Cybersecurity

Workshop
YOUR CYBER
IMMUNITY
 Cyberteq is an innovative Information &

Who Communication Technology Consulting

Company, established in 1997. In the era of
digitalization, Cyberteq enables its customers

We Are? to take full advantage of the latest digital

technologies and networks in a secure
manner.
Agenda
• Who We Are?
• Introduction to Cybersecurity
• Common Cyber Threats
• Secure Your Online Presence
• Cybersecurity Landscape
• Careers in Cybersecurity
• Cybersecurity Governance
Introduction…
 Introduction

Welcome and thank participants for joining the Comprehensive Cybersecurity Workshop.

The Importance of Cybersecurity :

• In today's interconnected world, the importance of cybersecurity cannot be overstated.
• Our lives, work, and education are increasingly digital, making it crucial to understand and address cyber
threats

Your Role in Cybersecurity :

• As university students, you play a pivotal role in shaping the digital landscape.
• Your awareness, knowledge, and practices can contribute to creating a safer online environment for
yourselves and others.
Workshop Objectives :
• Gain a solid understanding of cybersecurity fundamentals.
• Learn about common cyber threats and their implications.
• Acquire practical skills for maintaining cyber hygiene.
• Explore strategies for securing personal devices & protecting online privacy.
• Develop awareness of emerging trends in cybersecurity.

Expectations :
• Encourage participants to ask questions and actively participate in discussions.
• Set the tone for a collaborative and informative learning experience.
 Introduction to Cybersecurity

• Is the practice of protecting computer systems, networks, & digital

assets from cyberattacks, unauthorized access, & data breaches.

• It encompasses a range of technologies, processes, and practices

designed to safeguard information and ensure the confidentiality,
integrity, and availability of data.
 Why Cybersecurity Matters ?

• Cybersecurity is not just a technical concern but a fundamental aspect of safeguarding personal
privacy, financial assets, intellectual property, and even national security.
• A breach can have severe consequences, including financial loss, reputational damage, and
the compromise of sensitive information.
Understanding
Common Cyber Threats
Malware

Types of Malware :
What is malicious software?
• Virus • Trojan Horses How could malware be installed?
• Zombies & Bots • RATS
How could malware affect the
• Worms • Spyware machine?
• Rootkit • Adware How could malware compromise
• Keyloggers • Ransomware company’s sensitive data?

1.4M USD Avg/year/company lost business

due to data breaches
Ransomware
• Dangerous!
• How does it work?
• Why the device could be infected?
• Spread all over the network
• Large, multination organizations can be targeted What if the device
is infected?
• Encrypt all the data
• Impossible to retrieve without the encryption key or a recent
backup of the files.
Social Media
Effects on Security and Privacy
• Companies gather private data

• Meta data in photographs is exploited (e.g. GPS coordinates)

• Private data is sold for advertisements &
other purposes
• Social media can be exploited to spread
roamers & false information
• Governments can interfere in social media to manipulate internal and external
elections/events
• People and children unwillingly share personal photos & info Once data is on the
internet it cannot be deleted
Social Engineering
• People are the weakest link in security
• Triggers victims’ fear, curiosity, urgency, or ignorance Done through e-
mails, messages, calls, or F2F Convince the victims to trigger malicious
activities

Examples :

• Pretend to be an IT employee & ask for passwords Ask a receptionist

to connect a USB device.
Phishing Attacks
• Part of social engineering attacks

• E- emails phishing and spoofing Spear phishing

• Smishing
• Vishing
• Quishing

• Click on the link to open the attachment

• Compromise the employees and the whole company network and

data
Removable Media
• What is removable media?
• Types of removable media
• How dangerous could removable media devices be?
• When lost
• When stolen
• When containing auto- start programs
How to Secure
Your Online Presence ?
Social Media Hardening Policy
Mind your source,
stay critical Install Blokada
Read of false articles & ad blocker app on
privacy policy information phone

1 2 3 4 5

Harden privacy policy Inform friends and family

on social media about you photo policies
Safe Internet Habits

Keep anti-virus SW Do not open

Verify people Avoid installing
up-to-date executable files in
you are adding untrusted SW
information** your emails

