CYBERSECURITY: THE BEGINNER'S GUIDE E-Book

CYBERSECURITY: THE BEGINNER’S GUIDE

Second Edition

Understand the inner workings of cybersecurity and learn how experts keep us safe

Joshua Mason

CYBERSECURITY: THE BEGINNER’S GUIDE

Second Edition

Copyright © 2025 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Portfolio Director: Vijin Boricha

Relationship Lead: Niranjan Naikwadi

Project Manager: Gandhali Raut

Content Engineer: Shubhra Mayuri

Technical Editor: Arjun Varma

Copy Editor: Safis Editing

Indexer: Rekha Nair

Production Designer: Vijay Kamble

Growth Lead: Ankita Thakur

First published: May 2019

Second edition: September 2025

Production reference: 1180925

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK.

ISBN 978-1-83620-747-4

www.packtpub.com

Contributors

About the author

Joshua Mason is a cybersecurity expert with extensive experience in both military and civilian sectors. A former Air Force pilot turned cyberwarfare officer, he has trained thousands of personnel and led cybersecurity initiatives at national and enterprise levels. He co-authored the eJPTv2 certification, advises organizations ranging from start-ups to federal agencies, and serves as a solutions architect at Synack. Joshua is also the cofounder of Noob Village, a nonprofit dedicated to helping newcomers break into cybersecurity, the host of the podcast Simply Defensive, and a frequent conference speaker committed to making cybersecurity practical and accessible for all.

About the reviewer

Tomica Kaniški is an accomplished IT professional and technology enthusiast with extensive experience in data center technologies, networking, containers, and virtualization across on-premises and multi-cloud environments. In his current role as a cloud security architect at Atos, he partners with global enterprises in diverse industries to design and implement secure, resilient cloud solutions.

He holds numerous certifications from Microsoft, AWS, and Google Cloud, among others, and is passionate about continuous learning and knowledge sharing. His contributions to the global IT community through conferences, training, and publications have earned him multiple recognitions, including Microsoft MVP and Cisco Champion awards.

Tomica is currently expanding his focus into AI security, reflecting his commitment to staying ahead in emerging technologies. Outside of work, he enjoys hiking, reading, and photography—and occasionally moonlights as a rockstar in training.

Preface

Cybersecurity is a fascinating field, full of brilliant people solving complex problems and protecting the systems we all rely on. One thing I’ve learned, though, is that the ideas behind cybersecurity are not always as mysterious as they first appear. Often, people outside the field understand the concepts more than they realize—they just don’t have the technical language to describe them in the way experts do.

This book is written to bridge that gap. It doesn’t matter your age, background, or education level—if you are new to cybersecurity and interested in learning more, this book is for you. The explanations are designed to be approachable, offering a strong foundation that anyone can build upon. Experts may recognize that some details are simplified, just as scientists know that introductory science courses provide the building blocks for more advanced study. Both perspectives are valuable: a clear foundation builds confidence for newcomers, while deeper exploration satisfies specialists.

Along the way, we’ll use stories, analogies, and real-world examples to make the subject memorable and practical. You’ll see how cybersecurity connects to your daily life, why it matters at every level of society, and how learning even the basics can change the way you interact with technology.

My goal is to make cybersecurity accessible, engaging, and inspiring. By the end of this journey, you’ll not only have grasped the fundamentals but also feel empowered to keep learning, to ask questions without hesitation, and to see yourself as part of the broader story of digital protection.

Who this book is for

This book is designed for anyone who has ever felt curious about cybersecurity but is unsure where to begin. You don’t need a technical background; all you need is a willingness to learn.

It will be especially valuable to the following people:

Above all, this book is for anyone who wants to cut through the jargon, gain practical knowledge, and discover how cybersecurity can open doors to both personal confidence and professional success.

What this book covers

Chapter 1, The Cybersecurity Landscape: A World of Hidden Dangers and Exciting Opportunities, introduces the world of cybersecurity, from ancient stories about guarding knowledge to modern-day cyberattacks. You’ll learn why protecting information matters, explore real-world examples of breaches, and meet the professionals who keep our digital lives safe.

Chapter 2, Decoding the Cyber Lexicon: A Beginner’s Guide to Essential Terminology, demystifies cybersecurity jargon and introduces the core principles of the field. Through stories and analogies, you’ll gain the vocabulary and context you need to follow cybersecurity discussions confidently.

Chapter 3, The Anatomy of a Cyberattack: Unraveling the Tactics and Motives of Cybercriminals, explores how attackers operate, what motivates them, and the frameworks defenders use to understand their methods. By the end, you’ll recognize common attack stages and techniques and why they matter.

Chapter 4, Defending the Digital Fortress: Understanding the Layers of Cybersecurity Protection, covers the “defense in depth” approach to security, showing how technical, administrative, and physical defenses work together. You’ll also learn the basics of risk management and threat modeling.

Chapter 5, The Human Factor: Why People Are the Key to Success in Cybersecurity, highlights the role people play in security, from social engineering attacks to building strong organizational cultures. You’ll see why training, awareness, and human behavior are as critical as firewalls or encryption.

Chapter 6, Emerging Threats on the Horizon: AI/ML, Quantum Computing, and the Future of Cybersecurity, looks ahead to the technologies reshaping cybersecurity. You’ll explore how artificial intelligence, machine learning, and quantum computing create both new defenses and new dangers.

Chapter 7, The Cybersecurity Career Landscape: A Map of Diverse Opportunities, maps out the wide range of careers in cybersecurity, from entry-level analyst to CISO. You’ll see how creativity, communication, and curiosity are just as valuable as technical skills in this field.

