data flow diagrams logging and asset inventory information and other documents like contact lists forms and templates plans aren't

perfect and there's always room to adjust and improve as incidents occur incident processes and procedures must be regularly reviewed and tested this can be done through exercises like tabletops or simulations these exercises ensure that all team members are familiar with the response plan they also allow organ ganizations to identify any missing gaps in a process to improve their incident response plan also organizations may be required to complete specific types of exercises for regulatory reasons coming up we'll discuss the different types of tools used in incident response as a security analyst You'll Play an important role

in incident detection after all you're going to be at the front lines actively detecting threats to do this you'll not only rely on the security knowledge you've developed so far but you'll also be using a variety of tools and Technologies to support your investigations a great Carpenter doesn't just use a hammer to create a piece of furniture they rely on a variety of tools in their toolbox to get the job done they'll need to use a tape measure to measure dimensions a saw to cut wood and sandpaper to smooth the surface likewise as a security

analyst you won't be using a single tool to monitor detect and analyze events you'll use detection and management tools to monitor system activity to identify events that require investigation you'll use documentation tools to collect and compile evidence and you'll also use different investigative tools for analyzing these events like packet sniffers new security Technologies emerge threats evolve and attackers become stealthier to avoid detection to become effective at detecting threats you'll need to continuously expand your security toolbox that's what makes the security field such an exciting one to be in there's always something new to be learned

you might remember the incident handlers Journal we shared with you from the previous section you'll be using this journal as your own form of documentation as you work through the rest of this course consider this to be your first security tool to add to your toolbox hi there previously you learned how an incident Handler's Journal is used for documenting the five ws of an incident who what where when and why an incident occurred in this section we'll continue our discussion on documentation by exploring the different types of documentation the importance of effective documentation and we'll

finish off with the discussion on documentation tools documentation is any form of recorded content that is used for a specific purpose this can be audio digital or handwritten instructions and even videos there is no set industry standard for documentation so many organizations set their own documentation practices regardless documentation is meant to provide instruction and guidance on a specific topic there are also many types of documentation and you may already be familiar with some of them from the previous lessons these include playbooks incident handlers journals policies plans and final reports remember there isn't an industry standard

for documentation which means that one organization's documentation practices may look completely different than anothers often organizations will tailor their documentation practices according to their needs and legal requirements they may add remove or even merge documentation types have you ever purchased a product and didn't know how to use it and consulted the product manual for instructions on how to do something like turn it on congrats you've used documentation to solve an issue previously you've learned about how playbooks keep business operations safe and in incident response playbooks works similar to a product manual as a refresher A

playbook is a manual that provides details about any operational action you'll learn more about playbooks later let's revisit that product manual example have you ever consulted a product manual for help and found yourself confused with the instructions and unable to get the help you needed whether it's had to do with unclear visuals and instructions or a confusing layout you weren't able to use the documentation to solve your issue this is an example of ineffective documentation effective documentation reduces uncertainty and confusion this is critical during a security incident when tensions are high and Urgent Response is

required as a security professional you'll be using and creating documentation regularly it's essential that the documentation you use and produce is clear consistent and accurate so that you and your team can respond swiftly and decisively word processors are a common way to document some popular tools to use are Google Docs OneNote Evernote and notepad++ ticketing systems like jira can also be used to document and track incidents lastly Google Sheets audio recorders cameras and handwritten notes are also tools you can use to document our discussion on documentation has only just begun soon you'll use your incident

handlers journal to put your documentation skills to work in this video we'll introduce rce you to intrusion detection and intrusion prevention systems imagine that you have just installed a home intrusion security system you've installed Intruder sensors for each entry and exit point in your home including doors and windows Those sensors work by sending out sound waves and when an object touches a sound wave the waves bounce back to your sensor and trigger an alert to your phone notifying you that an intrusion was detected an intrusion detection system or IDs Works in a very similar way

way to home intrusion sensors an intrusion detection system is an application that monitors system and network activity and produces alerts on possible intrusions like the home intrusion sensor IDs collects and analyze system information for abnormal activities if something unusual is detected the IDS sends out an alert to appropriate channels and Personnel now imagine a jewel restor front with a window sensor when the sensor detects that the windows glass has been shattered it triggers a steel rollup door to automatically replace the shattered window and prevent unauthorized entry into the store this is what an intrusion prevention

system does intrusion prevention systems or IPS have all the same capabilities as an IDs but they can do more they monitor system activity for intrusions and take action to stop it many tools have the ability to perform the function of both IDs and IPS some popular tools are snort Zeke Kismet sagon and surata we will be exploring surata in upcoming lessons you might be wondering where do these alert notifications go well coming up we'll discuss how to manage alerts using security information and event management tools our discussion on detection tools may have left you wondering

where alerts are sent and how alerts are accessed by security analysts this is where security information and event management management or Sim tools are used Sim is a tool that collects and analyzes log data to monitor critical activities in an organization Sim provides Security Professionals with a highlevel overview of what goes on in their networks how exactly does it do this let's use an example of a car cars have many different parts tires lights and let's not forget all the internal Machinery that's under the hood there are many different components of a car but how

do you know if one of them has an issue isue aha you guessed it the dashboard warning lights the dashboard notifies you about information related to the car's components whether the tire pressure or battery voltage is low you need to refuel or a door hasn't been properly closed a car's dashboard notifies you about the status of the car's components so that you can take action to fix it Sim tools work in a similar way just like cars have many different components a network can have thousands of different devices and systems which make mon monitoring them

quite the challenge a car's dashboard gives the driver a clear picture of the status of their car so they don't have to worry about inspecting each component themselves similarly a Sim looks at data flows between all the different systems in a network and analyzes them to provide a real-time picture of any potential threats to the network it does this by ingesting massive amounts of data and categorizes this data so that it's easily accessible through a centralized platform similar to a car's dashboard here's what the process looks like first Sim tools collect and aggregate data this

data is typically in the form of logs which are basically a record of all the events that happened on a given Source data can come from multiple sources such as IDs or IPS databases firewalls applications and more after all this data gets collected it gets aggregated aggregation simply means all this data from different data sources gets centralized in one place depending on the number of data sources a Sim collects from a huge volume of raw unedited data can get collected and not all data that's collected by a Sim is relevant for security analysis purposes next

Sim tools normalize data normalization takes the raw data that the Sim has collected and cleans It Up by removing non-essential attributes so that only what's relevant is included data normalization also creates consistency in log records which is helpful when you're searching for specific log information during incident investigation finally the normalized data gets analyzed according to configured rules Sim analyzes the normalized data against a rule set to detect any possible security incidents which then get categorized or reported as alerts for security analysts to review now that you've explored the capabilities of sim tools let's examine another

Security Management tool security orchestration Automation and response or sour is a collection of applications tools and workflows that uses automation to respond to security events while Sim tools collect analyze and report on security events for security analysts to review sore automates analysis and response to security events and incidents Sor can also be used to track and manage cases multiple incidents can form a case and sore offers a way to view all of these incidents in one centralized Place well there you have it you've learned how Incident Management tools like Sim and sore make it easier

for security analysts to see what's happening in a network and to respond to any threats efficiently way to go you made it through a new section and you've learned a lot as a refresher we first covered the incident response life cycle as a framework to support incident response processes you were also given your very own incident handlers journal for your incident investigations which you'll continue to use throughout this course you explored how incident response teams operate together to respond to incidents using incident plans you also learned about the documentation detection and management tools used during

incident response congrats on making it through the first part of your incident response Journey coming up we'll explore network monitoring you'll also have the opportunity to apply your learning through the activities I'll meet you in the next section welcome back I'm so glad you're joining us previously you were introduced to incident detection and response you may also remember learning about networking from a previous course to recap you learned about how devices talk to each other using network protocols and the different types of network attacks you also examine some network security best practices here we'll expand

on networking and shift our Focus to network analysis first you'll examine network communications by exploring Network traffic flows next you'll learn about viewing and capturing Network traffic using packet sniffers then you'll be introduced to packet analysis where you'll examine packet fields and decode communication between devices and networks as a security professional you'll be tasked with monitoring networks and system infrastructure to detect malicious activities and this section will provide you with the opportunity to develop your network and packet analysis skills are you ready to begin let's get started [Music] hi my name is Casey and I'm

part of the Google Cloud Enterprise security sales team first of all the biggest piece of advice I can give is do it I want you to be here we need all the people it's a nonstop everchanging World in cyber security which is why it's such a fun place to be we need more diversity in security we need everybody participating we need people with diversity of thought diversity of backgrounds diversity of perspectives I think some of the most important soft skills in cyber security are number one being able to clearly summarize what you're trying to say

massively important one of the other soft skills that I think is could even be more important than clear communication is working with an open mindset the threat landscape is continuously changing the threat actors The Bad actors they never sleep and so neither can we one of the things that makes cyber secur so fun in my opinion is because it changes constantly and if we have a fixed mindset going in and what I mean by a fixed mindset is I think I know the answer to this I think I understand exactly what's going on we are

absolutely going to miss the boat we need to be able to always stay curious and from a cyber security point of view it's very important to leave no stone unturned so one of the best things about soft skills is that we all have them and we're already using them every single day so every one of you that's watching this already has a head start in cyber security in many organizations network communication travels over multiple networks in different countries and across different devices data can get unintentionally sent and stored stored in insecure places like personal email

inboxes or cloud storage platforms users trust that their data is safely and securely sent and stored and it's the job of Security Professionals like you to help protect these communications in transit and at rest previously you may recall learning how to identify and secure critical assets through security controls like data classification and encryption coming up we'll expand on this topic and examine how Network traffic analysis can be used to monitor Network activ AC ity and identify potential malicious activity so what is Network traffic Network traffic is the amount of data that moves across a network

while network data is the data that's transmitted between devices on a network depending on the size of a network there can be a huge volume of network traffic at any given moment for example in a large multinational organization there may be thousands of employees sending and receiving emails at any given time that's a lot of network traffic with such large volumes of traffic being produced how do you know what's normal behavior or what's unusual and requires investigation as a potential security incident imagine being stuck in unexpected traffic during your regular drive to work and as

you move along you realize something unusual cause the traffic like a minor vehicle collision which slowed down the expected flow on the road we have certain expectations about traffic flows based on our commuting experience Peak traffic patterns like morning and evening run Rush are normal and expected while abnormal traffic during off peak times reveals that something unexpected has happened like a vehicle collision Network traffic works in the same way by understanding how data should be flowing across the network you can develop an understanding of expected Network traffic flow by knowing what's normal you can easily

spot what's abnormal we can detect traffic abnormalities through observation to spot indicators of compromise also known as ioc which are observable evidence that suggests signs of a potential security incident take for instance data exfiltration which is the unauthorized transmission of data from a system attackers use data exfiltration to steal or leak data such as usernames passwords or intellectual property by observing Network traffic we can determine if there's any indicators of compromise such as large volumes of outbound traffic leaving a host this is a sign of possible data exfiltration which can be further investigated understanding and

monitoring Network traffic for inconsistencies is an important aspect of a security professional's job coming up we'll explore what a data exfiltration attack looks like in real time meet you there monitoring Network traffic helps Security Professionals detect prevent and respond to attacks in my experience as a security professional monitoring for deviations from typical Network traffic patterns has yielded big results even if information is encrypted monitoring Network traffic is still important for security purposes let's discuss how the detection and response process might work in a data exfiltration attack first we'll outline the attackers perspective before attackers can

perform data exfiltration they'll need to gain initial access into a network and computer system this can be done through a social engineering attack like fishing which tricks people into disclosing sensitive data attackers can send fishing emails with attachments or links that trick their target into entering their credentials now an attacker has successfully gained access to their device after gaining their initial position into the system an attacker won't stop there the goal for attackers is to maintain access in the environment and avoid being detected for as long as possible to do this they'll perform a tactic

known as lateral movement or pivoting this is when they'll spend time exploring the network with the goal of expanding and maintaining their access to other systems on the network as an attacker pivots in the network they'll scope out the environment to identify valuable assets such as sensitive data like proprietary code personally identifiable information like names and addresses or financial records they'll do this by searching locations such as Network file shares internet sites code repositories and more after the attacker identifies the assets of value they'll need to collect package and prepare the data for X filtration

outside of the organization's Network and into the attacker's hands one way they may do this is by reducing the data size this helps attackers hide the stolen data and bypass security controls finally the attacker will exfiltrate the data to their destination of choice there are many ways to do this for example attackers can email the stolen data to themselves using the compromised email account now that you've tapped into the attacker perspective let's explore how organizations can defend against this type of attack First Security teams must prevent attacker access there are many methods you can use

to protect your network from fishing attempts for example requiring users to use multiactor authentication attackers that gain access to a network can remain unnoticed for a while it's important that security teams monitor network activity to identify any suspicious activity that can indicate a compromise for example multiple user logins coming from IP addresses outside of the network should be investigated earlier you examined how to identify classify Y and protect assets using asset inventories and security controls as part of an organization's security policy all assets should be cataloged in an asset inventory the appropriate security controls should

also be applied to protect these assets from unauthorized access lastly if a data exfiltration attack is successful security teams must detect and stop the exfiltration to detect the attack indicators of unusual data collection can be identified through network monitoring these include large internal file transfers large external uploads and unexpected file rights Sim tools can detect an alert on these activities once an alert has been sent out security teams investigate and stop the attack from continuing there are many ways to stop an attack like this for instance once the unusual activity is identified you can block

the IP addresses associated with the attacker using firewall rules data exfiltration attacks are just one of many attacks that can be detected through n networ monitoring coming up you'll learn how to monitor and analyze network communications using packet sniffers whether it's an employee sending an email or a malicious actor attempting to exfiltrate confidential data actions that are performed on a network can be identified through examining Network traffic flows understanding these network communications provides valuable insight into the activities happening in a network this way you can better understand what's going on in an environment and defend

against potential threats with this in mind let's examine how to record Network traffic through packet captures previously in the program you learned that when data is sent it's divided into packets just like an addressed envelope in the mail packets contain delivery information which is used to Route it to its destination this information includes a sender and receiver's IP address the type of packet that's being sent and more packets can provide lots of information about the communications happening between between devices over a network you may also recall that a packet has multiple components there's the header

which includes information like the type of network protocol in Port being used imagine this as being the name and mailing address located on an envelope Network Protocols are a set of rules that determine the transmission of data between devices on a network ports are non-physical locations on a computer that organize data transmission between devices on a network the header also contains the packet source and destination IP address we'll explore more information contained in the header in a later section next there's the payload which contains the actual data that's being delivered this is like the content

of a letter inside of an envelope and there's the footer which signifies the end of a packet so how exactly can You observe a network packet just like scents are invisible but can be smelled packets are invisible but can be captured using tools called packet sniffers you may remember packet sniffers from a previous section a network protocol analyzer or packet sniffer is a tool designed to capture and analyze data traffic within a network as a security analyst you'll use packet sniffers to inspect packets for indicators of compromise through packet sniffing we can grab a detailed

snapshot of packets that travel over a network in the form of a packet capture a packet capture or pcap is a file containing data packets intercepted from an interface or network it's sort of like inter accepting an envelope in the mail packet captures are incredibly useful during incident investigation by having access to the communications happening between devices over a network you can observe Network interactions and start to build a storyline to determine what exactly happened coming up we'll discuss the importance of packet analysis meet you there if a packet capture is like intercepting an envelope

in the mail then packet analysis is like reading the letter in side of the envelope let's discuss how analyzing packets can help us interpret and understand network communications as you may know networks are noisy there's an enormous volume of communications happening between devices at any given time and because of this packet captures can contain large amounts of network communications making analysis challenging and time consuming as a security professional you'll be working against the clock to protect networks and computer systems from potential attacks you may analyze Network evidence in the form of packet captures to identify

indicators of compromise having the ability to filter Network traffic using packet sniffers to gather relevant information is an essential skill to have for example let's say that you were tasked with analyzing a packet capture to find any indication of data exfiltration how would you go about this using a network analyzer tool you can filter the packet capture to sort packets this can help you quickly identify an event associated with data EX filtration like large amounts of data leaving a database there are many other filters you can apply to packet captures to find the information you

need to support an investigation efficiently examples of network analyzer tools include TCP dump and wire shark TCP dump is accessed through a command line while wire shark has a graphical user interface or guey both tools are useful for security analysts and soon you'll have the opportunity to explore both before we begin using these tools let's explore packet fields in detail specifically IP headers meet you there while there are many different tools available to use it's important as a security analyst that you learn how to read and analyze packets manually to do so let's examine an

important packet component IP headers previously you learned about the four layers of the TCP IP model remember the TCP IP model is a framework that is used to visualize how data is organized and transmitted across a network the internet layer accepts and delivers packets for the network it's also the layer where the Internet Protocol operates as the foundation for all Communications on the Internet it's responsible for making sure packets reach their destinations the Internet Protocol operates like a mail Courier delivering an envelope instead of using the delivery information found on the envelope the Internet Protocol

uses the information found in a packet header like IP addresses it then determines the best available route for packets to take so that data can be sent and received between hosts as you may already know IP packets contain headers headers contain the data fields essential to the transfer of data to its intended destination different protocols use different headers there are two different versions of the Internet Protocol ipv4 which is considered to be the foundation of internet communications and IPv6 which is the most recent version of the Internet Protocol remember different protocols use different headers so

ipv4 and IPv6 headers differ but they contain similar Fields with different names ipv4 is still the most widely used so we'll focus on examining the fields of an ipv4 header let's start with the version field which specifies which version of Ip is being used either ipv4 or IPv6 referring back to our male analogy the version field is like the different classes of mail like priority Express or regular next IHL stands for internet header length this field specifies the length of the IP header plus any options the next field to stands for type of service this

field tells us if certain package should be treated with different care for example think of TOS like a fragile sticker on a mailed package next is the total length field which identifies the length of the entire packet including the headers and and the data this can be compared to the dimensions and weight of an envelope the next three Fields identification flags and fragment offset deal with information related to fragmentation fragmentation is when an IP packet gets broken up into chunks which then get transmitted over the wire and reassembled when they arrive at their destination these

three Fields specify if fragmentation has been used and how to reassemble the broken packets in the correct order this is similar to how mail can travel through multiple routes like mailboxes processing facilities airplanes and mail trucks before it reaches its destination the TTL field stands for time to live like its name suggests this field determines how long a packet can live before it gets dropped without this field packets could Loop through routers endlessly TTL is similar to how tracking information provides details about an envelope expected delivery date the protocol field specifies the protocol used by

providing a value which corresponds to a protocol for example TCP is represented by six this is similar to including the number of a house in a postal address the header check sum stores a value called a check sum which is used to determine if any errors have occurred in the header The Source address specifies the source IP address and the destination address specifies the destination IP address this is just like the sender and receiver's contact information found on a an envelope the options field is not required and is commonly used for Network troubleshooting rather than

common traffic if it's used the header length increases it's like purchasing postal insurance for an envelope finally at the end of the packet header is where the packets data resides like the text in an email message who knew that the packets of data we send across networks contain so much information coming up soon you'll have the opportunity to examine these packet fields in detail TCP dump is a popular Network analyzer it's pre-installed on many Linux distributions and can be installed on most Unix like operating systems like Mac OS you can easily capture and monitor Network

traffic such as TCP IP icmp and many more TCP dump is a command line tool this means that it does not have a graphical user interface earlier in the program you learned that the command line is a very powerful and efficient tool and we'll practice using it together with TCP dump you can apply options and flags to your commands to easily filter Network traffic so that you can find exactly what you're looking for you can filter for a specific IP address protocol or port number let's examine a simple TCP dump command used to capture packets

keep in mind that your computer's traffic may appear different when you use this command at first glance this looks like a lot of information let's examine it line by line the command we ran is pseudo TCP P dump - I n- v- C1 we're using pseudo because the Linux account we're logged in on doesn't have the permission to run TCP dump then we specify TCP dump to start TCP dump and Dashi to specify which interface we want to sniff traffic on the- v stands for verbose which displays detailed packet information the- C stands for count

which specifies how many packets TCP dump will capture here we've specified one now let's examine the output TCP dump has told us that it's listening on any available network interfaces and it's also given us additional information like the capture size the first field is the packets timestamp which details the specific time of the packet travel it begins with hours minutes seconds and fractions of a second time stamps are especially helpful during an incident investigation when you want to determine timelines and correlate traffic next IP is listed as the version field it's listed as IP which

means it's IP V4 the verbose option has given us more details about the IP packet Fields such as protocol type and the length of the packet let's check it out the first field to stands for type of service recall that this tells us if certain packets should be treated with different care this is represented by a value in hexadecimal the TTL field is time to live which tells us us how long a packet can travel across a network before it gets dropped the next three fields are identification offset and flags which provide three Fields with

information relating to fragmentation these fields provide instructions on how to reassemble packets in the correct order for example the DF beside flag stands for don't fragment next the Proto is the protocol field it specifies the protocol in use and also provides us with the value that corresponds to the protocol here the protocol is TCP which is represented by the number six the last field length is the total length of the packet including the IP header next we can observe the IP addresses that are communicating with each other the direction of the arrow indicates the direction

of the traffic flow the last piece of the IP address indicates the port number or name next the CK sum or check sum field corresponds to the header check sum which stores a value that's used to determine if any errors have occurred in the header here it's telling us it's correct with no errors the remaining fields are related to TCP for example Flags indicate TCP Flags the p is the push flag and the period indicates it's an act flag this means that the packet is pushing out data this is just one of many commands you

can use in TCP dump to capture Network traffic isn't it fascinating to observe all the information contained within these invisible packets go ahead and try it out for yourself nice work so far congratulations on capturing and analyzing your first packet let's review what we've covered so far first you learned how Network traffic flows provide valuable Communications Insight through monitoring network activity for indicators of compromise you learned how to spot unusual network activity like data exfiltration then you learned how to view and capture Network traffic using packet sniffers finally you learned how to inspect packets through

packet analysis you dissected packet header data fields and analyzed packet captures in detail you've made a lot of progress in developing the skills you'll need to prepare for an entry-level role in security coming up you'll be immersed into the exciting world of incident investigation where you'll examine the processes behind detecting and containing an incident I'll meet you there welcome back I want to commend you on such a fantastic job you're doing so far the skills you are learning will create a solid foundation as you begin your security career in the previous section you applied your

networking knowledge to deepen your understanding of network traffic you practice some skills that security analysts use on the job like capturing Network traffic and dissecting packets next we'll examine the life cycle of a security incident from beginning to end you'll focus on how to detect respond and recover from an incident coming up you'll learn how to investigate and verify an incident once it's been detected you'll explore the plans and processes behind incident response finally you'll learn about the post incident actions that organizations take to learn and improve from the experience at the end of this

section you'll gain a comprehensive understanding of an incident's life cycle you ready let's begin incidents happen and as a security analyst you'll likely be tasked with investigating and responding to security incidents at some point in your career let's examine the detection and Analysis phase of the incident response life cycle this is where incident response teams verify and analyze incidents detection enables The Prompt discovery of security events remember not all events are incidents but all incidents are events events are regular occurrences in business operations like visits to a website or password reset requests IDs and Sim

tools collect and analyze event data from different sources to identify potential unusual activity if an incident is detected such as a malicious actor successfully gaining unauthorized access to an account then an alert is sent out security teams then begin the analysis phase analysis involves the investigation and validation of alerts during the analysis process analysts must apply their critical thinking and incident analysis skills to investigate and validate alerts they'll examine indicators of compromise to determine if an incident has occurred this can be a challenge for a couple of reasons the challenge with detection is it's impossible

to detect everything even great detection tools have limitations in how they work and automated tools may not be fully deployed across an organization due to limited resources some incidents are unavoidable which is why it's important for organizations to have an incident response plan in place analysts often receive a high volume of alerts per shift sometimes even thousands most of the time high alert volumes are caused by misconfigured alert settings for example alert rules that are too broad and not tuned to an organization's environment create false positives other times high alert volumes can be legitimate alerts

caused by malicious actors taking advantage of a newly discovered vulnerability as a security analyst it's important that you're equipped to effectively analyze alerts and coming up you'll do just that hi I'm MK director in the office of the ceso for Google Cloud the role of the Chief Information Security Officer is both to protect Google cloud from a security uh standpoint but also to ensure that we're providing uh all of the tools and products necessary so that our customers can achieve their security outcomes as well so I spent a number of years in the US government

