Cyberbits

Google Foundations of Cybersecurity

Introduction

Years of platform engineering gave me the infrastructure fundamentals, and beyond; now I’m retooling for security.

I’m tackling Google’s Cybersecurity Professional Certificate first (CompTIA Security+ next), and I’ll share the cliff notes as I go. Dense summaries of what actually matters.

Kickoff: Google Foundations of Cybersecurity.

The players and the prize

Security is a two-player game. Analysts man the walls; monitoring systems, thwarting threats, and serving as first responders during breaches. Engineers build the fortifications, writing Python scripts, managing SIEM platforms, and conducting forensic investigations to preserve criminal evidence.

The asset is data, and not all of it is equal.

  • PII (Personally Identifiable Information). Names, IPs, birthdates: identifies individuals
  • SPII (Sensitive PII). Medical records, biometrics, SSNs: these trigger legal landmines and stricter handling protocols.

Protecting these categories is why compliance exists: adhering to standards that shield you from fines and breaches.

The Strategy

Every defense rests on the CIA Triad:

  • Confidentiality -> data is for authorized eyes only
  • Integrity -> data is trustworthy
  • Availability -> data is accessible when needed

To operationalize this, organizations deploy Security Frameworks.

The heavy hitter here, is the NIST Cybersecurity Framework (CSF), a voluntary risk management playbook. It’s joined by industry-specific mandates: HIPAA for health data, GDPR for EU privacy, PCI DSS for credit cards, and FERC-NERC for power grids. These frameworks establish your Security Posture: your ability to defend assets and adapt to change.

Ethics are non-negotiable. Counterattacking is almost always illegal; the International Court of Justice permits it only under impossible conditions (fully reversible, direct communication, no escalation). Laziness and shortcuts are the silent killers here.

The Adversary

Threat Actors range from opportunistic hackers to APTs (Advanced Persistent Threats). APTs are state-sponsored groups that research targets for months and remain undetected in networks. Their arsenal includes BEC (Business Email Compromise), spear phishing (targeted deception), USB baiting (dropping drives with malware), and watering hole attacks (compromising frequented websites). Viruses require a user to click; worms spread autonomously.

To organize defense, the industry uses eight Security Domains (CISSP model):

  • Risk Management
  • Asset Security
  • Security Engineering
  • Communications/Network Security
  • Identity & Access Management
  • Security Assessment
  • Security Operations
  • Software Development Security.

If it touches data, it falls under one of these pillars.

The Toolkit

Operations run on SIEM platforms like Splunk or Google Security Operations (formerly known as Google Chronicle), ingesting logs; the first source of truth. When incidents hit, analysts turn to playbooks: step-by-step manuals ensuring proper protocols. Key procedures include Chain of Custody (documenting who touched evidence and when) and Order of Volatility (capturing fragile data like RAM before it evaporates when power cuts).

Technical fluency means Python for scripting, SQL for database interrogation, Linux for system navigation, and packet sniffers for network analysis. Combine these with computer forensics, and you have the complete digital detective kit.

Next

Next up is the Play It Safe: Manage Security Risks course and my cliff notes on it.

Posted in: , , ,
Tags: , ,