Core skills for cybersecurity

professionals

 Transferable skills
Skills from other areas that can apply to different careers.

 Technical skills
Skills that require knowledge of specific tools, procedures, and policies.

 Security analyst transferable

skills
 Communication
 Collaboration
 Analysis
 Problem solving

 Security analyst technical skills

 Programming languages
 Security information and event management (SIEM) tools
 Computer forensics

Transferable and technical cybersecurity

skills
Previously, you learned that cybersecurity analysts need to develop certain core skills to be
successful at work. Transferable skills are skills from other areas of study or practice that can apply

INTERNAL
 to different careers. Technical skills may apply to several professions, as well; however, they
typically require knowledge of specific tools, procedures, and policies. In this reading, you’ll explore
both transferable skills and technical skills further.
Transferable skills

You have probably developed many transferable skills through life experiences; some of those skills
will help you thrive as a cybersecurity professional. These include:

 Communication: As a cybersecurity analyst, you will need to communicate and collaborate

with others. Understanding others’ questions or concerns and communicating information
clearly to individuals with technical and non-technical knowledge will help you mitigate
security issues quickly.
 Problem-solving: One of your main tasks as a cybersecurity analyst will be to proactively
identify and solve problems. You can do this by recognizing attack patterns, then
determining the most efficient solution to minimize risk. Don't be afraid to take risks, and try
new things. Also, understand that it's rare to find a perfect solution to a problem. You’ll likely
need to compromise.
 Time management: Having a heightened sense of urgency and prioritizing tasks
appropriately is essential in the cybersecurity field. So, effective time management will help
you minimize potential damage and risk to critical assets and data. Additionally, it will be
important to prioritize tasks and stay focused on the most urgent issue.
 Growth mindset: This is an evolving industry, so an important transferable skill is a
willingness to learn. Technology moves fast, and that's a great thing! It doesn't mean you will
need to learn it all, but it does mean that you’ll need to continue to learn throughout your
career. Fortunately, you will be able to apply much of what you learn in this program to your
ongoing professional development.
 Diverse perspectives: The only way to go far is together. By having respect for each other
and encouraging diverse perspectives and mutual respect, you’ll undoubtedly find multiple
and better solutions to security problems.

Technical skills
There are many technical skills that will help you be successful in the cybersecurity field. You’ll learn
and practice these skills as you progress through the certificate program. Some of the tools and
concepts you’ll need to use and be able to understand include:

 Programming languages: By understanding how to use programming languages,

cybersecurity analysts can automate tasks that would otherwise be very time consuming.
Examples of tasks that programming can be used for include searching data to identify
potential threats or organizing and analyzing information to identify patterns related to
security issues.
 Security information and event management (SIEM) tools: SIEM tools collect and
analyze log data, or records of events such as unusual login behavior, and support analysts’
ability to monitor critical activities in an organization. This helps cybersecurity professionals
identify and analyze potential security threats, risks, and vulnerabilities more efficiently.
 Intrusion detection systems (IDSs): Cybersecurity analysts use IDSs to monitor system
activity and alerts for possible intrusions. It’s important to become familiar with IDSs because
they’re a key tool that every organization uses to protect assets and data. For example, you

INTERNAL
 might use an IDS to monitor networks for signs of malicious activity, like unauthorized access
to a network.
 Threat landscape knowledge: Being aware of current trends related to threat actors,
malware, or threat methodologies is vital. This knowledge allows security teams to build
stronger defenses against threat actor tactics and techniques. By staying up to date on
attack trends and patterns, security professionals are better able to recognize when new
types of threats emerge such as a new ransomware variant.
 Incident response: Cybersecurity analysts need to be able to follow established policies
and procedures to respond to incidents appropriately. For example, a security analyst might
receive an alert about a possible malware attack, then follow the organization’s outlined
procedures to start the incident response process. This could involve conducting an
investigation to identify the root issue and establishing ways to remediate it.