uh 32 years in fact 22 of which were spent as a special agent in the Federal Bureau of Investigation about Midway through the course of my career I had the opportunity to shift into cyber security Lanes which initiated or should I say reinitiated my interest in all things computers and computer science one of the things that the industry lacks is a sense of agility that the adversary has in Spades when they identify something that works for them they continue to pound on it until and unless there's an obstacle and then once that obstacle is put

in their way they have shown an ability to easily pivot uh their tactics and techniques so that they can bypass the obstacle in future attempts to gain access to environments and so none of us can predict the future we're not at any kind of final stage this is a continually evolving industry what you can ascertain is that we need to be prepared uh in a variety of ways to combat what will certainly be uh a persistent Onslaught from the adversary what that requires is uh a certain sense of agility you have to be comfortable in

uh existing in uh the unknown known but you also have to have the intellectual aptitude in order to be able to digest and formulate new Solutions on the Fly zero trust is a huge Trend uh right now because it's both been a desire of the industry to move toward zero trust but also a requirement in some areas around the world zero trust is a movement away from the historical way that we've done Security in the past layman's terms uh so you're a business traveler um I you travel with your business laptop and you check into

your Hotel halfway around the world uh and you need to get prepared and ready for a business meeting that's about to occur historically you'd want to be able to attest to uh the fact that that is an intended or qualified user within the Enterprise attempting to gain access to this information and yes based upon the information that you have the identity and coupling that with device information that user and device should have access to this information and be able to make a determination about it I do believe that the more that we invest in the

zero trust uh approach or architecture it will get us to a good point from which to Pivot off of but I think uh a lot of what's to come is unknown and that means uh continual learning it means continually exposing yourself to different parts uh of the industry so that we are prepared for what may happen in the future you may recall our discussion on the different documentation tools and types used by security teams when responding to incidents in this video we'll examine the benefits that documentation offers so that you can better understand how to

leverage documentation as a security professional as a security engineer who has developed a great deal of detection rules it was critical for me to document what it means when those rules are activated what severity to assign what might lead to false positives and how the analyst can confirm the alert is legitimate without this documentation a security operations team can never scale Beyond one or two analysts if something was documented then there's a record of it happening this means that relevant information can be accessed this is known as transparency transparent documentation is useful as a source

of evidence for security insurance claims regulatory investigations and legal proceedings you'll learn more about documentation processes that help to achieve this in an upcoming section documentation also provides standardization this means that there's an established set of guidelines or standards that members of organization can follow to complete a task or workflow an example of creating standardization through documentation is establishing an organization's security policy processes and procedures this helps in maintaining quality of work since there are set rules to follow documentation also improves Clarity effective documentation not only gives team members a clear understanding of their roles

and duties but it also provides information on how to get the job done for example playbooks that provide detailed instructions prevent uncertainty and confusion during incident response the security field is constantly changing attacks evolve and regulatory requirements might change this is why it's important to maintain review and update documentation regularly to keep up with any changes as a security professional you'll likely juggle documentation responsibilities alongside your other tasks by taking the time to write down your actions you'll recall facts and information you may even notice some gaps in the previous action you took the time

you spend documenting is valuable not only for you but for your entire organization let's continue our discussion on how documentation provides transparency through documents like chain of custody during incident response evidence must be accounted for during the entire incident's life cycle tracking evidence is important if the evidence is requested as part of any legal proceedings how can security teams ensure that this is done they use a form called chain of custody chain of custody is the process of documenting evidence possession and control during an incident life cycle as soon as evidence gets collected chain of

custody forms are introduced the form should be filled out with details as the evidence is handled let's examine a very simple example of how chain of custody is used during digital forensic analysis previously you learned that digital forensics is the practice of collecting and analyzing data to determine what has happened after an attack during an incident response Aisha verified that a compromised hard drive requires examination by the forensics team first she ensures that the hard drive is right protected so the data on the dis can't be edited or erased then she calculates and Records a

cryptographic hash function of an image of the hard drive remember that a hash function is an algorithm that produces a code that can't be decrypted Aisha is then instructed to transfer it to Colin in the forensics Department colum examines it and sends it off to nav another analyst nav receives the compromised hard drive and sends it to her manager Arman each time the hard drive is transferred to another person they need to log it in the chain of custody form so that movement of evidence is transparent tampering with the data on the hard drive can

be detected using the original hash that Aisha documented at the beginning of the process this ensures that there's a paper trail describing who handled the evidence and why when and where they handled it just like other documentation types there is no standard template of what the chain of custody form should look like but they do contain common elements this is what you might examine on a chain of custody log form first there should be a description of the evidence which includes any identifying information like the location host name Mac address or IP address next is

the custody log which details the name of the people who transferred and received the evidence it ALS also includes the date and time the evidence was collected or transferred and the purpose of the transfer you may be wondering what happens if evidence gets logged incorrectly or if there's a missing entry this is what's known as broken chain of custody which occurs when there are inconsistencies in the collection and logging of evidence in the chain of custody in the court of law chain of custody documents help establish proof of the Integrity reliability and accuracy of the

evidence for evidence related to security incidents chain of custody forms are used to help meet legal standards so that this evidence can be used in legal proceedings if a malicious actor compromised a system evidence must be available to determine their actions so that appropriate legal action can be taken however in some cases major breaks in the chain of custody can impact the Integrity reliability and accuracy of the evidence this affects whether or not the evidence can be a trusted source of information and used in the court of law chain of custody forms provide us with

a method of maintaining evidence so that malicious actors can be held responsible for their actions have you ever taken a trip to a place you've never visited before you may have used a travel itinerary to plan your trip activities travel itineraries are essential documents to have especially for travel to a new place they help keep you organized and give you a clear picture of your travel plans they detail the activities you'll do the Places You'll visit and your travel time between destinations playbooks are similar to travel itineraries as you may remember from our previous discussions

A playbook is a manual that provides details about any operational action they provide security analysts with instructions on exactly what to do when an incident occurs playbooks provide Security Professionals with a clear picture of their tasks during the entire incident response life cycle responding to an incident can be unpredictable and chaotic at times times security teams are expected to act quickly and effectively playbooks offer structure and Order during this time by clearly outlining the actions to take when responding to a specific incident by following a Playbook security teams can reduce any guesswork and uncertainty during

response times this allows security teams to act quickly and without any hesitation without playbooks an effective and Swift response to an incident is nearly impossible within playbooks there may be checklists that can also help security teams perform effectively during stressful Times by helping them remember to complete each step in the incident response life cycle playbooks outline the steps that are necessary in response to an attack like ransomware data breach malware or dos here's an example of a Playbook that uses a flowchart diagram with the steps to take during the detection of a Dos attack this

depicts the process for detecting a dos and begins with determining the indicators of compromise like unknown incoming traffic once the indicators of compromise are determined the next step is to collect the logs and finally analyze the evidence there are three different types of playbooks non-automated automated or semi-automated the Dos Playbook we just explored is an example of a non-automated Playbook which requires step-by-step actions performed by an analyst automated playbooks automate tasks in incident response processes for example tasks such as categorizing the severity of the incident or gathering evidence can be done using an automated Playbook

automated playbooks can help lower the time to resolution during an incident sore and Sim tools can be configured to automate playbooks finally semi-automated playbooks combine a person action with automation tedious error prone or timec consuming tasks can be automated while analysts can prioritize their time with other tasks semi-automated playbooks can help increase productivity and decrease time to resolution as a security team responds to incidents they may discover that A playbook needs updates or changes threats are constantly evolving and for playbooks to be effective they must be maintained and updated regularly a great time to introduce

changes to Playbooks is during the post incident activity phase we'll be exploring more about this phase in an upcoming section meet you there as you've learned security analysts can be flooded with a large amount of alerts on any given day how does an analyst manage all these alerts hospital emergency departments receive a large number of patients every day and each patient needs medical care for a different reason but not all patients will receive Medical Care immediately this is because hospitals have a limited number of resources available and must manage their time and energy efficiently they

do this through a process known as triage in medicine triage is used to categorize patients based on the urg mercy of their conditions for example patients with a life-threatening condition such as a heart attack will receive immediate medical attention but a patient with a non-life-threatening condition like a broken finger may have to wait before they see a doctor triage helps to manage limited resources so that hospital staff can give immediate attention to patients with the most urgent conditions triage is also used in security before an alert gets escalated it goes through a triage process which

prioritizes incidents according to their level of importance or urgency similar to hospital emergency departments security teams have limited resources available to dedicate to incident response not all incidents are the same and some may involve an Urgent Response incidents are triaged according to the threat they pose to the confidentiality integrity and availability of systems for example an incident involving ransomware requires immediate response this is because ransomware may cause Financial reputation and operational damage ransomware is a higher priority than an incident like an employee receiving a fishing email when does triage happen once an incident is detected

and an alert gets sent out triage begins as a security analyst you'll identify the different types of alerts and then prioritize them according to urgency the triage process generally looks like this first you'll receive and assess the alert to determine if it's a false positive and whether whether it's related to an existing incident if it's a true positive you'll assign priority on the alert based on the organization's policy and guidelines the priority level defines how the organization's security team will respond to the incident finally you'll investigate the alert and collect and analyze any evidence associated

with the alert such as system logs as an analyst you'll want to ensure that you complete a thorough analysis so that you have enough information to make an informed decision about your findings for example say that you receive an alert for a failed user login attempt you'll need to add context to your investigation to determine if it's malicious you can do so by asking questions is there anything out of the ordinary associated with this alert are there multiple failed login attempts did the login happen outside of normal working hours did the login happen outside of

the network these questions paint a picture around the incident by adding context you avoid making assumptions which can result in incomplete or incorrect conclusions now that we've covered how to triage alerts we're ready to discuss how to respond and recover from an incident let's [Music] go my name is Robin and I am the program management lead for the red team at Google I would say teamwork might be the most important skill for people who work in cyber security the collaborative culture is to understand that everybody brings a unique perspective and a useful perspective effective and

useful skills what it is about teamwork is that these problems are hard these problems are complex the Bad actors out there are smart they're well-resourced and they're really motivated so they're constantly coming up with new ways to do the activities that they want to do it takes people with all kinds of perspectives all kinds of problem solving skills all kinds of knowledge to come together to understand what has happened and how we can defend against it when you're working as part of a team one of the things to expect is that you should share information

freely with your colleagues and that they'll share information freely with you at the beginning and in the confusing part of responding to incidents all information is useful so expect to Dive Right In share everything you know and listen to the things people around you say so that we come out with the best Solutions as quickly as we can very soon after I got into the role that I uh that I am in now we experienced a very significant incident a vulnerability was discovered in a library that was used in many many different places on the

internet and the vulnerability was significant I was part of the team that came together to respond to that and that team that came together we set up um a response process that involved 247 coverage using our colleagues all around the world the end result of the amazing teamwork that we experienced was first of all we were able to manage the vulnerability but more importantly it's the uh the way the team came together afterward and it's the way people still talk about how our great teamwork brought us closer to our colleagues meant that our team works

better together than it did before meant that these teamwork aspects they all things that we do so well now we all feel like we've been through something together and that we came out stronger on the other side as you go through this certificate you might learn that cyber security is tricky or it's hard but don't give up the more you learn the more you're going to enjoy it so stay with it learn everything you can and you're going to have a great career in this video we'll discuss the third phase of the incident response life

cycle this phase includes the steps for how security teams contain eradicate and recover from an incident it's important to note that these steps interrelate containment helps meet the goals of eradication which helps meet the goals of recovery this phase of the life cycle also integrates with the core functions of the nist cyber security framework respond and recover let's begin with the first step containment after an incident has been detected it must be contained containment is the act of limiting and preventing additional damage caused by an incident organizations outline their containment strategies in incident response plans

containment strategies detail the actions that security teams should take after an incident has been detected different containment strategies are used for various incident types for example a common containment strategy for a malware incident on a single computer system is to isolate the affected system by disconnecting it from the network this prevents the spread of the malware to other systems in the network as a result the incident is contained to the single compromis system which limits any further damage containment actions are the first step toward removing a threat from an environment once an incident has been

contained security teams work to remove all traces of the incident through eradication eradication involves the complete removal of the incident elements from all affected systems for example eradication actions include performing vulnerability tests and applying patches to vulnerabilities related to the threat finally the last step of this phase in the incident response life cycle is recovery recovery is the process of returning affected systems back to normal operations an incident can disrupt key business operations and services during recovery any services that were impacted by the incident are brought back to normal operation recovery actions include reimaging affected

systems resetting passwords and adjusting Network configurations like firewall rules remember the incident response life cycle is cyclical multiple incidents can happen across time and these incidents can be related security teams may have to Circle back to other phases in the life cycle to conduct additional investigations next up we'll discuss the final phase of the life cycle meet you there now that a security team has successfully contained eradicated and recovered from an incident their job is done right not quite whether it's a new technology or a new vulnerability there's always more to learn in the security

field the perfect time for Learning and Improvement happens during the Final Phase of the incident response life cycle po incident activity the PO incident activity phase entails the process of reviewing an incident to identify areas for improvement during incident handling during this phase of the life cycle different types of documentation get updated or created one of the critical forms of documentation that gets created is the final report the final report is documentation that provides a comprehensive review of an incident it includes a timeline and details of all events related to the incident and recommendations for

future prevention during an incident the goal of the security team is to focus efforts on response and recovery after an incident security teams work to minimize the risk of it happening again one way to improve processes is to hold a lesson learned meeting a Lessons Learned meeting includes all parties involved in the incident and is generally held within two weeks after the incident during this meeting the incident is reviewed to determine what happened what actions were taken and how well the the actions worked the final report is also used as the main reference document during

this meeting the goal of the discussions in a Lessons Learned meeting is to share ideas and information about the incident and how to improve future response efforts here are some questions to ask during a Lessons Learned meeting what happened what time did it happen who discovered it how did it get contained what were the actions taken for Recovery what could have been done differently incident reviews can reveal human errors before detection and during response whether it's a security analyst missing a step in a recovery process or an employee clicking a link in a fishing email

resulting in the spread of malware blaming someone for an action they did or didn't do should be avoided instead security teams can view this as an opportunity to learn from what happened and improve that wraps up our discussion on incident inves a and response nice work on finishing up another section we've covered a lot here so let's take a moment to quickly recap first we Revisited the detection and Analysis phase of the nist incident response life cycle and focused on how to investigate and verify an incident we discussed the purpose of detection and how indicators

of compromise can be used to identify malicious activity on a system next we examine plans and processes behind the incident response such as document mation and triage we also explored strategies for containing and eradicating an incident and recovering from it finally We examined the last phase of the incident life cycle po incident actions we talked about final reports timelines and the value of scheduling po incident reviews through Lessons Learned meetings as a security analyst you'll be responsible for completing some processes involved in each phase of the incident response life cycle coming up you'll learn about

logs and have the chance to explore them using a Sim history books receipts Diaries what do all these things have in common they record events whether it's historical events Financial transactions or private diary entries records preserve event details and having access to these details can help us in many ways previously we explored the different types of processes and procedures involved during each phase of the incident response life cycle in this section we'll direct our focus on one of the key components of incident investigation logs and alerts in security logs record event details and these details

are used to support investigations first you'll learn all about logs what they are and how they're created you'll also learn how to read and analyze logs then we'll revisit intrusion detection systems you'll explore how to interpret signatures you'll have an opportunity to apply what you've learned through Hands-On activities using a tool called sirotta finally you'll search in Sim tools like Splunk and Chronicle to locate events of interest and access log data events are a valuable data source they help create context around an alert so you can interpret the actions that took place on a system

knowing how to read analyze and connect different events will help you identify malicious behavior and protect systems from Attack ready let's begin devices produce data in the form of events as a refresher events are observable occurrences that happen on a network system or device this data provides visibility into an environment logs are one of the key ways Security Professionals detect unusual or malicious activity a log is a record of events that occur within an organization's systems system activity is recorded in what's known as a log file or commonly called logs almost every device or system

system can generate logs logs contain multiple entries which detail information about a specific event or occurrence logs are useful to security analysts during incident investigation since they record details of what where and when an event occurred on the network this includes details like date time location the action made and the names of the users or systems who performed the action these details offer valuable Insight not only for troubleshooting issues issues related to system performance but most importantly for security monitoring logs allow analysts to build a story and timeline around various event occurrences to understand what

exactly happened this is done through log analysis log analysis is the process of examining logs to identify events of Interest since there are different sources available to get logs an enormous volume of log data can be generated it's helpful to be selective in what we log so that we can log efficiently for example web applications generate a high volume of log messages but not all of this data may be relevant to an investigation in fact it may even slow things down excluding specific data from being logged helps reduce the time spent searching through log data

you may recall our discussion on Sim technology Sim tools provide Security Professionals with a highlevel overview of what happens in a Network sim tools do this by first collecting data from multiple data sources then the data gets aggregated or centralized in one place finally the diverse log formats get normalized or converted into a single preferred format Sim tools help process large log volumes from multiple data sources in real time this allows security analysts to quickly search for log data and perform log analysis to support their investigations so how do logs get collected software known as

log forwarders collect logs from various sources and automatically forward them to a centralized log repository for storage since different types of devices and systems can create logs there are different log data sources in an environment these include Network logs which are generated by devices such as proxies routers switches and firewalls and system logs which are generated by operating systems there's also application logs which are logs related to software applications security logs which are generated by SEC secur tools like IDs or IPS and lastly authentication logs which record login attempts here's an example of a network

log from a router there are a couple of log entries here but we'll focus on the first line here we can observe a number of fields first there's an action specifying allow this means that the router's firewall settings allowed access from a specific IP address to google.com next there's a field specifying the source which lists an IP address so far the information from this log entry is telling us that Network traffic to google.com from this Source IP address is allowed the last field specifies the timestamp which is one of the most essential fields in a

log we can identify the exact date and time of an action that's occurred this is useful for correlating multiple events to develop a timeline of the incident there you have it you've analyzed your first Network log coming up we'll continue our discussion on logs and explore log for [Music] formats I'm Rebecca I'm a security engineer at Google and I focus in identity management the best part of the job is probably thinking like an attacker I love that part of seeing like how can I Break Stuff seeing a system and figureing out how can I get

into it if I was a bad guy what would I be wanting what would I um be looking for how would I find the credentials how would I you know find the machine that's useful and get on to it my first day in security we were learning a new tool like the whole uh organization was in a training and they're like we're going to throw you in it's a one-week training to learn a network analyzer I didn't know anything about networks um let alone network security or what this thing was going to be used for

and so I was very overwhelmed because I felt like I was an impostor sitting in somebody's seat who should belong there and learning stuff way over my head I pushed her by asking a lot of questions and setting aside that feeling like I should know things because I've never been exposed to it at that point the only way I'm going to know is if I ask so this course has a lot of tools and covers a lot of information and it can be very easy to be overwhelmed in fact I probably would be as well

uh there's a lot lot of information that you can take in I think of learning in a course like this where there's there's a series of courses for you to learn that it's like a climbing a mountain you've gotten so far up the mountain and the air gets thin and yes it is difficult you feel overwhelmed but you're almost to the top and know that when you get to the top you're going to have an amazing view of the world and that's the same thing of when you finish these courses your frame of mind and

how you view things and your capabilities your potential for finding new jobs or changing careers is that much better when you purchase an item in a store you usually receive a receipt as a record of purchase the receipt breaks down the transaction information with details such as the date and time the cashier's name the item name cost and the method of payment but not all store receipts look the same for example receipts like Automotive invoices use lots of detail when listing the items or services that were sold you most likely won't find this much detail

from a restaurant receipt despite the differences among store receipts all receipts contain important details that are relevant to the transaction logs are similar to receipts while receipts record purchases logs record the events or activities that happen on a network or system as a security analyst you'll be responsible for interpreting logs logs come in different formats so not all logs look the same but they usually contain information like timestamps system characteristics like IP addresses and a description of the event including the action taken and who performed the action we know that logs can be generated from

many different data sources such as network devices operating systems and more these log sources generate logs in different formats some log formats are designed to be human readable While others are machine readable some logs can be verbose which means they contain lots of information while some are short and simple let's explore some commonly used log formats one of the most commonly used log formats is CIS log CIS log is both a protocol and a log format as a protocol it transports and writes logs as a log format it contains a header followed by structured data

and a message the CIS log entry includes three sections a header structured data and a message the header contains data fields like timestamp the host name the application name and the message ID the structured data portion contains additional data information in key value pairs here the Event Source is a key that specifies the data source of the log which is the value application lastly the message component contains the detailed log message about the event and this example this is a log entry is the message let's explore another common log format you might encounter as a

security analyst JavaScript object notation more popularly known as Json is a text-based format designed to be easy to read and write it also uses key value pairs to structure data here's an example of a Json log the curly brackets represent the beginning and end of an object the object is the data that's enclosed between the brackets it's organized using key value pairs where each key has a corresponding value separated by colons for for example for the first line the key is alert and the value is malware Json is known for its Simplicity and easy readability

as a security analyst you'll use Json to read and write data like logs extensible markup language or XML is a language and a format used for storing and transmitting data instead of key value pairs it uses tags and other keys to structure data here we have an example of an XML log entry with four fields first name last name employee ID and date joined which are separated with arrows finally comma separated values or CSV is a format that uses separators like commas to separate data values in this example there are many different data fields which

are separated with commas now that you know about the diversity of log formats you can focus on evaluating logs to build context around a detection coming up you'll explore how IDs signature are used to detect log and alert on suspicious activity detection requires data and this data can come from various data sources you've already explored how different devices produce logs now we'll examine how different detection Technologies monitor devices and log different types of system activity like Network and endpoint Telemetry Telemetry is the collection and transmission of data for analysis while logs record events occurring on

systems Telemetry describes the data itself for example packet captures are considered Network Telemetry for Security Professionals logs and Telemetry are sources of evidence that can be used to answer questions during investigations previously you learned about an intrusion detection system or IDs remember that IDs is an application that monitors activity and alerts on possible intrusions this includes monitoring different parts of a system or network like an endpoint an endpoint is any device connected on a network such as a laptop tablet desktop computer or a smartphone endpoints are entry points into a network which makes them key

targets for malicious actors looking to gain unauthorized access into a system to monitor endpoints for threats or attacks a host-based intrusion detection system can be used it's an application that monitors the activity of the host on which it's installed to clarify a host is any device that communicates with other devices on a network similar to an endpoint host-based intrusion detection systems are installed as an agent on a single host such as a laptop computer or a server depending on its configuration host-based intrusion detection systems will monitor the host on which it's installed to detect suspicious

activity once something's been detected it records output as logs and an alert gets generated what if we wanted to monitor a network a network-based intrusion detection system collects and analyzes Network traffic and network data network-based intrusion detection systems work similar to packet sniffers because they analyze Network traffic and network data on a specific point in the network it's common to deploy multiple IDs sensors at different points in the network to achieve adequate visibility when suspicious or unusual network activity is detected the network-based intrusion detection system system logs it and generates an alert in this example

the network-based intrusion detection system is monitoring the traffic that's both coming from and going to the internet intrusion detection systems use different types of detection methods one of the most common methods is signature analysis signature analysis is a detection method used to find events of Interest a signature specifies a set of rules that an IDs refers to when it monitors activity if the activity matches the rule tools in the signature the IDS logs it and sends out an alert for example a signature can be written to generate an alert if a failed login on a

system happens three times in a row which suggests a possible password attack before alerts are generated the activity must be logged IDs Technologies record the information of the devices systems and networks which they monitor as IDs logs IDs logs can then be sent stored and analyzed in a centralized log Repository like a Sim coming up we'll explore how to read and configure signatures we'll meet you there as a security analyst you may be tasked with writing customizing or testing signatures to do this you'll use IDs tools so in this section we'll examine signature syntax and

by the end you'll be able to read a signature a signature specifies detection rules these rules outline the types of network intrusion you want an IDs to detect for example a signature can be written to detect an alert on suspicious traffic attempting to connect to a port rule language differs depending on different network intrusion detection systems the term Network intrusion detection system is often abbreviated as the acronym NS and pronounced nids generally nids rules consist of three components an action a header and Rule options now let's examine each of these three components in more detail

typically the action is the first item specified in the signature this determines the action to take if the rule criteria matches are met actions differ across nids rule languages but some common actions are alert pass or reject using our example if a rule specifies to alert on suspicious Network traffic that establishes an unusual connection to a port the IDS will inspect the traffic packets and send out an alert the header defines the signatures Network traffic these include information such as source and destination IP addresses source and destination ports protocols and traffic direction if we want

