Course Summary

​

We live in a highly connected world, and it is impossible to think about the world that we live in without the online services and the risks associated with these services with more than 30 billion devices connected to the internet. 

The Cyber Security fundamentals is a comprehensive course the main topics related to Cybersecurity covering the following sections:

• Introduction to Cyber Security

• ​Threats to Information: Attacks, Adversaries, and Risk

  • Comprehensive threats to information and covering Cloud Security and IoT Risks

• Understanding Security Policy

• Information Systems Protection Mechanisms Part I and II

• Detection of Information Security Incidents, Response, and Remediation

• Privacy, Leadership, and the Future of Cyber Security 

That is a high-quality course and with exceptional content that has provided tremendous value to attendees and can entertain any level of decision-makers or security enthusiasts.

​

Course Artifacts 

​

The Cyber Security Fundamentals capstone projects focusing on threat risks and cloud vulnerabilities, and there is a highlight of security reference monitors and an overview of the Windows internals.  

The reflections section is an excellent piece of looking back, and forward scenario focused on all topics of cybersecurity fundamentals course.

The Artificial Intelligence is another great highlight of this document, this is a topic that I am passionate about it and looking forward applying it in medium-term in the market and driving benefits to hundreds of millions of users of Windows, and the people across the globe.

​

CSOL 500 - Cloud Vulnerability - is a rework of module 2 of the Cybersecurity Fundamentals course. The paper highlights the most recent top 10 cybersecurity risks to the Cloud and IoT. 

​

​

​

​

CSOL 500 - Reference Monitor - The paper talks about Windows internals and security reference monitor. 

​

 

 

 

Reflections 

​

Overall, the foundation of Cyber Security was a great experience and made me reflect that attending the University of San Diego is the right choice.

The Foundation of Cyber Security course features a comprehensive overview of concepts essential to the Cybersecurity and privacy professional and provides a review of fundamental digital technologies, including computer networks and protocols. A unique learning opportunity to view information as an asset to the organization, categorizing information, and how technological security controls can be used in concert with physical and administrative controls to protect information.

The Foundation of Cyber Security course explores concepts of policy, mechanism, and assurance, and differentiate between vulnerabilities and threats.

There are many highlights to this course; the threats to information in the Cloud was the artifact chosen to be part of this capstone.

The course outlined a taxonomy of modern cyber and software engineering terms. During this foundational course explored the history and evolution of cybersecurity engineering, and explored future trends while establishing a foundational understanding of incident management and remediation planning and identifying the roles leaders can play in enhancing, supporting, and promoting Cybersecurity in organizations.

It is essential to highlight the content delivered throughout this course:

• Introduction to Cyber Security

• Threats to Information: Attacks, Adversaries, and Risk

• Understanding Security Policy

• Information Systems Protection Mechanisms, Part One: Operating Systems, Software, and Cryptography

• Information Systems Protection Mechanism, Part Two: Network Security, and Introduction to Assurance

• Detection of Information Security Incidents, Response, and Remediation

• Privacy, Leadership, and the future of Cyber Security

 

​

In my current role, I am responsible and accountable for a world-class Red Team (Offensive Security Practice) within CDG (Cosine, Devices, and Gaming) Security that helps ensure a secure experience for hundreds of millions of users all over the world. 
Red Team is responsible for delivering unbiased assessments (Red and Purple Team Operations) and being accountable for driving remediation and security architecture discussions with stakeholders and senior-level executives.

Offensive security teams operate under tight rules of engagement and ethics is a major part of the rules of engagement. The content of this course helped to continually improve my team practices, customer experience, and visualize a better future for offensive security practice. 

There is a crucial aspect that was not covered during this course and is part of my reflection is Artificial Intelligence and how AI will affect all aspects of all security domains and this is an area that I currently investing in in my current job. 

Artificial intelligence presents both opportunities and challenges for Cybersecurity.

The opportunity is to use Artificial Intelligence to better defend against security threats; the challenge is that Artificial Intelligence can also be used as weapons. In this context, policymakers are sometimes conflicted about whether to promote or inhibit the use of AI technologies, although it is inevitable the broad adoption of the Artificial Intelligence as a partial part of any business process.

Cybersecurity policies for Artificial Intelligence should help to advance security benefits and discourage bad actors from misusing it. A deeper understanding of Artificial Intelligence is necessary to benefit from it. The usage of Artificial Intelligence, which is teaching us the range of ways that Artificial Intelligence can improve security overall.

Organizations should approach securing Artificial Intelligence that is rooted in their Security Development Lifecycle (SDL), used by developers to integrate security considerations into the overall software development process. It is composed of proven security practices and consists of multiple phases in which core software assurance activities are addressed.

Organizations' efforts to secure Artificial Intelligence extend into the Cloud through the process for the secure operation of online services, the Operational Security Assurance (OSA).

All in all, Cybersecurity is a fantastic being of knowledge for those looking always to learn something new to massage their intellect. Combining the aspects of Artificial Intelligence into defensive and offensive operations is a crucial enabler for the success of all cybersecurity teams.

​

Resources

​

Book References  

​

Azure IoT. (n.d.). Retrieved from https://azure.microsoft.com/en-us/overview/iot/?site=mscom_iot

Markruss. (n.d.). Windows Internals Book - Windows Sysinternals. Retrieved from https://docs.microsoft.com/en-us/sysinternals/learn/windows-internals

OWASP Internet of Things Project. (n.d.). Retrieved from https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Top_10

​

Related Links 

​

• Cloud Computing: Benefits, risks, and recommendations for information security

• DDoS Quick Guide

• Microsoft Cloud - Penetration Testing Rules of Engagement

• Microsoft Cybersecurity Reference Architecture

• Reference Model Design: An Approach and its Application

• Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

• Shared Responsibilities for Cloud Computing

• Top Threats to Cloud Computing: Deep Dive

​