Privacy     T.O.S.     F.A.Q.     Why Cats?     Pricing     BCWHS CU     Training     Donate     Status     Contact  

BCWHS Cybersecurity University - An introduction for cybersecurity beginners.

"Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide."

Does this definition of Cybersecurity feel fun or scary to you? Or Both?

Cybersecurity can be both fun and scary but also a rewarding experience.

Where do I begin as someone who wants to pursue a cybersecurity career?

The answer is simple. We'll start at the top and work our way down with Cybersecurity Plans and Policies. Plans and Policies are the foundation and should be implemented for every business that has a connection to the internet.

Black Cat White Hat Security - Cybersecurity University Course Outline

Cybersecurity 100 - The Beginning (Plans & Policies)
Cybersecurity 101 - Security Training
Cybersecurity 102 - Risk Management Frameworks & Assessments
Cybersecurity 103 - Awareness Training
Cybersecurity 104 - Asset Management
Cybersecurity 105 - Certification

BCWHS U - Cybersecurity 100 - The Beginning (Plans & Policies)

What are Cybersecurity Plans and Policies?

A cybersecurity plan specifies the security procedures, and controls required to protect an organization against threats and risk. A cybersecurity plan can also outline the specific steps to take to respond to a breach.
Here are a few Cybersecurity Plans for you to research.
Crisis Management Plan
Disaster & Recovery Plan
Incident Response Plan
Information Security Plan
System Security Plan
Here are a few Cybersecurity Policies for you to research.
3rd Party PolicyAcceptable Use PolicyAccess Control PolicyAccount Management PolicyAnti-Virus PolicyBYOD PolicyClean Desk PolicyData Retention (Backups) PolicyData Security PolicyE-Commerce PolicyEmail PolicyEncryption PolicyEquipment Disposal PolicyFirewall PolicyGuest Access PolicyIdentification and Authentication PolicyIncident & Response PolicyInternet Usage PolicyLogs PolicyMaintenance PolicyMobile Device Security PolicyNetwork Access PolicyOutsourcing PolicyPasswords PolicyPatch Management PolicyPersonal Security PolicyPhysical Security PolicyRemote Access PolicyRetention PolicyRouter / Switch Security PolicySecurity Awareness and Training PolicyVulnerability Assessment PolicyWireless Communication Policy

Spend some time reading and understand the purpose of the plans and policies before moving onto training.

BCWHS U - Cybersecurity 101 - Security Training

Now that you have a good understanding of Plans and Policies, we move onto security training.
Infosec Institute has an excellent Skills learning platform. They have 2 options, a 7-day free account where you have access to the entire content but then are slimmed down to 15 learning paths that are free.
The second option is $299 for the year, which is an excellent price if you are serious about Cybersecurity knowledge.

Can you help me on where to start?

Yes, take advantage of the free 7-day trial and target the paid content first.
Before you sign up, what are your passions?
Do you enjoy Engineering? Managing? Coding? Forensics? Analytics? Architecture? Privacy? Penetration Testing?
Here are some learning paths to target and the total time of the path. These paths contain videos, assessments, quizzes and downloadable content.
Cloud Engineering
• Paid: Certificate of Cloud Security Knowledge (CCSK) - 4 hours, 29 minutes
• Paid: AWS Certified Security Specialist - 5 hours, 26 minutes
• Paid: Azure Security Engineer Associate - 8 hours, 30 minutes
Security Engineering
• Paid: Security Engineering - 12 hours, 48 minutes
• Paid: ISC(2) Certified Information Systems Security Professional (CISSP) - 18 hours, 42 minutes
• Paid: Cybersecurity Administration - 9 hours, 18 minutes
• Paid: Cybersecurity Management - 11 hours, 53 minutes
• Paid: ISACA Certified Information Security Manager (CISM) - 18 hours, 24 minutes
• Paid: Secure SDLC - 9 hours, 33 minutes
• Paid: Writing Secure Code in Node.js - 8 hours, 4 minutes
• Paid: Writing Secure Code in C++ - 14 hours, 20 minutes
• Paid: HTML5 Security - 7 hours, 9 minutes
• Paid: Windows OS Forensics - 16 hours, 19 minutes
• Paid: Windows Registry Forensics - 10 hours, 51 minutes
• Paid: Computer Forensics - 15 hours, 15 minutes
• Paid: Network Forensics - 9 hours, 45 minutes
• Paid: (ISC)2 Certified in Governance, Risk and Compliance (CGRC) - 7 hours, 26 minutes
• Paid: Vulnerability Assessment - 8 hours, 31 minutes
• Paid: Threat Modeling - 5 hours, 10 minutes
• Paid: Cyber Threat Hunting - 10 hours, 52 minutes
• Paid: SIEM Architecture and Process - 8 hours, 26 minutes
• Paid: Cloud Security Architecture - 24 hours, 43 minutes
• Paid: IAPP CIPP/US - 15 hours, 32 minutes
• Paid: IAPP CIPM - 7 hours, 34 minutes
• Paid: IAPP CIPT - 7 hours, 49 minutes
Penetration Testing
• Paid: Cloud Pentesting - 8 hours, 25 minutes
• Paid: Python for Pentesters - 14 hours, 5 minutes
• Paid: CompTIA Pentest+ - 9 hours, 14 minutes
• Paid: ITIL 4 Foundation - 6 hours, 39 minutes
• Paid: ISO 27001 Audits - 6 hours, 16 minutes
• Paid: NIST 800-171 - 5 hours, 5 minutes
• Paid: NIST 800-53 Assessments and Audits - 6 hours, 33 minutes
• CompTIA Linux+ - 22 hours, 48 minutes
• Cybersecurity Leadership and Management - 8 hours, 48 minutes
• DevSecOps - 8 hours, 10 minutes
• Enterprise Security Risk Management - 14 hours, 5 minutes
• Identity and Access Management - 7 hours, 30 minutes
• Incident Response - 18 hours, 39 minutes
• JavaScript Security - 10 hours, 33 minutes
• NIST Cybersecurity Framework - 5 hours, 42 minutes
• Python for Cybersecurity - 14 hours, 29 minutes
• Security Architecture - 7 hours, 31 minutes