to detect an alert on suspicious traffic connecting to a port we have to first Define the source of the suspicious traffic in the header suspicious traffic can originate from IP addresses outside the local network it can also use specific or unusual protocols we can specify external IP addresses and these protocols in the header here's an example of how Header information may appear in a basic rule first we can observe that the protocol TCP is the first listed item in the signature next The Source IP address 10120701 17 and the source port number is specified as

being any the arrow in the middle of the signature indicates the direction of the network traffic so we know it's originating from The Source IP 10120701 2017 from any port going to the following destination IP address 13313 22181 and destination Port 80 the rule options let you customize signatures with additional parameters there are many different options available to use for instance you can set options to match the content of Network packet to detect malicious payloads malicious payloads reside in a packet's data and perform malicious activity like deleting or encrypting data configuring rule options helps in

narrowing down Network traffic so you can find exactly what you're looking for typically rule options are separated by semicolons and enclosed in parentheses in this example we can examine that the rule options are enclosed in a pair of parentheses and are also separated with semicolons the first rule option MSG which stands for message provides the alert's text in this case the alert will print out the text this is a message there's also the option Sid which stands for Signature ID this attaches a unique ID to each signature the Rev option stands for revision each time

a signature is updated or changed the revision number changes here the number one means it's the first version of the signature great now you've developed another skill in your journey towards becoming a security analyst how to read signatures there's so much more to learn and coming up we'll discuss tools that use signatures previously you learned about signature-based analysis you also learned how to read signatures used in network-based intrusion detection systems here we'll use an open- Source signature-based IDs called surot to examine a signature many nids Technologies come with pre-written signatur and you can think of

these signatures as customizable templates sort of like different templates available in a word processor these signature templates provide you with a starting point for writing and defining your rules you can also write and add your own rules let's examine a pre-written signature through surot on this Linux machine running Ubuntu surot is already installed let's examine some of its files by changing directories to the Etsy directory and into the surata directory this is where all of surata configuration files live next we'll use the ls command to list the contents of the surot directory there's a couple

of different files in here but we'll focus on the rules folder this is where the pre-written signatures are you can also add custom signatures here we'll use the CD command followed by the name of the folder to navigate to that folder using the ls command we can observe that the folder contains some rule templates for different protocols and services let's examine the custom. rules file using the less command as a quick refresher the less command Returns the content of a file one page at a time which makes it easy to move forward and backward through

the content we'll use the arrow key to scroll up lines that begin with a pound sign or comments meant to provide context for those who read them and are ignored by cotta the first line says custom rules example for HTTP connection this tells us that this file contains custom rules for HTTP connections we can observe that there's a signature the first word specifies the signature's action for this signature the action is alert this means that the signature generates an alert when all of the conditions are met the next part of the signature is the header

it specifies the protocol HTTP The Source IP address is henet and the source Port is defined as any the arrow indicates the direction of traffic coming from the home network and going to the destination IP address external net and any destination Port so far we know that this signature triggers an alert when it detects any HTTP traffic leaving the home network and going to the external network let's examine the remainder of the signature to identify if there's any additional conditions the signature looks for the last part of the signature includes the rule options they're enclosed

in parentheses and separated by semicolons there's many options listed here but we'll focus on the message flow and content options the message option will show the message get on wire once the alert is triggered the flow option is used to match on direction of network traffic flow here it's established this means that a connection has been successfully made the content option inspects the content of a packet here between the quotation marks the text get is specified get is an HTTP request that's used to retrieve and request data from a server this means the signature will

match if a network packet contains the text get indicating a request to summarize this signature alerts anytime surcot observes the text get in an HTTP connection from the home network going to the external network every environment is different and in order for an IDs to be effective signatures must be tested and tailored as a security analyst you may test modify or create IDs signatures to improve the detection of threats in an environment and reduce the likelihood of false positives coming up we'll examine how surcot logs events meet you there now let's examine some logs generated

by surot in surata alerts and events are output in a format known as Eve Json Eve stands for extensible event format and Json stands for JavaScript object notation as you previously learned Json uses key value pairs which simplifies both searching and extracting text from log files surra cotta generates two types of log data alert logs and network Telemetry logs alert logs contain information that's relevant to security investigations usually this is the output of signatures which have triggered an alert for example a signature that detects suspicious traffic across the network generates an alert log that captures

details of that traffic while Network Telemetry logs contain information about Network traffic flows Network Telemetry is not always security relevant it's simply recording what's happening on a network such as a connection being made to a specific Port both of these log types provide information to build a story during an investigation let's examine an example of both log types here's an example of an event log we can tell that this event is an alert because the event type field says alert there's also details about the activity that was logged including IP addresses and the protocol there

are also details about the signature itself such as the message and ID from the signatures message it appears that this alert relates to the detection of malware next up we have an example of a network Telemetry log which shows us the details of an HTTP request to a website the event type field tells us it's an HTTP log there's details about the request under host name there's the website that was accessed the user agent is the name of software that connects you to the website in this case it's the web browser Mozilla 5.0 and the

content type which is the data the HTTP request returned here it's specified as html text that sums it up on the different types of log outputs and the upcoming activity you'll be applying what we just explored by getting Hands-On with surcot have fun as a security analyst you'll need to be able to quickly access the relevant data required to perform your duties whether it's triaging alerts monitoring systems or analyzing log data during incident investigations a Sim is the tool for this job as a quick review a Sim is an application that collects and analyzes log

data to monitor critical activities in an organization it does this by collecting analyzing and Reporting on security data from multiple sources previously you learned about the Sim process for data collection let's revisit this process first Sim tools collect and process enormous amounts of data generated by devices and systems from all over an environment not all data is the same as you already know devices generate data in different formats this can be challenging because there is no unified format to represent the data Sim tools make it easy for security analysts to read and analyze data by

normalizing it raw data gets processed so that it's formatted consistently and only relevant event information is included finally Sim tools index the data so it can be accessed through search all of the events across all the different sources can be accessed with your fingertips isn't that useful Sim tools make it easy to quickly access and analyze the data flows happening across networks in an environment as a security analyst you may encounter different Sim tools it's important that you're able to adjust and adapt to whichever tool your organization ends up using with that in mind let's

explore some Sim tools currently used in the security industry Splunk is a data analysis platform Splunk Enterprise security provides Sim solutions that let you search analyze and visualize security data first it collects data from different sources that data gets processed and stored in an index then it can be accessed in a variety of different ways like through search Chronicle is Google Cloud Sim which stores security data for search analysis and visualization First Data gets forwarded to Chronicle this data then gets normalized or cleaned up so it's easier to process and index finally the data becomes

available to be accessed through a search bar next up we'll explore how to search on these Sim platforms now that we've reviewed how a Sim Works let's learn how to search and query events in a Sim database data that's been imported into a Sim can be accessed by entering queries into the Sims search engine massive amounts of data can be stored in a Sim database some of this data May date back years this can make searching for security events challenging for example let's say you're searching to find a failed login event you search for the

event using the keywords failed login this is a very broad query which can return thousands of results broad search queries like this slow down the response times of a search engine since it's searching across all the index data but if you specify additional parameters like an event ID and a date and time range you can narrow down the search to get faster results it's important that search queries are specific so that you can find exactly what you're looking for and save time in the search process different Sim tools use different search methods for example Splunk

uses its own query language called search processing language or SPL for short SPL has many different search options you can use to optimize search results so that you can get the data you're looking for for now I'll demonstrate a raw Log search in Splunk Cloud for event that reference errors or failures for a fictional online store called Buttercup Games first we'll use the search bar to type in our query Buttercup games error or fail star this search is specifying the index which is Buttercup games we also specify the Search terms error or fail the Boolean

operator or ensures that both of the keywords will be searched the asterisk at the end of the term fail star is known as a wild card this means it will search for all possible endings that contain the term fail this helps us expand our search results because events May label failures differently for example some events May use the term failed next we'll select a Time range using the time range picker remember the more specific our search is the better let's search for data from the last 30 days under the search bar we have our search

results there's a timeline which gives us a visual representation of the number of events over a period this can be helped in identifying event patterns such as Peaks and activity under the timeline there's the events viewer which gives us a list of events that match our search notice how our Search terms Buttercup games and error are highlighted in each event it doesn't appear that any events matching with the term fail were found each event has a timestamp and raw log data for the events with errors it appears that there's an error relating to the HTTP

cookies used in the Buttercup games website at the bottom of the raw log data there's some information related to the data source including the host name source and Source type this information tells us where the event data originated from such as a device or file if we click on it we can choose to exclude it from the search results on the search bar we can examine that the Search terms have been changed and host not equal www1 has been added which means not to include www1 hosts notice that the new search results do not not

contain www1 as a host but contain www2 and www3 this is just one of the many ways that you can Target your searches to retrieve information you're looking for this search is known as a raw Log search which has a slower search performance since it extracts log data fields during the search process as a security analyst you'll use different commands to optimize search performance for faster search results that completes querying and Splunk you've learned the importance of effective queries and how to perform a basic Splunk search coming up you'll learn how to query events in

chronicle chronicle allows you to search and filter log data in this video we'll explore using Chronicle search field to locate an event Chronicle uses the Yar L language to Define rules for detection it's a computer language used to create rules for searching through ingested log data for example you can use RL to write a rule to detect specific activities related to the exfiltration of valuable data using Chronicles search field you can search for Fields like host name domain IP URL email username or file hash using the search field you can enter different types of searches

the default method of search is using udm search which stands for unified data model it searches through normalized data if you can't find the data you're looking for searching the normalized data you have the option of searching raw logs raw Log search searches through the logs which have not been normalized from our earlier discussion on the Sim process you may recall that raw logs get processed during the normalization step during normalization all of the relevant information from raw logs gets extracted and formatted making the data easier to search a reason we might need to search

raw logs is to find data that may not have been included in the normalized logs like specific fields which have not been normalized or to troubleshoot data ingestion problems let's examine a udm search for a failed login using Chronicle first let's click on the structured query Builder icon so that we can perform a udm search I'll type in the search metadata. eventtype equal user login and security result. action equal block let's break down this udm search since we are searching for normalized data we need to specify a search that uses udm format udm event have

a set of common fields the metadata. event type field details the events type here we're asking Chronicle to find an authentication activity event a user login next there's and which is a logical operator that tells the search engine to contain both terms finally the security result. action field specifies a security action such as allow or block here the action is block this means the user login was blocked or failed now we'll press the query button we're going to focus on searching normalized data we're presented with a screen with the search results there's lots of information

here under udm search we can observe our Search terms there's also a bar graph timeline visualizing the failed login events over a period at a quick glance this gives us a snapshot of the failed login activity over time allowing us to spot possible patterns under the timeline there's a list of events with time stamps associated with this Sur search under each event there's an asset which is the name of a device for example this event shows a failed login for a user named Alice if we click the event we can open up the raw log

associated with the event we can interpret these raw logs for more detail about the event's activity during the investigation to the left there's quick filters these are additional fields or values that we can use to filter the search results for example if we click target. iip we are given a list of IP addresses if we click one of these IP addresses we can filter the search results to contain only this target IP address this helps us find specific data we're looking for and helps us save time in the process great work now you know how

to perform a search using Chronicle in the upcoming activity you'll have the chance to perform searches using the Sim tools we've just discussed congratulations you made it to the end of this section you've made so much progress in your security Journey let's review what we learned you learned all about how to read and analyze logs you examined how log files are created and used for analysis you also compared different types of common log formats and learned how to read them you extended your understanding on intrusion detection systems by comparing network-based systems and host-based systems you

also learned how to interpret signatures you examined how signatures are written and also how they detect log and alert on intrusions you interacted with surata in the command line to examine and interpret signatures and alerts lastly you learned how to search in Sim tools like Splunk and Chronicle you learned about the importance of crafting tailored queries to locate events at the Forefront of incident response monitoring and analyzing Network traffic for indicators of compromise is one of the primary goals being able to perform indepth log analysis and knowing how to read and write signatures and how

to access log data are all skills that you'll use as a security analyst congratulations on completing this course on detection and response as you've progressed we've covered a wide range of topics and tools let's take a moment to review what you've learned first we began with an overview of the incident response life cycle you learned how security teams coordinate their response efforts and you explored the documentation detection and management tools used in incident response next you learned how to monitor and analyze Network traffic you learned about capturing and analyzing packets using packet sniffers you also

practiced using tools like TCP dump to capture and analyze network data to identify indicators of compromise then we explored processes and procedures involved in the phases of the incident response life cycle you learned about techniques related to incident detection and Analysis you also learned about documentation like chain of custody playbooks and final report reports we ended with exploring strategies used for recovery and posst incident activity finally you learned how to interpret logs and alerts you explored surot on the command line to read and understand signatures and rules you also use sim tools like spun and

Chronicle to search for events and logs as a security analyst you'll be presented with a new challenge every day whether it's investigating evidence or documenting your work you'll use what you've learned in this course to effectively respond to incidents I'm so glad to have been on this Learning Journey with you you've done a fantastic job in expanding your knowledge and learning new tools to add to your security toolbox one of the things I love about the security field is that there's always something new to learn and coming up you'll continue your Learning Journey by exploring

a programming language called python which can be used to automate security tasks keep up the great work the demand for Security Professionals has never been higher organizations across the world require professionals with your Knowledge and Skills to protect their systems from attackers and with the number of threats On The Rise Security Professionals often perform a diverse set of tasks it's for this reason that will incorporate another tool as part of our security toolbox a tool that can simplify many common security tasks a tool that's used not only by Security Professionals but also by engineers and

data scientists that tool is python hi there congratulations on getting to the next step in your security Journey my name is anel and I am a security engineer at Google I'm excited to be joining you in this course if you've been following along sequentially you've already applied the specific tools that Security Professionals use during the detection analysis and response processes and you also learn how to communicate with your computer through Linux and SQL now we'll focus on how programming in Python can be used for some common security tasks as you consider your next career step

you might find that python skills will help you in your everyday work this course is designed for learning python starting with the basics then you'll gradually build on those Basics and applied what you learned to gain Hands-On practice with security related examples fortunately python is known for its readability and just like all languages it will get easier with practice pretty soon you might be using python in your security career python can automate the manual effort of important tasks like file parsing python has helped me a lot in my career here at Google I I am

part of a team responsible for protecting Google's infrastructure which includes everything that employees use from laptops and desktops to the network and Cloud resources we do this by engineering Security Solutions and automating the repeatable parts of our work what I like about python is that it has crossplatform support and a lot of tools have already been developed by members of the security community that use Python this makes it easy for me to find the tools I need and get support with blockers so I can complete both my professional and personal projects My Hope Is that

this course will be helpful to you let's explore what we'll cover first you'll be introduced to basic programming Concepts in Python you'll learn why python has been adopted by Security Professionals around the world you will also develop and run your first program after this we'll focus on writing effective python code we'll we discuss Concepts that help make our work more efficient our next main topic is on working with strings and lists this will be relevant to a lot of the data that you will encounter in a security context and finally you'll wrap up the course

with an exploration of putting python into practice you learn about opening and passing files and about debugging code python is certainly a useful skill for security analysts let's get started my name is sel and I'm a security engineer at Google there were a number of things in my life that led me to security um one of them was definitely curiosity when I was growing up my parents are accountants and so they had pocket calculators and mechanical pencils and pens and I was always breaking them up and taking pieces apart and trying to fure out how

they work this led me to technology in general and the same concept applied again just trying to figure out how things work and breaking them that's basically what security is trying to do breaking things to figure out whether or not somebody else could break them before you do I started as a network engineer um this was setting up firewalls setting up switches and routers for different companies I wanted to join cyber security mostly because I felt very motivated about the things that were going on in the industry in Project Aurora was Google getting hacked by

a foreign actor I was reading this and I was thinking I wish I could work with the people that are working on this on the front lines when I was starting to get into cyber security and I wanted to make a jump in my career what I wanted to learn where I needed to be one example is learning automation through python I took online classes I completed certifications security certifications very popular ones and then I just started to incorporate some of these aspects into my current job when I was moving from Mexico to the US

to work here I had to learn how to be flexible you have to learn new things in order to advance your career sometimes even you have to learn new things just to stay at the same spot you are and in security I think in all of Technology but especially in security you constantly have to reinvent yourself keep learning learning how things work and keep learning how you can help the industry one important skill throughout my life and in my career as a cyber security professional is resiliency I learned a lot about resiliency when I first

moved here in the US and things didn't go the way I expected them to and I have to keep trying new things and hope for the best and that is really not different from what we do as a Security Professionals we do this on a day-to-day basis we have to either figure out ways to make things work we have to figure out ways to make projects function the way we need them to or we have to figure out ways to get past a problem we need more Professionals in cyber security with different backgrounds and that

means different experiences different ways of seeing things different ways of approaching and solving problems we we need more people like you in this industry the process of learning a new programming language is similar to learning a new language for instance like any human language programming consists of words organized together to form lines of code lines of code are used to communicate with a computer similar to a sentence telling it how to perform a task in this section we're going to start learning the language needed to communicate with a computer as we explore some key components

of python we'll start by introducing the basics of programming starting with why security analyst use Python next we'll start building the foundations for python we'll discuss data types then we'll cover variables lastly we're going to learn about a specific statements we can make in Python like conditional statements conditional statements help us incorporate logic into our programs the second type of statement we'll learn about is the iterative statement iterative statements allow us to repeat a line of code multiple times without having to rewrite it learning python helped me succeed in my career because using python allows

me to free up time from repetitive tasks and instead focus on more challenging tasks and problems successfully applying automation reduces my overall workload increases productivity and reduces the risk of human error the use of automation also allows me to focus on my engineering tasks which require more creativity collaboration and problem solving are you ready to start programming in Python let's begin Security Professionals use a variety of tools one of those tools is computer programming programming is used to create a specific set of instructions for a computer to execute tasks let's take an example of a

vending machine think of a vending machine as a computer that supplies food or drinks to customers to receive an item the customer inserts the money into the machine and then selects the item they want let's say the customer provides a machine with a value of $5 the machine stores this value while you make your selection if you select a candy bar that costs $2 the machine takes this input otherwise known as an instruction and then understands to Output your candy bar for $2 and provides the change back of $3 there are many programming languages in

existence here we'll focus on python python is considered to be a general purpose language this means that it can create a variety of different programs and it isn't specialized in any particular problem in fields such as web development and artificial intelligence python is typically used to build websites and perform data analysis in security the main reason we use Python is to automate our tasks automation is the use of technology to reduce human and manual effort to perform common and repetitive tasks python is generally best for automating short simple tasks for example a security analyst who's

dealing with a security incident might have a log with necessary information reading through the this manually would take too much time but python can help sort through this so the analyst can't find what they need as another example an analyst might use Python to manage an access control list the list that controls who can access the system and its resources it would be potentially less consistent if the analyst had to manually remove an employees access every time they left the company however a Python program can periodically monitor this instead or python could also perform some

automated tasks like analyzing Network traffic though these tasks can be done through outside applications they are also possible through python in addition to automating individual tasks python can combine separate tasks into one work stream for example Imagine A playbook indicates that an analyst needs to resolve a certain situation by deleting a file and then notifying the proper individuals python can connect these processes together so why exactly might a security professional choose python for these tasks there are several advantages python has as a programming language for one python is user friendly because it resembles human language

it requires less code and is easy to read python programmers also have the benefit of following the standard guidelines to ensure consistency with the design and readability of code another great reason for learning python is that there's a large amount of online support python also has an extensive collection of building code that we can import and use to perform many different tasks these are just some of the reasons why python continues to be in high demand across different Industries throughout the world you'll most likely use it in your security career wow all of this sounds

great so let's take a short break and next we'll finally get to run some python code I'll meet you in the next video hi there previously we discussed the basics of python now we'll practice writing and running code when we work in Python we refer to what we write as a script or a program there are are subtle differences between the two let's compare a computer program to a theater performance almost every theater performance includes a written script actors study and memorize a script to say it out loud to an audience however that's not the

only component there's also the whole performance directors make decisions on what kind of lighting to use or costumes or what the stage looks like the per performance as a whole involves a lot of design choices like set design lining and costumes the process of creating this production is similar to the process of programming in Python Programming involves a lot of designed decisions but the process of scripting in Python is more like writing the specific words that the actors will say in Python it's good practice to start with a comment a comment is a note programmers

make about the intention behind their code let's add one now we start with the hash symbol to indicate that this is a comment and then we'll add details about Our intention here we're going to print hello python to the screen okay now let's write our first line of python code this code uses print print outputs a specified object to the screen after print we put what we want to Output in parenthesis in this case we want to Output the string hello python we must place a string data in quotation marks these quotation marks are just

one example of syntax that you will counter in Python syntax refers to the rules that determine what is correctly structured in a Computing language and now we'll run this code so the computer can output this string you just run your first line of code since our syntax is correct the string is now displayed now that you'd experience writing and running code in Python we are ready to discuss its basic components meet you soon [Music] my name is aash and I work as a security engineer at Google as a cyber security engineer you would end up

using python for most of your career it's very important that you learn python when you are moving into cyber security you would be dealing with millions of um in data points and things like that which is going to be very hard for you to go through manually so that's when python comes in to automate and write scripts and small programs that will be able to do the same thing in a split second learning python is super fun when you see like you know 10 lines of code doing things like you know passing through a megabytes

of data within second it can be very fulfilling there's a lot of resources for python and a lot of Open Source communities and the people very helpful stay curious and take up small problems and then get your hands dirty with doing it and don't be afraid of looking up syntax and like you know learn online resources my job as a security engineer at uh Google Chrome is to protect our customers from foreign governments and very uh persistent threats across the world the threats are unlimited there's no limit to it and that's that's what makes cyber

security very exciting so stick with it uh it's it's an essential skill that will take some time initially to develop but will serve you through the career our next topic relates to categorizing data in Python first let's take a moment to consider another environment where we apply categories we'll think about working in a kitchen when cooking we can categorize the ingredients we use for example carrots and peppers are vegetables and chicken and beef are meat these categories are important because they affect how we handle these ingredients when working in Python data types achieve a similar

purpose a data type is a category for a particular type of data item python uses several data types we'll focus on the string float integer Boolean and list data when we printed the text hello python in our previous video this was an example of a string a string data is data consisting of an order sequence of characters these characters could be letters symbols spaces and even numbers numbers in the string data type cannot be used for calculations all characters in a string must be placed inside quotation marks luckily python will tell you by giving you

an error message if you forget a quotation mark let's use our code from for and explore what happens when we leave off the quotation mark notice how one of our quotation marks is missing at the end of the string and when we run this code we'll receive an error message python also supports numeric data types as well when working with numeric data we don't put quotation marks around the data numeric data includes floats and integers float data is data consisting of a number with a decimal point this includes fractions like 2.1 or 10.5 it also

includes whole numbers with a decimal point like 2.0 or 10.0 integer data is data consisting of a number that does not include a decimal point numbers such as 0- 9 and 5,000 are are valid integers so far we've used the print function to Output a string but it can also be used with float and integer types for calculations let's try out an example of this first since it's good practice let's add a comment to explain the purpose of our code then we'll tell python what to calculate the output gives us the answer 1 + 1

is two we can use print with float and integer data to perform all kinds of mathematical operations like addition subtraction multiplication and division the third data type in Python is called a Boolean Boolean data is data that can only be one of two values either true or false willans are useful for logic in our programs for example let's compare numbers and determine the Boolean values of these comparisons first we'll use the print function to evaluate if 10 is less than five then we'll also evaluate if 9 is less than 12 so what do you think

