Welcome to the Cybersecurity Management Stack. This free online course can help students build their talent stack with an introduction to the evolving world of cybersecurity. We will begin with the foundations of cybersecurity and its history, explore some of the changes and opportunities in the growing field, as well as explore ways to build up your Cybersecurity Management Stack.

How long will it take to complete this free course in cybersecurity management?

This online course in Cybersecurity will direct students to free videos, podcasts, articles, and other resources. Each individual section will encompass two to three hours of learning material for your Cybersecurity Management Stack. Then at the end of each of the sections, there will be an opportunity to invest in your learning.

While this free online course can act as a great introduction to cybersecurity, we encourage you to consider how to continue building your Cybersecurity Management Stack and maybe even consider other educational avenues, such as an advanced degree like an MBA.

The World of Cybersecurity Management

What Is Cybersecurity?

We live in an online world. Our lives have become heavily reliant upon the internet, networks, and computers in almost any area you can think of – from what we should watch on Netflix tonight to how our water purification system works.

And this also means our information is also all over these devices. Therefore, it is imperative that our organizations (and our personal lives outside of work) have strong cybersecurity measures set up. It is with this in mind that we turn to examine cybersecurity – the practice of protecting information for:

availability,
confidentiality,
integrity,
and securing:
- data,
- devices,
- and networks from cyberattacks.

Let’s take a look at how cybersecurity can be defined and some key elements of the discipline. Read these overviews from Microsoft, IBM, Cisco, and the U.S. Cybersecurity and Infrastructure Security Agency.

From their explanations, how would you describe cybersecurity, its importance, and the best practices to keep your organization safe?

Cybersecurity Threats

Cybersecurity is a vast umbrella term, covering everything from cloud security to network security to critical infrastructure security and more.

Cloud security protects all that data you and your organization store on the cloud.
In contrast, network security provides protection from outside threats to your network (think two-factor authentication).

And critical infrastructure security keeps our electrical grid providing electricity, for example. There are a zillion threats to everything computer-related, so the need for smart, strong cybersecurity cannot be understated.

This video covers eight of the most common types of cybersecurity threats. You’ll look at how each threat works and how to protect against said threat.

As you watch, consider which threats you’ve encountered in your organizations and how they were handled.
Was the level of cybersecurity sufficient for the threat, or in what ways might there have been better protection?

The Cybersecurity Manager

A cybersecurity manager is an IT professional who focuses on an organization’s system security. They find possible areas of vulnerability in an organization’s network or system, and then they develop strategies to protect the organization from potential attacks from those vulnerabilities.

A cybersecurity manager is a highly valuable role for an organization since cybersecurity attacks can mean a loss of income for the organization and a threat to the organization’s reputation when it comes to its clients or consumers.

Most cybersecurity managers have at least a four-year degree, and there are a wide array of certificates available that managers can also add to their Cybersecurity Management Stack. It is imperative that a cybersecurity manager has a current and high level of understanding when it comes to information operations and security.

While the technical side of the role is vital, a cybersecurity manager also needs a strong grasp of project and risk management since they are tasked with creating and implementing audits and protocols to keep systems and networks safe from cybersecurity attacks.

Listen (or watch) this podcast episode on the routes to a role as a cybersecurity manager, including the soft skills necessary for the role and how cybersecurity, in general, can be a benefit, no matter your role.

As you listen, consider how your experience, skills, and personality might lend themselves well as a cybersecurity manager.
What are some areas you feel you need to work on in your Cybersecurity Management Stack to become a better cybersecurity manager?

Investment Opportunity

Enroll in the Cybersecurity Analyst Professional Certification from IBM through Coursera. This series of courses covers basic cybersecurity tools, attacks, roles, compliance, and threat intelligence. This is a beginner-level certification that should take you about eight months to complete if you do around four hours of work on it each week.

Foundations of Cybersecurity

Creeper, Reaper, Vienna

The idea of a computer virus was conceptualized by mathematician and physicist Jon von Neumann. In a 1949 paper, von Neumann posed the idea of what we know today as a self-replicating worm in a computer. However, it wasn’t until 1971 that Bob Thomas of BBN Technologies created what is today regarded as the first computer worm.

It should be noted that Thomas didn’t design the worm to be malicious, though the message it displayed as it moved between computers, “I’m the creeper; catch me if you can,” does have a slightly sinister ring to it.