1 2 3 4 5 6 7 8

Avoid visiting & Share email on trusted Download SW only Be aware of

downloading and secured websites from official suspicious emails
from untrusted only websites
websites
Safe Internet Habits

Keep operating Keep anti-virus Encrypt all

system updated SW updated removable media

9 1 1 12 1 1
0 1 3 4
Keep browser Encrypt all Don’t allow others to
updated removable media charge their phone
using your device
Secure VPN
Protected secure Provides
communication Can connect from
authentication anywhere
channel

1 2 3 4 5

Encrypted data to Easier to secure at

Prevent exploits The source side
Public Places
Do not connect to an
open Wi-Fi network Install monitor angle
protector

1 2 3 4

Don’t expose your Be aware of theft

screen to others
(shoulder surfing)
Password Complexity
What is a password?
Set a strong and non- forgettable password!
The longer the better, use a “passphrase” instead of a “password”. x
Don’t keep your password on a paper note and do not safe it in a  HarryPotter
browser! x
 Summer2022
Store your password on an encrypted flash memory
 Mostafa123
x
 VhT4@x
Easily cracked passwords comprise of: x
 Hello112233
Words found in any dictionary
Names of people, pets, sports teams etc ✓iAmambitI0us-tHen 1 will d0 It
Famous movie or book quotes ✓<HeLL0 2023yE@r)
✓h0P3 Y0u @Re c0Ol
“i” replaced with “1”, etc.
Common structures such as first letter capital, ends
with numbers
Phishing Emails Examples and
Security Habits
Cybersecurity Landscape
• Information Security : Protecting data from unauthorized access and ensuring its confidentiality
and integrity.

• Network Security : Safeguarding computer networks from unauthorized access and cyberattacks.

• Application Security : Ensuring the security of software applications to prevent exploitation.

• Endpoint Security : Securing individual devices, including computers, smartphones, and IoT
devices.

Cybersecurity is a shared responsibility that involves individuals, organizations, and society at large. Awareness, education, and
proactive measures contribute to creating a safer digital environment for everyone.
Careers in Cybersecurity!
The Career In Cybersecurity

Educational Background :
• While a degree in computer science, information technology, or a related field is beneficial, it's not always mandatory. Many
successful cybersecurity professionals have diverse educational backgrounds.

• Specialized certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical
Hacker (CEH), and Offensive Security Certified Professional (OSCP) are highly valued.

Skills and Knowledge :

• Develop a solid understanding of networking, operating systems, & cybersecurity fundamentals.

• Gain proficiency in programming languages such as Python, Java, or C++.

• Stay updated on the latest cybersecurity threats, trends, and technologies

Specializations in Cybersecurity
Gain Practical Experience

• Participate in hands-on activities, such as Capture The Flag (CTF) challenges and cybersecurity
competitions.

• Seek internships or entry-level positions to gain practical experience in a cybersecurity role.

Continuous Learning
Penetration Testing
Roadmap
Penetration Testing Roadmap
Build a strong Foundation
Networking and protocols :
1. Learn about the OSI model, TCP/IP stack, firewalls, routers, switches, DNS, DHCP, etc.
2. Tools: Wireshark, Nmap, and tcpdump.

Operating systems :
1. Gain a deep understanding of Linux (especially Kali Linux) and Windows.
2. Learn Linux terminal commands, shell scripting, and Windows Powershell.

Basic programming/scripting :
1. Learn scripting languages like Python, bash, and PowerShell.
2. Understand basic web development (HTML, JavaScript) to identify web vulnerabilities.
3. Python for penetration testers (practical ethical hacking)
Penetration Testing Roadmap
Build a strong Foundation
Understanding Cybersecurity :
1. Study foundational topics like the CIA triad (Confidentiality, Integrity, Availability), security controls, access
control models, and cryptography basics.
2. CompTIA Security+.
Penetration Testing Roadmap
Master Penetration Testing Tools and Techniques
Vulnerability Scanning and Assessment :
• Tools: Nessus, OpenVAS, Qualys

Penetration Testing Methodologies :

• Learn methodologies like OSSTMM, OWASP Testing Guide, and NIST SP800-115.