10 is not less than five but nine is less than 12 right let's see how python handles this when we run it python agrees the first line of output tells us that it's false to say 10 is less than five and the second tells us it's true to say 9 is less than 12 we'll use booleans more when we start including conditions in our code and the last data type we'll cover is lists list data is a data structure that consists of a collection of data in sequential form we'll create and print a list that

prints all the usernames of the three individuals that have access to a confidential file first We'll add our comment about an intention to print this list after the keyword print We'll add our list we need to place the list in Brackets after this we place the individual items in the list in quotation marks and separate them with commas okay now let's run this as expected we get the list when it prints it still has the brackets this is just the beginning of what you can do with lists as you grow with your python skills you

learn about how you can access and edit individual items in the list so that was a brief summary of five major data types in Python string integer float Boolean and list these data types are some of the more common ones you'll work with as we progress through our lessons previously we compared data types to the categories we have for different ingredients we use when cooking like vegetables or meat some of these categories we use for data types are string float integer Boolean and list now let's make another comparison when working in the kitchen we also

use the storage containers these containers can hold a lot of different things after one meal a container might hold rice and after another it could hold something different like pasta in a similar way in Python we have variables a variable is a container that stores data to create a variable you need a name for it then you add an equal sign and then an object to store in it creating a variable is often called assignment the best practice for naming variables is to make the names relevant to what they're being used for let's use a

variable to store a device ID we'll name our variable device ID at the equal sign and then assign it a value of h32 rb17 because the data type for this variable is a string we'll place that value in quotation marks let's run the code our variable is now saving into python the purpose of creating variables is to use them later in the code using varable can also be referred to as calling them to call a variable you type its name this tells python to use the object that the variable contains let's add to the code

we've just written and call a variable let's just have it print the variable to do this we use the print function and ask it to print the value stored in the device ID variable when using a variable in our print function we don't use quotation marks this time when we run it something happens python prints h32 rb17 to the screen let's add one more line of code to demonstrate the difference between printing a variable and printing a string we'll ask python to print a string that contains another device ID M50 Pi i31 because this is

a string data and not a variable we play Bas it in quotation marks now let's run the code and see the results it executes both printed statements the first reads the variable and prints the value it contains h32 rb17 and the second reads the specified string and prints M50 pi31 but if we could use the string directly why do we need variables well we often use variables to simplify our code or make it cleaner and easier to read or if we needed a very long string or number storing it in a variable would let us

use it throughout our code without typing it all out in the previous example the variable is stored to string data but variables can store a variety of data types variables have the data type of the object currently storing them if you're unsure about the data type story inside of a variable you can use the type function the type function is a function that Returns the data type of its input let's use the type function in Python we'll start by creating our variable then we'll add a line of code that includes the type function this line

asks python to tell us the data type of the device ID variable and to assign this to a new variable called data type after this we can print the data type variable to the screen perfect python tells us that the value that device ID contains is a string when working with variables it's important important to keep track of their data types if you don't you could get a type error a type error is an error that results from using the wrong data type for example if you try to add a number and a string you

will get a type error because python cannot combine those two data types together it can only add two strings or two numbers let's demonstrate a type error first will we use our device ID variable that restores a string value then we'll Define another variable called number and assign an integer value to it let's add a print a statement that outputs the sum of these variables and then we'll run this we ended up with an error because we cannot add a string to a number let's cover one more topic related to variables earlier we mentioned how

variables are like containers what they hold can change after we Define a variable we can always change the object inside of it this is called reassignment reassigning a variable is very similar to assigning it in the first place let's try this out and reassign a variable we'll start by assigning the same string of h32 rb17 to our variable device ID we'll also include a line of code to print this variable now let's try reassigning the variable we type this variable's name at an equal sign and then add the new object in this case we'll use

the string n73 AB 07 as the new device ID we'll also ask python to print the variable again let's see what happens when we run this python prints two lines of output the first printed statement came before reassignment so it first prints the string of h32 rb17 but the second printed statement came after it changed that's why the second output to the screen is the string n73 a07 with this code we reassign a variable with a string value to another string value but it's also possible to reassign a variable to a value of another data

type for instance we can reassign a variable with a string value to an integer value variables are an essential part of python and as we progress through this course you'll become more familiar with them previously we discussed how to store different data types in variables now we'll begin to move on the concept of automation so we can create exciting actions with code automation is the use of technology to reduce human and manual effort to perform common and repetitive tasks it allows computers to do these tasks for us so that we may get back more time

in our lives to do other activities conditional statements are important for automation a conditional statement is a statement that evaluates code to determine if it meets a specified set of conditions the keyword if is important in conditional statements if it starts a conditional statement after this keyword we then specify the condition that must be met and what will happen if it is we use if statements every day for example if it's cold outside then we'll wear a jacket or if it's raining we'll bring an umbrella if a statements are structured with the condition we want

to evaluate and the action that python will perform if this condition is met python always evaluates if the condition is true or false and if it's true it performs the specific action let's explore an example of this we'll instruct python to print an account loged message anytime the failed login attempts are greater than five our keyword if tells python to start a conditional statement after this we indicate the condition we want to check for in this case we're checking if the user has more than five fail login attempts notice how we're using a variable called

failed attempts in our complete code we will have assigned a value to failed attempts prior to this if statement after this condition we always place a column these signals that what follows is what we want to happen when the condition is met in this case when the user has more than five failed login attempts it prints a message that the account is locked in Python this message should always be indented at least one space in order to execute only when the condition is true it's common to call this first line the header and to call

the actions that happen when the condition is met the body this condition was based on a variable being greater than a specific number but we can Define our condition using a variety of operators for example we can also check if something is less than a specified value or we can check if it's greater than or equal to or less than or equal to the value we can also compare if something is equal to a value when we do this inside a condition we need to use a special syntax it's not just the equals sign but

a double equals the double equals sign is an important operator often used in conditional statements a double equals evaluates whether two objects match it assigns a Boolean value of true when they match and false when they don't there's one more operator we should discuss an exclamation mark followed by an equal sign represents the condition of not equal this operator for not equal evaluates whether two objects are different it assigns a willan value of true when they don't match and false when they match let's more closely investigate an example that uses the double equal sign we'll

focus on an example that prints and updates needed message when a particular operating system is running here we've created a condition that checks if a device's operating system matches a specific string that identifies this operating system to do this we'll need to use the double equal sign in our condition when it matches our program will print a message that there are updates needed the operating system variable is on the left left of the double equal sign the string os2 is on the right if the condition evaluates to true it performs the action that is indented

in the next line of code here if the operating system is os2 it will print updates needed if it's false the message will not print notice how this line is indented this tells python that the task depends on the if statement evaluating to true now let's write code that incorporates this conditional and get the results before we write the conditional statement we need to assign a value to our operating system variable we'll make this value the same as the operating system that we'll check for in the conditional next we'll write the condition for our if

state M and use the double equal sign to check if the operating system variable is equivalent to os2 now we'll type the action that will execute if the condition on the previous line evaluates to True we'll tell python to print the updates needed message since we set our operating system variable to os2 the print statement will execute okay let's run this as expected it printed updates needed because the value assigned to the operating system variable was equal to os2 sometimes we want our conditional statements to execute another set of instructions in the event our first

condition isn't true in our example not being true means that the device is running an operating system other than os2 this is when we need to incorporate the lse keyword into our conditional statements else precedes a code section that only evaluates when all conditions that preceded within the conditional statement evaluate to false else statements always follow an if a statement and and in a column let's use our previous conditional and add an Elsa statement to it we've included the same if statement but this time we set the operating system variable to contain a different operating

system os3 because this doesn't match the value in the condition of the if a statement the updates needed message won't print but we can add an else statement and tell it to do something else instead we type the else keyword followed by a column then we indent the next line and tell it to print a no updates needed message when we run this code it processes the else statement after the if statement since our if statement will evaluate to false it then moves onto the else instruction let's try it as expected it only only prints

the message no updates needed great work now we've covered how to use if and how to use else using conditional statements allows you to incorporate logic into your code we just learn about conditional statements and how they can developed to allow computers to make decisions but sometimes we need our programs to Simply count or perform a task over and over again when it comes to tasks that are tedious it's normal for humans to lose focus and energy it's in situations like this where computers can be especially helpful in this video we'll examine how computers can

perform repetitive tasks using iterative statements an iterative statement is code that repeatly executes a set of instructions iterative statements are also referred to as Loops setting up a loop allows us to repeatedly use a line of code without having to type it multiple times before discussing the syntax let's run a loop so you can experience what happens notice how this code printed all the numbers in the list with only one printed statement that's a loop there are two types of Loops will'll explore for loops and while Loops we just ran a for Loop and we'll

continue to focus on them in this video later we'll explore while Loops for Loops repeat code for a specified sequence an example of this would be using a for Loop to print every item in a list for Loops begin with the keyword four four signals the beginning of a for Loop similar to conditional statements iterative statements consist of two main parts the parts of a loop are the loop header and the loop body let's examine the for Loop we just run and use that to explore these parts the loop header is the line that contains

the four keyword and ends with a column it tells python to start a loop it consists of the four keyword a loop variable and the sequence the loop will iterate through the loop variable is a variable that is used to control the iterations of a loop the loop variable comes directly after four a common name for it is the letter I but you can give it any other name you want in for Loops this temporary variable is only used within the loop and not outside of it in the rest of the code the loop variable

is followed by the in operator and the sequence the loop will iterate through in this example this sequence is a list containing numbers from one through four it runs each of these numbers through a specified action we need to remember to put a column at the end of the loop header to introduce this code the loop body refers to the indented lines after the loop header these represent the actions that are repeated while the loop iterates in this case it will print each number in the Le first one and then two and so on another

important use of for Loops is to repeat a specific process a set number of times and this is done through combining it with the range function the range function generates a sequence of numbers as an example range from 0 to 10 sets a sequence that goes from 0 1 two all the way up until the number nine when we use range we start counting at the number in the first position in this case Zero then when we reach the number in the second position it tells us where to stop that number is excluded so in

this case where the number is 10 the sequence only goes up until 9 an important detail about the range function is that if we don't provide a start point it automatically starts from zero then represents the stop Point since the stop point is excluded the numbers included in the sequence start at zero and end at N9 a sequence that starts at zero and ends at nine will iterate 10 times let's run a for Loop that incorporates the range function we'll use range to ask python to repeat an action 10 times and then we'll indicate the

action we want to repeat this action is printing an error message that indicates cannot connect to the destination let's run this using a for loop with the range function allowed us to repeat the same error message 10 times instead of typing it over and over again ourselves in this video we learn about the syntax and structure of iterative statements and work with for Loops as an example in the next video we'll cover another type of iterative statement the Y Loop previously we introduced iterative statements in Python and focus on for Loops an iterative statement is

code that repeatedly executes a set of instructions in this video we'll explore another type of iterative statement the Y Loop when we use for Loops the code repeatedly executed based on a specified sequence while Loops is still repeatedly execute but this repetition is based on a condition as long as the condition is true the loop continues to execute but when it becomes false the Y Loop stops this y Loop for example sets a condition where the variable time must be less than or equal to 10 this means it will keep running until the variable time

is greater than 10 similar to the for Loop a while loop has a header it consists of the keyword while the condition and a column the Y Loop starts with the keyword while the keyword while signals the beginning of a while loop and it's followed by the condition that evaluates to aoan value of either true or false the condition contains the loop variable this variable is used to control the number of loop iterations however there is an important distinction in the variables used in four and Y loops with Y Loops the variable isn't created within

the loop statement itself before writing the Y Loop you need to assign the variable then you'll be able to reference it in the loop when the condition containing the loop variable evaluates to true the loop iterates if it does not then the loop stops this condition will evaluate to True while the variable time is less than or equal to 10 finally the loop header ends with a column just like a for Loop a y Loop has an indented body that consists of the actions to take while the loop iterates the intention of this code is

to print the value of a variable that represents the time and increase its value by two until it becomes greater than 10 this means the first action in this while loop is to Simply print the current value of the time variable since y Loops do not include a sequence to iterate through we have to explicitly Define how the loop variable changes in the body of the Y Loop for example in this while loop we increase the loop variable time by two every iteration this is because we only want to print the time every two minutes

so this y Loop prints out all even numbers less than or equal to 10 now that we know the basics of Y Loops let's explore a practical example imagine we have a limitation on how many devices a user can connect to we can use a y Loop to print a message when the user has reached their maximum number of connected devices let's create a y Loop for this before we start our y Loop we need to assign values to two variables first we'll set the maximum value of connected devices to five then we'll set our

Loop variable we'll use I for this and set it to a value of one on like with for loops with Y Loops we set this variable outside of the loop next we'll create the header of our y Loop in this case the condition is that the first variable is less than the second variable those variables are the loop variable I and Max devices since we know the value of Max devices is five we can understand that this Loop will run as long as the current value of I is less than five then we indicate what

we want our y Loop to do because this Loop runs as long as the user can still connect to devices we'll first have it print a user can still connect to additional devices message after this with each iteration will increment I by One when the loop repeats it will use the new value of the I variable python will exit the loop when I is no longer less than five let's also print a message when this happens we stop indenting because this next action occurs outside of the loop then will print user has reached maximum number

of connected devices okay we're ready to run this because of the loop the first message prints a total of four times the loop stops when the value of I increments to five at this point it exits the loop and prints the second message wow when you combine these new understanding of four and Y loops with what you already know about conditional statements and variables you have a lot of options in Python great work well done you've learned about why security analysts use Python and the basic structure of a program you even written some lines of

python code let's review what we learned so far you first learn about the basics of programming and why it's a very important tool for security analysts you also learn some of the basic concepts of how programming languages work you then learn to recognize data types in Python we focus on the string integer float Boolean and list data next we focused on working with variables you then learned all about conditional statements and how to check for logical conditions using python statements lastly we work with iterative statements and discuss the two types of Loops for and why

Loops you'll use this knowledge as you progress through this course and in your career as a security analyst in the next section we'll explore other important components of python including functions welcome back to our python journey in the previous videos we learned all about the basics of python we started at the very beginning by understanding how security analysts use Python we learned several building blocks of python we went into detail learning about data types variables and basic statements now we'll add to this and learn more about how to write effective Python scripts we'll discover ways

we can make our efforts more efficient the upcoming videos are going to start by introducing functions which are very important in Python functions allow us to put together a set of instructions that we can use again and again in our code afterwards we're going to learn about python modules and Library lies which include collections of functions and data types that we can use with python they help us gain access to functions without having to create them ourselves lastly we're going to talk about one of the most important rules of programming and that is code readability

we'll learn all about ways to make sure everyone can understand and work with your code I'm excited that you've decided to continue your python Journey with me so so let's start learning more as the complexity of our programs grow it's also likely that we'll reuse the same lines of code writing this code multiple times would be time consuming but luckily we have a way to manage this we can use functions a function is a section of code that can be reused in a program we already learned one function when we work with print and use

it to Output specifi data to the screen for example we printed hello python there are many other functions sometimes we need to automate a task that might otherwise be repetitive if we did it manually previously we compared other key python components to elements of a kitchen we compared data types to categories of food there are differences in how we handle veget vegetables and meat and likewise there are differences in how we handle different data types we then discussed how variables are like the containers you put food in after a meal what they hold can change

as far as functions we can think about them like a dishwasher if you aren't using a dishwasher you'll spend a lot of time washing each dish separately but a dishwasher automates this and lets you wash everything at once similarly functions improve efficiency they perform repetitive activities within a program and allow it to work effectively functions are made to be reused in our programs they consist of small instructions and can be called upon any number of times and from anywhere in our programs another benefit to functions is that if we we ever had to make changes

to them we can make those changes directly in the function and they'll be applied everywhere we use them this is much better than making the same changes in many different places within a program the print function is an example of a built-in function built-in functions are functions that exist within Python and can be called directly they are available to us by default we can also create create our own functions userdefined functions are functions that programmers design for their specific needs both type of functions are like manyi programs within a larger program they make working in

Python much more effective and efficient let's continue learning more about them let's start our exploration of userdefined functions by creating and then running a very simple function the first thing we need to do is Define our function when we Define a function we basically tell python that it exists the def keyword is needed for this def is placed before a function name to define a function let's create a function that GDs employees after they log in first we'll comment on what we want to do with this code we want to define a function now we'll

go to a new line and use the keyword def to name our function we'll call it g employee let's look at this syntax a little more closely after our keyword Def and the function name we place parenthesis later we'll explore adding information inside inside the parenthesis but for this simple function we don't need to add anything also just like we did with conditional and iterative statements we add a column at the end of this header after the column will indicate what the function will do in our case we want the function to Output a message

once the employee logs in so let's continue creating our function and tell python to print this string this line is indented because it's part of this function so what happens if we run this code does it print our message let's try this it doesn't that's because you also have to call your function you may not realize it but you already have experienced calling functions print is a built-in function that we've called many times so to call GRE employee we'll do something similar let's go with a new line we'll add another comment because now our purpose

is to call our function and then we'll call the Greet employee function we'll run it again this time it printed our welcome message great work we we've now defined and called a function this was a simple function we're going to learn something next that will add to the complexity of the functions you write previously we defined and called our first function it didn't require any information from outside the function but other functions might this means we need to talk about using parameters in functions in python a parameter is an object that is included in a

function definition for use in that function parameters are accepted into a function through the parenthesis after a function name the function that we created in the last video isn't taken in any parameters now let's revisit another function called range that does use parameters if you recall the range function generates a sequence of numbers from a start point to the value before the stop Point therefore range does include parameters for the start and stop indices that each accept an integer value for instance it could accept integers three and seven this means the sequence it generates will

run from three to six in our previous example we wrote a function that displayed a welcome message when someone logged in it would be even more welcoming if we included the employees name with the message let's define a function with a parameter so we can greet employees by name when we Define our function we'll include the name of the parameter that our function depends on we place this parameter the name variable inside the parenthesis the rest of the syntax it stays the same now let's go to the next line and indent so that we can

tell python what we want this function to do we wanted to print a message that welcomes the employee using the name that's passed into the function bringing this variable into our print statement requires a few considerations like before we start with the welcome message we want to print in this case though we're not stopping our message after we tell them they're logged in we want to continue and add the employees name to the message that's why we're placing a comma after you logged in and then adding the name variable since this is a variable and

not a specific string we don't place it in quotation marks now that our function is set up we're ready to call it with a specific argument that we want to pass in in Python an argument is the data brought into a function when it is called for example earlier when we passed three and seven into the range function these were arguments in our case let's imagine we want to greet an employee named Charlie Patel we'll call our greet employee function with this argument and when we run this Charlie Patel gets a personalized welcome message in

this example we only have one parameter in our function but we can have more let's explore an example of this maybe instead of a single name parameter we have a parameter for first name and second parameter for last name if so we would need to adjust the code like this first when we Define the function we include both parameters and separate them with a comma then when we call it we also include two arguments this time we're greeting someone with the first name of Kiara and with the last name of carer these are also separated

by a comma let's run these and welcome kiar CER as we just explored using more than one parameter just re requires a few adjustments great work in this video we learned a lot about working with parameters in a function this understanding is something you'll need as you continue to write Python scripts we previously learned how we can pass arguments into a function we can do more than pass information into a function we can also send information out of one return statements allow us to do this a return statement is a python statement that executes inside

a function and sends information back to the function call this ability to send information back from a function is useful to a security analyst in various ways as one example an analyst might have a function that checks whether someone is allowed to access a particular file and will return a Boolean value of true or false to the larger program we'll explore another example let's create a function related to analyzing login attempts based on the information it takes in this function will compute the percentage of failed attempts and return this percentage the program could use this

information in a variety of ways for example it might be used to determine whether or not to lock an account so let's get started and learn how to return information from a function just like before we start by defining our function we'll name it calculate fails and we'll set two parameters related to login attempts one for total attempts and one for failed attempts next we'll tell python what we want this function to do we want this function to restore the percentage of failed attempts in a variable called fail percentage we need to divide fail attempts

by total attempts to get this percentage so far this is similar to what we learned previously but now let's learn how to return the fail percentage to do this we need to use the key word return return is used to return information from a function in our case we'll return the percentage we just calculated so after the keyword return we'll type fail percentage this is our variable that contains this information now we're ready to call this function we'll calculate the percentage for a user who has login four times with two failed attempts so our arguments

are four and two when we run this the function Returns the percentage of failed attempts it's 0.5 or 50% but in some python environments this might not be printed to the screen we cannot use the specific variable named fail percentage outside of the function so in order to use this information in another part of the program program we would need to return the value from the function and assign it to a new variable let's check this out this time when the function is called the value that's returned is stored in a variable called percentage then

we can use this variable in additional code for example we can write a conditional that checks if the percentage of failed attempts is greater than or equal to 50% when this condition is met we can tell python to print an account locked message let's run this code and this time the percentage isn't returned to the screen instead we get the account locked message coming up we'll discuss more functions but this time we'll go over a few that are ready for use and built into python now that we know how to create our own functions let's

also explore a few of Python's built-in functions as we discussed previously builing functions are functions that exist within Python and can be called directly our only job is to call them by their name and we already described a few throughout the course for example Python's print and type functions let's quickly review those two built-in functions before learning about new ones first print outputs a specified object to the screen and then the type function Returns the data type of its input previously we've been using functions independently from one another for example we ask python to print

something or we ask python to return the data type of something as we begin to explore reading functions we'll often need to use multiple functions together we can do this by passing one function into another as an argument for example in this line of code python first Returns the data type of hello as a string then this return value is passed into the print function this means the data type of a string will be printed to the screen print and type are not the only functions you'll see used together in this way in all cases

the general syntax is the same the inner function is processed first and then its return value is passed to the outer function let's consider another aspect of working with building functions when working with functions you have to understand what their expected inputs and outputs are some functions only expect the specific data types and will return a type error if you use the wrong one other functions need a specific amount of parameters or return a different data type the print function for example can take in any data type as its input it can also take in

any number of parameters even once with different data types let's explore the input and output of the print function we'll enter three arguments the first contains a string data then a comma is used to separate this from the second argument this second argument is an integer finally after another comma our third argument is another string now let's run this code perfect this printed out just as expected the type function also takes in all data types but it only accepts one parameter let's explore this input and output too our first line of code will first determine

the data type of the word security and then pass what it returns into a print function and the second line of code will do the same thing with the value of 73.2 now let's run this and see what happens python first returns output that tells us that the word security is a string data next it returns another line of output that tells us that 73.2 is float Theta now we know what to consider before using a buil-in function we have to know exactly how many parameters it requires and what data types they can be we

also need to know what kind of output it produces let's learn a couple of new build-in functions and think about this we'll start with Max the Max function Returns the largest numeric input passed into it it doesn't have a defined number of parameters that it accepts let's explore the max function we'll pass three arguments into max in the form of variables so let's first Define those variables we'll set the value of a to 3 B to 9 and C to six then we'll pass these variables into the max function function and print them let's run

this it tells us the highest value among those is nine now let's study one more buil-in function the sorted function the sorted function sorts the components of a list this function can be very useful in a security setting when working with lists we often have to sort them with lists of numbers we sort them from the smallest to largest or the other way around with lists of string data we might need to sort them alphabetically imagine you have a list that contains usernames in your organization and you wanted to sort them alphabetically let's use Python

sorted function for this we'll specify our list through a variable named usernames in this list will'll include all of the usernames we want to sort now we'll use the sorted function to sort these names by passing the usernames variable into it and then we'll pass its output into the printed statement so it can be displayed on the screen and when we run it everything is now in order these are just a few of the building functions available for your use as you work more in Python you'll become familiar with others that can help you in

your programs hello again previously we learn about building functions in Python building functions come standard with every version of python and consist of functions such as print type Max and many more to access additional pre-build functions you can import a library a library is a collection of modules that provide code user can access in their programs all libraries are generally made up of several modules a module is a python file that contains additional functions variables classes and any kind of runable code think of them as save python files that contain useful functionality modules may be

made up of small and simple lines of code or could be complex and lengthy in size either way they help save programers time and make code more readable now let's focus a specifically on the python standard Library the python standard library is an extensive collection of usable python code that often comes packaged with python one example of a module from the python standard library is the re module this is a useful module for a security analyst when they are tasked with a searching for patterns in log files another module is the CSV module it allows

you to work efficiently with CSV files the python standard Library also contains glob and Os modules for interacting with the command line as well as time and date time for working with time stamps these are just a few of the modules in Python standard Library in addition to what's always available through the python standard Library you can also download external libraries a couple of examples are beautiful soup for parsing HTML website files and npy for array and mathematical computations these libraries will assist you as a security analyst in network traffic analysis lock file parsing and

complex math overall by python libraries and modules are useful because they provide pre-programmed functions and variables this saves time for the user I encourage you to explore some of the libraries and modules we discuss here and the ways they might be helpful to you as you work in Python welcome back one of the advantages to programming in Python is that it's a very readable language it also helps that the python Community shares a set of guidelines that promote clean and nit code these are called style guides a style guide is a manual that informs the

writing formatting and design of documents as it relates to programming the style guides are intended to help programmers follow similar conventions the pep 8 style guide is a resource that provides stylistic guidelines for programmers working in Python pep is short for python enhancement proposals pep 8 provides programmers with suggestions related to syntax they're not mandatory but they help create consistency among programmers to make sure that others can easily understand our code it's essentially based on the principle that code is read much more often than it's written this is a great resource for anyone who wants