In 1973, Thomas’ friend, Ray Tomlinson, then coded a variation on the program called Reaper that deleted Thomas’ original code and repeated its own code on it, making it the first cybersecurity program.

In the late 1980s, the Vienna virus destroyed random files on computers it infected. It wasn’t a devastating virus, but it is notable because in 1987, Bernd Fix, a computer researcher, got a copy of Vienna. So he wrote a program that neutralized it, which made Vienna the first computer virus destroyed by an antivirus program “in the wild,” so to speak, since the Reaper was under more contained circumstances.

Learn more about how antivirus software works and why it’s still important in 2022.

What do you feel is most important for staff at your organization to know when it comes to antivirus software on their work computers?

Morris Worm

In 1988, a graduate student at Cornell University, Robert Morris, let a worm loose on the MIT computer systems. Like Thomas, Morris didn’t have ill intent for this worm; he was, instead, looking for vulnerabilities in the system.

As he didn’t want system administrators to be able to beat the worm through a false positive report, Morris wrote the worm’s code to make it replicate 14 percent of the time. As a result, the worm caused the university significant financial damage, and Morris became the first person ever convicted under the Computer Fraud and Abuse Act.

This brief documentary looks at the Morris Worm and how it eventually spread across networks around the globe.

What was the impact of the Morris Worm, and how do we see the ramifications of Morris’ experiment today in how we approach cybersecurity?

If you’re interested in diving more deeply into Morris’ case, you can read through an appeals report from 1991.

Encryption

cybersecurity management

In the mid-1990s, Netscape released the first browser and the Secure Sockets Layer (SSL) 2.0, sometimes called digital certificates. The SSL creates an encrypted link between a server and a client, so when information is inputted, it can only be read by the intended recipient. Thus, SSL technology was a part of the foundation for the proliferation of buying and selling goods online. Here’s a quick overview of SSL.

In 1999, Transport Layer Security 1.0, or TSL, was released as an upgraded version of SSL 3.0. As of 2018, there have been three versions of TSL, and SSL has now been deprecated and replaced with TSL. This article goes more in-depth about what SSL and TSL are and their differences.

How has our evolution of the way we use computers and the internet impacted the need to move to TSL in recent years?

National Cyber Security Division Established

In 2003, in response to an ever-growing number of cyberattacks, the U.S. Department of Homeland Security created the National Cyber Security Division. A lot has changed since the early 2000s, and you can read about how the Department of Homeland Security is currently dealing with cybersecurity on its website.

What stands out to you about current governmental policies and how they might impact your work?

Investment Opportunity

In this Google Cloud Security Certificate offered through Coursera, you’ll learn the necessary skills to be a cloud security engineer, and it will help you prep for the Google Cloud Professional Cloud Security Engineer certification exam. You’ll explore how to manage cloud access, define organization policies around cloud usage, and how to configure your network security.

This is an intermediate-level course that will take you about five months to complete if you spend about four hours a week on your study.

Changes in Cybersecurity

Even More Essential

With medical cybersecurity attacks increasing and governments and financial institutions still popular targets, cybersecurity is expandingly vital for all organizations (and individuals). In fact, ransomware hit record highs in 2022.

As you read this article, what do you notice about these cybersecurity threats from 2022 that would inform your approach to your organization’s cybersecurity in 2023 and beyond?

As remote work continues to be the norm for many, cybersecurity professionals need to continue to consider ways to build up their organization’s cybersecurity awareness for remote workers.

What types of training are provided at your organization for remote work security awareness?
Or what type of training should be provided?

IoT, ZTNA, and CARTA

Another area of consideration that provides avenues for more and new threats is the Internet of Things (IoT). Threats to the IoT impact the emerging tech industry but also, as our lives become more and more integrated, both at home and at work, we are all increasingly vulnerable as one device can be a gateway to our entire networks.

No longer is an attack on your phone the only concern. Now you can worry about your smart refrigerator too.

Here are some predictions on security and IoT changes in 2022.

How do these predictions shape how you’d approach your job in cybersecurity for your organization?

You can also read up on new government regulations regarding the IoT.

Would these regulations impact your work or change any security measures at your organization?

As devices and systems are increasingly connected through the IoT, there needs to be a continued upgrade in threat detection and response. One way to do this is by taking a zero-trust network approach (ZTNA). In a ZTNA, the identity of every person and device trying to access an asset or network is verified. You can learn more about ZTNA here.