Chapter 8, Leveling Up Your Skills: Building a Cybersecurity Toolkit for Success, focuses on the skills and certifications that help you grow in the field. You’ll learn practical steps to strengthen your technical foundation and keep pace with a constantly changing industry.

Chapter 9, Your Cybersecurity Journey Begins: Taking the Next Steps Toward a Rewarding Career, guides you in charting your personal path into cybersecurity. From networking and mentorship to resumes and interviews, this chapter gives you the tools to break in and thrive.

Chapter 10, Unleashing Your Inner Hacker: Exploring Cybersecurity Tools and Techniques, introduces hands-on tools and techniques you can try yourself. You’ll learn how to safely experiment with cybersecurity, test your own systems, and start thinking like an attacker to become a stronger defender.

Chapter 11, Open Source Intelligence (OSINT): Uncovering Information Like a Spy, shows how to gather publicly available information for security purposes. You’ll practice OSINT techniques that professionals use to investigate threats, understand adversaries, and protect organizations.

Chapter 12, Web Application Pentesting: Finding and Fixing Flaws, explains how web applications are tested for vulnerabilities. You’ll explore common flaws, such as SQL injection and cross-site scripting, and see how ethical hackers help organizations secure their systems.

Chapter 13, Cybersecurity as a Superpower: Applying Your Skills to Make a Difference, concludes by showing how cybersecurity skills can be used beyond a job. You’ll see how to apply what you’ve learned to protect your community, influence positive change, and continue growing as a digital guardian.

To get the most out of this book

Download the example code files

The code bundle for the book is hosted on GitHub at https://github.com/PacktPublishing/Cybersecurity-The-Beginner-s-Guide. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and X handles. For example: “It’s the Linux equivalent of tasklist, showing what’s active in the system”.

A block of code is set as follows:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see on the screen. For instance, words in menus or dialog boxes appear in the text like this. For example: “In cybersecurity, we often need to move quickly, work across networks, or operate without a full desktop interface. That’s where the command-line interface (CLI) comes in.”

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book or have any general feedback, please email us at [email protected] and mention the book’s title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you reported this to us. Please visit http://www.packt.com/submit-errata, click Submit Errata, and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit http://authors.packt.com/.

Share your thoughts

Once you’ve read CYBERSECURITY: THE BEGINNER’S GUIDE, Second Edition, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Stay Relevant in a Rapidly Changing Cybersecurity World – Join Thousands of SecPro Subscribers

_secpro is the trusted weekly newsletter for cybersecurity professionals who want to stay informed about real-world threats, cutting-edge research, and actionable defensive strategies.

Each issue delivers high-signal, expert insights on topics like:

Whether you’re a penetration tester, SOC analyst, security engineer, or CISO, _secpro keeps you ahead of the latest developments — no fluff, just real answers that matter.

Subscribe now to _secpro for free and get expert cybersecurity insights straight to your inbox.

1

The Cybersecurity Landscape: A World of Hidden Dangers and Exciting Opportunities

Imagine waking up to find your bank account drained, your private emails leaked, or your company’s sensitive data held for ransom. In our hyper-connected world, these aren’t just plot points for a thriller—they’re real threats we face daily. Welcome to the world of cybersecurity, where digital guardians work tirelessly behind the scenes to protect our online lives. In this chapter, we’ll explore why cybersecurity matters, examine real-world cyberattacks, and introduce you to the unsung heroes who keep our digital world safe.

By the end of this chapter, you will have a profound respect for the real threats posed by cyberattacks and the heroic efforts of professionals in this space who combat those threats, allowing us to utilize technology safely.

We’re going to cover the following topics:

Getting the most out of this book – get to know your free benefits

Unlock exclusive free benefits that come with your purchase, thoughtfully crafted to supercharge your learning journey and help you learn without limits.

Here’s a quick overview of what you get with this book:

Next-gen reader

Interactive AI assistant (beta)

DRM-free PDF or ePub version

Understanding why cybersecurity matters

Information has always been a powerful tool—so powerful that entire civilizations have built their survival around controlling who gets access to it. From the beginning of human history, secrets have been guarded, and knowledge has been withheld to maintain power, protect communities, and advance society. Today, this struggle to protect and restrict access to information continues in the form of cybersecurity.

The eternal struggle to protect knowledge has been a constant theme throughout history. From the biblical story of Adam and Eve to the modern-day encryption methods used in cybersecurity, the desire to control and protect knowledge has shaped our societies and technologies.

Unveiling the ancient roots of cybersecurity

Let’s journey through time and across cultures to see how deeply rooted this concept of guarding knowledge is.

In the Judeo-Christian tradition, the knowledge of good and evil was hidden from Adam and Eve in the fruit of the forbidden tree. God’s desire to prevent access to this powerful information shows us that even at the dawn of humanity, there was an understanding that some knowledge needed to be protected for the good of all. We will revisit this story when discussing controls, incident response, and post-incident policy changes.

Across the Mediterranean, the ancient Greeks told the story of Zeus keeping the secret of fire on top of Mount Olympus, out of humanity’s reach. Prometheus, who crafted humans from the spit of Zeus and the soil of Gaia, stole fire from Olympus and delivered it to humans. This was a dangerous act in the eyes of Zeus because with fire came technology, creativity, and power, making humans too godlike, essentially giving them access to knowledge that they did not know how to handle. Zeus sentenced Prometheus to be chained to a rock and have his liver eaten by a hawk every day, healing every night, since he was a Titan, until the bird was destroyed by Heracles (or Hercules).