Hands-On Penetration Testing Tools :

• Nmap: Network scanning and enumeration.
• Metasploit: Exploit framework.
• Burp Suite: Web vulnerability testing.
• John the Ripper/Hashcat: Password cracking tools.
• Wireshark: Network traffic analysis.
• Nikto: Web server vulnerability scanner.
• Practical Ethical Hacking Course (TCM Security)
• Offensive Security's Kali Linux Revealed.
Penetration Testing Roadmap
Web Application Security
Understand Common Vulnerabilities (OWASP Top 10) :
• Learn about SQL injection, cross-site scripting (XSS), cross-site
request forgery (CSRF), security misconfigurations, and broken
authentication.

Tools for Web Penetration Testing :

1. Burp Suite, OWASP ZAP, sqlmap.
2. OWASP Web Security Testing Guide.
3. Web Application Hacker’s Handbook.
Penetration Testing Roadmap
Develop Advanced Exploitation Skills
Buffer Overflows, Shellcode, and Exploits :
1. Learn binary exploitation, reverse engineering, and exploit development.
2. Study buffer overflows, format string vulnerabilities, and memory
corruption.

Tools :
1. GDB, Immunity Debugger, Radare2, pwntools (for Python scripting).
2. SLAE (SecurityTube Linux Assembly Expert) certification.
3. Exploit Writing Tutorials (Corelan Team).
Penetration Testing Roadmap
Practice in Capture The Flag (CTF) Platforms
Hands-on practice is critical for penetration testers. CTF platforms provide challenges to test and
improve your skills in a controlled environment.
Recommended Platforms:
• Try Hack Me, Hack The Box, Vuln Hub, Offensive Security Proving Grounds,
Root-Me.

Bug Bounty Programs:

• Participate in bug bounty platforms like Hacker One, Bug crowd, and Open
Bug Bounty to find real-world vulnerabilities.
Penetration Testing Roadmap
Learn Reporting and Documentation
Writing Penetration Test Reports:

1. After testing, you must document your findings clearly and effectively, including detailed explanations of
vulnerabilities, how they were exploited, and remediation recommendations.
2. Penetration Testing Execution Standard (PTES) Reporting Guidelines.
Recommended Certifications:

• Certified Ethical Hacker (CEH) : One of the entry-level certifications covering various hacking techniques and tools.

• eLearn Security Junior Penetration Tester (eJPT) : Good starting certification for beginners, focused on hands-on skills.
• Offensive Security Certified Professional (OSCP) : Highly regarded certification requiring real-world hacking techniques and
exploitation of a vulnerable network within a time limit.
• GIAC Penetration Tester (GPEN) : Focuses on advanced penetration testing techniques.
• Certified Penetration Tester (CPT) by Mile2 : Focuses on practical penetration testing skills and is suited for beginners and
intermediate levels.
• Offensive Security Web Expert (OSWE) : Focuses specifically on web application penetration testing.
Cybersecurity SOC
Roadmap
Cybersecurity SOC Roadmap

Networking Fundamentals :
1. Learn about TCP/IP, DNS, DHCP, firewalls, and network protocols.
2. Study tools like Wireshark for packet analysis.
3. Resources: Cisco's CCNA, Network+, or equivalent.

System Administration :
1. Familiarize yourself with operating systems like Windows and Linux.
2. Learn commands, administration, and security configurations.
3. Resources: CompTIA Linux+, Microsoft certifications.

Basic Cybersecurity Knowledge :

1. Study security principles (CIA Triad, access controls).
2. Learn about vulnerabilities, threats, and attacks (phishing, malware).
3. Resources: CompTIA Security+, Introduction to Cybersecurity (Coursera/Edx).
Cybersecurity SOC Roadmap

SOC Concepts :
1. Learn about security monitoring, SIEM tools, and incident response.
2. Resources: Learn about SIEM platforms like Splunk, ArcSight, and ELK Stack.

Threat Intelligence and Incident Response :

1. Study frameworks like MITRE ATT&CK.
2. Learn to analyze indicators of compromise (IOCs).
3. Resources: SANS courses, Blue Team Handbook.

Practical Labs :
1. Practice on platforms like Try Hack Me, Hack The Box, or Blue Team Labs.
Recommended Certifications:

• CompTIA Security+ : Foundational knowledge of cybersecurity.

• eLearnSecurity Certified Incident Responder (ECIR): Incident response techniques and methodologies.