to learn how to style and format their python code in a manner consistent with other programmers for example pep8 discusses comments a comment is a note programmers make about the intention behind their code they are inserted in computer programs to indicate what the code is doing and why pep 8 gives a specific recommendations like making your comments clear and keeping them up to date when the code changes here's an example of code without a comment the person who wrote it might know what's going on but what about others who need to read it they might

not understand the context behind the failed attempts variable and why it prints account locked if it's greater than five and the original writer might need to revisit this code in the future for example to deok the larger program without the comment they would also be less efficient but in this example we've added a comment all readers can quickly understand what our program and its variables are doing comments should be short and right to the point next let's talk about another important aspect of code readability indentation indentation is a space added at the beginning of a

line of code this both improves readability and ensures that code is executed properly there are instances when you must indent lines of code to establish connections with other lines of code this groups the indented lines of code together and establishes a connection with a previous line of code that isn't indented the body of a conditional statement is one example of this we need to make sure this printed statement executes only when the condition is met indenting here provides this instruction to python if the printed statement were not indented python would execute this printed statement outside

of the conditional and it would always print this would be problematic because you would get a message that updates are needed even if they're not to indent you must add at least one space before a line of code typically programmers add two to four spaces for visual Clarity the pep8 sty gu recommends for spaces at my first engineering job I wrote a script to help validate and launch fir World rules initially my script worked well but it became hard to read a year later when we were trying to expand its functionality my programming knowledge and

coding style had evolved over that year as had the coding practices of my teammates our organization did not use a coding style guide at that time so our codes were very different hard to read and did not scale well this caused a lot of challenges and required additional work to fix ensuring that code is readable and can be modified over time it's why it's important for Security Professionals to adhere to coding style guides and why the style guides are so important for organizations to utilize the ability to write readable code is key when working in

python as we head into the next part of our course we'll continue to develop effective code practices for better readability hi my name is dorsa and I'm a security engineer what I love the most about my job is that I get to look at different infrastructures and system designs on a daily basis one piece of advice for individuals who starting out in their cyber security profession it's very important to work collaboratively in Python and one of the key aspects of that is to listen to the feedback that your team members provide python allows for many

different ways of accessing different information when you share python code Snippets amongst your team members it allows the code to be more uniform and the coding process to be more efficient makes the codebase a lot more readable and allows for other Engineers to work on your code after you I've seen many examples of when collaboratively written python code has been helpful in the industry one of the examples is when at Google we wrote a collaboratively written code base which allowed for an onboarding process to be reduced from six or seven hours to a couple of

minutes collaboration was a key part of this process because otherwise it would have taken many many years for one single individual to write it one individual is not able to understand every f detail of each system and if we don't have multiple Engineers working on it it would have made this process a lot more difficult communication is very important when you're working in a team and especially if you're developing code in Python you need to express whether you need help throughout the process because your team members are there to ensure that you are successful at

the end of the day your success means that your team is also successful as you advance in your career as someone who WR code in Python you'll realize that there are a lot of functions and methods that are just sticking around on the internet and you will be able to find them with a quick search and those methods will come in handy and you will be able to reuse them for your pieces of code a really good resource for you to learn new skills and expand your python coding skills is to talk to your colleagues

attend meetups talk to different Security Professionals who don't work at your company because everyone has an Insight on how to make your coding skills especially in cyber security better great work on making it this far in the python course you put in a lot of work and effort towards learning more about how you can use Python effectively and efficiently let's quickly recap the concepts you learn throughout the videos first we started by understanding the role of functions in Python they can save you a lot of time you learn how to encor incorporate building functions and

how to develop your own functions to meet your needs we then shifted our Focus towards modules and libraries which gave us access to a lot more functions than those built into python lastly we move to learning about code readability and best practices to write clean understandable code with these understandings you're ready to learn how powerful python can really be for task Automation and how it can help you going forward as a security analyst thank you for taking the time to go through this course with me I'll meet you in the next videos as a security

analyst you'll work with a lot of data being able to develop solutions for managing this data is very important what we're about to learn in Python will help you with that previously we set found foundations for what we're going to do in this section we learned all about data types and variables we also covered conditional and iterative statements we learned about building functions and even created our own functions here we'll build on that in a few different ways first you'll learn more about working with strings and lists we'll expand the ways that you can work

with these data types including extract attracting characters from strings or items from thiss our next focus is on writing algorithms you'll consider a set of rules that can be applied in Python to solve a security related problem and finally we'll further expand the ways we can search for Strings when we explore using regular Expressions we're going to have a lot of fun and you'll start writing some really interesting code in Python I can't wait to get started knowing how to work with a string data in security is important for example you might find yourself working

with usernames to find patterns in login information we're going to revisit the string data type and learn how to work with it in Python first let's have a quick refresher on strings we defined the string data as data consisting of an order sequence of characters in python the strings are written in between quotation marks it's okay to use either double or single quotation marks but in this course we've been using double quotation marks as examples we have the strings hello 1 2 3 and number one we also previously covered variables here the variable my string

is currently storing the string security you can also create a string from another data type such as an integer or a float to do that we need to introduce a new built-in function the string function the string function is a function that converts the input object into a string converting objects to Strings allows us to perform tasks that are only possible for strings for example we might convert an integer into a string to remove elements from it or to reorder it both are difficult for an integer data type let's practice converting an integer to a

string we'll apply the string function to the integer 123 now the variable new string contains a string of three characters one two and three let's print its type to check we'll run it perfect it tells us that we now have a string awesome so far we know different ways to create and store a string now let's explore how to perform some basic string operations our first example is the length function the length function is a function that Returns the number of elements in an object using it on a string tells us how many characters the

string has earlier in the program we learned that IP addresses have two versions ipv4 or IPv6 ipv4 addresses have a maximum of 15 characters so a security professional might use the length function to check if an ipv4 address is valid if its length is greater than 15 characters then we know that it's an invalid ip4 address let's use this function to print the length of the string hello we'll Nest the length function within the print function because we want to First calculate the length of this string and then print it to the screen okay let's

run this and check out how many characters python counts the output is five one for each letter in the word hello we can also use the addition operator on strings this is called string concatenation the string concatenation is the process of joining two strings together for example we can add the strings hello and word together to concatenate strings we can use the plus symbol after we run it we get hello word with no spaces in between the the two strings it's important to note that some operators don't work for strings for example you cannot use

a minus sign to subtract the two strings finally we're going to talk about string Methods a method is a function that belongs to a specific data type so using a string Methods on another data type like an integer would cause an error unlike other functions methods appear after the string two common string Methods are the upper and the lower methods the upper method returns a copy of the string in all uppercase letters let's apply the upper method to the string hello we'll place this inside of a print function to Output it to the screen let's

focus on the unique syntax of methods after our string hello we place a period or Dot and then specify the method we want to use here that's oper okay now we're ready to run this hello is printed to the screen in all uppercase letters similarly the lower method returns a copy of the string in no lowercase letters let's apply the lower method on the Hello string Str remember that we need to put the string and the method inside of a print function to Output the results and now we have the string printed in no lowercase

letters coming up we're going to learn a lot more about strings like indexing and splitting strings I'm looking forward to meeting you there in security there are a variety of reasons we might need to search through a string for example we might need to locate a username in a security log or if we learn that a certain IP address is associated with malware we might search for this address in a network log and the first step in being able to use python in these ways is learning about the index of characters in a string the

index is a number assigned to every element in a sequence that indicates its position in this video we are discussing strings so the index is the position of each character in a string let's start with the string hello every character in the string is a sign an index in Python we start counting indexes from zero so the character H has an index of zero and E has an index of one and so on let's take this into Python and practice using indices placing an index in a square brackets after a string Returns the character at

that index let's place the index one in square brackets after hello and run it this return the character e remember indices start at zero so an index of one isn't the first character in the world but what if we want to return more than just one character we can extract a larger part of a string by specifying a set of indices and this is called a slice when taking a slice from a string we specify where the slice starts and where the slice ends so we provide two indices the first index is the beginning which

is included in the output the second index is the end but it's not included in the final output instead python stops the slice at the element before the second index for example if we wanted to take the letters e l l from hello we would start the interval from the index one but would end before the index 4 let's try this example and extract a slice from a string in Python let's type in the string and take the slices starting at index one and ending before index 4 now let's run the code and examine the

output and there's the slice we wanted now that we know how to describe the location of a character in a string let's learn how to search in a string to do this we need to use the index method the index method finds the first occurrence of the input in a string and returns its location let's practice using the index method in Python let's say we want to use the index method to find the character e in the string hello we'll locate the first instance of the character e let's examine this line in more detail after

writing the string and the index method we use the character we want to find as the argument of the index method remember the strings in Python are case sensitive so we need to make sure we use the appropriate case with the index method let's run this code now this return the number one this is because e has an index value of one now let's explore an example where a character repeats multiple times in the string let's try searching for the character l we start with similar code as before passing the argument L instead of e

to the index method now let's run this code and investigate the result the result is the index two this tells us that the method only identified the first occurrence of the character L and not the second this is an important detail to notice when working with the index method as a security analyst learning how to work with indices allows you to find certain parts in a string for example if you need to find the location of the ad symbol in an email you can use the index method to find what you're looking for with one

line of code now let's turn our attention to an important property of a strings have you ever heard the expression some things never change it might be said about the comfortable feeling you have with a good friend even when you haven't seen them for a long time well in Python we can also say this about strings strings are immutable in Python immutable means that it cannot be changed after it's created and assigned a value let's break this down with an example let's assign the string hello to the variable my string now if we want to

change the character e to an A so my string has the value h a l l o then we might be inclined to use index notation but here we get an error my string is immutable so we cannot make changes like this and there you have it you just learn how to index and slice into Strings you've also seen that strings are immutable so you cannot reassign characters after a string has been defined coming up we'll learn about list operations and see that lists can be changed with index notation meet you there another data type

we discussed previously is the list lists are useful because they allow you to store multiple pieces of data in a single variable in the security profession you will work with a variety of lists for example you may have a list of IP addresses that have access a network and another list might hold information on applications that are blocked from running on the system let's recap how to create a list in Python in this case the items in our list are the letters a through e we separate them by commas and surround them with square brackets

we can also assign our list to a variable to make it easier to use later here we've named our variable my list when we access a specific elements from lists we use syntax similar to when we access specific elements from strings we place its index value in Brackets after the variable that stores the list so this would access the second it in the list this is because in Python we start counting the elements in a list at zero and not at one so the index for the first element is zero and the index for the

second element is one let's try extracting some elements from a list we'll extract the second element by putting one in Brackets after the variable we place this in a print function to Output the result and after we run it python outputs the letter B similar to Strings we can also concatenate lists with the plus sign list concatenation is combining two lists into one by placing the elements of the second list directly after the elements of the first list let's work with this in Python let's concatenate two lists first we Define the same list as in

the previous example and store it in the variable my list now let's define an additional list with the numbers one through four finally let's concatenate the two lists with a plus sign and print out the result and when we run it we have a final concatenated list having discussed the similarities let's now explore the differences between lists and strings we mentioned earlier that strings are immutable meaning after they are defined they Cann not be changed lists on the other hand do not have this property and we can freely change add and remove list values so

for example if we have a list of malici ious IP addresses then every time a new malicious IP address is identified we can easily add it to the list let's first try changing a specific element in a list in Python we start with the list used in the previous example to change an element in a list we combine what we learned about bracket notation with what we learned about variable assignment let's change the second element in my list which is the string B to the number seven we place the object we want to change on

the left hand side of the variable assignment in this case we'll change the second element in my list then we place an equal sign to indicate we are reassigning this element of the list finally we place the object to take its place on the right hand side side here we'll reassign the second list element to a value of seven now let's print out the list and run the code to examine the change perfect the letter B is now changed to the number seven now let's take a look at methods for inserting and removing elements in

lists the first method we'll work with in this video is the insert method the insert method adds an element in a specific position inside a list the method takes two arguments the first is the position we're adding the element to and the second is the element we want to add let's use the insert method we'll start with the list we defined in our my list variable then we type my my list do insert and pass in two arguments the first argument is the position where we want to insert the new information in this case we

want to insert into index one the second argument is the information we want to add to the list in this case the integer seven now let's print my list our list still begins with a the element with an index of zero and now we have the integer seven in the next position the position represented with an index of one notice that the letter B which was originally at index one did not get replaced like when we use bracket notation with the insert method every element Beyond index one one is simply shifted down by one position

the index of B is now two sometimes we might want to remove an element that is no longer needed from a list to do this we can use the remove method the remove method removes the first occurrence of a specific element in a list unlike insert the argument of remove is not an index value instead you directly type the element you want to remove the remove method removes the first instance of it in the list let's use the remove method to delete the letter D from our list we'll type the name of our variable my

list then add the remove method we want to remove D from this list so we will place it in quotation marks as our argument then we'll print my list and let's run this perfect the has now been removed from the list just like with the strings being able to search through lists is a necessary skill for security analysts I'm looking forward to expanding our understanding as we move forward in this course in our everyday lives we frequently follow rules for solving problems as a simple example imagine you want a cup of coffee if you've made

coffee many times then you likely follow a process to make it first you grab your favorite mug then you put water into the coffee maker and add your coffee grounds you you press the start button and wait a few minutes finally you enjoy your fresh cup of coffee even if you have a different approach to making coffee or don't drink coffee at all you likely follow a set of rules for completing similar everyday tasks when you complete these routine tasks you're following an algorithm an algorithm is a set of rules that solve a problem in

more detail an algorithm is a set of steps that take an input from a problem uses this input to perform tasks and returns a solution as an output let's explore how algorithms can be used to solve problems in Python imagine that you as a security analyst have a list of IP addresses you want to extract the first three digits of each IP address which will tell you information about the networks that these IP addresses belong to to do this we're going to write an algorithm that involves multiple python Concepts that we've covered so far Loops

lists and strings here's a list with IP addresses that are stored as strings for privacy reasons in our example we are not showing the full IP addresses our goal is to extract the first three numbers of each address and store them in a new list before we write any python code let's break down an approach to solving this problem with an algorithm what if you had one IP address instead of an entire list well then the problem becomes much simpler the first step in solving the problem will be to use a string slicing to extract

the first three digits from one IP address now let's consider how to apply this to an entire list as the Second Step we'll use a loop to apply that solution to every IP address on the list previously you learn about string slicing so let's write some python code to solve the problem for one IP address here we are starting with one IP address that begins with 198567 and we'll write a few lines of code to extract the first three characters we'll use the bracket notation to slice the string inside the printed statement we have the

address variable which contains the IP address we want to slice remember that python starts counting at zero so to get the first three characters we start our slides at index Z Z and then continue all the way until index 3 remember that python excludes the final index in other words python will return the characters at index zero one and two now let's run this we get the first three digits of the address 198 now that we're able to solve this problem for one IP add address we can put this code into a loop and apply

it to all IP addresses in the original list before we do this let's introduce one more method that we'll be using in this code the append method the append method adds input to the end of a list for example let's say that my list contains one two and three with this code we can use the append method to add four to this list first we're given the IP list now we're ready to extract the first three characters from each element in this list let's create an empty list to store the first three characters of each

IP from the list now we can start the for Loop let's break this down the word for tells python that we are about to start a for Loop we then choose address as the variable inside of the for Loop and we specify the list called IP as the eeral as the loop runs each element from the IP list will be stored temporarily in the address variable inside the for Loop we have a line of code to add the slice from address to the networks list breaking this down we use the code we wrote earlier to

get the first three characters of an IP address we'll use our append method to add an item to the end of a list in this case we're adding to the Network's list finally let's print the networks list and run the code the variable networks now contains a list of the first three digits of each IP address in the original list IP that was a lot of information designing algorithms can be challenging so it's a good idea to break them down into a smaller problems before jumping into writing your code we'll continue to practice this idea

in the upcoming videos meet you there we've already learned a lot about working with strings this includes working with their positional indices and slicing them in the previous video we applied this to extract the first three digits from a list of IP addresses in this video we're going to focus on a more advanced way to search through strings we'll learn about searching for patterns in strings through regular Expressions a regular expression shortened to regex is a sequence of characters that forms a pattern this pattern can be used when searching within log files we can use

them to search for any any kind of pattern for example we can find all strings that start with a certain prefix or we can find all strings that are a certain length we can apply these to a security context in a variety of ways for example let's say we needed to find all IP addresses with a network ID of 184 regular Expressions would allow us to efficiently search for this pattern we'll examine another another example throughout this video let's say that we want to extract all the email addresses containing a log if we try to

do this through the index method we would need the exact email addresses we were searching for as security analysts we rarely have that kind of information but if we use a regular expression that tells python how an email address is a structure it would return all the strings that have the same elements as an email address address even if we were given a loog file with thousands of lines and entries we could extract every email in the file by searching for the structure of an email address through a regular expression we wouldn't need to know

the specific emails to extract them let's explore the regular expression symbols that we need to do this to begin let's learn about the plus sign the plus sign is a regular expression symbol that represents one or more occurrences of a specific character let's explain that through an example pattern the regular expression pattern a plus sign matches a string of any length in which a is repeated for example just a single a 3 A's in a row or 5 A's in a row it could even be 1,000 a in a row we can start working with

a quick example to see which strings this pattern would extract that's a start with this string of device IDs these are all the instances of the letter a written once or multiple times in a row the first instance has 1 a the second has 2 A's the third one has 1 a and the fourth has 3 A's so if we told python to find matches to the A+ sign regular expression it would return this list of a the other building block we need is the back slw symbol this matches with any alpha numeric character but

it doesn't match symbols 1 K and I are just three examples of what back slw matches regular Expressions can easily be combined to allow for even more patterns in a search before we apply these to our email context let's explore the patterns we can see search for if we combine the back slw with the plus sign back slw matches any alpha numeric character and the plus sign matches any number of occurrences of the character before it this means that the combination of back slw plus sign matches an alpha numeric string of any length the back

slw provides flexibility in the alpha numeric characters that this regular expression matches and the plus sign provides flexibility in the length of the string that it matches the strings 192 abc123 and security are just three possible strings that match to back slw plus sign now let's apply this to extracting email addresses from a log email addresses consist of text separated by certain symbols like the ad symbol symbol and the period let's learn how we can represent this as a regular expression to start let's think about the format of a typical email address for example user1

atail 1.com the first segment of an email address contains alpha numeric characters and the number of alpha numeric characters may vary in length we can use our regular expression back slw plus sign for this portion to match to an alpha numeric string of any length the next segment in an email address is the at symbol this segment is always present we'll enter this directly in our regular expression including this is essential for ensuring that python distinguishes email addresses from other strings after the ad symbol is the domain name just like the first segment this one

varies depending on the email address but it always contains alpha numeric characters so we can use back slw plus sign again to allow for this variation next just like the ad symbol a period is always part of an email address but unlike the ad symbol in regular Expressions the period has a special meaning for this reason we need to use backs slash period here when we add a backslash in front of it we let python know that we are not intending to use it as an operator and that our pattern should include a period in

this location for the last segment we can also use back slw plus sign this final part of an email address is often come but may be other strings like net when we put the pieces together we get the regular expression we'll use to find email addresses in our log this pattern will match all email addresses it would exclude everything else in our string this is because we've included the at symbol and the period where they appear in the structure of an email address let's bring this into python we'll use regular Expressions to extract email addresses

from my string regular Expressions can be used when the re module is imported into python so we begin with that step later we'll learn how to import an open files like logs but for now we've stored our log as a string variable named email log because this is a multi-line string we're using three sets of quotation marks instead of just one next we'll apply the find all function from the re module to our regular expression re doind all returns a list of matches to a regular expression let's use this with the regular expression we created

earlier for email addresses the first argument is the pattern that we want to match notice that we place it in quotation marks the second argument indicates where to search for the pattern in this case we're searching through the string contained within the email log variable when we run this we get a list of all the emails in the string imagine applying this to a log with thousands of entries pretty useful right this was just an introduction to the power of regular Expressions there are many more symbols you can use I encourage you to explore regular

Expressions on your own and learn more congratulations we accomplish a lot together let's take time to quickly go through all the new Concepts we covered we started this course by focusing on working with strings and lists we learn methods that work specifically with these data types we also learned to work with indices and extract the information we need next we focused on writing algorithms we wrote a simple algorithm that slic the network ID from a list of IP addresses finally we covered using regular Expressions regular Expressions allow you to search for patterns and this provides

expanded ways to locate what you need in logs and other files these are complex Concepts and you're always welcome to visit the videos again whenever you like with these Concepts you took a big step towards being able to work with data and write the algorithms that Security Professionals need throughout the rest of this course you're going to get more practice with python and what it can offer to security analysts we've learned a lot about python together already and we still have more to cover in this section we're going to explore how a security analyst like

yourself puts python into practice as a security analysts you'll likely work with security logs that capture information on various system activities these logs are often very large and hard to quickly interpret but python can easily automate these tasks and make things much more efficient so first we'll focus on opening and reading files in Python this includes log files will then explore parsing files this means you'll be able to work with files in ways that provide you with the security related information that you're targeting finally part of writing code is debugging code it's important to be

able to interpret error messages to make your code work we'll cover common types of python errors and ways to resolve them overall after completing this section you'll have a better understanding of python and how as a security analyst you can use it I can't wait to join you automation is a key concern in the security profession for example it would be difficult to monitor each individual attempt to access the system for this reason it's helpful to automate the security controls put in place to keep malicious actors out of the system and it's also helpful to

automate the detection of inial activity python is great for automation let's explore three specific examples of this first imagine you're a security analyst for a Healthcare company that stores confidential patient records in a database server your company wants to implement additional controls to protect this information in order to enhance the security of the records you decide to implement a timeout policy that logs out a user if they spend more than 3 minutes logging into the database this is because it's possible that if a user is spending too much time it could be that they are

guessing the password to do this you can use Python to identify when a user has enter a username and start tracking the time until this user enters the correct password now let's cover a different example this time imagine you are a security analyst working at a law firm there have recently been some ongoing security attacks where threat actors hack into employee accounts and attempt to steal client information they then threatened to use this maliciously so the security team is working to Target all security vulnerabilities that allow these attackers to break into the company's data dat

bases you personally are responsible for tracking all user logins by checking their login timestamp IP address and location of login for example if a user logs in during the early hours of the morning they should be flaged also if they are logging in from a location that's not one of the two established work zones you must flag their account finally if a user is simultaneously loging from two different IP addresses you must flag their account python can help you keep track of and analyze all of these different login information let's consider one final example imagine

you are a security analyst working at a large organization recently this organization has increased security measures to make sure all customer facing applications are better protected since there is a password to access these applications they want to monitor all password login attempts for suspicious activity one sign of suspicious activity is having several failed login attempts within a short amount of time you need to flag users if they had more than three login failures in the last 30 minutes one way you could do this in Python is by parsing a static txt log file with all

user login attempts to each machine python could structure the information in this file including the usern name IP address Tim stamp and login status it could then use conditionals to determine if a user needs to be flaged these are just a few examples of how a security analyst might apply python in their day-to-day work I hope you are as excited as I am to create solutions for security problems my name is Clancy and I'm a senior security engineer my team here at Google is part of an ongoing effort to protect uh Google's sensitive information customer

data pii every day is different at my job um it allows me to use different skills knowledge sets and no day is alike by trade I am not a engineer or software engineer at all um I was actually in accounting being affected by any type of cyber security attack definitely gives you perspective on the opposite side you get to see how this affects users how this affects people uh that were attacked had I known uh when I first started out how big of a field cyber security really was it would have allowed me to uh

explore python is a developmental language I use it uh very frequently at my role at Google one of my favorite things about python is the power of the language you can use it to create very powerful scripts that you'll use in your day-to-day role when I first picked up python the trickiest part was learning how to say things the pythonic way I use various uh resources online as well as books as well as picking up side projects one of the best things about python is a very widely used language and you can find many many

resources online depending on your skill set python as well as any other developmental language is constantly evolving continue to take on projects continue to stretch your knowledge and you'll continue to grow the advice I can give uh for a person starting to Learn Python is make it fun I think once you find uh learning a language to be fun it allows you to be more engaged develop a good Baseline uh for what cyber security is make yourself a little well-rounded in the beginning and then from there you can Branch out and deep dive into uh

subjects that are interesting to you when starting out it can be very tough uh and you feel as if your Cent climbing up a big hill persevere continue to learn and it'll be a very rewarding experience Security Professionals are often tasked with reviewing lock files but these files may have thousands of entries so it can be helpful to automate this process and that's where python comes in let's start by importing a simple text file that just contains a few words and then a story it as a string in Python all we need is the text