Prometheus’ theft of fire from the gods represents unauthorized access to powerful knowledge that can be misused. This can be compared to modern insider threats. In 2019, a former employee of Capital One used their inside knowledge to exploit a misconfiguration, leading to a data breach affecting over 100 million customers. Capital One claimed that their Vulnerability Disclosure Program (VDP) made them aware of an exploitable vulnerability in their system. While following up on this vulnerability, the Capital One team discovered that the vulnerability did lead to an attacker exploiting their system and stealing customer data.

In ancient China, the formula for silk production was one of the most closely guarded secrets for centuries. The Chinese monopoly on silk allowed them to control a vital part of the world’s economy. This “information advantage” is similar to how companies today keep their algorithms, processes, and intellectual property under lock and key, both physically and digitally, to maintain their competitive edge in the market.

Even the ancient Indian Vedas, sacred texts of spiritual and philosophical knowledge, were orally passed down only to select individuals who were deemed to have the proper understanding and capability to handle such powerful insights, preserving the integrity and authority of that knowledge.

As societies evolved, the need to protect information became a matter of national security. Think of Sun Tzu’s The Art of War, which emphasizes that knowledge of your enemy and yourself is critical to victory. The practice of espionage, from ancient dynasties to modern intelligence agencies, has always revolved around stealing or protecting knowledge. In medieval Islamic culture, scholars protected critical scientific and philosophical works using encryption, creating ciphers that guarded their intellectual property. This was one of the earliest uses of cryptography.

This continues throughout modern history: during World War II, the Navajo Code Talkers used their native language to encrypt US military communications, making it impossible for enemies to decipher their messages. At the same time, the Enigma machine, a German encryption device, was being used to secure military communications. The British effort to crack Enigma at Bletchley Park remains one of the most famous examples of how the ability to access or block information can alter the course of history.

These examples highlight a fundamental truth: the need to protect knowledge is not new. What has changed is the sheer scale of information and the sophisticated tools we employ to safeguard it. What once required codes, spies, and secret agents now demands firewalls, encryption algorithms, and cybersecurity professionals. While the methods and tools may have evolved from code-breaking machines and spies to encryption algorithms and cybersecurity teams, the underlying goal remains unchanged: to control access to information and protect it from those who misuse it.

Bridging the past to the digital present

As we move into the 20th century, the need to protect information becomes increasingly tied to technology. The rapid advancement of industrial, military, and communication technologies requires new methods of securing knowledge. Cryptography, once a manual art, became a field dominated by machines and computers. Securing information took on new dimensions during the Cold War of the mid-20th century. Governments and militaries realized that control over communication and information would be pivotal to their success, in addition to protecting against physical threats. The development of the Advanced Research Projects Agency Network (ARPANET) in the late 1960s marked the beginning of the modern internet. Initially designed for academic institutions and the US military to communicate, the system focused on resilience and security from external threats. Only a few entities, mainly governments, universities, and defense organizations, had access to this early internet. It was a tool for the privileged few—those responsible for protecting nations or pushing the boundaries of scientific discovery.

The network expanded in the 1970s and 1980s, connecting more universities and research institutions. With this growth came a heightened awareness of safeguarding sensitive information. However, the internet remained primarily a tool for academia and the military, far removed from ordinary people’s everyday lives.

By the 1990s, everything had changed. The internet was opened to the public, and what had been a tightly controlled tool for military and academic use became a global phenomenon. Governments, businesses, and individuals were suddenly sharing and storing information worldwide. While the ability to communicate globally created immense opportunities, it also introduced new risks.

Cybersecurity, as we know it today, began to take shape during this period. The rise of personal computers, followed by the dot-com boom, brought millions online. At the same time, threats emerged—from the first viruses and worms to email phishing scams. Organizations and individuals alike were suddenly vulnerable to attacks that didn’t require physical access but could be carried out worldwide with the click of a button.

Hacker culture also rose to prominence in the late 1990s and early 2000s. What had been a community of curious tech enthusiasts grew into a much broader underground movement. Some hackers sought to expose vulnerabilities for fun or challenge, while others did so for financial gain or political motives. The infamous Melissa virus in 1999 and the I Love You virus in 2000 infected millions of computers via separate email attachments that automatically emailed others in a contact list, waking the world up to the dangers of the internet age.

The explosion of connectivity: The past 20–30 years

In the past 20–30 years, the internet has expanded exponentially. What started as a handful of connected computers in the 1960s is a global network that touches nearly every aspect of life. The internet is no longer just for academics, scientists, or businesses. It’s for everyone—no matter where they are in the world. Children in remote villages watch the same cartoons as kids in bustling cities. People across continents speak different languages but interact in the same digital space—thanks to the internet’s vast reach, made possible by fiber-optic cables running under oceans and cell towers scattered across every corner of the globe.

Smartphones, Wi-Fi, and globalized content now connect billions of people. Every home, business, and public space has become a hub of digital activity. The devices we carry—smartphones, tablets, and laptops—are all interconnected, exchanging data over wireless networks, satellite signals, and cables in the air, underground, and even underwater.

This interconnectedness causes an exponential rise in security challenges. From social media accounts being hacked to massive data breaches exposing the personal information of millions, we have entered a new age of cyber threats. The explosion of online shopping, cloud storage, and remote work means that both individuals and corporations are at risk, and the scale of these threats has grown beyond anything that could have been imagined just a few decades ago.

As of today, data is the new currency. In this digital age, the data we produce—our social media activity, personal emails, banking information, or even our movements tracked by fitness apps—can be as valuable as money. Attackers no longer just want to steal passwords or credit card numbers. They’re after everything: medical records, proprietary corporate secrets, and even state secrets.