• eLearnSecurity Certified Digital Forensics Professional (ECDFP): Digital forensics principles and techniques.

• Certified SOC Analyst (CSA) by EC-Council : Entry-level SOC skills.

• Splunk Core Certified User : Basic proficiency in one of the most used SIEM tools.

• GIAC Certified Incident Handler (GCIH) : Advanced incident handling skills.

Cybersecurity Governance,
Compliance, and Risk
Assessment
What is GRC?

GRC stands for Governance, Risk, and Compliance. It is a structured approach to

aligning IT with business objectives while managing risks and ensuring compliance
with laws and regulations.
Risk Management
• Governance:
Ensuring that an organization's policies and processes align with business objectives.

• Risk Management: GRC Governance

Identifying, assessing, and mitigating risks that could impact the organization.

• Compliance:
Meeting the legal, regulatory, and internal requirements relevant to the business. Compliance
What a Standard/Framework can do for your
organization?

Describe your current & desired cybersecurity Assess progress toward the desired
1. posture 3. state

Identify and prioritize areas that require Communicate among stakeholders about
2. improvement 4. cybersecurity risk
ISO 27001 Framework/Standard

ISO 27001
Information Security Management System implementation &
certification process overview.

ISO 27001 Framework/Standard :

ISO27001 is the international standard that sets out the specifications
for an Information Security Management System (ISMS). Its best-
practice approach helps organizations manage their information
security by addressing people and processes as well as technology.
 ISO 27001

• ISO 27001 formally specifies how to establish an Information Security Management System (ISMS).

• The adoption of an ISMS is a strategic decision.

• The design and implementation of an organization’s ISMS is influenced by its business and security objectives, its security risks
and control requirements, the processes employed and the size and structure of the organization.

• The ISMS will evolve systematically in response to changing risks.

• Compliance with ISO27001 can be formally assessed and certified. A certified ISMS
builds confidence in the organization’s approach to information security management
among stakeholders.
Cybersecurity GRC
Roadmap
GRC Career Paths

There are several key roles in GRC, each with its own focus:

Governance Roles :
• IT Governance Analyst : Ensures IT systems align with the organization’s goals.
• Information Security Manager : Manages the security strategy and ensures compliance with regulations.

Risk Management Roles :

• Risk Analyst : Identifies, evaluates, and mitigates risks within the organization.
• Risk and Compliance Officer : Ensures the organization manages risks and complies with regulatory
requirements.

Compliance Roles :
• Compliance Officer : Ensures the organization adheres to legal and regulatory standards.
• Internal Auditor : Reviews internal processes and controls to ensure compliance.

GRC Consultant – Information Security Consultant

 Core Skills for GRC Professionals

To succeed in GRC, professionals need a blend of technical, analytical, and communication skills :

• Analytical Skills : Ability to assess risks, analyze data, and make informed decisions.
• Communication Skills : Writing policies, presenting findings, and working with stakeholders.
• Knowledge of Frameworks : Familiarity with ISO 27001, NIST, COBIT, etc.
• Understanding of Regulations : Knowledge of laws like GDPR, HIPAA, and PCI-DSS.
• Technical Skills : While GRC is not purely technical, understanding cybersecurity and IT concepts can be an asset.
 Certifications to Get Started in GRC

Earning certifications can help you build credibility and validate your skills in GRC:

Entry-Level Certifications :
• CompTIA Security+ : Covers basic security concepts.
• ISO/IEC 27001 Foundation : Introduction to the ISO 27001 framework.

Advanced Certifications :
• ISO/IEC 27001 Lead Implementer/Auditor : Advanced knowledge of implementing or auditing ISO 27001.
• Certified Information Systems Auditor (CISA ): Auditing and reviewing IT systems for compliance.
• Certified Information Security Manager (CISM) : Focuses on managing information security.
 The Growing Demand for GRC Professionals

With increasing regulations such as GDPR and the rise of cyber threats, GRC
professionals are in high demand.
Organizations need experts to protect their business interests, ensure compliance, and
manage risks.
Risk Management

• GRC helps businesses avoid legal penalties, data breaches, and reputational damage.
• Companies of all sizes, from startups to multinational corporations, are seeking skilled
GRC professionals.
GRC Governance

Compliance
ANY QUESTIONS?
Scan Me