What Googlers can teach you about Security

TL;DR: just go watch Hacking Google. Google made few superbly produced episodes about times they got hacked.

Curious about what Googlers can teach you about Cyber Security? Then read on!

Some time ago I stepped into a Security role in my company, after almost 10 years of working as a developer. How and why that happened will be explained in another blog post, for now only thing that you need to know is that I’m something between Security Manager and Security Engineer for this huge product that has 100+ people spanning over multiple teams.

Now, I had some Security bootcamp, and then internal Security training lasting almost one and a half year. For some reason I was thinking that, plus picking things up as I go, would be enough, but boy was I wrong. Every few weeks we were spending a week covering a completely different topic, and this program was tailored to my company specific needs (which are very broad given that this is a 100k+ employees software company)

As a geek and fan of structured learning I started exploring what are my options. I found out that some college type education wont get you far in cybersecurity, which makes sense given that this industry is sooo fast. I mean, software engineering is fast, but if you have time and money you should go to college - learning your CS stuff will do wonders for you. But Cyber is crazily fast and as I see it (and I’m not the only one) is that Cyber security college has no real value, IF you have former tech education.

So, if you want structured learning in CyberSec, certificates are the way.

There are famous and advanced ones as OffSec and SANS but I wanted something that gives me an overview of the field and isn’t too pricey.

I concluded that Google’s Cybersecurity Professional Certificate Program was the best deal, as you can get it on Coursera, and it covers topics that CompTIA Security+ covers. You also get an voucher for 30% discount for Security+, and all that for Coursera monthly sub price.

You can also audit course, so you can later get back for the paid exercise and that way you can go through all the eight courses in a month.
Not sure is this a sleazeball move, especially since you can apply for financial aid on Coursera. As for me, in the end I paid for the annual sub, as I want to take some other courses too.

Ok, so Google Cybersecurity Professional Certificate Program consists of 8 courses, and it’s intention is to make you ready for entry level Security position, and give you an overview of Cyber Sec industry.

Let me tell you what is the first course (Foundations of Cybersecurity) about, and in the later blog posts I will cover the remaining 7.

Also, one disclaimer: I will give only the most interesting points to me.

Module 1

This module is essentially getting you hyped for Cyber Sec. Production of the whole program is great btw, wouldn’t expect less from Google. You get to hear from Google’s sec experts what are they doing at Google, what would be your responsibilities as a entry level sec analyst, and you get introduced to terminology. Also Google’s employees talk about their journey to Google, which is also very interesting.

Module 2

This module is about historical background, types of attacks that can happen and understanding attackers. Here are the types of attackers:

• Advanced Persistent Threats (APTs): Usually state funded. Highly skilled and patient, APTs meticulously research targets (think big corporations or government agencies) and can remain undetected for long periods, aiming to steal valuable data or disrupt critical infrastructure.
• Insider Threats: Insider threats are authorized users who misuse their access to steal data, sabotage systems, or commit espionage.
• Hacktivists: These are the digital activists who use hacking to promote their cause. Their targets may be governments or corporations, and their goals range from raising awareness to social change campaigns.
• Ethical or White Hat Hackers (Authorized Hackers): Ethical hackers use their skills legally to identify vulnerabilities in systems and help organizations improve their security posture.
• Researchers or Grey Hat (Semi-Authorized Hackers): These guys discover weaknesses but don't exploit them. They responsibly report their findings to help improve overall security.
• Unethical or Black Hat Hackers (Unauthorized Hackers): Bad guys. Motivated by financial gain or simply causing trouble, they exploit vulnerabilities to steal data or disrupt systems.

Also this module introduces the CISSP 8 Security Domains:

1. Security and risk management - focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law. 
2. Asset security - focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data. 
3. Security architecture and engineering - focuses on optimizing data security by ensuring effective tools, systems, and processes are in place. 
4. Communication and network security - focuses on managing and securing physical networks and wireless communications.
5. Identity and access management- focuses on keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications. 
6. Security assessment and testing - focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities. 
7. Security operations - focuses on conducting investigations and implementing preventative measures.
8. Software development security - focuses on using secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services. 

Module 3

This one is about frameworks. Funny story, I often heard Security guys mentioning CIA, and I was like “I’m pretty sure they are not talking about that CIA”. Well here I learned that CIA stands for Confidentiality, Integrity, and Availability which is foundational model for Cyber Security.

There are various frameworks but you may have heard about NIST Cybersecurity Framework.

Module 4

This module is about tools that cybersecurity people use:

Security information and event management (SIEM) - application that collects and analyzes log data to monitor critical activities in an organization.

Network protocol analyzers (packet sniffers) - network protocol analyzer, also known as a packet sniffer, is a tool designed to capture and analyze data traffic in a network.

Playbooks - playbook is a manual that provides details about any operational action, such as how to respond to a security incident.

And others which weren’t anything new to me were mentioned: Linux, SQL, Python.

There were a lots of other stuff but these were the things most interesting to me.
Stay tuned for next Course in the Program: Play It Safe: Manage Security Risks

Also, if you have any questions about the program, feel free to ping me in the comments.