The rise of Artificial Intelligence (AI) and big data analytics has further complicated the cybersecurity landscape. On one hand, AI tools are being developed to help detect and prevent cyberattacks, automating scanning for vulnerabilities. On the other hand, cybercriminals are leveraging the same technology to launch more sophisticated attacks, using machine learning to find weaknesses in systems faster than ever before.

The past century saw the internet transform from a military tool to a commercial one and now to a fully integrated global resource. Today, the fight to protect information doesn’t take place in physical vaults or war rooms; it happens in data centers, on servers, and within cloud infrastructure. The battlefield is digital, and everyone is a potential target.

But the need to protect that information, whether it’s the private details of your emails or the critical data that runs national infrastructure, is the same as it’s always been. Just as past empires protected trade routes and scientific knowledge, today’s governments, corporations, and individuals must protect their data and digital identities.

Moving deeper into this chapter, we will examine specific examples of cyberattacks, their real-world consequences, and what modern cybersecurity professionals are doing to fight back. Whether preventing state-sponsored cyber warfare, stopping criminal enterprises from siphoning money from corporations, or keeping your data safe, cybersecurity has never been more critical.

Modern vulnerabilities

In the digital world, vulnerabilities are like cracks in a wall—weak spots in software, systems, or networks that can be exploited to get through by means other than those intended. These weaknesses can enable someone to bypass security measures, access information, or disrupt normal operations. Just as a structural crack in a building can lead to more significant problems if not repaired, digital vulnerabilities can lead to substantial risks if left unaddressed.

Every technology we use—our smartphones, computers, and the websites we visit—operates based on rules and processes designed by the people who created it. These rules tell the system how to behave, protect data, and interact with other systems. However, sometimes, gaps or errors in these rules form. When that happens, vulnerabilities form, creating unintended ways for someone to access information or functions that are supposed to be secure.

Common vulnerabilities: Everyday examples

Understanding vulnerabilities doesn’t have to be complicated. Let’s examine some simple, everyday examples of vulnerabilities and how they can be used to access systems in unintended ways. Vulnerabilities can exist for a variety of reasons:

These vulnerabilities manifest in various ways, often with severe consequences. Let’s explore some common types of vulnerabilities through real-world examples that demonstrate the high stakes of cybersecurity in action.

Weak passwords: The unlocked door

Imagine your front door is protected by a lock, but instead of using a strong key, you use 12345 as the code; it won’t do much to stop anyone! The movie Space Balls presents this situation in a comedic turn of events, with one character saying, “That’s the kind of thing an idiot would have on his luggage!” (https://youtu.be/a6iW-8xPw3k?si=lQcQGyg3SKFbUUOy). Police report that most larceny from vehicles occurs because the car is left unlocked and unattended. We will discuss how to avoid this problem in later chapters. Further, many people reuse the same password for many different websites. Unfortunately, so many credentials have been leaked in the past that the combination of your username, email address, and password is available for anyone who knows where to look. We will also address how to find this later in Chapter 11, Open-Source Intelligence (OSINT): Uncovering Information Like a Spy.

Password reuse and weak passwords led to the 2021 Colonial Pipeline Company ransomware attack. The company reacted to the attack by shutting down its pipeline, leading to panic-buying, which caused gas shortages in the Southeastern US. Colonial Pipeline paid the ransom, and while the FBI recovered most of the cryptocurrency, the more significant loss that occurred was due to a loss of business and a drop in stock price due to the company’s handling of the incident.

Outdated software: The festering wound

Imagine you have an injury that is left untreated. The lack of proactive treatment could lead to infection and bigger problems. Not updating your software is similar. While some software updates are rolled out to fix annoying bugs or improve features, the most critical updates occur because of security flaws that were identified and fixed. Now, it is the user’s responsibility to update their computer with the latest version offered by the software developer and ensure effective protection of their data.

In 2022, a system administrator’s personal computer for the software company LastPass was infected because it was hosting an out-of-date version of the Plex video hosting software. Attackers hijacked the administrator’s credentials. With these credentials, attackers accessed the LastPass database and stole thousands of customer records. Due to the event, LastPass saw a massive hit to its stock and a loss of customers.

The consequence of leaving software outdated is further highlighted in the 2017 Equifax attack. Equifax utilized a fairly common website software called Apache Struts. Apache became aware of a vulnerability in its software and told users to install the update promptly, if not immediately. Equifax became a victim of a group hunting for this exact Apache Struts vulnerability in large companies. The vulnerability was easily attacked through the Equifax website, and attackers got in and wreaked havoc on other unpatched systems. By the time Equifax was able to remove attackers and seal up their environment, over 140 million customers had been affected. Many of those affected did not even know they were Equifax customers. Because Equifax is a credit bureau, its customers are anyone who has or may ever want to utilize credit. Lawsuits, fines, and market conditions resulting from the incident have cost Equifax over $1.3 billion.

Overcomplexity: The enemy of security

In Greek mythology, King Minos of Crete had Daedalus design a labyrinth to be a prison for his enemies and a home for his wife’s son, the Minotaur. The labyrinth was so complex that even Daedalus could not give Theseus the secret to successfully make it through the maze. However, Princess Ariadne gave Theseus a simple solution: a ball of string. By tying one end at the entrance and unraveling it as he walked, Theseus would always know the way back to the exit. Just like the labyrinth, modern systems can be very complex, but the vulnerabilities can still be simple. A simple, overlooked weakness can lead to a serious security risk.