file its location and the right python keywords we're going to start by typing a WID statement the keyword wi handles errors and manages external resources when using wi python knows to automatically release resources that would otherwise keep our system busy until the program finishes running it's often used in file handling to automatically close a file after reading it to open files and then read them we write a statement that begins with the keyword wi then we use the open function open is a function that opens a file in Python the first parameter is the name

of the text file on your computer or a link to it on the internet depending on the python environment you might also need to include a path to this file remember to include the do txt extension in the file name now let's discuss the second parameter this parameter in the open function tells python what we want to do with the file in our case we want to read a file so we use the letter R between quotation marks if we wanted to write to a file we would replace this r with a W but here

we're focusing on reading finally file is a variable that contains the file information as long as we're inside the withd statement like with other types of statements we end our withd statement with a column the code that comes after the column will tell python what to do with the content of the file let's go into Python and use what we learned we're ready to open a text file in Python now we'll type our WID statement next we'll use Python's built-in read method the read method converts files into Strings now let's go back to our width

statement similar to a for Loop width statements start an indent on the next line this tells python that this code is happening inside the width statement inside of the statement we're going to use the read function to turn our file into a string and store that inside a new variable this new variable can be used outside of the wi statement so let's exit the WID statement by removing the indentation and print the variable perfect the string from the text prints out coming up we're going to discuss parsing files so we are are equipped to handle

security locks in the future now that you know how to import text files into python we're going to take this one step further and learn how to give them a structure this will allow us to analyze them more easily this process is often referred to as parsing parsing is the process of converting data into a more readable format to do this we're going to put together everything we learn about lists and strings and learn another method for working with the strings in Python the method we need is the split method the split method converts a

string into a list it does this by separating the string based on a specified character or if no argument is passed every time it encounters a wi space it separates the string so a split would convert the string we are learning about parsing into this list we are using the split method to separate the strings into a smaller chunks that we can analyze more easily than one big block of text in this video we'll work with an example of a security log where every line represents a new data point for these points in a list

we want to separate the text based on the new line python considers a new line to be a type of white space so we can use the split method without passing an argument we'll start with our code from the previous video remember we use this code to open a file and then read it into a string now let's split that string into a list using the split method and then print the output after we run it python outputs a list of usernames instead of one big string of them if we want to save this list

we would need to assign it to another variable for example we can call the variable usernames and then we run it again and now this list can be reused in other code congratulations you just learned the basic of parsing a text file in python in the next videos we're going to be exploring techniques that help us work more in depth with data in Python we're now going to bring all of the pieces together to import a file parse it and Implement a simple algorithm to help us detect suspicious login attempts in this video we want

to create a program that runs every time a new user logs in and checks if that user has had three or more failed login attempts first let's discuss the structure of our inputs to build a strategy to develop our program we have a log file is stored in a txt format that contains one username per line each username represents a failed login attempt so when a user logs in we want our program to check for their username and count how many times that username is in our log file if that username is repeated three or

more times the program returns an alert we'll start with code that Imports the file of login attempts it splits it and it stores it into a variable named usernames let's try printing the variable usernames to check for its contents we'll run this perfect this is exactly what we expected the variable usernames is ready to be used in our algorithm now let's develop a strategy for counting username occurrences in a list we'll start with the first eight elements of the usernames list we notice that there are two occurrences of the username e r aab in the

list but how would we tell python to count this we'll Implement a for Loop that iterates through every element let's represent the loop variable with an arrow we also Define a counter variable that starts at zero so our for Loop starts at the username e l a RS o n at every element python asks is this element equal to the string e r aab if the answer is yes the counter goes up by one if it isn't then the counter stays the same since e l a r s o n is not the same as

e r aab the counter remains zero then we move on to the next element we encounter our first occurrence of er AA B at this point the counter increases by one as we move to the next element we find another occurrence of ER aab so we increase our counter by one again that means that our counter is now at two we would continue this process for the rest of the list now that we know the solution let's talk about how to implement it in python solving the problem in Python will involve a for Loop a

counter variable and an if statement let's get back into our code we'll create a function that counts a users fail login attempts first let's define our function we'll call it login check it takes two parameters the first is called login list these will be used for the list of failed login attempts the second is called current user this will be used for the user who logs in inside of this function we start by defining the counter variable and set its value to zero now we start the for Loop we'll use I as our Loop variable

and iterate through the login list in other words as the loop iterates it would run through all the failed login attempts in the list directly inside of the for Loop we start the if statement the if statement checks if our Loop variable is equal to the current user we're searching for if this condition is true we want to add one to the counter we're almost done with our algorithm now we just need the final if else statement to print the alert if the counter adds up to three or more we need to tell the user

that their account is locked so they can't log in we'll also type an else statement for users who can log in our algorithm is complete let's try out our new function on an example username we can pull out a few of the usernames in the list and try our function on them let's use the first name in the list let's run the code according to our code this user can login they have fewer than three failed login attempts now let's go back to our user ER aab remember they had two entries in the list of

the first eight names in our field fail login attempts do you think they'll be able to log in when we run we get an account locked message this means they had three or more failed loging attempts excellent work you just developed your first security algorithm involving a log as you grow in your skills you learn how to make this algorithm more efficient but this solution works well for now in this video we recap everything we learned so far from list operations to algorithm development all the way to file parsing we did this while building an

algorithm we can apply in a security context as a security analyst you might be required to read or write code and one of the biggest challenges is getting it to run and function function properly in fact fixing complex errors in code can sometimes take up just as much if not more time than writing your code this is why it's important to develop this skill now that you learned the basics of coding in Python it's important to learn how to deal with errors for that reason we'll focus on debugging your code debugging is the practice of

identifying and fixing errors in code in this video we'll explore some techniques for this there are three types of Errors syntax errors logic errors and exceptions syntax errors involve invalid usage of the Python language such as forgetting to add a column after a function header let's explore this type of error when we run this code we get a message that indicates there's a syntax error the depending on the python environment it might also display additional details we will typically get information about the error like its location these syntax errors are often easy to fix since

you can find exactly where the error happened they are similar to correcting simple grammar mistakes in an email since the error message tells us the problem is on the line that defines the function let's go there in this case we can add a column to the header and resolve our error when we run it again there's no longer an error message this is just one example of a syntax error other examples include omitting a parenthesis after a function misspelling a python keyword or not properly closing quotation marks for a string next let's focus on logic

errors logic errors may not cause error messages instead they produce unended results a logic error could be as simple as writing the incorrect text within a printed statement or it might involve something like writing a less than symbol instead of less than or equal to symbol this changing operator would exclude a value that was needed for the code to work as intended for example imagine that you reach out to a response team when the priority level of an issue is less than three instead of less than or equal to three this means all events classified

as priority level three could go unnoticed and unresolved to diagnose a logic error that's difficult to find one strategy is to use print statements you'll need to insert printed statements throughout your code the printed statements should describe the location in the code for example print line 20 or print line 55 inside the conditional the idea is to use these printed statements to identify which sections of the code are functioning properly when a print statement doesn't print as expected this helps you identify sections of the code with problems another option for identifying logic errors is to

use a debugger a debugger will let you insert breakpoints into your code breakpoints allow you to segment your code into sections and run just one portion at a time just like with the printed statements running these sections independently can help isolate problems in the code okay let's move on to our last type of error an exception exceptions happen when the program doesn't know how to execute code even though there are no problems with the syntax exceptions occur for a variety of reasons for example they can happen when something is mathematically impossible like asking the code

to divide something by zero exceptions might also happen when you ask python to access index values that don't exist or when when python doesn't recognize variable or function names exceptions Also may occur when you use an incorrect data type let's demonstrate an exception let's say you have a variable called my string that contains the word security since this string has eight characters we can successfully print any index less than eight index zero contains s index one contains e and index two contains C but if you try to access the character at index 100 you'll get

an error let's run this and explore what happens after it successfully prints the first three statements we get an error message a string index out of range for exception errors you can also make use of debuggers and print the statements to figure out the potential source of error errors and exceptions can be expected when working in Python the important thing is to know how to deal with them hopefully this video provided some valuable insight about debugging code this will help ensure that the code that you write is functional let's say our co-workers need some help

getting their code to work and we offer to debug their code to make sure it runs smoothly first we need to know about the purpose of the code in this case the purpose of the code is to par a single line from a log file and return it the log file we're using tracks potential issues with software applications each line in the log contains the HTTP responses status codes the date the time and the application name when writing this code our co-workers consider whether all the status codes needed to be passed since 200 signals a

successful event they concluded that lines with this status code shouldn't be pared instead python should return a message indicating that parsing wasn't needed to start the debuging process let's first run the code to identify what errors appear our first error is a syntax error the error message also tells us the syntax error occurs in a line that defines a function so let's scroll to that part of the code AS you might recall these function headers should end with a column let's go ahead and add that to the code now the syntax error should go away

so let's run the code again so now our syntax error is gone which is good news but we have another error a name error name error is actually a type of exception meaning we've written valid syntax but python can't process the statement according to the error The Interpreter doesn't understand the variable application name at the point where it's being added to the part line list let's examine that section of code this error means we haven't assigned the variable name properly so now let's go back to where it was first assigned and determine what happened we

find that this variable is misspelled there should be two PS in application name not one let's correct the spelling now that we fix it it should work so let's run the code great we fixed an error and an exception and we no longer have any error messages but this doesn't mean our debugging work is done let's make sure the logic of the program work as intended by examining the output our output is a parse line in most cases this would be what we wanted but as you might recall if the status code is 200 our

code shouldn't parse the line instead it should print a message that no parsing is needed and when we call it with a status code of 200 there was a logic error because this message wasn't displayed so let's go back to the conditional we used to handle a status code of 200 and investigate to find the source of the issue let's add print statements in our print statements we'll include the line number and a description of the location We'll add one printed statement before the line of code containing Return part list We'll add another above the

if statement that checks for the 200 status code to determine if it reaches the if statement and we'll add one more print statement inside the if statement to determine whether the program even enters it now let's run the code and review what gets printed only the first print statement printed something the other two print statement ments after this didn't print this means the program didn't even enter the if statement the problem occurred somewhere before the line that Returns the parts line variable let's investigate when python encounters the first return statement which sends back the par

List It exits the function in other words it Returns the list before it even checks for a status code value of 200 00 to fix this we must move the if statement checking for the status code somewhere before returns par line let's first delete our printer statements this makes the program more efficient because it doesn't run any unneeded lines of code now let's move the if statement we'll place it right after the line of code that involves parsing the status code from the line let's run our code and confirm that this fix our issue yes

it printed successful event no paring needed great work we fixed this logic error I enjoy debugging this code with you I hope this video strengthened your understanding of some helpful debugging strategies and gave you an idea of some errors you might encounter great work in this section we focus on a few new topics that will help you put python into practice in the security profession first we explored opening and reading files in Python security analysts work with a lot of log files so the ability to do this is essential next we covered parsing files look

files can be very long for this reason structuring these files to make them more readable helps you automate your tasks and get the information you need and last we focus on debugging code knowing how to debug your code can save you a lot of time especially as your code increases in complexity overall I hope you feel proud of what you've accomplished in this section addressing security issues through python is exciting and the information we covered will allow you to do that as we wrap up this course I want to congratulate you for your commitment to

learning python you should feel accomplished having explored a programming language that's useful in the security field let's Rec up some of what we've learned first we covered basic programming Concepts in Python we discussed variables data types conditional statements and iterative statements these topics provided important foundations for what we explored later in the course and our next Focus was on writing effective python code we learn how we can reuse functions in our programs to improve efficiency we explored building functions and even created our own userdefined functions another topic was modules and libraries the prepackaged functions and

variables they contain can make our work easier last we learned ways to ensure our code is readable in the next section we focus on working with strings and lists we learned a variety of methods that can be applied to this data type we also learn about their indices and how to slice characters from a string or elements from a list we put all of these together to write a simple algorithm and then we explore how regular Expressions can be used to find patterns in the strings and last we wrap up the course with a focus

on putting python into practice we learn how to open read and pars files with this skills you can work with the variety of logs you'll encounter in a security setting we also learn how to deok code this is an important skill for all programmers wow you learn a lot about python in this course so great job I hope soon you'll join me in using python in the security profession and in the meantime I encourage you to practice and feel free to rewatch these videos whenever you like the more you study these Concepts the easier they

will become thanks again for joining me as we explore python hello and welcome to the course I am Dion a program manager at Google I've worked in security for the past 5 years in areas ranging from risk management to Insider threat detection I'll be your first instructor in this course as a security analyst you'll help protect the assets of the organization you work for including tangible or physical assets such as software and network devices as well as intangible assets like pii copyrights and intellectual property imagine if this kind of sensitive information were to be exposed

by a threat actor it would be devastating to the reputation and financial stability of the organization and the people the organization serves in previous courses we discussed a variety of topics that are relevant to the security profession including core security Concepts Frameworks and controls threats risks and vulnerabilities networks incident detection and response and programming Basics now it's time to put all of these core security Concepts to practical use in this course we'll further explore how to protect assets and communicate incidents then we'll discuss when and how to escalate incidents to protect an organization's assets and

data we'll also cover how to communicate effectively to influence stakeholders decisions related to security after that Emily your instructor for the second part of this course will introduce some reliable resources that will help you engage with the security Community after you complete this certificate program and finally we'll cover how to find prepare for and apply for security jobs this will include discussions about how to create a compelling resume and tips to help you throughout the interview process when I started my first security base role I was excited to be hired at Google to protect information

and devices I was also happy to be a part of a broader team that I could learn from and reach out to for support my team helped me grow my expertise and I'm proud of my contribution to our projects by the end of this course you'll have had multiple opportunities to refine your understanding of key security Concepts create a resume build confidence in your interview skills and even participate in an artificial intelligence or AI generated interview the security profession is such an amazing field and I'm looking forward to you joining it I have one question

for you are you ready to get [Music] started hi I'm Deon I am a program manager at Google I am a part of the detection and response team which falls under the Privacy Safety and Security Organization my favorite part of my job is understanding that there are threats that we encounter day by day and my team helps to ensure that we can find those threats and respond to them accordingly cyber security is very important just as we need to keep ourselves physically secure we need to keep our information online safe and secure so whenever you

use a computer or device that data lives somewhere online and you trust Google and other companies to secure that data and keep it private only to you the work that I do day by day ensures that your information your data and the world's information stays secure and stays private and protected I've held many jobs in different areas before getting involved in cyber security one of those jobs is serving as a radio DJ and online personality which has not much to do with security one of the key things I got from that was to keep the

music playing no matter what happens keep the music playing I'm also a proud father my kids are my greatest assets and I have to protect them there are lots of threats and risks associated with them even vulnerabilities as a security guy I have to protect the information that I'm tasked withholding from threats risks and vulnerabilities as a security professional fires would come up you have to find a way to keep things moving either escalating to the right team or escalating up the chain to find a resolution so having not been formally trained in security I

am tasked with teaching myself new things daily new threats arrive new things need to be protected and security is constantly changing I teach myself through online learning I subscribe to and read to lots of journals related to security knowledge and I'm also taking some security courses online as well I think the most challenging part about an entry-level role in security is not knowing what you don't know when I first got involved in security I was really winging it but the one thing that I did was always reach out to my team for support getting stuck

is a part of the process we could always lean on our team and others for additional support or to help us get unstuck welcome to the first section of the course in the next several videos we'll discuss what it means to have a security mindset and how you'll use that mindset to protect an organization's assets and data then we explore the process of incident escalation in the event of a breach finally we'll share information to better help you understand the sensitive nature of the data that you'll work to protect coming up we'll focus on how

to develop a security mindset then use that mindset to protect organizations and the people they serve let's take a little time to discuss a concept that would help you throughout your security career having a security mindset in previous courses we discussed various threats risks and vulnerabilities and how they can impact organizational operations and the people served by those organizations these concepts are key considerations when thinking about having a security mindset you'll have to recognize not only what you're defending but what or who you're defending against for example it's important to recognize the types of assets

that are essential to maintaining an organization's business functions along with types of threats risks and vulnerabilities that can negatively impact those assets and that's what having a security mindset is all about a security mindset is the ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system application or data earlier in the program we discussed threats risks and vulnerabilities that are posed by social engineering attacks such as fishing these attacks are designed to compromise an organization's assets to help the threat actor or actors gain access to sensitive information

using our security mindset can help prevent these types of attacks it's important that we're constantly staying up to date with the kinds of attacks that are happening to do this it's good to develop a habit of seeking out information regarding the latest security Trends or vulnerabilities as you do this new ideas for protecting company data may come to mind security is an everyday objective for every security team in the industry so having a security mindset helps analysts defend against the constant pressure from attackers that mindset can make you think every click of the mouse has

the potential to lead to a security breach that level of scrutiny as a security professional helps you prepare for the worst case scenario even if it doesn't happen entry-level analysts can help protect low-level assets such as an organization's guest Wi-Fi network and high importance assets such as intellectual property Trade Secrets pii and even financial information your security mindset allows you to protect all levels of assets however if an incident does occur that doesn't mean you respond to all incidents in the same way so we'll discuss incident prioritization a little later in the course having a

strong security mindset can help set you apart from other candidates as you prepare to enter the security profession it may even be a good idea to reference that foundation in future job interviews we'll discuss interview preparation in detail later in the course coming up we'll focus on incident detection in Greater detail welcome back in earlier courses we discussed the impact that security incidents can have on the critical data and assets of an organization if data and assets are compromised it can lead to financial pains for an organization it can even lead to regulatory fines and

the loss of credibility with customers or other businesses in the same industry this is why your role in protecting company data and assets is so valuable collaboration is an exciting part about working in security there are so many individuals across an organization that are interested interested in various functions of security no security professional can do this alone some team members are focused on protecting sensitive financial data others work on protecting usernames and passwords some are more focused on protecting third-party vendor security and others may be concerned with protecting employees pii these stakeholders and others have

an interest in the role the security team plays for keeping the organization and the people it serves safe from ious attacks it's important to recognize that the assets and data you protect affect multiple levels of your organization one of the most important concerns for an organization is the protection of customer data customers trust that an organization they engage with will protect their data at all times this means credit card numbers Social Security numbers emails usernames passwords and so much more it's important to keep this in mind when taking on a security role understanding the importance

of the data you're protecting is a big part of having a strong security mindset as a security professional it's important to handle sensitive data with care while being mindful of the little details to ensure that private data is protected from Brees when a security event results in a data breach it is categorized as a security incident however if the event is resolved without resulting in a breach it's not considered an incident it's better to be safe when it comes to taking a job in the security profession that means paying attention to details and raising your

issues to your supervisor for example a seemingly small issue like an employee installing an app on their work device without getting permission from the help desk should be escalated to a supervisor this is because some apps have vulnerabilities that can pose a threat to the security of the organization an example of a bigger issue is noticing that a log may have malicious code executed in it malicious code can lead to operational downtime severe Financial consequences or the loss of critical highlevel assets the point is that there are no issues that are too small or too

big if you're not sure of the potential impact of an incident it's always best to be cautious and Report events to the appropriate team members each on the job as a security professional comes with a level of responsibility to help protect the organization and the people it serves the decisions you make not only affect the company but also its customers and countless team members across the organization remember what you do matters you've had an opportunity to learn more about the important role an entry-level analyst plays in protecting the data and assets of an an organization

let's quickly review what we covered we started off by discussing the importance of having a security mindset including how it supports incident detection then we examine the relationship between incidents and events and further explore the incident escalation process we ended our discussion by exploring the sensitive nature of the data that you protecting and the amount of people counting on you to play your part in protecting that data understanding how valuable you are as a member of the security team can help you put the work you do into perspective every role in security matters each individual

contributes to making a company's operations flow smoothly I hope you enjoyed our discussion as much as I did are you ready to continue your journey into the security world coming up we'll discuss the importance of escalating security incidents I'm excited that you could join me today previously you learned about the importance of various asset types you also learn about the relationship between incidents and events now we'll focus on escalating those incidents and events to the right people protecting the data and assets of an organization is the primary goal of a security team the decisions you

make every day are important for helping the security team achieve that goal recognizing when and how to escalate security incidents is crucial it helps ensure simple issues don't become larger problems for an organization escalation is a term you should familiarize yourself with it's likely to resurface often as you continue your journey into the security profession in the following videos we'll discuss incident escalation from an entry-level analyst perspective then we'll explore various inci classification types and the impact security incidents can have on business operations finally we'll share some general guidelines for escalating incidents coming up we'll

start by focusing on incident escalation and how it can be used to prevent a seemingly small issue from becoming a bigger problem let's get started security analysts are hired to protect company assets and data including knowing where when and how to escalate security incidents in this video we'll Define security incident escalation and discuss your role in making decisions that help protect your organization's data and assets so what is incident escalation and why is it so important for Security Professionals incident escalation is a process of identifying a potential security incident triaging it and if appropriate handing

it off to to a more experienced team member it's important to also recognize that not every incident needs to be escalated in this video we'll cover what types of incidents should be escalated as an entry-level analyst it's unlikely that you'll be responding to security incidents independently however it's important that you know how to evaluate and escalate incidents to the right individual or team when necessary let's discuss the essential skills needed to properly escalate security incidents there are two essential skills that would help you identify security incidents that need to be escalated attention to detail and

an ability to follow an organization's escalation guidelines or processes attention to detail will help you quickly identify when something doesn't seem right within the organization's Network or systems following a company's escalation guidelines or processes will help you know how to properly escalate the issue you've identified larger organization security teams have many levels and each level or member of that team plays a major role in protecting the company's assets and data however smaller and medium-sized companies have only one or two people responsible for the organization security for now we'll focus on the roles in bigger organizations

from the Chief Information Security Officer also known as the so to the engineering team public relations team and even the legal Team every member of the security team matters each team member's role depends on the nature and scope of the incident these roles are highlighted within a company's escalation process even the smallest security incident can become a much larger issue if not addressed and that's where you come in imagine you're working at your desk and notice what appears to be a minor incident but you decide to take a break before addressing or escalating it this

decision can have major consequences if a small issue goes un escalated for too long it has the potential to become a larger problem that costs a company money exposes sensitive customer data or damages the company's reputation however with a high level of attention to detail and an ability to follow your organization's escalation guidelines and processes it may be possible to avoid exposing the business and its customers to Handful incidents as an entry-level analyst you play an important role you help the security team identify issues within the network and systems and help make sure the right

person on the team is alerted when incidents occur think about an assembly line would the final step in the line be negatively impacted if the first step were done incorrectly or not at all of course it would every decision you make helps the entire security team protect an organization's assets and data knowing when and how to escalate security incidents is one of many important decisions you'll need to make on a daily basis later in this course we'll discuss the various levels of security incidents knowing those levels will help you determine the level of urgency needed

to escalate different incident types previously we defined what it means to escalate an incident we also discussed the skills needed to properly escalate incidents when the time comes in this video we're going to cover a few incident classification types to be aware of malware infection unauthorized access and improper usage a malware infection is the incident type that occurs when malicious software designed to disrupt a system infiltrates an organization's Compu computers or network as discussed in a previous course malare infections can come in many forms some are simple and others are a bit more complex one

example is a fishing attempt these are relatively simple malare infections another example is a ransomware attack which is considered much more complex malware infections can cause a system's Network to run at unusually low speeds attackers can even prevent an organization from VI viewing critical data unless the organization pays the attacker Ransom to unlock the data this incident type is especially impactful to an organization because of the amount of sensitive data stored on an organization's Network and computers escalating Malia infections is an important aspect of protecting the organization that you work for but wait there's more

the second incident type will'll discuss is unauthorized access this is an incident type that occurs when an individual gains digital or physical access to a system or application without permission as you may recall earlier in the program we discussed Brute Force attacks which use trial and error to compromise passwords login credentials and encryption Keys these attacks are often used to help attackers gain unauthorized access to organization systems or applications all unauthorized access incidents are important to escalate however the urgency of that escalation depends on how critical that system is to the organization's business operations we'll

explore this idea in more detail later in this course the third incident we'll discuss is improper usage this is an incident type that occurs when an employee of an organization violates the organization's acceptable use policies this one can be a bit complicated they are in instances when improper usage is unintentional for example an employee may attempt to access software licenses for personal use or even use a company system to access a friends or co-worker data Maybe the employee wasn't aware of the policy they were violating or maybe the policy wasn't properly defined and communicated to