Is this an approach your organization uses?
What are the barriers and benefits of such an approach?

Another tool is an adoption of a continuous adaptive risk and trust assessment (CARTA) to combat these types of IoT attacks. You can learn more here.

Consider how you might pair a ZTNA and a CARTA to provide even more security for your organization.

Ethical Considerations

As cybersecurity is truly still a new field that is also rapidly evolving, ethics are still emerging. Namely, one of the biggest questions is where the line between privacy and security is. And as the financial risks are often also high when it comes to cybersecurity and attacks, these ethical considerations are of utmost importance.

Where do you think the balance lies between privacy and security?

This article covers some top considerations for you to think about and add to your Cybersecurity Management Stack.

This is a wide-ranging issue. This talk from Stefan Savage, Ph.D., Professor of Computer Science and Engineering at the University of California, San Diego, looks into some of the ethical issues he has faced in his work and how they’ve challenged him in his career.

As a cybersecurity professional, how can these ethical questions do the same for you?

A branch of these ethical issues becoming increasingly debated has to do with privacy and social media. When ex-Facebook employee Frances Haugen did an interview on 60 Minutes in October 2021 about the company’s inner workings and the outage of Facebook, Instagram, and WhatsApp that immediately followed, Facebook’s data harvesting and usage received increased scrutiny.

There is a growing focus on how social media platforms harvest and use users’ data, which you can read more about here.

How do you think these conversations will shape online privacy rules, and what changes do you see in this arena?

Investment Opportunity

MIT’s Professional Education Department offers a Digital Transformation: From AI and IoT to Cloud, Blockchain, and Cybersecurity course. This course gives professionals an overview of the five technologies that are impacting today’s economic landscape and how to respond to them. This is a six-week course. You will need to have some basic coding skills to complete it.

Opportunities in Cybersecurity

Authentication Sans Passwords

The majority of data breaches happen due to weak passwords. And the fact of the matter is that they aren’t really the safest user authentication, especially when users don’t follow best practices for their passwords. Here’s an article that dives into why passwords are not a great way to ensure digital security.

As a result of passwords’ inherent flaws, there is a lot of movement toward passwordless authentication, which is a huge opportunity for the industry. This post dives into the why behind a passwordless approach and the options available.

As you consider your passwords and methods of authentication, what approach makes sense for you or your organization?
What are the barriers to switching to passwordless authentication?

But how do you go passwordless? It’s a multiphase approach if you want to do it well. Since passwords permeate nearly everything we do on our computers, this is a complex undertaking with a significant amount of risk involved. And one size does not fit all organizations.

You’ll need to take into consideration everything from the number of and way your organization’s departments are set up, how many employees you have, and how many different services, applications, and other software you use, to name a few considerations.

Microsoft has developed a strategy for going passwordless with a four-step process.

Develop a plan based on these four steps that can help you move an organization to a passwordless reality.

Cybersecurity Insurance

There is a market developing for cybersecurity insurance. Cyberattacks can be incredibly expensive, especially when they lead to judicial cases, fines, and court hearings. And when an organization is brought down by a cyberattack, that can also mean an attack on their stocks, shares, and staff livelihoods.

With these financial repercussions in mind, more and more organizations are looking at buying into cybersecurity insurance. It’s still a new area of insurance, but according to the US Government Accountability Office, between 2016 and 2019:

the cost of cyberattacks almost doubled,
the number of policies increased by 60%,
and the number of insurers that offer cyber insurance increased by 35%.

Here’s an example from The Hartford of their cyber insurance coverage.

And here’s an overview of the importance of cyber insurance.

What do you notice, and what benefits might this provide to an organization?

Automotive Hacking

An area that is also developing is security against automotive hacking. As the number of self-driving cars out on the road continues to increase, the threat from hackers will increase also. One challenge for auto manufacturers is how to design secure vehicles from a cybersecurity standpoint.

This is a tall order considering the relative newness and sophistication of the technology and the lack of expertise in the area. And, again, the risk is high, but this time, it’s literally gambling with peoples’ lives.

This workshop from the Institute of Transportation Studies at the University of California – Irvine discusses questions about the cybersecurity of Connected and Autonomous Vehicles and cyber-physical systems (CAV-CPS). Researchers in this workshop looks at vulnerabilities to CAV-CPS and possible mitigation strategies.