A great example of this is the MGM Resorts attack of 2023. The attackers found details for one of the system administrators and used a relatively simple method to gain access. They called tech support and intimidated them into resetting the administrator’s passwords by pretending to be the administrator and claiming they would get the tech support technician in trouble if they didn’t help them. This methodology is called social engineering, and we will cover more details of that in Chapter 5, The Human Factor: Why People Are the Key to Success in Cybersecurity In the end, the attacker convinced tech support to change the password and bypass multi-factor authentication, which we will also explain later. The attack cost MGM Resorts over $100 million, including $10 million in one-time consulting cleanup fees.

A similar event occurred at Uber in 2022. An attacker convinced technical support to give the attacker the username and password to log in with high-level access. Fortunately for Uber, this attacker was not interested in money or malice and had participated in this attack for the thrill. Had the attacker been motivated by financial gain, they would have been able to shut down the company for days, if not longer.

Having all the guards, locks, and sensors is fine and dandy. But when you walk the attacker right into the vault and hand them the keychain for all of the safes, the rest doesn’t matter. The concept of social engineering will be discussed in detail later in this book. It can be the most powerful tool in an attacker’s arsenal.

Insider threat: The classic folly

A few of the examples from early in this chapter—the Garden of Eden, Prometheus, and Ariadne and the labyrinth—illustrate those who have access or knowledge of a system either taking advantage of that knowledge themselves or sharing it with another. In cybersecurity, this is a form of insider threat attack. Other forms of the attack are less malicious or malevolent but can still harm the organization, including accidents and negligence. Some examples we have shared might fall under multiple types of vulnerability or attack.

An expensive example of an insider threat attack was the 2019 Capital One data breach. A former employee knew of a misconfiguration in a web application security feature. After leaving the company, the former employee broke back in using that known flaw and exposed the personal information of over 100 million customers and applicants.

At a water treatment facility in Ellsworth County, Kansas, in 2019, a former employee remotely accessed the plant and attempted to shut down the facility’s cleaning and disinfecting processes, which are crucial for providing clean water to the public. After the attacker was fired, they retained credentials (username and password) to access the facility’s control systems remotely. Proper access control methods, personnel onboarding, and offboarding procedures could have prevented this and several other incidents we have discussed. We will explain all of that in more detail in the upcoming chapters.

In 2019, a rogue employee leaked the personal data of 9.7 million Canadian credit union Desjardins Group customers. The employee exported sensitive data over time and sold it to third parties. Similarly, if we look at the cases of Edward Snowden in 2013, Chelsea Manning in 2010, and Harold T. Martin III between 1996 and 2016, we see that many insider threat actors work slowly and operate over a long period before they are caught or complete their attack. In these three cases, government contractors and a military intelligence analyst gained access to sensitive data, removed it from proper storage, and either released it to the public or stored it insecurely in their homes.

Notable cybersecurity events

The history of significant cyberattacks stretches back decades. Let’s briefly examine some landmark events shaping the cybersecurity landscape.

In 1988, the Morris worm, one of the first recognized computer worms, caused widespread disruption across the internet by slowing or halting over 6,000 computers, roughly 10% of the computers at the time. This incident led to the formation of the first Computer Emergency Response Team (CERT), shaping early cybersecurity practices and demonstrating how a single vulnerability could have far-reaching consequences.

The global nature of cyber threats was starkly demonstrated by the WannaCry ransomware attack in 2017. This attack affected over 200,000 computers across 150 countries in several days. It particularly impacted healthcare organizations, including the UK’s National Health Service.

The involvement of nation-states in cyberattacks has raised the stakes even further. In 2020, the SolarWinds supply chain attack, attributed to Russian state-sponsored actors, compromised numerous US government agencies and major corporations. The attackers accessed many high-value targets by inserting malicious code into a widely used software product. This incident showcased how cyberattacks can be sophisticated tools of espionage and geopolitical conflict, blurring the lines between cybercrime and cyber warfare.

In 2010, a sophisticated cyber weapon known as Stuxnet was discovered. This malware specifically targeted industrial control systems and reportedly caused physical damage to Iran’s nuclear program. Stuxnet demonstrated that cyberattacks could cross the boundary from the digital world to cause tangible, physical damage to infrastructure.

All the cases that have been covered highlight the importance of timely software updates, without which attacks with consequences ranging from financial losses to life-threatening situations might occur.

We understand that these examples may have aroused concern and suspicion in our dear readers. In cybersecurity, we present the facts not to incite fear or doubt, but to foster a clear understanding of the challenges at hand and to provide context for both offensive and defensive strategies. With that intent, we will now discuss the professionals working tirelessly to secure the digital civilization.

Meet the heroes: Cybersecurity professionals and their roles

Cybersecurity often conjures images of lone hackers in dimly lit rooms wearing dark hoodies, waging digital wars against unseen adversaries. The truth is far more nuanced. Cybersecurity is a vast and dynamic field, demanding diverse talents and skills. Cybersecurity professionals work collaboratively to defend our digital world, safeguarding personal information and protecting critical infrastructure. As we’ve seen, the need to protect information has been a constant throughout history. However, just as the methods of storing and sharing information have evolved, so have the roles of those who protect it. Today’s cybersecurity professionals are the modern-day guardians of our digital realm, each playing a unique part in keeping our information safe.

Let’s look at some of these roles; you might notice that they echo some historical examples we’ve discussed.

The SOC: Incident responders and security analysts

At the heart of most organizations’ cybersecurity efforts is the Security Operations Center (SOC). If you imagine cybersecurity as a battlefield, the SOC is the command center, and itssoldiers are the incident responders and security analysts. These professionals are on the front lines, monitoring for threats, identifying attacks, and responding quickly to mitigate the damage when things go wrong.