employees but there are other times where improper usage is an intentional act so how do you know if an improper us usage incident is accidental or intentional that can be a difficult decision to make that's why improper usage incident should always be escalated to a supervisor as a member of an organization security team it's likely that you'll encounter variety of incident types while on the job so it's important to know what they are and how to escalate them so far we've discussed different incident types and the importance of escalating those incidents to the right person

but what happens if an incident goes un escalated for too long in this video we'll discuss the potential impact that even the smallest incident can have in an organization if it goes unnoticed are you ready great now let's take a journey into the life of an organization security team it's been a quiet day for the security team suddenly you know notice there's been unusual log activity in an app that was recently banned from the organization you make a note to mention this activity during the next meeting with your supervisor but you forget and never mention

it following this same scenario let's fast forward to a week later you and your supervisor are meeting again but now the supervisor indicates that a data breach has occurred this breach has impacted one of the manufacturing sites for the organization now all operations at the manufacturing site have been put on hold this causes the company to lose money and precious time days later the security team discovers that the data breach began with suspicious activity in the app that was recently banned from the organization what we've learned from this scenario is that a simple incident can

lead to a much larger issue if not escalated properly incident criticality is also important to note here initially an incident can be escalated with a medium level of criticality if the analyst doesn't have enough information to determine the amount of damage done to the organization once an experien incident Handler reviews the incident the incident may be increased or decreased to a high or low criticality level every security incident you encounter is important to an organization but some some incidents are certainly more urgent than others so what's the best way to determine the urgency of a

security incident it really depends on the asset or assets that the incident affects for example if an employee forgets their login password for their work computer a lowlevel security incident may be prompted if they have repeated failed login attempts this incident needs to be addressed but the impact of this incident is likely minimal in other instances assets are critical to an organization's business operations such as a manufacturing plant or database that stores pii these types of assets need to be protected with a higher level of urgency the impact of an attacker gaining unauthorized access to

a manufacturing application or pii is far greater than a forgotten password because the attacker could interfere with the manufacturing processes or expose private customer data I hope this video has helped you understand the importance of knowing the relationship between assets and security incidents later in this course we'll share some new concepts related to escalation timing and why your role in that process matters we've shared quite a bit about the importance of your role when it comes to escalating incidents we've even discussed a few incident types that you may encounter but what are the actual steps

you need to take to properly escalate an incident the answer to that question actually depends on the organization you're working for there isn't a set standard or process for incident escalation that all organizations use every security team has their own processes and procedures when it comes to handling incidents in this video we're going to discuss General guidelines for incident escalation and how to apply them on the job let's get started each organization has its own process for handling security incidents that process is known as an escalation policy which is a set of actions that outline

who should be notified when an incident alert occurs and how that incident should be handled ideally the escalation process would go smoothly every time but in the workplace challenges to that process can happen unexpectedly for example what if your immediate supervisor is out of office if an incident occurs that day it still needs to be escalated to someone this is one example of why understanding your organization's escalation policy is important you don't need to memorize your organizations's escalation policy but it is wise to save or bookmark it on your work device this way you'll always

have access to it when you need it following an organization's escalation policy is essential because the actions you take help protect the organization and the people it serves for malicious actors the escalation policy for an organization can be an extensive document so it's up to you to pay attention to the small details within the escalation policy of your organization attention to detail can make the difference between escalating an incident to the right or wrong person it can also help you prioritize which incidents need to be escalated with more or less urgency every organization handles incident

escalation differently but analysts need to ensure that incidents are handled correctly great work expanding your security mindset now we've had an opportunity to learn about the essential role you be playing by escalating incidents let's review what we've covered in this section of the course we started off by defining incident escalation And discussing useful traits needed to properly escalate incidents we also explored a few incident classification types and their potential impacts on organization from there we discuss how small security incidents can become bigger problems if not properly addressed finally we covered some general guidelines for the

actual process of incident escalation this process varies depending on the organization you work for but one thing should always remain the same your attention to detail understanding how each incident affects the data and assets of an organization is really important because the decisions you make can affect the entire security team and organization are you ready to continue your security Journey coming up we'll discuss stakeholders and how to communicate effectively with them we've covered so much in previous courses from the foundations of security to a basic understanding of Networks and programming languages like SQL and python

these concepts are core knowledge when preparing for a role in the security profession but how does this information help you on a day-to-day basis and to whom do you communicate this information in this course we'll start by discussing who stakeholders are then we'll identify their roles in relation to security finally we'll share effective communication strategies for relaying key information to stakeholders but before we can communicate with stakeholders we have to understand who they are and why they're important so let's get started let's discuss the hierarchy within an organization it goes from you the analysts to

management all the way up to Executives hierarchy is a great way to understand stakeholders a stakeholder is defined as an individual or group that has an interest in the decisions or activities of an organization this is important for your role as an entry-level analyst because the decisions made on a day-to-day basis by stakeholders will impact how you do your job let's focus on stakeholders who have an interest in the daily choices analysts make after all you may be asked to communicate your findings to them so let's learn a little bit more about who they are

and the roles they play in regards to security security threats risks and vulnerabilities can affect an entire company's operations from financial implications to the loss of customer data and trusts the impact of security incidents are Limitless each stakeholder has a responsibility to provide inputs on the various decisions and activities of the security team and how to best protect the organization there are many stakeholders that pay close attention to the security of critical organizational assets and data we're going to focus on five of those stakeholders Risk Managers the chief executive officer also known as the CEO

the Chief Financial Officer also known as a CFO the Chief Information Security Officer or siso and operation managers let's discuss each of these stakeholders in more detail Risk Managers are important to an organization because they help identify risks and manage the response to security incidents they also notify the legal department regarding regulatory issues that need to be addressed additionally Risk Managers inform the organization's Public Relation teams in case there is a need to publish public Communications regarding an incident next is the chief executive officer also known as the CEO this is the highest ranking person

in an organization CEOs are responsible for financial and managerial decisions they also have an obligation to report to shareholders and manage the operations of a company so naturally security is a top priority for the CEO now let's discuss the Chief Financial Officer known as the CFO CFOs are senior Executives responsible for managing the financial operations of a company the they are concerned about security from a financial standpoint because of the potential cost of an incident to the business they are also interested in the costs associated with tools and strategies that are necessary to combat security

incidents another stakeholder with an interest in security is the Chief Information Security Officer or ciso cisos are highlevel Executives responsible for developing an organization sec security architecture and conducting risk analysis and system audits they're also tasked with creating security and business continuity plans last we have operations managers operations managers oversee Security Professionals to help identify and Safeguard an organization from security threats these individuals often work directly with analysts as the first line of defense when it comes to protecting the company from threats risks and vulnerabilities they are also generally responsible for the daily maintainance of

security operations as an entry-level Analyst at a large organization it's unlikely that you'll communicate directly with the risk manager CEO CFO or the ciso however the operations manager will likely ask you to create Communications to share with those individuals coming up we'll focus a bit more on stakeholders and how to effectively communicate with them welcome back previously we discussed stakeholders and the important security roles they play within an organization now let's explore the role you play in communicating with those stakeholders the information that's communicated to stakeholders is sensitive for example if you send an email

to stakeholders about a recent security breach it's important to be mindful of what you communicate and who you communicate to different stakeholders may need to be informed about different issues as a result your Communications with them need to be clear concise and focused security is a detail driven profession so it's essential that you stay mindful of the details when sending your Communications stakeholders are very busy people your communication should be precise avoid unnecessary technical terms and have a clear purpose you don't want them to have to guess the reason for your email or why it

matters to them to help with this ask your manager or immediate supervisor's questions to find out what the stakeholders you communicate with need to know as you may recall earlier we discuss what it means to have a security mindset a part of that mindset means asking questions about the assets and data you're protecting for example you could ask what's the most important data to protect on a daily basis or what security tool has been most important or useful to protect our data and assets having a security mindset also means understanding what matters most to stakeholders

so you know what information to share with them effective communication involves relaying only the information that is most relevant to stakeholders staying informed about security issues helps stakeholders do their jobs more effectively your role in communicating with stakeholders is to help them obtain that information this is yet another example of how essential Your Role is within a security team coming up we'll discuss the information that is most important to communicate with stakeholders previously we discussed communicating information that is important to stakeholders it's essential that Communications are specific and clear so stakeholders understand what's happening and

what actions may need to be taken in this video we'll go into more detail about how to create precise and clear Communications creating security Communications to share with stakeholders is similar to telling a great story stories typically have a beginning middle and end somewhere in that story there's some sort of conflict and an eventual resolution this concept is also true when telling security stories to stakeholders the security story details what the security challenge is how it impacts the organization and possible solutions to the issue the security story also includes data related to The Challenge its

impact and proposed Solutions this data could be the form of reports that summarize key findings or a list of issues that may need immediate attention let's use the following scenario as an example you've been monitoring system logs and notice possible malicious code execution in the logs that could lead to the exposure of sensitive user information now you need to communicate what is happening to a stakeholder in this case your immediate supervisor the first step is to detail the isue potential malicious code execution found while monitoring the logs the next step is to refer to the

organization's incident response Playbook and mention the suggested guidance from The Playbook regarding malicious code found in system logs this shows your supervisor that you've been paying attention to the procedures already established by the team the final piece of your story is to provide a possible solution to the issue in this scenario you may not be the final decision maker regarding what action is taken but you've explained to the stakeholder what has happened and a possible solution to the problem you can communicate the story we just discussed in various ways send an email share a document

or even communicate through the use of a visual representation you can also use Incident Management or ticketing systems many organizations have Incident Management or ticketing systems that follow the steps outlined in their security playbooks some scenarios are better expressed by using visual elements visuals are used to convey key details in the form of graphs charts videos or other visual effects this allows stakeholders to view a pictorial representation of what is being explained visual dashboards can help you tell a full security story to stakeholders later in this course you'll have an opportunity to learn how to

use Google Sheets to create a visual security story that's going to be fun a security professional who knows how to tell a compelling and concise security story can help stakeholders make decisions about the best ways to respond to an incident ideally you want to be someone that makes stakeholders jobs easier and communicating effectively will certainly help you do that coming up we'll continue our discussion about communicating with st stakeholders the ability to communicate threats risks vulnerabilities or incidents and possible solutions is a valuable skill for Security Professionals in this video we'll focus on various communication

strategies that can help you engage with and convey key ideas to stakeholders let's start with visuals the use of visuals to tell a security story can help you communicate impactful data and metrics charts and graphs are particularly helpful for this they can be used to compare data points or show small parts of a larger issue using relevant and detailed Graphics can help you develop the story you want to tell stakeholders so they can make decisions that would help protect the organization while visuals are a compelling way to capture the attention of your stakeholders some issues

are best explained in an email or even a phone phone call be mindful of the sensitive information contained in these types of communications for security purposes it's important to communicate sensitive information with care be sure to follow the procedures outlined in your organization's playbooks and always make sure to send emails to the right email recipient as it could create a risk if the wrong person receives confidential security information one challenging thing about emails is a potentially long wait time for a response stakeholders have many responsibilities this means they may sometimes miss an email or fail

to respond in a timely manner in these instances a simple phone call or instant message may be a better option my experience in security has taught me that sometimes a simple instant message or a call can help move a situation forward Direct communication is often better than waiting days or weeks for an email response to an issue that requires immediate attention when appropriate take the initiative to follow up with a stakeholder if they haven't responded to an email in a timely manner it's sounds simple but a friendly call can often prevent a major issue from

occurring it's important to stand out in the security profession especially if you don't have previous experience in the industry visual representations emails and phone calls are great ways to Showcase your written and verbal communication skills the visual aspect shows your ability to put metrics and data together in an impactful way if you don't receive a timely response from a stakeholder following up shows initiative in this video we're going to have a bit of fun we'll create a visual security story here's the scenario the operations manager one of the stakeholders we previously discussed has been informed

that the Chief Information Security Officer also known as the ciso wants to know how many employees are often clicking on fishing emails the goal is to identify which five departments click on those emails most often an investigation reveals that the five departments that most frequently click on fishing emails are human resources customer service Global Security media relations and professional development based on this information the security team can create a visual representation of the data to share with the operations manager and the siso those stakeholders and the security team can then work together to determine how

to address the issue there are many different platforms available that can be used to create and share visual stories of data Apache open Office is a free open-source office suite that allows users to create spreadsheets and other visual representations another no course option is Google Sheets today we'll enter our data into Google Sheets then we'll create a bar chart visualization to develop the data story if you don't have a Google account you'll need to create one let start by demonstrating how to create an account first go to google.com and click on sign in Click create

account and select for my personal use then complete each step to create your personal account now that you've created your Google account it's time for us to begin creating our Google Sheets bar chart visualization click the dots menu in the top right corner click the sheets icon click blank to start a new spreadsheet select cell A1 type Department select cell B1 type number of clicked fishing emails select cell A2 type human resources select cell B2 type 30 select cell A3 type customer service select cell B3 type a select cell A4 type Global Security select cell

B4 type 10 select cell A5 type media relations select cell B5 type 40 select cell A6 type professional development select cell B6 type 27 then select the rows and columns containing headers Department names and data click insert at the top top of the sheet select chart in the chart editor menu click chart type drop-down menu scroll down to the bar chart options then select the first bar chart in the chart editor menu click customize then click on the chart and access title section Now update the title to read something like clicked fishing emails by Department

or another title related to the data then click on the X icon at the top of the chart Editor to close the editor menu great job creating your first visual security story creating visual stories of data allows security team members to convey essential information to stakeholders so issues can be communicated in a meaningful and understandable way these data stories can also help promote a better understanding of issues that exist within an organization and allow decision makers to determine how to address security issues that put the organization at risk you've had an opportunity to learn about

the important roles stakeholders play and different ways to communicate with them let's review what we covered we started by defining stakeholders and their roles in protecting an organization we also explor explore the sensitive nature of communications with stakeholders and the importance of sharing that information with care and confidentiality then we discuss information that needs to be communicated to stakeholders after all stakeholders are extremely busy so we only want to share relevant information that they need to be aware of we ended our discussion by introducing various communication strategies including emails phone calls and visual dashboards understanding

who the stakeholders are within your organization and how to communicate with them will help you throughout your career as a security professional be intentional about the strategies you use to communicate remove unnecessary details from your Communications and be specific and precise when relaying information to stakeholders stakeholders are depending on you as a Storyteller to tell tell them the security story or the potential issues and Solutions in a way that makes sense the communication strategies we discussed will help you stand out as someone who has a combination of Technical and transferable skills coming up your instructor

for the final sections of this course Emily will discuss a few ways to engage with the security community and how to find and apply for jobs in the security field welcome back I'm Emily and I've been working in security education at Google for nearly nine years my team Works closely with our remarkable Security Experts to craft Innovative and engaging educational solutions for our Workforce to keep security at the Forefront I'll be your instructor for the remainder of the course to discuss important career related topics such as how to engage with the security Community find jobs

in the security field create a resume and navigate the interview process we're approaching the end of the certificate program what an incredible journey it's been so far we've discussed a lot up to this point including incident detection and escalation and the roles that stakeholders play in protecting an organization we've also explored the sensitive nature of the communications we share and strategies for conveying critical information to stakeholders but does the learning stop now that we're approaching the end of the program absolutely not in the following videos we'll identify reliable security resources you can use to stay

up to-date on security news and Trends then we'll share some ways to become involved with the security Community we'll end with a discussion about how to establish and Advance a career in security coming up we'll highlight some great resources to help you stay current on what's happening in the security industry as we approach the end of our program it's important to start thinking about ways to engage with the security Community as the industry evolves it's essential to stay up to-date on the latest security Trends and news let's discuss a few good resources for you to

review periodically what excites me about the security profession is the constant evolution of the industry take the oos top 10 for example earlier in the program we discussed the fact that this is a globally recognized standard awareness document that lists the top 10 most critical security risks to web applications this list is updated every 3 to four years so it's a great example of the evolving nature of the field continuing your security education Beyond this certificate program will help you stand out to hiring managers and could give you an extra Edge over over other candidates

because it shows your willingness to remain current on what's happening in the industry a few well-known security websites and blogs to get you started are CSO online Krebs on security and dark reading the CSO online site provides news analysis and research on various security and risk management topics many cesos view this site for tips and ideas it would be great for you to review this publication every now and then Krebs on security is an in-depth security blog created by former Washington Post reporter Brian Krebs this blog covers security news and investigations into various cyber attacks

accessing the kreb's blog is a good way to stay up to-date on the latest security news and happenings around the world dark reading is a popular website for Security Professionals this site provides information about various security topics like analytics and application security mobile and Cloud security as well as the Internet of Things iot security is a constantly evolving industry as Professionals in security we must evolve with it by seeking out new information be sure to explore a few of the websites and blogs we discussed in this video to stay up to-date with what's happening in

the industry coming up we'll discuss how to become engaged with the security community and ways to establish and Advance your career in security bye for [Music] now I'm Victoria I'm a security engineer at Google when I first apply for a cyber security job I felt overwhelmed I was not a traditionally educated in computer science applicant I would actually majored in Biology so anytime a recruiter saw my resume I would kind of get this little like fear that they would see that biom major and say like why are you even applying just immediately disregard my resume

I would consider the team that I work on to be very diverse uh we have a lot of different people from different backgrounds one of the benefits that I feel from having a div team is that you can have these different perspectives on a problem that if all of you had the same background for you might not come up with this new solution having someone that's new to the team maybe new to the industry and having that perspective can really help to make things more accessible for everyone it's important to continue to learn uh in

the field of cyber security because things changed all the time what was once a big threat a few years ago might not be the same as it is for today trying to keep Pace with how things are changing all the time is something that is a core part of my job role to support my continued education and security I take courses try to get certificates if I can along the way but a lot of it's just keeping up on current industry news whether that be a new blog post about a breach that has happened or

a detailed uh analysis of a new malware that has been released try to keep at least a surface level knowledge of the different Trends in the industry I often go to bides uh conferences these are smaller locally organized conferences so you have more of a chance to interact with your local security Community uh which is something you wouldn't get at a huge conference like say defc con or blackhe hat meeting people locally is great way to see what's out there in your area and meet other folks that are local that you can talk to more

consistently that are also interested in security before I got into my role I wish that I knew that it was okay that you don't know everything you don't have to know everything you have teammates and other people that can help you with areas that you're weak in so don't feel stressed if you don't know everything there is about security because no one does working in security is a lot of fun uh a lot of things can happen it's never the same day today so if you like things that are Dynamic and always changing then security

is the right field for you earlier we discussed the importance of staying up to-date on security Trends and news in this video we're going to share ways to establish and Advance your career in security by connecting with people who are already in the industry social media is a great way to connect to other Security Professionals in the industry however it's important to be mindful of the information you share on your social media page and when responding to messages from people you don't know with that in mind let's discuss ways to effectively use social media to

establish or Advance your security career one way to use social media is to follow or read the posts of leaders in the security industry Chief information security officers for example are great individuals to follow they often post interviews they've done in the security space and share articles they've read or contributed to here's a question you might be asking yourself how can I find cesos to follow on social media the best way would be to conduct an internet search for the name of the ceso of a popular organization or an organization you're interested in working for

after you find their name you can simply go to a social media site to look them up ideally you want to use LinkedIn when following Security Professionals that's because the LinkedIn platform focuses on connecting professionals with other Professionals in the same or similar field another way to use social media to establish or Advance your career in the security industry is to connect with other security analysts currently employed in the field on social networks like LinkedIn you can find Security Professionals by searching for cyber security analysts or a similar search term then filtering for people and

people who talk about # cyers security once you've found other professionals you'd like to connect with you can send a connection request with a brief comment such as hi I'd like to connect to learn more about why you became interested in security and your experiences as an analyst Additionally you can set your filter to locate events and groups that focus on security related topics that interest you while social media platforms like LinkedIn are excellent for connection conting with professionals some people are more comfortable with being active on social media than others for those of us

who aren't very active on social media there are other ways to connect with Security Professionals or find mentors in the industry joining different security associations is a good way to connect with others there are many associations out there so you're going to have to do a little bit of research to find the best ones for you here's a tip in your internet search engine type cyber security industry associations this search term will populate a variety of different associations so be sure to select ones that align with your professional goals now that we've discussed ways to

engage with the security Community consider following a ceso on LinkedIn connecting with other analysts or searching for cyber security organizations to join that's all for now I'll meet you in the next video hi everyone I'm Sarah and I am a senior program manager on Google's privacy Safety and Security engineering team one of the communities I'm most involved in uh is a group called women in cyber security and so I found that Community really helpful to me when I first joined because I felt super new and slightly overwhelmed I listen to a lot of their webinars

I kind of look in on their Forum board now I always attend their conference and actually I just joined their board which I'm super excited about one of the things that I find most exciting is that ability to be within cyber security without this long history I don't have a computer science degree I don't have a MERS I don't have a PhD but through networking and figuring out um where my areas of Interest lie I actually was able to get into this field and grow and Advance within this field I've really found that it is

a welcoming community that is looking and needs more people to be a part of it there's a huge range of people that are coming into this again with the big wide range of experiences and I think everyone um has found uh or is exploring what their passions and the areas they want to dig in networking is really important to be able to meet peers who might be at the same stages or people who might have hiring opportunities I definitely recommend connecting with your peers in the certificate program it's a great form of motivation both for

yourself and to motivate others um having these points where you're um either talking about the specific content or just doing a check-in is going to be really helpful for you to continue um through the course program and to help others continue through the course program as well there's also uh the series of conferences that exist called bsides so these are super informal security conferences that take place in communities around the world many also have virtual components they're kind of a fun place to meet people a big piece of advice is to not let yourself get

overwhelmed and don't feel nervous that you don't know all the answers because you know what nobody knows all the answers it's okay to come into this with not a ton of background in computer science not a ton of background in Tech and still you will bring value to the field great job now you've had an opportunity to learn about different ways to stay engaged with the security Community let's take a moment to review what we've covered first we identified reliable security resources then we discussed different ways to engage with the security Community we also explored

the usefulness of social media to connect with other Security Professionals and stay informed about current topics of Interest finally we shared ways to establish and Advance a career in security including following a ciso on social media or joining a Professional Organization we've come a long way in this journey you should be proud of your progress and how far you've come I'm certainly proud of you in the final section of this course we'll take the time to prepare you for the job search and interviewing process how exciting is that well welcome back we've covered so many

security related topics in detail throughout this program we've discussed protecting organizational assets and data and the tools and procedures used to protect them we've also explored how to communicate with stakeholders reliable sources to help you stay up to-date on security news and Trends and ways to get involved with the security Community to help establish and Advance your career in the field now we need to get get you prepared to find a job as an entry-level security analyst security is a huge field with countless job opportunities by 2030 the US Bureau of Labor Statistics expects the

number of security roles to grow by more than 30% but how can you find the right opportunity for you in the next several videos we'll discuss specific strategies to help you find and apply for jobs in the industry including how to create create your resume and develop rapport with interviewers we'll also cover how to use the star method for interviewing and how to develop an elevator pitch I remember initially being interested in my role because education is my passion researching the security field and Industry in preparation for my interviews cemented my Fascination for cyber security