CompTIA Security+
In addition to gaining skills that will help you succeed as a cybersecurity professional, the Google
Cybersecurity Certificate helps prepare you for the CompTIA Security+ exam, the industry leading
certification for cybersecurity roles. You’ll earn a dual credential when you complete both, which can
be shared with potential employers. After completing all eight courses in the Google Cybersecurity
Certificate, you will unlock a 30% discount for the CompTIA Security+ exam and additional practice
materials.
Key takeaways
Understanding the benefits of core transferable and technical skills can help prepare you to
successfully enter the cybersecurity workforce. Throughout this program, you’ll have multiple
opportunities to develop these and other key cybersecurity analyst skills.

 The importance of
cybersecurity
 Personally Identifiable

Information (PII)
 Any information used to infer an individual’s identity

 Sensitive Personally
Identifiable Information (SPII)
 A Specific type of PII that falls under stricter handling guidelines

INTERNAL
 The value of cybersecurity
Now that you’ve learned about what cybersecurity is and how cybersecurity professionals protect
people and organizations, it’s time to consider your own role in cybersecurity. Imagine that it’s your
first day as a cybersecurity professional, and consider the following:

 What cybersecurity problems are you solving?

 How are you protecting your organization?
 How are you protecting people?
 What is the most exciting part about your day?

Please write one to two paragraphs (100-200 words) outlining your responses to the prompts. Then,
visit the discussion forums to read what other learners have written, and respond to at least two
other posts with your own thoughts.
Participation is optional

Glossary terms from module 1

Terms and definitions from Course 1, Module 1

Cybersecurity (or security): The practice of ensuring confidentiality, integrity, and availability of
information by protecting networks, devices, people, and data from unauthorized access or criminal
exploitation
Cloud security: The process of ensuring that assets stored in the cloud are properly configured and
access to those assets is limited to authorized users
Internal threat: A current or former employee, external vendor, or trusted partner who poses a
security risk
Network security: The practice of keeping an organization's network infrastructure secure from
unauthorized access
Personally identifiable information (PII): Any information used to infer an individual’s identity
Security posture: An organization’s ability to manage its defense of critical assets and data and
react to change
Sensitive personally identifiable information (SPII): A specific type of PII that falls under stricter
handling guidelines
Technical skills: Skills that require knowledge of specific tools, procedures, and policies
Threat: Any circumstance or event that can negatively impact assets
Threat actor: Any person or group who presents a security risk
Transferable skills: Skills from other areas that can apply to different careers

INTERNAL
 Welcome to module 2
What you’ll learn
 Viruses
 Malware
 Social engineering
 Digital age

 Past cybersecurity attacks

Malware
Software designed to harm devices or networks
Two examples of early malware attacks that we'll cover are the Brain virus and the Morris worm.

*Attacks in the digital age

To better understand attacks in the digital age, we'll discuss two notable attacks that relied on the
internet: the LoveLetter attack and the Equifax breach.

Phishing
The use of digital communications to trick people into revealing sensitive
data or deploring malicious software.

Common attacks and their effectiveness

Previously, you learned about past and present attacks that helped shape the cybersecurity industry.
These included the LoveLetter attack, also called the ILOVEYOU virus, and the Morris worm. One

INTERNAL
 outcome was the establishment of response teams, which are now commonly referred to as
computer security incident response teams (CSIRTs). In this reading, you will learn more about
common methods of attack. Becoming familiar with different attack methods, and the evolving tactics
and techniques threat actors use, will help you better protect organizations and people.
Phishing

Phishing is the use of digital communications to trick people into revealing sensitive data or
deploying malicious software.
Some of the most common types of phishing attacks today include:

 Business Email Compromise (BEC): A threat actor sends an email message that seems to
be from a known source to make a seemingly legitimate request for information, in order to
obtain a financial advantage.
 Spear phishing: A malicious email attack that targets a specific user or group of users. The
email seems to originate from a trusted source.
 Whaling: A form of spear phishing. Threat actors target company executives to gain access
to sensitive data.
 Vishing: The exploitation of electronic voice communication to obtain sensitive information
or to impersonate a known source.
 Smishing: The use of text messages to trick users, in order to obtain sensitive information or
to impersonate a known source.