Incident responders: The cyber first responders

When a cybersecurity incident occurs—whether it’s a ransomware attack, a data breach, or a malicious insider—incident responders are the ones who spring into action. When Prometheus stole fire from Olympus, this is who Zeus would have called on to contain the situation. Their job is similar to that of emergency responders in the physical world: the moment an alarm goes off, they assess the situation, limit the damage, and restore things to normal as quickly as possible.

Incident responders operate in a constant state of readiness. Their work involves containment and recovery—figuring out how the breach happened, how far it has spread, whether it is over, how to end it, and how to prevent it from happening again. They gather digital evidence, create reports, and sometimes directly negotiate and interact with the attackers. These personnel can sometimes have the least stability in their workload as they travel to company or client locations on short notice. It’s a fast-paced role that demands technical expertise and the ability to remain calm under pressure.

Security analysts: The sentinels of the SOC

While incident responders are like digital firefighters, security analysts are like guards standing watch. They spend their days and nights in the SOC, using various tools and technologies to monitor the network and system traffic. Remember the guardians of the silk-making secret in ancient China? Security analysts are their modern counterparts. Security analysts look for signs of suspicious activity—something as small as an unusual login or an unexpected spike in network traffic could be the first sign of an attack. They are also qualified to handle minor emergencies. Think about how someone who knows how to operate a fire extinguisher removes the need to bring in the whole fire department.

The job of a security analyst often involves looking for patterns—recognizing when something deviates from the norm. They are trained to sift through endless data streams and spot the needle in the haystack, the anomaly that might be the first indication of a more significant problem. When they find it, they decide whether to handle it, pass it to higher levels of support, or call in the incident response team.

Security analysts play a vital role in an organization’s ability to be proactive rather than reactive about cybersecurity. Identifying potential threats before they become incidents helps keep the organization safe from attacks that could disrupt operations or compromise data. That is the role of the red team, which is discussed next.

The red team: Playing the attackers to help the defenders

Naming conventions and terms in the cybersecurity field tend to originate from the US government and military. The term “red team” is no exception. The term “red team” is often given to those tasked with thinking like the enemy in a given scenario. The RAND Corporation, a government think tank, utilized a red team while creating simulations for the US during the Cold War. The researchers colored Russian forces in red and American troops in blue.

This technique has been utilized repeatedly by military planners and during exercises since then. It is utilized in cybersecurity in a similar way; the cybersecurity red team thinks and acts like actual attackers. Sitting and waiting for an attack to occur is a surefire way of getting caught by surprise. A crucial part of proper preparation and planning pertains to providing premeditated precautions that are implemented proactively. Like the concept of know thy enemy proposed by Sun Tzu in The Art of War, if we know how an attack occurs, we can set up effective defenses.

The most common red team role in cybersecurity is the penetration tester.

Penetration testers: The ethical attackers

If incident responders and security analysts are the defenders, penetration testers (or pentesters) are the attackers. The critical difference is that pentesters work for the defenders. Penetration testing is about acting like the enemy, trying to break into systems as an attacker might. Think of these as the Trojan horse builders of the cybersecurity world, but on the good side. Pentesters simulate real-world attacks to find weaknesses in an organization’s defenses before someone else does.

Pentesters start by planning the attack. They might target a specific web application, a corporate network, or even the employees themselves (through social engineering tactics such as phishing emails). The goal is to probe for vulnerabilities—weak passwords, unpatched software, or open ports—and see how far they can get before they are stopped or caught.

Once they find a way in, they’ll document their steps and report back to the organization, showing exactly how they got access, what they could do with that access, and how to fix the problem. Their job isn’t to cause harm but to highlight the gaps in security and help organizations shore up their defenses.

To further have a good understanding of the landscape of cybersecurity roles, looking at how the industry categorizes them is helpful. The National Institute of Standards and Technology (NIST) has developed the National Initiative for Cybersecurity Education Workforce Framework (NICE Framework), which provides a common language for describing cybersecurity work. The next section discusses this framework.

NIST NICE Framework: A baseline for discussion

While incident responders, security analysts, and pentesters may be the most well known, there are many more roles within the profession. There is a group that focuses on building secure systems from scratch. This is where the Securely Provision category of the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Workforce Framework fits into the picture. You can visit the link here for more information: https://niccs.cisa.gov/workforce-development/nice-framework.

The NIST NICE Framework focuses on the impact of a role rather than specific job titles. This means it’s less about what you’re called and more about what you do. So, one company might have a security analyst, while another has a threat intelligence specialist—both could be doing similar work under the NICE Framework. Some organizations may have employees fulfilling multiple roles, and others may have whole departments of workers fulfilling a singular role. In this section, we will talk about the categories outlined by NIST NICE to provide you with a basic understanding of the field. We will cover the jobs in more depth in Chapter 7, The Cybersecurity Career Landscape: A Map of Diverse Opportunities.

Oversight and Governance: Setting the rules and managing the Strategy

At the higher levels of cybersecurity, the Oversight and Governance category focuses on leadership, governance, and compliance. These roles are concerned with setting policies, ensuring security measures are followed, and supporting business operations by advising on applicable regulations, industry best practices, and standards. This category in the NIST NICE Framework includes 16 work roles, and several are not tied to jobs limited to the IT and cybersecurity job market. They include Communications Security (COMSEC) Management, Cybersecurity Policy and Planning, Cybersecurity Workforce Management, Cybersecurity Curriculum Development, Cybersecurity Instruction, Cybersecurity Legal Advice, Executive Cybersecurity Leadership, Privacy Compliance, Product Support Management, Program Management, Secure Project Management, Security Control Assessment, Systems Authorization, Systems Security Management, Technology Portfolio Management, and Technology Program Auditing. Some of these roles are straightforward as they are known business world jobs with cybersecurity added. In this context, looking at a few specific jobs commonly responsible for the roles in this category may be more helpful.