I'll be honest I had taken a lot of what security does for granted now I feel incredibly fortunate to be a part of this industry and the exciting opportunities it offers now it's time to get you ready to find security jobs let's get started I hope you feel really proud of how far you've come you may remember that earlier in this program we discussed a few security roles in the industry now we'll explore three of those roles we'll start with security analyst security analyst is typically an an entry-level role that might interest you as you

prepare to enter the security field the role generally focuses on monitoring networks for security breaches developing strategies to help secure an organization and even researching it security Trends in previous courses we discussed log monitoring and Sim tools having a solid foundational understanding of how to use those tools will certainly be useful in this role another role that might interest you is information security analyst this role generally focuses on creating plans and implementing security measures to protect organizations networks and systems earlier in the program you learned about controls and Frameworks that can be used to develop

security plans and procedures as well as how to use Sims and packet sniffers to identify risks that knowledge will be beneficial when it comes to developing plans and determining the best tools to strengthen an organization's security posture finally we'll explore the security operations center analyst role Security operation Center analyst also known as a sock analyst is another role you might find exciting this role generally focuses on ensuring security incidents are handled rapidly and efficiently by following a established policies and procedures earlier in this program we discussed security playbooks and how they are unique to each

organization we also covered the importance of being able to follow the processes outlined in playbooks to respond to security events or incidents that knowledge will certainly help you stand out as a potential candidate for this role there are many more job roles that you may be interested in a great way to find more these roles is to create an account on various job sites and search for cyber security positions a few well-known job sites in the United States and internationally are zip recruiter indeed and Monster jobs each of these sites have hundreds of open job

listings with roles responsibilities and skill set requirements posted under the job title how exciting is it that we're now discussing jobs and sites that you can use to apply for them it's important that you do your research before applying to any position gather plenty of information about the company the job role as well as required and preferred skills this will help prepare you for a potential interview by knowing exactly what the employer is looking for and how your skills align with the employer's expectations this will also help you align your own value values and passions

with the organization's mission and vision but before you can apply for a security job it's important to create a resume that will catch an employer's attention coming up we'll discuss the resume development process in detail in this video we'll discuss how to create a resume that is tailored to the job you're applying for note that a resume is sometimes called a curriculum V or CV for short remember that it's okay if you don't have any cyber security experience this certificated program has covered key skills and Concepts that employers are looking for in an entry-level security

analyst position you can mention all that you've learned in this program on your resume including programming languages such as Python and SQL and Linux line command you can also share your understanding of what it means to have a security mindset your knowledge of standard Frameworks and controls like the nist CSF and CIA Triad model as well as your familiarity with how to use sim tools and packet sniffers it's also possible that some of your earlier job experiences allowed you to develop Knowledge and Skills that are transferable to a security role these skills could include being

detail oriented collaborative and having strong written and verbal communication skills here's some an example of a resume you'll want to start with your name at the top of the resume followed by your professional title your title could be something like security analyst or a title that matches the position you're applying for you'll also want to include at least one way that employers or recruiters can contact you for example an email address or phone number after your name and title you'll provide a summary statement this section should be brief just one or two sentences related to

your strengths and relevant skills make sure the statement includes specific words from the responsibility section of the job description you can include something like this in your statement I am a Motivated Security analyst seeking an entry-level cyber security position to apply my skills in network security security policy and organizational risk management M following your name and summary statement is the skills section this is a bulleted list of the skills you've learned in this program that are related to the position employers usually like to know about your previous work experience in the experience section you'll list

your work history underneath each job entry provide a list of the skills and responsibilities you performed it's a good idea to start each bullet with a verb and if possible details that quantify an accomplishment for example collaborated with a team of six to develop training for more than 25 company employees try to highlight the security or technology related skills and knowledge that you have based on your experiences in previous jobs and this certificate program the next section of the resume lists your education and certifications start with the most recent education you've completed including certifications trade

schools online courses or college experience also include the names of sites and organizations that issued your certifications and schools you attended list any subjects you studied related to the job you're applying for if you're currently enrolled in school or a certification program but haven't graduated note in progress as you develop your resume keep a couple of things in mind make sure there are no spelling or grammatical errors in your resume before sending it to your potential employer also note that résumés are typically about two pages long and list only your last 10 years or less

of work experience resumés can be created using word processing applications like Google Docs or open office however you might find some simple but professional resumé templates online to get you started to find them type free resume template or a similar search term into your internet browser if you use a template be sure to replace all of the prefilled text with your information and qualifications there is so much to consider when creating your resume but what we covered today will help you get started coming up we'll explore the interview [Music] process my name is Garvey I'm

a global Staffing uh manager here at Google I hire essentially all the cybercity engineers here at Google I've hired across the US Zurich London Sydney Australia and you know virtually any office that you name this space is unique in the sense that it's it's growing it's fastly evolving you have a number of candidates that have pivoted changed positions in their life come from all different walks of life right so cover letters is an opportunity for you to tell that story a resume tells me the facts what have you done but a cover letter tells me

who you are why cyber security why this space why this opportunity you know what what um what draws you here most folks that I've met that want to enter the space have a reason either they've been the the victim of some sort of cyber crime or they know others who have or they they've seen something that has affected them in their lives that has brought them to that moment I want to know more about that I I want to understand what your passion is what your interest is in this space so I think in particular

when it comes to cyber security when it comes to cover letters you know it's your opportunity to tell me kind of what's written in between those lines of that resume that's brought you here how long should a cover letter be I mean I don't think there's any perfect science to that you know first give me you know a few lines about yourself your family your hobbies and then after that really kind of cut to what makes you unique what makes you different than this other applicant what what has brought you to this opportunity how have

you overcome adversity and how do you plan to do so in this work environment what does this job mean to you what are the soft skills that you can present and bring to your colleagues in this role if I'm a candidate that's making a career transition I want to know in that cover letter why is there a particular reason cyber security excites you is there a particular reason you're making this transition what having you found in your previous career I want you here forever right and if I if I can keep you here forever I

want to keep you happy right so what makes you happy what's what are the things that you see in the space that are going to excite you that you're passionate about right and I I want to see that written in the cover letter don't just sort of standardize your cover letter and just fire it off regardless of the company that it is right tailor your cover letter around that that mission what's their mission make it a part of your own know the company's Mission know their purpose their products insert that in your cover letter a

cover letter is meant to capture someone's attention quickly you can't imagine to cap capture the attention of of someone for the entirety of what you've written right so what is it about you that interests me that brings you to this time this opportunity you want to capture someone's eye first and then capture their attention in their mind right so be bold be loud right I think keep the words simple but like be bold after you've submitted your resume to several job postings you'll hopefully get an opportunity for an interview the interview process usually starts with

a short pre-screening phone call it typically involves having a 15minute conversation with a hiring manager or recruiter who will ask you some questions to make sure that you are who your resume says you are and that you meet the minimum requirements for the job following the pre-screening you could be invited to an in-person interview either on site or online this could be a panel interview with a few members of the team that you would be working with or a one-on-one interview let's discuss some strategies that can help prepare you for an interview review the job

description and your resume ahead of time practice speaking about the experiences and skills that the employer is looking for consider practicing this with a friend by participating in a mock interview your friend will act as the interviewer and you will answer their questions as if you're meeting with the employer it can also be helpful to dress professionally and feel comfortable in the clothes you choose to wear for the interview before the interview begins take a few deep breaths and remind yourself of all the preparation you've done if the interview is online via video conference prepare

a location in your home that is quiet tidy and professional also be sure to test your video and audio settings and if necessary download the video conference application specified by the interviewer this will help ensure that you correct any technical issues before the interview interviews usually include two parts a background interview and a technical interview the background interview will likely include questions about your education work experience skills and abilities you might even be asked some personal questions unrelated to the job posting the interviewer is trying to get to know you to determine if you'll be

a good match for the team and Company culture at the same time you want to ask questions to help you decide if the team and Company culture are a good match for you the other portion of the interview is the technical interview this is when the interviewer will ask you specific questions about technical skills related to the role you might be asked how you would respond to a specific situation or to explain a technical concept that's listed on your resume do your best to answer these types of questions confidently and concisely based on your current

knowledge it's okay to say that you don't know the answer to a a question or that you need a moment to respond so you can think about your answer employers respect honesty just follow up with an explanation of how you would figure out the answer either by researching it or collaborating with the team even after you've completed this certificate program you'll still have access to all of the content so before the interview go back and review your notes the glossery and any concepts that you might need to refresh your memory on this can help you

feel prepared for the questions you'll be asked remember you can prepare for the interview by participating in a mock interview reviewing the job description and taking a few deep breaths before the interview begins you've learned a lot in this course and are ready to move ahead and find a position as a security analyst coming up we'll discuss how to conduct pre-interview research [Music] my name is Garvey I'm a global Staffing uh manager here at Google I've hired I would say several hundred security Engineers here at Google over the last seven years advice i' would give

those that are preparing for their technical interviews don't expect that the the interview will be a sort of trivial exam of how many questions can you answer in this sort of period of time I want to know as an interviewer does a candidate understand the fundamentals and can they explain them back to me programs and applications that I would recommend preparing for when when doing an entry-level interview for example Splunk wi shark understanding their functions their purpose um if you can get to the point of understanding their internals why they exist if they didn't exist

how would you solve a problem outside of that just understanding the fundamentals of topics that exist within this space network security web application security knowledge um operating system internals uh understanding and mastering security protocols I think that's a important place to start practice answering open-end questions they're they tend to be really difficult they're ambiguous by Design they're complex by Design you always want to start first by asking clarifying questions get information from your interviewer to help you narrow down the focus of of the question itself but also sort of lower the scope of the problem

right into something that you can answer yourself that you know that you feel comfortable with organize your answer through the star method it's a great way to organize yourself when faced with a a large open-ended question it'll help your interviewer understand your train of thought thinking out loud as well will help your interviewer understand okay this is this is where garvey's going with this answer if I need to help him I can help him if maybe he doesn't get the entire answer I know he was on the right track because he was thinking out loud

I understood where he was going if you don't know the answer that's fine no one again no one expects you to walk on water but we we don't expect you to lie if you will right my ideal candidate is someone who just loves to learn right someone that's that's humble it's honest someone that can can manage to ambiguity complexity um in their own life doesn't necessar have to be directly related to cyber security but someone that when faced with a problem runs towards it you know they're they're always a student they're always there to learn

they're always there to Mentor lead others um they demonstrate those characteristics throughout their life nerves during technical interviews I think that's that's pretty standard it's okay to be nervous right I think it it means you care there's a there's a reason you're there there's a reason you're you find yourself in that moment right someone is counted you in already they have belief in you and this this space needs you so you know I would say trust yourself trust your gut um don't be afraid to fail previously we discussed how to create a resume and what

to expect during an interview in this video we're going to cover a few more things that you need to do to prepare for the interview and that could help set you apart as an excellent candidate for the position before the interview it's important to do some research about the organization you're interviewing with interviewers want to know that you're a good match for their team and that you value the things that are important to the company it's just as important for you to decide if the company matches your values so make sure you know the organization's

mission and vision understand their core values and Company culture this information is usually easy to find either in the job description or on the about page of the organization's website think about why these values and the company culture are also important to you then practice how you will communicate this to potential employers remember that you will not be the only applicant for the position consider what sets you apart from other candidates and be prepared to emphasize those qualities during the interview what about your skills experience or work ethic make you the best match for this

position how do your goals align to the goals of the organization you want the employer to remember you after they've interviewed several candidates so highlight things that make you the best candidate for the role you also want to think about the employer's perspective the organization has needs that must be met by filling the position they may have productivity or compliance goals or the team might be growing because the company is expanding take some time to think about what the interviewer is seeking in a candidate then prepare yourself to State directly how you can meet the

employer's needs the interviewer may have reservations about hiring you because of your lack of experience as a security analyst if this comes up in the interview be prepared to address any possible concerns by speaking about your strong work ethic this could include an ability to learn quickly based on feedback or to collaborate and communicate with others also you could discuss having a security mindset or problem solving skills that you've developed from personal life work or educational experiences learning about the organization's culture and Mission and preparing to demonstrate how you can add value to the team

are essential it's also a good idea to write down questions that you can ask the interviewer about the organization's past accomplishments and future goals this shows potential employers that you've done your research and care about the organization's success coming up we'll discuss how to build rapport with interviewers in this video we'll explore a topic that can contribute to your success during the interview process how to build rapport with your potential employer Rapport is a friend relationship in which the people involved understand each other's ideas and communicate well with each other building Rapport begins with the

very first interaction you have with the company's staff by phone email or video conference it's important to use a professional tone in the email you write expressing your interest in the job but it's also important to be polite and friendly expressing appreciation for being considered and having the potential opportunity to interview you is one way to build rapport when and if you have an initial phone screen you can use a friendly conversational tone of voice to do this try smiling while you talk and while it's true that nobody can see you smile on a phone

call Smiling while you talk can make you sound friendlier during the phone screening and in-person interview you can ease interview nervousness by engaging actively in a way that feels natural to you that can mean simply saying Hello nice to meet you you can even start a short friendly conversation by asking the interviewer how their day is going or if the weekend just passed you might ask the interviewer how was your weekend make eye contact when you ask these questions during an in-person interview or be sure to look directly into the camera during a video interview

this will show the interviewer that you're engaged in the conversation often times during the second half of an interview the interviewer will ask if you have any questions for them as we discussed earlier it's important to have some questions prepared to ask at this point here are some suggestions you could ask what is the biggest challenge I might face coming into this role and how would I be expected to meet that challenge or you might ask what would you say is the best part about working for this company or what is a typical day like

for an analyst another great question is what is the potential for growth in this role asking questions shows that you're engaged in the conversation and are interested in the company and the position it also shows the employer that you are confident and that you want to make sure that their company is a good match for you before you make a commitment it's nice to send a follow-up email a day or two after your in-person interview this is just a brief email thanking the interviewer for the opportunity to meet with them and learn more about the

organization it's also a good idea to mention something specific from your interview in this email it shows that you were actively engaged in the conversation remember the employer is probably interviewing other candidates so sending a follow-up email will help set you apart and remind the interviewer of your discussion building rapport with the interviewer and other employees is an important skill when interviewing for your first security position writing friendly but professional emails before and after the interview and engaging in friendly conversation during the interview can help set you apart as a great candidate for the job

welcome back preparing for job interviews in the security field is such an exciting process you've learned a lot through this program that can help you stand out as a candidate let's discuss some useful interview strategies to consider when speaking to an employer your interviewer is going to ask several questions when you meet carefully consider each question before responding let's discuss the star method which can help you prepare for interviews the star method is a technique used to answer behavioral and situational interview questions using this method is a great way to help you understand each interview

question and provide a thought ful and thorough response star stands for situation task action result the star method is typically used to answer open-ended questions such as tell me about a time when you encountered a challenge on the job let's go through an example of how this question could be answered using the star method the situation two people needed to stay home from work due to illness and I was the only person available to assist customers the task I needed to answer phone calls from customers while assisting Shoppers in the store the action I came

up with a strategy that allowed me to assist customers as they entered the store while also ensuring that customers who called were helped or politely placed on hold until I was able to address their needs the result I managed the inore operations for the day without many mistakes and my manager complimented me during the next team meeting hopefully this example highlights the benefits of answering open-ended interview questions using the star method but the star method isn't the only strategy you can use during an interview you can also answer questions with confidence one way to demonstrate

confidence is by admitting when you don't know something for example if an interviewer asks you to discuss a skill that you don't have it's okay to admit you haven't learned it yet however the trick is to confidently mention that while you don't have that particular skill you're a quick learner and eager to develop that skill treat it as an opportunity to emphasize your ability to adapt and learn on the job which shows confidence you know what else shows confidence taking the time to fully understand a problem or question to provide the best solution or answer

possible when interviewing don't be afraid to ask the interviewer for a moment to think about your answer it shows that you're willing to take the time needed to understand the question and provide a response that is Meaningful and relevant we've discussed a few strategies that can help you overcome the nervousness you may feel about interviewing for a job coming up we'll continue to explore ways to prepare for interviews in this video we'll take a little time to discuss additional strategies you can use during a job interview in past job interviews your potential employer may have

asked do you have any questions for me this type of question can be an opportunity for you to show the interviewer that you're prepared and ready to have a meaningful conversation with them a big part of interview preparation is researching the company before the interview because it will allow you to ask questions that demonstrate you took the time to learn about the organization and its needs these kinds of questions show that you are passionate about your career and that you want to help the company strengthen its security posture there are also some general questions you

can ask the interviewer to determine if the job and the organization itself are a good match for you here are some examples what's the biggest challenge for a new person in this role in what ways can I contribute to the success of the team and the organization what qualities or traits are most important for working well with the team and other stakeholders questions like these can help you develop rapport with the interviewer and show that you're interested in learning more about the role and the organizational culture interviewing for jobs can be a really exciting process

when you're prepared and asking questions is an essential part of the interview process don't be afraid to ask potential employers tough questions this will help them understand you as a thoughtful curious person who can add value to the team coming up we'll discuss another strategy the elevator [Music] pitch hi I'm Karan I a security engineering manager here at Google as part of my job I do participate in hiring uh candidates and so far I've spoken to like hundreds of candidates potential candidates people who actually got into Google almost every time I meet somebody I get

to see A New Path and that's always fascinating for me to learn about somebody else one thing I'm seeing uh very interestingly is the increase in the number of people who come from non-technical background so that can be recruiting uh sales like you name it like we're seeing we're seeing a ton of people so for preparing for interviews I think you can break down that question into you know technical preparation and not technical preparation and so for technical preparation I advise people to build up on you know networking fundamentals information security fundamentals get all of

those Concepts right so you understand how things work how are they related and all of that make sure you ask clarifying questions to get to the root of the problem and what the interviewer wants from you a lot of people just dive into the problem without really clarifying if you don't know something don't be afraid to say I don't know and say but here's how I would approach the problem for the non-technical pieces I think it's practice with a friend right have an interview partner and see how you respond see where you fumble and be

kind to yourself as you're doing that focus on bringing your whole self to the interview so that means showing showcasing how you'll work with a team bring up examples of projects you have done with others how you have led those projects have you done open source collaborations a lot of these soft skills if I may put them as are super crucial uh when even when you're solving a security problem so those are some key aspects that we're looking for when you know we are interviewing for roles for new folks in the industry the main thing

we would be looking for is curiosity like personally speaking I look for people who have Drive who are very driven to learn more about the field they may not know everything and we know that but we want to make sure that they are asking the right questions and getting to the problem by working with others so if you get an answer like I don't know but I'll figure it out and here's how that's amazing also I'll say don't be afraid of rejection right because it takes time to find your first role it took me hundreds

of appli to find my first job and then don't be afraid to apply even if you don't meet all the required or preferred qualifications right just look at the minimum qualifications and if you do pass that you know it doesn't hurt to apply so please keep applying now let's discuss a concept that can help you identify your strengths and allow you to highlight those strengths to others an elevator pitch an elevator pitch is a brief summary of your experience skills and background it's called an elevator pitch because it should be short enough to say in

60 seconds or less which is the average amount of time you might spend talking with someone on an elevator elevator pitches allow you to demonstrate who you are to potential Employers in a very short time span they can be used at job fairs career Expos and other networking situations like professional conferences and social media job sites such as LinkedIn now let's examine how to create an elevator pit P your elevator pitch needs to be short and persuasive there's no need to list all of your previous experiences and accomplishments instead explain who you are and why

you care about being a security professional as well as the qualifications and skills you have that are specifically related to getting a job as a security analyst for example critical thinking problem solving and the ability to build collabor relationships with others are transferable skills that most organizations are looking for so highlight those in your elevator pitch you could also mention technical skills you've learned in this certificate program such as using various Sim tools and programming languages like SQL and python to identify and respond to risks now we'll cover a few things to avoid when delivering

your elevator pitch it's important to avoid rambling or sharing irrelevant details during your elevator pitch potential employers only want to know who you are and why they should consider you for a security role as you develop your elevator pitch you're going to want to practice it several times however don't practice it so much that you end up sounding ingenuine or robotic when it's time to share your pitch with a possible decision maker instead speak naturally like you're having a convers ation when you give your elevator pitch that will help keep people engaged and interested in

what you're saying another thing to avoid speaking too quickly because an elevator pitch is fairly short it can be easy to rush through it but that can cause people to miss out on some key skills you have to offer simply because you sped past them one last tip search the internet for elevator pitches to find examples that may help you you generate ideas for your own pitch in essence your elevator pitch is a way to tell people why you are an amazing candidate for a security position with great skills and a clear direction for what

you want to do in your career while it's natural to be nervous when speaking to potential employers just remember take a deep breath gather your composure and deliver your pitch with confidence conviction and at a normal pace you'll be just fine hi I'm Emily and I'm a program manager at Google I work in our security education space imposter syndrome is a very real thing there will be days where you feel like you're writing high you're getting everything done you're on top of your game and then there are times where you feel like I just don't

know what I'm doing everybody else is doing so much better connecting with others in cyber security associations is a great way to combat that impostor syndrome getting involved in cyber security organizations and associations is a great way to grow your network and frankly build a community for yourself it can be really intimidating to join a new industry those folks can support you and they can also be a great example of how far you've come when you share your skills with them as well what helped me when I was feeling impostor syndrome or or just not

feeling as confident as I think I could have been was connecting with a trusted Mentor they were really helpful when I said oh gosh I feel like I I should know this and she said there's no way you can know everything we have people who work on those things across the company and you don't have to know everything it just helped calm me down and helped me feel comfortable with what I do know and the skills that I do bring to my organiz gation it's really important to recognize those small wins I actually like to

go to a special folder I have in my email where I've collected Kudos and special emails that folks have sent me who are congratulating me on a project accomplishment or just complimenting me on some skill or something that I helped them out with and that really helps buoy my spirits and reminds me that yes I can do this there is a reason I'm here reflecting on your career no matter where you've worked is a really great way to combat impostor syndrome as well it's a great way to show how far you've come what skills you've

learned and what you're really going to be able to contribute in this new field in the security industry you're never going to know everything and so it's important to stay flexible and fungible and to ensure that you're always learning because the industry changes so quickly and evolves so quickly there's not one person who's going to know everything it can be really hard to maintain your confidence especially when you're new on a job it's okay to take time and to ask questions there's never a stupid question it's important for you to get information and the folks

around you should be trying to support you and help you succeed because they too will succeed with your success you've done a great job completing this section of the course let's take a moment to review what we've covered we started by discussing how to find and apply for jobs in the security field then we explored how to create your resume next we shared some strategies to develop rapport with interviewers we also covered how to use the star method to answer open-ended interview questions thoughtfully we finished by discussing how to develop an elevator pitch hopefully this

has helped you feel confident as you begin to search and apply for jobs in the security field good luck congratulations on completing the final course of the certificate program we covered a lot of information so let's take a moment to review we started by discussing how to protect assets and communicate incidents by developing a security mindset then we covered when and how to escalate incidents to the appropriate team members to make sure that small issues don't become big problems for organization and the people it serves next we explored ways to communicate effectively to influence stakeholders

decisions related to security this included discussions about how to use visuals to convey important information and sending emails making phone calls or sending instant messages after that we shared some ways to engage with the security Community including attending conferences and connecting with other analysts through a networking site then we moved on to the final section of the course which covered how to find prepare for and apply for jobs this included discussions about how to create a compelling resume and tips to help you navigate the interview process it's been an absolute pleasure guiding you through this

journey this certificate covered some rigorous security content you could have given up at any point but you didn't and for that you deserve to be proud of yourself as we discussed at the beginning of this program the security field is growing and in need of Security Professionals just like you to help protect organizations around the world and the people they serve the Knowledge and Skills you've obtained throughout this certificate program will allow you to begin applying for entry-level security analyst jobs now let's take a moment to summarize what we've discussed throughout this program we started

Ed by exploring core security Concepts including the definition of security and core skills then we covered the focus of eight security domains and discussed how security supports critical organizational operations following that we discussed network security including Network architecture and the mechanisms used to secure an organizations Network in the next course we turned our Focus to Computing basics for security analysts in this section we introduced Linux and SQL after that we explored assets threats and vulnerabilities in depth this included discussions about how assets are classified and the security controls used by organizations to protect valuable information

and minimize risks in the next course we focused on incident detection and response here we defined what a security incident is and explained the incident response life cycle in the following course we introduced the Python programming language and explored how to develop code related to Common security tasks finally in the last course of the program we explored topics related to your pathway into the security profession including how to find and apply for jobs you put a lot of valuable time and energy into completing this certificate program remember that the learning doesn't stop here as you

move forward in your career always be mindful of the new trends developing in the world of security as technology continues to advance the threats to organizations and people will evolve as well it's up to you to stay informed and always be willing to learn you just completed the Google cyber security certificate what a remarkable accomplishment that shows just how committed you are to learning new skills that will allow you to pursue your career goals on behalf of myself and my fellow course instructors congratulations congratulations you did it congrats I can't wait to see how many

of you decide to pursue this career and visit some really cool places in cyber security way to go congratulations congratulations you're a rockstar congratulations congratulations great job you did it congratulations congratulations I am rooting for you and wishing you continued success congratulations on your big accomplishment now it's time to get to work this is probably one of the best decisions you've ever made and I can't wait to hear about all the opportunities that you're going to experience congratulations congratulations you've made it to the end and you're now ready to keep everyone safe online congratulations uh

continue to learn continue to grow uh you'll find this is a very rewarding career congratulations you did it welcome to cyber security the Adventure Continues after this there's still a lot more to explore on the world of security but you're off to a great start it's been my pleasure guiding you through the final part of this program I know you're well prepared to begin or continue a remarkable career in security congratulations and best of luck on your journey