Malware
Malware is software designed to harm devices or networks. There are many types of malware. The
primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that
can be used against a person, an organization, or a territory.
Some of the most common types of malware attacks today include:

 Viruses: Malicious code written to interfere with computer operations and cause damage to
data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits
the virus via a malicious attachment or file download. When someone opens the malicious
attachment or download, the virus hides itself in other files in the now infected system. When
the infected files are opened, it allows the virus to insert its own code to damage and/or
destroy data in the system.
 Worms: Malware that can duplicate and spread itself across systems on its own. In contrast
to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and
spreads from an already infected computer to other devices on the same network.
 Ransomware: A malicious attack where threat actors encrypt an organization's data and
demand payment to restore access.
 Spyware: Malware that’s used to gather and sell information without consent. Spyware can
be used to access devices. This allows threat actors to collect personal data, such as private
emails, texts, voice and image recordings, and locations.

Social Engineering
Social engineering is a manipulation technique that exploits human error to gain private
information, access, or valuables. Human error is usually a result of trusting someone without

INTERNAL
 question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of
false trust and lies to exploit as many people as possible.
Some of the most common types of social engineering attacks today include:

 Social media phishing: A threat actor collects detailed information about their target from
social media sites. Then, they initiate an attack.
 Watering hole attack: A threat actor attacks a website frequently visited by a specific group
of users.
 USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find
and install, to unknowingly infect a network.
 Physical social engineering: A threat actor impersonates an employee, customer, or
vendor to obtain unauthorized access to a physical location.

Social engineering principles

Social engineering is incredibly effective. This is because people are generally trusting and
conditioned to respect authority. The number of social engineering attacks is increasing with every
new social media application that allows public access to people's data. Although sharing personal
data—such as your location or photos—can be convenient, it’s also a risk.
Reasons why social engineering attacks are effective include:

 Authority: Threat actors impersonate individuals with power. This is because people, in
general, have been conditioned to respect and follow authority figures.
 Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating
victims into doing what they’re told.
 Consensus/Social proof: Because people sometimes do things that they believe many
others are doing, threat actors use others’ trust to pretend they are legitimate. For example,
a threat actor might try to gain access to private data by telling an employee that other
people at the company have given them access to that data in the past.
 Scarcity: A tactic used to imply that goods or services are in limited supply.
 Familiarity: Threat actors establish a fake emotional connection with users that can be
exploited.
 Trust: Threat actors establish an emotional relationship with users that can be exploited
over time. They use this relationship to develop trust and gain personal information.
 Urgency: A threat actor persuades others to respond quickly and without questioning.

Key takeaways
In this reading, you learned about some common attacks and their impacts. You also learned about
social engineering and why it’s so successful. While this is only a brief introduction to attack types,
you will have many opportunities throughout the program to further develop your understanding of
how to identify and defend against cybersecurity attacks.

INTERNAL
 Identify: Methods of attack
Review various methods of attack
On each flashcard, review a common type of attack. Guess the definition,
then, select Flip to find out if you’re right. Be sure to review all 15 cards.
Malware

Definition
A software designed to harm devices or networks

Virus

Definition
A malware program that modifies other computer programs by inserting its
own code to damage and/or destroy data

Example of: Malware

Worm

INTERNAL
 Definition
Malware that self-replicates, spreading across the network and infecting
computers

Example of: Malware

Ransomware

Definition
A malicious attack during which threat actors encrypt an organization's data
and demand payment to restore access

Example of: Malware

Definition
Malicious software installed on a user’s computer without their permission,
which is used to spy on and steal user data

INTERNAL
 Example of: Malware

Definition
The use of digital communications to trick people into revealing sensitive
data or deploying malicious software

Definition
A malicious email attack targeting a specific user or group of users that
appears to originate from a trusted source

Example of: Phishing

INTERNAL
 Whaling

Definition
A form of spear phishing during which threat actors target executives in
order to gain access to sensitive data