Executive cybersecurity leadership – Chief Information Security Officer (CISO): The security strategist

The CISO is the highest-ranking security officer in an organization and is responsible for developing and implementing the organization’s overall cybersecurity strategy. The CISO oversees all aspects of cybersecurity, from incident response to long-term planning. They also play a crucial role in communicating security risks to senior leadership and ensuring cybersecurity remains a priority at the executive level. If Sun Tzu were alive today, he might well have been a CISO, strategizing the overall defense of an organization’s digital assets.

Much like their counterparts in the C-suite, the CISO considers the overall company objectives to prioritize security requirements and utilizes their knowledge and resources in the cybersecurity space to help the organization meet its goals. The better a CISO can communicate and cooperate with their counterparts, the greater their capabilities and impact.

Compliance officers and auditors: Ensuring adherence to standards and law

In today’s regulatory landscape, organizations must follow various cybersecurity and privacy standards and laws, from the European Union’s General Data Protection Regulation (GDPR) to industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Compliance officers and auditors ensure that the organization adheres to these requirements by correctly implementing controls that protect client or customer privacy. They work with legal teams, IT departments, and management to implement policies and procedures that keep the organization secure, with the double benefit of meeting compliance. These roles are not new to the business. The financial and accounting sectors have long featured similar roles. The same Certified Public Accountants (CPAs) who may audit financial records for government filings are also capable of completing cybersecurity audits that record the effectiveness of an organization in meeting its cybersecurity and privacy goals. These professionals ensure organizations follow the rules—consider them the modern equivalent of the guardians of ancient legal codes such as the Code of Hammurabi.

Design and Development: Security starts in the planning

This section will focus on the Design and Development category. This category includes Cybersecurity Architecture, Enterprise Architecture, Secure Software Development, Secure Systems Development, Software Security Assessment, Systems Requirements Planning, Systems Testing and Evaluation, and Technology Research and Development. The following subsections dig into a few specific roles in the category to give you a better idea of what the jobs that cover those roles may look like.

Security architects: The designers of digital defenses

Security architects are the masterminds behind an organization’s security infrastructure. They are responsible for designing and overseeing the implementation of security solutions, ensuring that systems are built with security in mind from day one. Much like the creators of the Enigma machine, but working to secure information rather than obscure it, security architects design an organization’s overall security infrastructure. A security architect’s job involves a deep understanding of the technology used and the threats the organization will likely face.

They work closely with development teams, network engineers, and management to ensure security is built into every system, application, and network. Their job is to predict potential threats and design defenses that can withstand them. Security architects play a vital role in an organization’s long-term security, from creating firewall rules to implementing encryption methods.

Software developers, systems developers, and systems testing and evaluation engineers: Integrating security into software

Software developers, systems developers, and systems testing and evaluation engineers are the ones who write the code, build the systems, and test the final products that become the solutions we rely on every day. In today’s world, creating a system is not just about functionality but also about ensuring that the process remains secure. Systems developers ensure that security features are integrated into the developed software. These roles function together by threat modeling before any code is written, ensuring that the process of writing and deploying code is secure and that the final result doesn’t just work but works securely. These professionals are the modern-day scribes, ensuring that every piece of code they write is as secure as the ancient texts once locked away in guarded libraries. They ensure that no extraneous information is collected. This may lead to privacy dissemination, input validation, and sterilization to prevent malicious code injection and ensure that all data is encrypted during transmission and storage.

Software plays a monumental role in our lives today. Much like how civil engineers and architects work to create safe and secure buildings, security personnel are responsible for ensuring that software is safe and secure.

Implementation and Operation: Keeping systems running securely

After systems are built, they need to be maintained and monitored. The Implentation and Operation category includes the professionals responsible for ensuring systems run securely over time. They keep everything up to date, apply security patches, and monitor systems for any signs of trouble. Work roles in this category include Data Analysis, Database Administration, Knowledge Management, Network Operations, Systems Administration, Systems Security Analysis, and Technical Support. Let us look deeper into three of the more ubiquitous roles.

Systems administrators: The keepers of the infrastructure

Systems administrators are the unsung heroes who ensure that computer systems, networks, and servers run smoothly. Their job includes installing updates, configuring security settings, and troubleshooting issues as they arise. While their primary focus is on keeping things working, security is always a concern. Ensuring systems are patched, unnecessary services are disabled, and only authorized users have access is also part of their job.

Network engineers: Protecting the highways of the internet

Networks are the backbone of any organization’s IT infrastructure, and network engineers are responsible for keeping networks running securely. They monitor network traffic, configure firewalls, and ensure data flows securely between users and applications. Any disruption in the network can cause significant problems for an organization, so these specialists work to ensure that networks are not only fast and reliable but also secure.

Technical support: The face of cybersecurity

These individuals are often overlooked for their important role in protecting an organization’s information and assets. Still, they are usually the first people on the scene and get the most interaction with non-IT personnel in the company. Support technicians reset your passwords, install the software you need, and replace malfunctioning equipment, among a whole host of duties that keep the business running. If a user notices strange activity on their computer or suspects something malicious is occurring, they will likely inform the support help desk before anyone else. These individuals, often in their first role in IT/cybersecurity, answer the call whenever someone in the company needs help with a piece of technology. Without them, our organizations would grind to a halt, and attackers would run all over our networks.