How do you think these technical issues also need to take into account the socio-technical impacts of CAV?

Investment Opportunity

As you consider the ethical and socio-technical implications around cybersecurity, consider enrolling in this course from Harvard – Cybersecurity: The Intersection of Policy and Technology Online. This is an intermediate-level course that runs for an intensive five days online, at the end of which you will earn a certificate. This course dives more into the policy issues around cybersecurity and is a great way to add depth to your Cybersecurity Management Stack.

Cybersecurity Management Talent Stack

Learn to Perform a Risk Assessment

Because the sky’s the limit for the ways hackers can break into your networks and systems, it’s of utmost importance that, as a cybersecurity professional, you know how to perform a risk assessment for your organization.

Risk assessments help you identify and then prioritize your system’s vulnerabilities. Being able to assess these risks allows you to be proactive and effective when it comes to mitigating threats.

This global cybersecurity alliance webinar from the International Society of Automation lays out some guidance on how to conduct risk assessments using ISA/IEC 62443 standards. Before you listen, read through this overview of how these standards came about and what they are to give you some context here. The webinar will help you identify the information you need to perform risk assessments when you’re ready.

After reading and watching, where would you start when it comes to a risk assessment at your organization?

Get to Know Linux

If you’re not already familiar with Linux, you’ll want to get to know it. Linux is a framework that can be used to scan networks and use a system in ways that you can’t do with most operating systems. It’s open-source software, which means that its code can be modified (and is free). This makes it easily accessible, and, as a result, many cybersecurity tools are built on a Linux foundation. Here’s a bit more about why Linux is a great tool to add to your Cybersecurity Management Stack.

What are the benefits to you of having a familiarity with Linux?

In this podcast episode from Infosec, Jasmine Jackson discusses how Linux can help you build your stack in other areas of cybersecurity. She also has some tips on getting your resume noticed.

What of these pieces of advice are relevant to you in your current career stage?

Try Penetration Testing

Penetration testing is a great skill to add to your Cybersecurity Management Stack. This is a method for improving cybersecurity defenses by www a hack on your servers. The hackers that do this type of work are often called white hat or ethical hackers.

Cybersecurity professionals can put a security system in place, and then these ethical hackers attempt to hack it. This type of hack can provide an organization’s cybersecurity specialists with important data to help improve the system and build up vulnerable areas before a real attack happens.

If you’re interested in trying white-hat hacking yourself, Metasploit is a free framework for penetration testing. You can learn more about what Metasploit is and how it works here and then spend some time playing around with it.

Be Empathetic

While cybersecurity can feel very technical, at its core, it’s about people. People are hackers, but people are also defenders. It’s people – like you – who are responsible for building strong defenses, cleaning up breaches, and fixing vulnerabilities. And it’s people who are impacted by attacks.

While, yes, cybersecurity does have a strong emphasis on data and coding, it’s also important to understand how to be empathetic toward victims of an attack. Not only could the world do with a bit more empathy, but being able to truly listen to what happened can help you sort out what happened and repair it as needed.

Additionally, since attacks can cause emotional stress for victims, being able to navigate those conversations calmly is really important.

Have you considered the people side of cybersecurity before and how to navigate these areas?

If you’d like a little more insight or guidance, check out this article from Just Security on why empathy matters.

Investment Opportunity

There are so many important avenues to pursue in cybersecurity work, from post-hack clean-up to building strong system defenses. And cybersecurity continues to be a fast-growing and fast-developing field.

There are many educational paths to consider in the realm of cybersecurity, but if you’re not ready to commit to a large program yet, you can always try a cybersecurity boot camp, like this one from the University of California – Berkeley. This boot camp is a virtual, intensive, six-month course. It includes pre-course tutorials to get everyone up to speed, so no worries if you’re still very new to the field.

To Wrap Things Up

Congrats on reaching the end of your Free Cybersecurity Course! This is the conclusion of our free online course to help you develop your Cybersecurity Management Stack. We hope it gives you a great foundation to build on. We invite you to also peruse our FREE online IT Management Stack course!
A cybersecurity management program teaches students the importance of cybersecurity risk management, strategic planning, network security, intellectual property, cyber threats and cyber attacks, information security, incident response, information technology, security operations, information security strategies, endpoint security, and much more.

Written by: Tammie Cagle