Module 1: Welcome and Introduction to Cybersecurity

1.1 • Course Outline and Expected Learning Outcomes

Module outline and expected
learning outcomes • Australia’s Cybersecurity Strategy

• Cybersecurity Definition and Landscape

• The CIA Triad

• Why it’s the perfect time to start a career in cybersecurity

1.2 • NICE Framework Overview
NICE Framework (National
Initiative for Cybersecurity • NICE Cybersecurity Workforce Framework Overview
Education) o Categories
o Specialties

1.3 • Corporate Cybersecurity Team Structures. The functions of;

Roles in Cybersecurity o Red Teams
o Blue Teams
o Purple Teams
o Security Ops Centres
o Threat Intelligence

Couse Outline and Expected Learning Outcomes

Hello and welcome to The Genius Armory Introduction to Cybersecurity!
This course is comprised of five modules which will give you a good introductory level of
understanding of the current state of cybersecurity, the roles within it, the types of Threat
Actors and how they aim to compromise systems, and some of the key fundamentals such as
computer languages.

1. Module 1 – Introduction to Cybersecurity

2. Module 2 – Threats & Exploits

3. Module 3 – Networks
4. Module 4 – Digital Forensics
5. Module 5 – Cybersecurity Tools
Each module is accompanied with knowledge checks in the form of multiple-choice quizzes,
content-relevant tasks, or a combination of both.
If you are interested in a career in cybersecurity, please submit the answers to your knowledge
checks at the end of each module within The Forage platform as advised so that they are
provided to Untapped for review. Your answers cannot be changed once submitted, so please
ensure you check them beforehand.
Don’t worry, we don’t expect you to answer everything correctly! What might happen is that
you are referred to additional courses or an assessment centre so that you can further explore
whether this is a good career choice for you.
Continued learning resources are also provided within each module so that you can do
additional solo-research into topics of interest.
Feel free to pause the course at any time. Modules can be completed independently of one
another and do not need to be completed in one sitting. Once your responses are submitted for
any given module, they will remain submitted permanently.

Australia’s Cybersecurity Strategy 2020 At A Glance

The Australian government has a vision of a more secure online world for Australians, their
businesses and the essential services upon which we all depend. This will be delivered through
complementary actions by governments, businesses and the community.
There are a number of highlights to this strategy, such as:
• The investment of $1.67 billion over 10 years to achieve this vision
• Protecting and actively defending the critical infrastructure that all Australians rely on,
including cyber security obligations for owners and operators.
• New ways to investigate and shut down cybercrime, including on the dark web.
• Stronger defences for Government networks and data.
• Greater collaboration to build Australia’s cyber skills pipeline.

If you want to read the full strategy, refer to the Australian Government Home Affair’s website
in the link in this module’s script.
Australia’s Cybersecurity Strategy 2020
https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf

Cybersecurity Definition and Landscape Introduction

Cybersecurity professionals are involved in activities that include “...strategy, policy, and
standards regarding the security of and operations in cyberspace, and encompasses the full
range of threat reduction, vulnerability reduction, deterrence, international engagement,
incident response, resiliency, and recovery policies and activities, including computer network
operations, information assurance, law enforcement, diplomacy, military, and intelligence
missions as they relate to the security and stability of the global information and
communications infrastructure.”

Cyberspace Policy Review May 2009

Cybersecurity is an always evolving, face-paced industry so it is key that cybersecurity

professionals stay up to date with the latest information and trends. We’ll get into the current
cybercrime landscape in detail in Module 2 – Threats and Exploits.

The CIA Triad

An important foundation of cybersecurity is the CIA Triad.
Information security revolves around the three key principles: confidentiality, integrity and
availability (CIA). The CIA Triad is a security model that has been developed to help people
think about various parts of IT security.
You can think of the triad as a balance of 3 important components. Imagine a dot in the centre
of the three, this dot represents a system. In an ideal world the system – dot, would sit in the
centre of the triad – The data of the system would be equally accessible, protected, and
verifiable, in a balanced way. Moving the dot too far over means sacrificing one of the other
elements. For example, heavily encrypting a file means the dot will sit higher up, under
confidentiality. But this extra encryption means it is less available due to the extra measures
needed to encrypt, send and decrypt it. The aim is to have a balance of all 3 aspects.
Confidentiality is concerned with preventing unauthorized access to sensitive information. The
access could be intentional, such as a threat actor gaining access the network and reading the
information, or it could be unintentional, due to the carelessness or incompetence of individuals
handling the information. It is implemented using security mechanisms such as usernames,
passwords, access control lists, and encryption.
Integrity ensures that information are in a format that matches its original purposes. It has three
goals that help to achieve data security:
• Preventing the modification of information by unauthorized users
• Preventing the unauthorized or unintentional modification of information by authorized
users
• Ensure the accuracy and consistency of data through processes like error checking and
data validation
Availability ensures that information and resources are available to those who need them. It is
implemented using methods such as hardware maintenance, software patching and network
optimization. Dedicated hardware devices can be used to guard against downtime and
unreachable data due to malicious actions such as distributed denial-of-service (DDoS) attacks.
Throughout this course we will be looking at a multitude of ways in which the CIA Triad is
implemented by cybersecurity professionals.

