Embedded Files
Quick Description of Cyber Security Fundamentals
As an introduction to the MS-CSOL program, one of my first courses was CSOL 500 - Foundations of Cyber Security. This course helped set forth the concepts we would be focusing on for the rest of the MS-CSOL program and provided a brief introduction to each concept. These concepts included identifying assets to an organization and the threats against them, building a baseline understanding of the policies and procedures needed to protect an organization's assets, and building the framework for the human role in cybersecurity around leadership, enforcement, and responses regarding cyber threats. Below you will find a quick breakdown of three of my favorite topics from this course: Incident Response, Topology, and Threats and Vulnerabilities.
My full reflection on this topic as well as useful references can be found towards the bottom of this page.
Incident Response
No matter the level of cybersecurity protections implemented in an organization, the question around a cyber incident happening is not "if" it will happen, but "when" it will. One of the most important aspects of a strong cybersecurity posture is having a holistic Incident Response Plan (IR Plan) in place to be able to address incidents quickly and effectively as they are identified. Many IR Plans require that strong detection and reference monitoring strategies be in place to ensure that triggered responses are for true-positive events instead of false-negative ones. Either way, if an event is triggered and is identified as being false negative or can be better handled by automation, IR Plans feedback into the security posture of an organization to help implement these changes. Implemented changes through automation and machine response instead of human-focused response can help mitigate incidents faster. More information around incident response will be covered in the Incident Response and Computer Network Forensics section of this ePortfolio.
Topology
Another important topic when focusing on protecting an organization's assets is understanding and building a topology that helps promote a strong security posture. One of the popular thought processes around topology recently is that of Zero Trust. Zero Trust roots itself in the mindset of "never trust, always verify" and is an architectural process focused on ensuring all connections, transactions, and access to data is verified as having a legitimate business case in an environment. In my eyes, Zero Trust is one of the key mindsets to keep while building out any security control in an environment. Zero Trust can be overdone and make an end-user's experience with a technology a nightmare, but when combined with the right amount of automation, effective multi-factor authentication, and transparent (to the end-user) verification of transactions, Zero Trust becomes a key piece of ensuring the cyber hygiene of any environment. More information around topology and Zero Trust will be covered in the Security Architecture section of this ePortfolio.
Cyber Threats and Vulnerabilities
If it wasn't for the topic of threats and vulnerabilities, it's likely that the MS-CSOL program and the jobs many of us participate in would not exist. One of the things I find the most fascinating about cybersecurity is the continual use of new threats and exploitation of vulnerabilities to provide cybersecurity professionals the challenge of protecting organizations against them. One such threat toolset, Cobalt Strike, has been widely used in many of the most recent attacks through vulnerabilities found in Microsoft, SolarWinds, and other popular products used by almost all organizations. As a cybersecurity professional, it's important to understand not only the assets you're protecting but also what you are protecting those assets from. More information around cyber threats and vulnerabilities will be covered in the Cyber Threat Intelligence section of this ePortfolio.
Reflection
Stepping into any cybersecurity-focused role, the topics called out in the CSOL 500 course are important to understand as they are truly foundations to a successful cybersecurity posture. There are many topics I could have covered, but the three covered above are most important to me for a few reasons. First and foremost, I feel that Incident Response, Topology, and Cyber Threats and Vulnerabilities are the most fundamental topics to cover. While policy, leadership, privacy, asset attributes, and other critical topics are important, most of them require that we have an asset within a topology to protect against threats and vulnerabilities. When we do need to react, we need to make sure we have a plan to do so in a successful manner with as little impact on production operations as possible.
As I continue my professional career in the cybersecurity field, it's important for me to reflect back on these fundamentals and remind myself of their importance in a strong cybersecurity posture. Just as my Bachelor's in Computer Science taught me the importance of the theories behind computing, such as language structure, data flow, algorithms, and other critical computer theories, it's important to remember as a cybersecurity professional that the core topics covered in this course are important to keep in mind through all security controls being implemented. Blindly implementing a new technology to prevent the most recent cyber threat without being mindful of policies, procedures, response plans, compliance needs, etc. can do more harm to an organization and possibly put it at greater risk. Every cybersecurity professional has an ethical responsibility to stay ahead of the game and learn about new cybersecurity threats and challenges as they come out. The bar for the "fundamentals" is ever-growing and requires consistent learning in the field.
In my new role as a Solutions Architect for State/Local Government and Education (SLED) customers for Palo Alto Networks, these fundamentals are going to be key to both my success in the role and becoming a trusted advisor for many C-levels within the organizations I support. Having a clear understanding of these concepts with the formalization of my education around them will help me better provide leaders of organizations the guidance they need to make sure they have the strongest security posture possible. For example, assisting an organization in building an IR Plan requires an understanding of what makes a successful plan. This includes effective triggering of the plan, efficacy in its implementation, and ensuring that the feedback loop is there to update the technologies and procedures in the plan where necessary.
Focusing on topology and cyber threats and vulnerabilities, many SLED customers are looking at the Governments guidance, through the Executive Order around Zero Trust, on how to best protect themselves from modern, persistent threats. New topologies in customer environments are both challenging and exciting to build. Very few organizations are starting with a blank slate, so implementing zero trust in an environment where implied trust and perimeter security were originally adequate makes for brand new ways of thinking about cyber challenges. On top of that, threat actors are successfully using toolkits and automation to scale up attacks on organizations. Organizations need to combat this scale and automation with scale and automation of their own. Understanding threat actors, the topologies in an environment, and where automation and scale can be leveraged are key to updating legacy security postures.
References and Important Readings for Cyber Security Fundamentals
Bassett, C., Widup, S., Pinto, A., Langlois, P., & Hylender, C. D. (2020). 2020 Data Breach Investigations Report. Verizon Enterprise. https://enterprise.verizon.com/resources/reports/dbir/.
Bosworth, Seymore, M.E. Kabay, and Eric Whyne. Computer Security Handbook. 6th ed. Wiley, 2014. Print. (Volumes 1 & 2).
DiMaria, F. (2016, May). 3 Keys to Creating an IT Strategic Plan. Campus Technology. https://campustechnology.com/articles/2016/05/26/3-keys-to-creating-an-it-strategic-plan.aspx.
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020, August). Zero Trust Architecture (No. NIST Special Publication (SP) 800-207). National Institute of Standards and Technology.
Page updated
Google Sites
Report abuse