🖌️Practical Foundations in Cybersecurity

This book covers key theoretical and practical foundations designed to help learners looking to enter the cybersecurity field choose a specialization and plan their skill development journey

Introduction

The global demand for skilled cybersecurity professionals has never been higher. This book covers key theoretical and practical foundations that have real-world relevance for those embarking on a career in cybersecurity, whether in defensive, offensive, or governance roles. Further, this resource is designed to help learners looking to enter the cybersecurity field choose a specialization and plan their skill development journey. The main audience for this book is learners with little to no technical background and experience in IT and who want to break into a cybersecurity career.

Learning Objectives

Part 1: Foundational Cybersecurity (Chapters 1–3)

• Understand emerging cybersecurity job roles and relevant skills and industry certifications.

• Define core cybersecurity concepts, including the CIA triad (confidentiality, integrity, and availability) and key risk management concepts (threats, vulnerabilities, and mitigation).

• Understand the evolving cyber threat landscape and its key technological and sociopolitical drivers.

• Describe common cyber attacks and malware types.

• Describe risk mitigation methods.

• Describe network security risk mitigation best practices.

• Explain how Governance, Risk, and Compliance (GRC) frameworks (e.g., NIST SP 800-37, NIST CSF, and ISO/IEC 27001) align security with business goals.

• Identify key cybersecurity regulations (e.g., GDPR and HIPAA) and industry standards (e.g., PCI DSS).

Part 2: Networking & Cryptography (Chapters 4–5)

• Explain how data flows across network layers (OSI/TCP/IP).

• Relate network layers (OSI/TCP/IP models) to vulnerabilities and mitigation techniques.

• Describe how SSL/TLS uses cryptography (symmetric/asymmetric encryption and hashing) to secure data in transit.

• Compare wireless security protocols (WPA2/WPA3) and their authentication and encryption methods.

Part 3: Ethical Hacking (Chapters 6)

• Compare professional ethical hacking (authorized penetration testing), gray-hat hacking, and hacktivism.

• Identify and compare the main penetration testing methodologies (e.g., OSSTMM, NIST SP 800-115, ISSAF, and PTES), frameworks (e.g., OWASP Testing Guide and MITRE ATT&CK/cyber kill chain), and technologies (e.g., Nmap, OpenVAS, Metasploit, and Burp Suite).

• Identify common attack targets - OS, shrink-wrap code attacks, device misconfiguration, OWASP Top 10 vulnerabilities such as cross-site scripting (XSS) and SQL injection (SQLi) attacks.

Book Chapters

1. Chapter 1: IT career planning

Don't jump before you look! This chapter lays out the IT and cybersecurity career paths, related job roles and job skills, and where to find learning resources for the career paths.

1. Chapter 2: Introduction to cybersecurity

This chapter covers key aspects of cybersecurity fundamentals, including foundational definitions such as the CIA triad, the evolving cyber threat landscape, and common cyber attacks and malware types.

1. Chapter 3: Cybersecurity GRC

This chapter covers Governance, Risk, and Compliance as a risk management framework (RMF) and using RMFs such as NIST SP 800-37, NIST CSF, and ISO/IEC 27001 to align cybersecurity policy with business goals.

1. Chapter 4: Networking fundamentals

This chapter covers host to host communication across networks (how data flows through the network).

1. Chapter 5: Wireless security and cryptography

This chapter covers how SSL/TLS secures data in transit, and the 802.11 wireless standard (WPA, WPA2, and WPA3 wireless protocols).

1. Chapter 6: Practical foundations in ethical hacking

This chapter covers ethical hacking and penetration testing - definitions, technologies, testing methodologies, and testing phases.

1. Chapter 7: Conclusion

All good things must come to an end...