Create your free Infosec Skills account now!

BCWHS U - Cybersecurity 102 - Risk Management Frameworks & Assessments

Cybersecurity risk management is the process of identifying an organization's digital assets, reviewing existing security measures, and implementing solutions to either continue what works or to mitigate security risks that may pose threats to a business.

What are some popular frameworks to research?

COBIT is a framework created by ISACA for information technology (IT) management and IT governance.
ISO 27001 - Establishing set criteria for evaluating information security risk. Identifying risks for all of the information assets within scope of the ISMS. Assigning owners for each risk. Creating a repeatable, consistent risk assessment process.
ITIL 4 Foundation - While not necessarily a risk framework but is there risk management steps involved in the overall framework.
OCTAVE defines a risk-based strategic assessment and planning technique for security.
NIST provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle.

BCWHS U - Cybersecurity 103 - Awareness Training

Awareness training is a level to which an individual knows certain policies, situation, documents or any other important information. Policy of systematical increasing of awareness is an important element of any engagement strategy.

What should our awareness training include?

Mobile Security
Password Security
Physical Security
Remote Working
Removable Media
Safe Web Browsing
Social Engineering

Popular Awareness Training Platforms
Infosec IQ - Employees are not a security problem. They are part of the solution. Try Infosec IQ and learn how to stay compliant, reduce your phish rate and inspire your employees to adopt security practices to keep your organization safe.
KnowBe4 - KnowBe4 is the world's largest integrated platform for security awareness training combined with simulated phishing attacks. Join our more than 50,000 customers to manage the continuing problem of social engineering.

BCWHS U - Cybersecurity 104 - Asset Management

Cybersecurity asset management is an organization's capability to conduct and maintain an accurate inventory of all cyber-enabled technologies, including hardware and software. Cybersecurity asset management is about understanding all of your assets to strengthen your company's cyber risk posture.

What should we know and have in place for asset management?

Device Endpoint Protection (Sophos, Bitdefender, etc)
Device Risk Calculations: (AV * EF = SLE) and (SLE * ARO = ALE)
  Asset Value (AV) * Exposure Factor (EF) = Single Loss Expectancy (SLE)
  SLE * Annualized Rate of Occurrence (ARO) = Annual Loss Expectancy (ALE)

Understand the device assets risk vs mitigation costs. Do any of your assets require cyber insurance?

BCWHS U - Cybersecurity 105 - Certification

(ISC)2, ISACA and CompTIA are excellent places to start for certifications.
(ISC)2 Information Security Certifications
Certified in Cybersecurity (CC)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Security Assessment and Authorization Certification (CGRC)
Certified Secure Software Lifecycle Professional (CSSLP)
HealthCare Information Security and Privacy Practitioner (HCISPP)

ISACA Certifications
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
Certified in the Governance of Enterprise IT (CGEIT)
Certified Data Privacy Solutions Engineer (CDPSE)
Certified in Emerging Technology Certification (CET)
Information Technology Certified Associate (ITCA)
CSX Cybersecurity Practitioner Certification (CSX-P)

CompTIA Certifications
CompTIA A+
CompTIA IT Fundamentals (ITF+)
CompTIA Network+
CompTIA Security+
CompTIA Cloud+
CompTIA Security Analyst+ (CySA+)

Certification in Cybersecurity helps individuals stand out from other candidates in the job market and can also help them advance their careers within their current organizations.

© 2023 Black Cat White Hat Security ℠* All rights reserved.