I’ve gone through the first unit of the Security+ study objectives thanks to the notorious Professor Messer’s notes and in depth videos. My goal is to take the exam in April, and the motivation stemmed from learning about the vast amount of tech roles available in the government tech space (GovTech). In addition to studying CS, it is fun learning how cybersecurity can be intertwined with the technicality of software engineering as I’m learning about operating systems on my spare time.
The motivation stemmed from coming across Symone B. Beez’s videos on YouTube, who has a really cool platform on guidance and growth in GovTech. Highly recommend her channel. One of her top advice is to get the Security+ while in school, because it is one of the best certifications at the entry level and one of the most sought after in the government space when looking to start out. A majority of prospects like myself expect to start in a big tech company, or even one of the big startups, but tech is such a universal sector, it’s important to keep a wide lens and an open mind especially with the benefits and outlook particularly in GovTech.
The first unit of Security+ covered a good portion of the cybersecurity fundamentals, here are some gems:
👾 The common malware:
- trojan horses: disguised as a useful application and once opened can be dangerous
- worms: able to reproduce themselves without the user having to open a program
- viruses: emitted when a user opens a suspicious program
👾 Social engineering attacks can occur in many ways:
- Authority: attacker takes an advantage of en employee by leveraging false authority
- Intimidation: attacker guilts an employee into performing an action
- Consensus: social proof/follow the herd
- Scarcity/Urgency: an attacker urges a victim to act in a quick manner or time will run out
- Familiarity/Trust: an attacker uses information to build trust with an employee or the attacker acts like they apart of the IT team
👾 Client/Server type attackes:
- Buffer overflows: attacker overloads forms on a website in order to retrieve critical data
- Cross-side scripting: attackers can leverage a scripting language like Javascript if inputs in a website are vulnerable to scripting
- Replay Attacks/Request Forgeries: strategies an attacker can use to intercept connections happening between a victim and the server. Attacker can replay a connection that a victim had with a server, or intercept credentials of a victim to perform request forgery to a server. Both of these attacks can be suppressed with TLS and HTTPS.