Example of: Phishing

Business email compromise (BEC)

Definition
An attack in which a threat actor impersonates a known source to obtain a
financial advantage

Example of: Phishing

INTERNAL
 Vishing

Definition
The exploitation of electronic voice communication to obtain sensitive
information or to impersonate a known source

Example of: Phishing

Social engineering

Definition
A manipulation technique that exploits human error to gain unauthorized
access to sensitive, private, and/or valuable data

INTERNAL
 Social media phishing

Definition
An attack in which a threat actor collects detailed information about their
target on social media sites before initiating an attack

Example of: Social engineering

Watering hole attack

Definition
An attack in which a threat actor compromises a website frequently visited
by a specific group of users

Example of: Social engineering

Physical social engineering

Definition
An attack in which a threat actor impersonates an employee, customer, or
vendor to obtain unauthorized access to a physical location

Example of: Social engineering

USB baiting

Definition
An attack in which a threat actor strategically leaves a malware USB stick for
an employee to find and unknowingly infect a network

INTERNAL
 Example of: Social engineering

Introduction to the eight CISSP

security domains, Part 1

security and risk management. Security and risk management focuses on defining security
goals and objectives, risk mitigation, compliance, business continuity, and the law. For
example, security analysts may need to update company policies related to private health
information if a change is made to a federal compliance regulation such as the Health Insurance
Portability and Accountability Act, also known as HIPAA.
Play video starting at :1:57 and follow transcript1:57

The second domain is asset security. This domain focuses on securing digital and physical
assets. It's also related to the storage, maintenance, retention, and destruction of data. When
working with this domain, security analysts may be tasked with making sure that old equipment is
properly disposed of and destroyed, including any type of confidential information.
Play video starting at :2:25 and follow transcript2:25

The third domain is security architecture and engineering. This domain focuses on optimizing
data security by ensuring effective tools, systems, and processes are in place. As a security
analyst, you may be tasked with configuring a firewall. A firewall is a device used to monitor and filter
incoming and outgoing computer network traffic. Setting up a firewall correctly helps prevent attacks
that could affect productivity.
Play video starting at :2:57 and follow transcript2:57

The fourth security domain is communication and network security. This domain focuses on
managing and securing physical networks and wireless communications. As a security
analyst, you may be asked to analyze user behavior within your organization.
Play video starting at :3:15 and follow transcript3:15

INTERNAL
 Imagine discovering that users are connecting to unsecured wireless hotspots. This could leave the
organization and its employees vulnerable to attacks. To ensure communications are secure, you
would create a network policy to prevent and mitigate exposure.
Play video starting at :3:34 and follow transcript3:34

Maintaining an organization's security is a team effort, and there are many moving parts. As an
entry-level analyst, you will continue to develop your skills by learning how to mitigate risks to keep
people and data safe.

Familiarizing yourself with these domains will allow you to navigate the complex world of security.
The domains outline and organize how a team of security professionals work together. Depending
on the organization, analyst roles may sit at the intersection of multiple domains or focus on one
specific domain. Knowing where a particular role fits within the security landscape will help you
prepare for job interviews and work as part of a full security team.
Play video starting at ::50 and follow transcript0:50

Let's move into the fifth domain: identity and access management. Identity and access
management focuses on keeping data secure, by ensuring users follow established policies
to control and manage physical assets, like office spaces, and logical assets, such as networks
and applications. Validating the identities of employees and documenting access roles are essential
to maintaining the organization's physical and digital security. For example, as a security analyst,
you may be tasked with setting up employees' keycard access to buildings.
Play video starting at :1:27 and follow transcript1:27

The sixth domain is security assessment and testing. This domain focuses on conducting
security control testing, collecting and analyzing data, and conducting security audits to
monitor for risks, threats, and vulnerabilities. Security analysts may conduct regular audits of user
permissions, to make sure that users have the correct level of access. For example, access to
payroll information is often limited to certain employees, so analysts may be asked to regularly audit
permissions to ensure that no unauthorized person can view employee salaries.
Play video starting at :2:6 and follow transcript2:06

