, 99 tweets, 32 min read
My Authors
Read all threads
So you want to get into Cyber Security? I’ll tell you how
Cyber security is about protecting data, networks and devices from unauthorised access
Most people are currently working remotely.

This increases the risk of security incidences as companies' data is now accessible over home networks with little or no security add ons
During the lockdown, security incidences have risen by 65%
The advantage is that there is an opportunity for newbies in this field
First, you need to understand the different types of cyber security threats:
1. Social Engineering - This is when an attacker steals sensitive information by tricking or manipulating users through human interaction to gain access to sensitive information
2. Phishing - This is when the attacker sends fraudulent emails from a source similar to a reputable source with the aim of stealing sensitive data
For example, when you receive an email from info@paypail.com. You assume it's from paypal and you click on the links in the email which take you to an untrusted website where you input your credit card details or login information
This is how scammers like:
- Grant West (Just Eat Phish attack)
- Olajide Onikoyi (Student Loan Phish)
- Onur Kopçak (Banking Phish)
- Hushpuppi (Corp account Phish)

stole users log in details and got access to information to steal money or sell these credentials on the dark web
3. Malware - This is when a file or program uses malicious software to harm a computer user.

Think about viruses, worms, spyware and Trojan horses that are used to steal data and damage devices.
4. Ransomware - This is when an attacker uses a malware to encrypt users' files and demands payment to decrypt and unlock them
Recently, LG electronics has been a victim of the Maze ransomware.

Maze has been releasing sensitive information and will continually do so until LG pays a ransom.

Read more about this attack here - #infosec #threatintelligence via @aucyble bit.ly/2YE4ulG
Now that you know the 4 main types of cyber attacks, the next step is to understand the elements of cyber security:
1. Network Security - A network is a group of computers that share computing resources provided by nodes using communication protocols over digital interconnections.

Greek eh?
Think about when you are in an office or cyber cafe and you want to share printers or data safely.

To do this, computers have to be connected via telephone lines, cables etc.

The common types of networks are LAN and WAN

To understand this better, read bit.ly/3dD97jW
Now that you understand networks, you can see the need for network security.

Intruders target networks with opportunistic malware to steal data
To protect the integrity of a network, companies implement layers of defences to implement policies and controls to prevent unauthorised access
The common types of network security are:
a. Firewalls: This is a network security system where security rules are implemented to monitor incoming and outgoing traffic with triggers to alert the security team when something unusual is happening
Think of this like how people are allowed into hotels.

If you have a key card, you don't need to stop at the front desk to gain access to your room
If you manage to slip through the front desk security, when you get to the lift, you are unable to gain access to certain floors because you don't have key card access.

To understand this better, read bit.ly/3i9lp7i
b. Email security: In every network, email is the number 1 vector for network security breaches
Companies use email security tools to block incoming attacks and scan outgoing emails to prevent data loss.

To understand this better, read bit.ly/2NxTJuu
c. Wireless security: As many companies are moving from wired technologies (with those nasty cables) to wireless technology, security is an issue
Companies using WLAN use security protocols like WEP, WPA, WPA2 and WPS.

Without these security protocols, hackers will exploit vulnerabilities and gain access to devices and data.

It's almost like living in an estate with the estate gate secured by only chickens
To understand this better, read bit.ly/2BM2xdC
d. Web security: This protects your website from hackers. It covers
- protecting an individual's or company's website
-denying users within your home or company network access to malicious websites
To understand this better, read bit.ly/2jTW2Y5 #Security #WebDevelopment #SysAdmin
e. Mobile device security: Portable devices are prone to being stolen, misplaced or hacks.

Once a device leaves the hands of the authorised user, all the data on that device and all the data the device has access to is compromised
To understand this better, read bit.ly/2ZcO7eR
f. Access control: This is where you identify which user and what devices should have access to the data in your network
To keep hackers out of the network, you create and enforce security protocols to recognise compliant users and devices.

To understand this better, read bit.ly/2Vonfay via @csoonline
g. Intrusion prevention: This monitors systems and networks for policy violations or malicious activities. Think of it like laser fields in a museum
To understand this better, read bit.ly/2ZeYWNh by @geeksforgeeks
h. Anti-malware and anti-virus: When malware infects a network or system, it could lay dormant for day, weeks or even months.

