1 |
Introduction
Careers and Roles in Cybersecurity (CyberPDX)
Principles and Approaches
Access Control and Authorization
|
|
|
|
2 |
Linux and Linux security
- Linux files, processes, and commands
- Linux users, groups, and permissions
|
|
|
|
3 |
Applied cryptography
- Encoding, Hash functions, Message Authentication Codes
- Symmetric, Asymmetric (Public-Key) encryption
- Digital signatures, Certificates, Key exchange protocols, Perfect Forward Secrecy
|
|
|
|
4 |
Authentication
- Password security, Multi-factor authentication, Passwordless authentication
- Zero-trust networks and continuous authentication
|
|
|
|
5 |
Network security I
- Data-link layer (802.11, WPA2, ARP)
- Network layer (IP, CIDR, NAT, firewalls and filtering, network segmentation, VPNs, whois, network intelligence)
|
|
|
|
6 |
Network security II
- Transport layer (TCP, TLS, certificate authorities and transparency, certificate revocation)
- Application layer: DNS security (DNS, DNSSEC, DoH, DoT, Oblivious DNS)
- Application layer: E-mail security (SMTP/IMAP/POP over TLS, DKIM, SPF, DMARC)
|
|
|
|
7 |
Host security
- Privilege escalation, TOCTOU, race conditions,Malicious code (worms, viruses, rootkits)
- IDS/IPS/EDR, signature detection, anomaly detection, blocklisting and allowlisting, host forensics
- Software signing, Virtualization and isolation techniques, File system backup and encryption
|
|
|
|
8 |
Software security
- Programming language and CPU security, Memory corruption, Canaries, ASLR, Return-oriented Programming
- Supply-chain and developer security, Shift-Left, SAST/DAST, Security as Code
|
|
|
|
9 |
User security
- User attacks (OSINT, Spam, Phishing, Business Email Compromise, Scams, Fraud)
- Privacy (Do-not-track, Right to forget, Browser profiles, Cookies and super-cookies)
- Anonymity (Tor, Onion services, Dark Web, SecureDrop, Signal and end-to-end encryption)
|
|
|
|
10 |
Frameworks, policy, and law
- Mitre Att&ck Framework, CIS controls
- Vulnerabilities Equity Process, Defend forward, Hacktivism, Lawful intercept
- Compliance (GDPR, PCI-DSS, HIPPA, COPPA)
- Surveillance issues (Lawful intercept, EARN-IT, Pegasus malware)
|
|
|
|