CIA Triad Example

A simple example of the CIA triad in practice is sending a message to someone.

Confidentiality – you send the message and no one else knows what the message is. This can be
achieved through encryption
Integrity – you send the message, and it is exactly the same when it is received. The data has
not been tampered with and this can be achieved through hashing and digital signatures
Availability – you send the message, and the recipient is able to receive it.

Why it’s the Perfect Time to Start a Career in Cybersecurity

Cybersecurity is one of the hottest topics of the tech industry right now. The news is full of
ransomware attacks, intelligence agencies like the NSA, and compromised networks costing
companies sometimes in the excess tens of millions to resolve.

This coupled with the fact the cybersecurity is still a growth industry, expected to triple in the
next ten years, means that the industry has a 0% unemployment rate. What this means is that
there are a lot more jobs available in comparison to qualified people who have the skills and
experience to fill those positions. Demand could not be higher, and companies are doing
everything they can hold on to their cybersecurity staff whilst concomitantly trying to lure staff
from other companies to join them.
Not to mentioned that if you start a career in cybersecurity, you’d be working for the good
guys! Every day is a battle trying to protect people and companies from malicious threats. If you
talk to any cybersecurity professional, they’ll tell you that nothing beats the satisfaction they
get from applying their professional skills both at work and at home.

The NICE Framework Overview

The National Institution of Standards and Technology (or NIST) in USA, have created the
National Initiative for Cybersecurity Education, NICE Framework, to provide a set of building
blocks for describing cybersecurity work, skills and tasks.
It provides a standardised way of thinking and talking about cybersecurity work, in a time
where we need a far greater awareness of cybersecurity and far more cybersecurity experts
working within the industry. The framework allows smoother communication between
government, private sector and academia and is intended to have a positive impact on the
current workforce shortage in the cybersecurity sector.
The framework also aims to standardise cybersecurity training programs, as there are many
options for trainings, however, little consistency in the topics covered and delivery styles. In a
similar manner, the framework helps with cybersecurity career development as there are many
programs available, but they are uncoordinated and the resources that do exist are difficult to
find.

NICE Stakeholders and Leadership

NICE Cybersecurity Workforce Framework Overview
Within the NICE Framework, there is the Cybersecurity Workforce Framework which
establishes a taxonomy and common lexicon to detail the different types cybersecurity work
and workers, regardless of where, or for whom, the work is performed. It outlines 31 functional
work specialties within cybersecurity and is the foundation of the entire NICE effort.
AustCyber provide an interactive way for you to explore the NICE Workforce Framework’s
different work roles in cybersecurity, and their related knowledge, skills, abilities (KSAs) and
tasks.

Let’s have a look at the Workforce Framework now.

• At the top there are seven (7) high-level categories of work to explore. These are the
common cybersecurity functions and clicking on one of the seven will filter the next
level to only the cybersecurity areas related to that category.
• There are a number of distinct specialty roles within each cybersecurity area. By
selecting one, the work roles on the right will be filtered further to that specific
specialty.
• By selecting an individual role, a Role Profile will be displayed below, allowing you to
explore the detailed KSAs to perform Tasks for that role. You can also click the ‘Print to
PDF’ button to create a Role Profile in pdf document which can be saved electronically
or printed for future reference.

Label Definition Relationship

Cybersecurity A generalized grouping of specialty areas Can have one or more unique
Category specialty areas associated with a
category
 Specialty Area Defines specific areas of specialty within the Belongs to one and only one
(SA) cybersecurity domain cybersecurity category

Can have any number of unique

tasks and KSAs associated with it
Competency A measurable pattern of knowledge, skills, One or more KSAs are assigned
abilities, or other characteristics that individuals to each competency
need to succeed and that can be shown to
differentiate performance.
KSA Defines a specific knowledge, skill, ability. Assigned to one or more
specialty areas •Each KSA has
exactly one competency
associated with it
Task Defines a specific task. Each task has no competency
association

Feel free to explore the interactive framework through the link below whilst we take you
through some of the key categories, roles and tasks.
https://www.austcyber.com/resources/dashboards/NICE-workforce-framework
Categories overview
As mentioned, there are seven categories in the NICE Workforce Framework. Each of these and
their definitions are as follows:

Securely Specialty areas concerned with conceptualizing, designing, and building secure
Provision IT systems.
Specialty areas responsible for providing the support, administration, and
Operate and
maintenance necessary to ensure effective and efficient IT system performance
Maintain
and security.
Protect and Specialty area responsible for the identification, analysis and mitigation of
Defend threats to IT systems and networks.
Specialty areas responsible for the investigation of cyber events or crimes
Investigate
which occur within IT Systems and networks.
Specialty areas responsible for the highly specialized and largely classified
Operate and
collection of cybersecurity information that may be used to develop
Collect
intelligence.
Specialty area responsible for highly specialized and largely classified review
Analyze
and evaluation of incoming cybersecurity information.
Specialty areas that provide critical support so that others may effectively
Support
conduct their cybersecurity work.

Specialty Area Overview

Within the seven (7) high-level categories are 31 specialty areas.

Securely Provision Protect and Defend

Systems Requirements Planning Systems Vulnerability Assessment and
Development Management Incident Response
Software Engineering Computer Network Defense
Enterprise Architecture Security Program Management
Test and Evaluation Computer Network Defense
Technology Demonstration Information Infrastructure Support
Assurance Compliance
Investigate
Investigation Digital Forensics
 Operate and Maintain
System Administration
Network Services
Systems Security Analysis Operate and Collect
Customer Service and Technical Support Collection Operations Cyber
Data Administration Operations Planning Cyber
Knowledge Management Operations
Information Systems Security Management

Support Analyze
Legal Advice and Advocacy Cyber Threat Analysis Exploitation
Education and Training Analysis Targets
Strategic Planning and Policy Development All Source Intelligence

Pause this video now and take a moment to navigate around the interactive framework in the
link below. Have a think about what specialty areas might be of interest to you, however, do be
aware that as you learn more about the cybersecurity industry, you may find that what appeals
to you drastically changes. You may also find that your specific skills are more appropriate to
certain specialties you didn’t first consider.
https://www.austcyber.com/resources/dashboards/NICE-workforce-framework

Corporate Cybersecurity Team Structures

Cybersecurity teams within companies adopt a military-esque approach to cyber defence
through the utilization of teams with differently allocated motivations. Notable teams include
Red Teams, Blue Teams, Purple Teams, Security Ops Centres, and Threat Intelligence. Let’s take
a closer look at these now.

BLUE TEAM: is a group of analysts and engineers responsible for the defence of an organisation
from cyber-attacks through a combination of threat prevention, deception, detection and
response. A malicious actor has potentially unlimited resources and only has to find one
weakness to compromise an organisation. Blue teams are faced with the exciting challenge of
using what they already have and what they can get to protect their organisation.

RED TEAM: in contrast, is a group of offensively-minded cybersecurity professionals who

utilise real-life adversarial techniques to identify and address vulnerabilities across
infrastructure, systems and applications, as well as weaknesses in processes and human
behaviour. This process is call penetration testing, or pentesting. Essentially, they either try to
compromise their own company’s systems, or are contracted by a company to try and
compromise that company’s system. The best Red Teams in the work utilize state-of-the-art
techniques to stress test a system, and don’t share their methods with anyone.
PURPLE TEAM: purple teaming is the joint approach. Rather than having dedicated blue team
practices that concentrate solely on defence, and dedicated red teaming that concentrate solely
on offence, a company might implement purple teaming where both blue and red work closely
together through drills.
This is traditionally in one-off focused engagements; however, an alternative method is to
approach purple teaming as more of a conceptual framework that establishes permanent
collaboration between both blue and red teams. This means that purple teaming may include
individuals who take part in both blue/red activities or swap between them.

SECURITY OPS CENTRES: known as SOCs are the collective term for all components of a
company’s cybersecurity team and is a part of the blue team. They act as the intelligence hub of
a company, gathering real-time data relating to an organisation’s people, networks, servers and
other digital assets.

They are responsible for monitoring and analysing an organisation’s security posture on an
ongoing basis. They utilize a combination of technological solutions and policy-driven
approaches to detect, analyse and respond to security issues. Essentially, they are responsible for
the ongoing, operational component of information security, rather than for developing
security strategy or architecture.

THREAT INTELLIGENCE: is the forwards facing, predictive element of cybersecurity. Threat

Intelligence teams collect and analyse data in order to attempt to understand a threat actor’s
motives, and subsequently implement data-driven proactive measures in preventing attacks
from occurring. Threat intelligence give insights into the unknown, optimizes prevention and
detection capabilities of the SOC, advances security strategy and is of benefit to all parts of an
organisation’s cybersecurity department.

The remainder of this course will cover introductory level concepts for some key fundamentals
of the cybersecurity industry. We hope you enjoy!