To understand how this is possible, listen to this episode of @darknetdiaries here bit.ly/2YG9Dts
With Anti-malware, you scan for malware to prevent viral infections and also remove files that have been infected. To understand this better, read bit.ly/31oV7bg by @ITPro
i. Network segmentation: To enforce security policies easily, segmentation classifies network traffic based on endpoint identity/ roles.

Think of it like traffic lights conducting cars from different parts to prevent a gridlock
To understand this better, read bit.ly/2NGwf6t
j. Data Loss Prevention: When sensitive, confidential and critical data is classified within a network, DLP prevents unauthorised users from opening, downloading, uploading, printing or forwarding sensitive information.

To understand this better, read bit.ly/385IfrC
k. Security Information and Event Management: Now that these different network security tools are in place, SIEM gives the security team the necessary information to identify threats and respond to attacks
Think of it like a CCTV in a bank vault with security in the back office watching
To understand this better, read bit.ly/2GWrnZg by via @SearchSecurity
l. VPN (Virtual Private Network): This secures your information by encrypting data as it travels back and forth from your device to the internet.

Then it authenticates communication between device and network. Think of when James Bond needs a secure line to communicate with M
To understand this better, read cybersecurity.att.com/blogs/security… by @kim_crawley
Now that you understand Network Security, let's move on to Application Security
2. Application Security: Security flaws are prevalent in apps and it is necessary to continually focus on keeping devices free from threats these flaws bring
When designing apps, a security consultant is brought in (usually at the design stage) to conduct pentests before the app is deployed.

To understand this better, read bit.ly/2NBjBpx via @csoonline
3. Endpoint Security: In an enterprise network, any device that can access data can be exploited by hackers to compromise the entire enterprise.

Examples of endpoints are servers, printers, desktops, laptops...you get it?

To understand this better, read shar.es/ab31rd
4. Data Security: As the name implies, it involves securing data at rest and data in motion.

To understand this better, read bit.ly/38ctOSW
5. Identity Management Security: When there are different users with different roles in a network, IMS ensures the right users have the appropriate access to the right data/ applications based on their roles
For example, if you are in the marketing team, you have no business accessing payroll data.

To understand this better, read zd.net/2YFbJK1
6. Database and Infrastructure Security: This is where a DB Admin
- restricts unauthorised access to an organisation's database
- performs load/ pentest to make sure it doesn't crash when there a DDoS attack and
- review the existing infrastructure for vulnerabilities
To understand this better, read oal.lu/efBLO
7. Cloud Security: This is a set of security policies implemented to secure cloud based infrastructure and systems.

To understand this better, read bit.ly/31k3WD8
8. Mobile Security: This is when security measures and policies are implemented to protect smart phones and portable devices from being used as vectors to attack systems and networks.

To understand this better, read bit.ly/2ZkbFOG
9. Disaster recovery/business continuity planning: This is how people & organisations respond to incidents that cause data loss or affect critical activities in organisations.

My favourite DR/ BCP story is the NotPetya attack that Maersk suffered in 2017 bit.ly/38cZkjt
To understand this better, read bit.ly/2qoEPuB via @TT_Infra
Now that you understand the 9 elements of Cyber Security, here is a step by step guide on how you can study on your own to get into Cyber Security:
Step 1: OS

Start with understanding the basics of these 3 operating systems

- Linux
- Windows and
- Mac
a. Linux - 100% of the world's super computers are powered by Linux so it's a no brainer to learn and understand this OS first
Linux course 1 - bit.ly/31oMflX

It's 48 hours of detailed learning
Linux course 2 - bit.ly/3dJzqVM
After understanding the fundamentals of Linux OS, learn how to script
Scripting is where you automate processes using a code.

Basically, anything that can manually be done step by step can be scripted to reduce the time it takes especially if it is a task that's done several times in a day
To learn scripting, here are 2 courses on writing shell scripts in Linux:
- bit.ly/2AdKjRY
- bit.ly/2VvYEk9
Now that you know how to write shell scripts in Linux, learn the common deployment methods.