Protection and Defense: Behind the scenes but in the fight

These are the many roles people traditionally think of when they think about cybersecurity. Roles in this category include Defensive Cybersecurity, Digital Forensics, Incident Response, Infrastructure Support, Insider Threat Analysis, Threat Analysis, and Vulnerability Analysis. These roles protect against, identify, and analyze technology systems or network risks. They may investigate events or crimes related to technology systems and networks. We have previously discussed incident response. Let us now dive into digital forensics and the analysis roles collectively to better understand what jobs in these responsibilities look like.

Digital forensics: Cybersecurity’s crime scene investigators

In the aftermath of a cyberattack, the scene can resemble a chaotic crime scene. Crucial evidence is scattered across digital landscapes—hard drives, network logs, and even the ephemeral traces left in a computer’s memory. Digital forensics experts’ job is to meticulously sift through the digital debris, piecing together the puzzle of what happened, how it happened, and who was responsible. Jobs that fulfill this role often exist as part of an incident response team or within the military or criminal justice community. In the military and criminal justice positions, the goal is frequently about identifying and prosecuting attackers. For incident response teams, the focus is more on learning how the attack occurred to determine whether other systems have been affected but have gone undetected.

The analysts: Unveiling hidden threats

IT is tied to every part of our modern businesses. In 2019, Satya Nadella, CEO of Microsoft, famously said that in today’s environment, every company is a software company. There is so much data created every second of the day. Analysts are the people whose job day in and day out is to sift through that data and pull out gems that enable others to make strategic decisions to improve the organization and increase security. Vulnerability analysts spend their days analyzing the software utilized by the company and what known vulnerabilities exist in that software to recommend mitigation and remediation actions to prevent attackers from using those vulnerabilities to hurt the company. Threat analysts are responsible for collecting, processing, analyzing, and disseminating cybersecurity threat intelligence and developing indicators to create new rules to identify attackers.

Investigation: Unraveling the digital mysteries

This category represents roles most often connected to jobs in the criminal justice realm. Cybercrime investigators collect, manage, and analyze digital evidence in pursuit of prosecuting criminals. Because of the nature of cybercrime, the complexity and evolving nature of cyber laws and regulations, and the difficulty in identifying and attributing malicious actions to actors, professionals in these roles face unique challenges from what their non-cyber colleagues face. Cybercrime investigators need to understand both the traditional criminal investigation methodology and the technical aspects of cybersecurity.

Summary

Historically, many roles that make up the cybersecurity workforce are just cyber representations of roles that have existed in other ways throughout history. This understanding is vital because while technology may change, the skills that make workers in the more traditional roles effective in their daily work are the same skills that make their digital counterparts effective. Too often, people think of cybersecurity as a mysterious world that is difficult to understand. Hopefully, this stroll through the introductory concepts of cybersecurity, common vulnerabilities, and workforce roles has started to remove some of the fog and mystery surrounding this concept of cybersecurity.

From the security analysts monitoring your network to the incident responders saving the day after a breach, every role in cybersecurity is essential to keeping our digital world secure. In the next chapters, we’ll dive deeper into these roles and what you can do to protect yourself and your organization from the ever-evolving cyber threats.

In Chapter 2, Decoding the Cyber Lexicon: A Beginner’s Guide to Essential Terminology, we will begin to decipher some of the language used in the cybersecurity community. If there were terms and concepts covered in this chapter that you wanted to understand better, then you will enjoy what is coming up.

2

Decoding the Cyber Lexicon: A Beginner’s Guide to Essential Terminology

Welcome to the world of cybersecurity! If you’ve ever tried to read an article about a cyberattack or talked to techies, you must have heard words such as phishing and ransomware thrown around as if they were parts of a coffee order. In such cases, it can feel like deciphering an alien language. It’s like you’re stepping into a fantasy world—one filled with its own strange creatures, magical tools, and mysterious villains. But don’t worry—you’re not alone!

One of the most challenging parts of cybersecurity is understanding the terminology. The ability to talk about cybersecurity comes down to knowing what all the words and phrases mean.

In this chapter, we will unravel the mysteries of cyber jargon with fun stories, crazy analogies, and a bit of history to give you the context you need. By the end, you’ll understand the terminology and be able to explain it to your friends (and even sound like a tech wizard at parties).

In this chapter, we’re going to cover the following main topics:

Hackers, crackers, and phreaks: Who’s who in cybersecurity?

When you hear the word hacker, what comes to mind? Is it a hooded figure sitting in a dark room with a computer, in a basement, or an evil mastermind’s lair? Popular culture has always enjoyed playing with the concept of a hacker. While the media loves the stereotypical trope of the lone cyber-genius, the hacker community is a vibrant global network of enthusiasts, professionals, and ethical tinkerers. However, you may be surprised to find out that modern-day usage of the term began with college students playing with model trains. Let’s dive into the history behind modern-day computing and the origins of all we know as cybersecurity.

Tech Model Railroad Club

In the dank, dimly lit club room of the Massachusetts Institute of Technology (MIT) Tech Model Railroad Club, housed in Building 20, a temporary structure that had outlived its purpose during World War II, the first hackers were the ones who experimented with the electrical system running the sprawling model railroads. At the time, computers were humongous machines that required punch cards for input, and another colossal machine punched the cards. Further, computers were not for storing documents but for mathematical calculations.

The group responsible for controlling trains on the railroad, using complicated switching provided by the phone company, was the Signals and Power Subcommittee of the club. In this committee, whoever accomplished a prodigious breakthrough improvement to the system, that is, a hack, was considered a hacker.