The seventh domain is security operations. This domain focuses on conducting investigations
and implementing preventative measures. Imagine that you, as a security analyst, receive an
alert that an unknown device has been connected to your internal network. You would need to follow
the organization's policies and procedures to quickly stop the potential threat.
Play video starting at :2:31 and follow transcript2:31

The final, eighth domain is software development security. This domain focuses on using
secure coding practices, which are a set of recommended guidelines that are used to create
secure applications and services. A security analyst may work with software development teams to
ensure security practices are incorporated into the software development life-cycle. If, for example,
one of your partner teams is creating a new mobile app, then you may be asked to advise on the
password policies or ensure that any user data is properly secured and managed.
Play video starting at :3:9 and follow transcript3:09

That ends our introduction to CISSP's eight security domains. Challenge yourself to better
understand each of these domains and how they affect the overall security of an organization. While
they may still be a bit unclear to you this early in the program, these domains will be discussed in
greater detail in the next course. See you there!

INTERNAL
 Determine the type of attack
Previously, you learned about the eight Certified Information Systems Security Professional (CISSP)
security domains. The domains can help you better understand how a security analyst's job duties
can be organized into categories. Additionally, the domains can help establish an understanding of
how to manage risk. In this reading, you will learn about additional methods of attack. You’ll also be
able to recognize the types of risk these attacks present.

Attack types

Password attack

A password attack is an attempt to access password-secured devices, systems, networks, or data.

Some forms of password attacks that you’ll learn about later in the certificate program are:

 Brute force
 Rainbow table

Password attacks fall under the communication and network security domain.
Social engineering attack
Social engineering is a manipulation technique that exploits human error to gain private
information, access, or valuables. Some forms of social engineering attacks that you will continue to
learn about throughout the program are:

 Phishing
 Smishing
 Vishing
 Spear phishing
 Whaling
 Social media phishing
 Business Email Compromise (BEC)
 Watering hole attack
 USB (Universal Serial Bus) baiting
 Physical social engineering

INTERNAL
 Social engineering attacks are related to the security and risk management domain.
Physical attack
A physical attack is a security incident that affects not only digital but also physical environments
where the incident is deployed. Some forms of physical attacks are:

 Malicious USB cable

 Malicious flash drive
 Card cloning and skimming

Physical attacks fall under the asset security domain.

Adversarial artificial intelligence
Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine
learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under
both the communication and network security and the identity and access management domains.
Supply-chain attack
A supply-chain attack targets systems, applications, hardware, and/or software to locate a
vulnerability where malware can be deployed. Because every item sold undergoes a process that
involves third parties, this means that the security breach can occur at any point in the supply chain.
These attacks are costly because they can affect multiple organizations and the individuals who
work for them. Supply-chain attacks can fall under several domains, including but not limited to the
security and risk management, security architecture and engineering, and security operations
domains.
Cryptographic attack
A cryptographic attack affects secure forms of communication between a sender and intended
recipient. Some forms of cryptographic attacks are:

 Birthday
 Collision
 Downgrade

Cryptographic attacks fall under the communication and network security domain.
Key takeaways
The eight CISSP security domains can help an organization and its security team fortify against and
prepare for a data breach. Data breaches range from simple to complex and fall under one or more
domains. Note that the methods of attack discussed are only a few of many. These and other types
of attacks will be discussed throughout the certificate program.
Resources for more information
To view detailed information and definitions of terms covered in this reading, visit the National
Institute of Standards and Technology (NIST) glossary.
Pro tip: If you cannot find a term in the NIST glossary, enter the appropriate search term (e.g.,
“cybersecurity birthday attack”) into your preferred search engine to locate the definition in another
reliable source such as a .edu or .gov site.