Deployment is where distribute software and updates in the easiest way possible.

To understand this better, read bit.ly/3eOIBWg by @ostechnix
Now that you can deploy, you should know the common administration tools.

SysAdmin is ensuring the reliability of a system.

In the world of Linux, the major players are Webadmin, YaST, COAS and Linuxconf.

To understand this better, read bit.ly/31sRnWc
So far, you:

- understand the fundamentals of Linux
- can write shell scripts
- have learned the common deployment methods
- can use common admin tools.

Now, it's time to understand how scripts and can interact with the Linux OS
To understand the interactions, read bit.ly/2NDDD2u;

and if you need a video course, watch bit.ly/38dR8j5
Now let's move on to Windows
b. Windows - This is the OS designed by Microsoft for mainstream PCs and devices
As with Linux, you need to understand the fundamentals.

Read -
The Ultimate Guide to Windows Server 2019 - bit.ly/3gbcVe4

Windows Operating System Fundamentals (288 pages) - bit.ly/2AdmxFG
This @Udemy course by Marious Kuriata is my fave to understand the fundamentals of Windows OS bit.ly/31rAE5B
Now that you understand the fundamentals of the Windows OS:

- learn how to create and run scripts on Win 10 by reading @chrisbhoffman's tutorial here: bit.ly/38aNQNz
- learn the deployment methods using Windows, read bit.ly/3dQT2Yh
But if you are not patient enough to read all 1144 pages, read @Brinkhoff_C's write up here: bit.ly/3ifQINx
- read the admin tools for windows here bit.ly/3idpJlM
Now let's move on to Mac OS
c. Mac OS

- Fundamentals bit.ly/3dDoDfO
- Scripting bit.ly/2BM7KCm
- Deployment apple.co/2BoF8z7
- Admin tools bit.ly/2CL3ZNU
So far, you:
- know the fundamentals of Linux, Windows and Mac OS
- understand scripting
- know deployment basics
- can identify common admin tools and
- know how apps interact with the OS
Now that you understand the 3 main types of OS and the basics, you are ready for the next step - Networking Concepts
2. Networking Concepts - Once you know your OS, understanding the basics of how different devices in a network interact is crucial.

Is the network private or closed? Does it connect to the internet?

To understand this better, read bit.ly/2CXgu9p by @geeksforgeeks
Coursera has a really good in depth course on networking concepts here bit.ly/3eZVGMJ
Now, you understand OS fundamentals and networking concepts, it's time to learning a programming language
3. Programming languages - You thought you could escape programming huh? Not a chance
I already wrote about how to learn a Programming language here

The only thing I'll add is that you should not panic if you don't get programming languages.

As with everything, you need to be deliberate about learning it.

I always tell people getting into Cybersecurity to start with Python, then move to C
To know why programming languages are important in Cyber security, read this bit.ly/3eNSZh2
4. Basic Cloud and Security Concepts - Now, you are ready to understand what exactly the cloud is and how you can implement security in the cloud
To understand basic cloud concepts, take this @cloudacademy course bit.ly/31wAmdN by @Stuart_A_Scott
Learn basic security concepts with @Oracle's detailed course on understanding Application level and Transport level security bit.ly/3dLtwDx
Now we can move on to my favourite part of Cybersecurity - Pentesting
5. Penetration Testing - This is when you simulate attacks on a device, network or system to identify vulnerabilities.

The aim is to make sure security issues are identified before hackers exploit them.

Think of it like a fire drill
To understand PenTesting better, read bit.ly/2VxOQGm by @WhatIsDotCom
Here is a good course by @cybraryIT on PenTesting bit.ly/3gfdrI0
Also read this helpful guide by @beaucarnes on becoming an ethical hacker in 15 hours: bit.ly/2BgehWb
So far, you've learned:

1. Four main types of cyber threats;

2. Nine elements of cybersecurity;

3. Fundamentals of an OS;

4. Networking Concepts;

5. Programming languages;

6. Basic Cloud and Security Concepts; and

7. Pentesting

You're ready for a career in Cybersecurity!
Caveat - As with starting anything new, you need to practice, practice, practice. And put yourself out there.

All the best, I'm rooting for you
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Toyin

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!