INTERNAL
 Understand attackers
Previously, you were introduced to the concept of threat actors. As a reminder, a threat actor is any
person or group who presents a security risk. In this reading, you’ll learn about different types of
threat actors. You will also learn about their motivations, intentions, and how they’ve influenced the
security industry.
Threat actor types

Advanced persistent threats

Advanced persistent threats (APTs) have significant expertise accessing an organization's network
without authorization. APTs tend to research their targets (e.g., large corporations or government
entities) in advance and can remain undetected for an extended period of time. Their intentions and
motivations can include:

 Damaging critical infrastructure, such as the power grid and natural resources
 Gaining access to intellectual property, such as trade secrets or patents

Insider threats
Insider threats abuse their authorized access to obtain data that may harm an organization. Their
intentions and motivations can include:

 Sabotage
 Corruption
 Espionage
 Unauthorized data access or leaks

Hacktivists
Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to
accomplish their goals, which may include:

 Demonstrations
 Propaganda
 Social change campaigns
 Fame

INTERNAL
 Hacker types

A hacker is any person who uses computers to gain access to computer systems, networks, or data.
They can be beginner or advanced technology professionals who use their skills for a variety of
reasons. There are three main categories of hackers:

 Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere
to the law to conduct organizational risk evaluations. They are motivated to safeguard people
and organizations from malicious threat actors.
 Semi-authorized hackers are considered researchers. They search for vulnerabilities but
don’t take advantage of the vulnerabilities they find.
 Unauthorized hackers are also called unethical hackers. They are malicious threat actors
who do not follow or respect the law. Their goal is to collect and sell confidential data for
financial gain.

Note: There are multiple hacker types that fall into one or more of these three categories.
New and unskilled threat actors have various goals, including:

 To learn and enhance their hacking skills

 To seek revenge
 To exploit security weaknesses by using existing malware, programming scripts, and other
tactics

Other types of hackers are not motivated by any particular agenda other than completing the job
they were contracted to do. These types of hackers can be considered unethical or ethical hackers.
They have been known to work on both illegal and legal tasks for pay.
There are also hackers who consider themselves vigilantes. Their main goal is to protect the world
from unethical hackers.
Key takeaways
Threat actors are defined by their malicious intent and hackers are defined by their technical skills
and motivations. Understanding their motivations and intentions will help you be better prepared to
protect your organization and the people it serves from malicious attacks carried out by some of
these individuals and groups.

INTERNAL
 Resources for more information
To learn more about how security teams work to keep organizations and people safe, explore the
Hacking Google series of videos.

What we covered
 Viruses
 Malware
 Social engineering
 Digital age
 Security domains

Glossary terms from module 2

Terms and definitions from Course 1,
Module 2
Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and
machine learning (ML) technology to conduct attacks more efficiently
Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates
a known source to obtain financial advantage
CISSP: Certified Information Systems Security Professional is a globally recognized and highly
sought-after information security certification, awarded by the International Information Systems
Security Certification Consortium
Computer virus: Malicious code written to interfere with computer operations and cause damage to
data and software
Cryptographic attack: An attack that affects secure forms of communication between a sender and
intended recipient
Hacker: Any person who uses computers to gain access to computer systems, networks, or data
Malware: Software designed to harm devices or networks
Password attack: An attempt to access password secured devices, systems, networks, or data
Phishing: The use of digital communications to trick people into revealing sensitive data or
deploying malicious software
Physical attack: A security incident that affects not only digital but also physical environments
where the incident is deployed
Physical social engineering: An attack in which a threat actor impersonates an employee,
customer, or vendor to obtain unauthorized access to a physical location
Social engineering: A manipulation technique that exploits human error to gain private information,
access, or valuables
Social media phishing: A type of attack where a threat actor collects detailed information about
their target on social media sites before initiating the attack

INTERNAL
 Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to
originate from a trusted source
Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to
locate a vulnerability where malware can be deployed
USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an
employee to find and install to unknowingly infect a network
Virus: refer to “computer virus”
Vishing: The exploitation of electronic voice communication to obtain sensitive information or to
impersonate a known source
Watering hole attack: A type of attack when a threat actor compromises a website frequently
visited by a specific group of users

INTERNAL