Use tools to protect business operations

Previously, you were introduced to programming, operating systems, and tools commonly used by cybersecurity professionals. In this reading, you’ll learn more about programming and operating systems, as well as other tools that entry-level analysts use to help protect organizations and the people they serve. 

Tools and their purposes

Programming 

Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks. Security analysts use programming languages, such as Python, to execute automation. Automation is the use of technology to reduce human and manual effort in performing common and repetitive tasks. Automation also helps reduce the risk of human error.

Another programming language used by analysts is called Structured Query Language (SQL). SQL is used to create, interact with, and request information from a database. A database is an organized collection of information or data. There can be millions of data points in a database. A data point is a specific piece of information. 

Operating systems

An operating system is the interface between computer hardware and the user. Linux®, macOS®, and Windows are operating systems. They each offer different functionality and user experiences. 

Previously, you were introduced to Linux as an open-source operating system. Open source means that the code is available to the public and allows people to make contributions to improve the software. Linux is not a programming language; however, it does involve the use of a command line within the operating system. A command is an instruction telling the computer to do something. A command-line interface is a text-based user interface that uses commands to interact with the computer. You will learn more about Linux, including the Linux kernel and GNU, in a later course.

Web vulnerability

A web vulnerability is a unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.

To stay up-to-date on the most critical risks to web applications, review the Open Web Application Security Project (OWASP) Top 10.

Antivirus software

Antivirus software is a software program used to prevent, detect, and eliminate malware and viruses. It is also called anti-malware. Depending on the type of antivirus software, it can scan the memory of a device to find patterns that indicate the presence of malware. 

Intrusion detection system 

An intrusion detection system (IDS) is an application that monitors system activity and alerts on possible intrusions. The system scans and analyzes network packets, which carry small amounts of data through a network. The small amount of data makes the detection process easier for an IDS to identify potential threats to sensitive data. Other occurrences an IDS might detect can include theft and unauthorized access.

Encryption

Encryption makes data unreadable and difficult to decode for an unauthorized user; its main goal is to ensure confidentiality of private data. Encryption is the process of converting data from a readable format to a cryptographically encoded format. Cryptographic encoding means converting plaintext into secure ciphertext. Plaintext is unencrypted information and secure ciphertext is the result of encryption.  

Note: Encoding and encryption serve different purposes. Encoding uses a public conversion algorithm to enable systems that use different data representations to share information.    

Penetration testing 

Penetration testing, also called pen testing, is the act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses.

Key takeaways

In this reading, you learned more about programming and operating systems. You were also introduced to several new tools and processes. Every organization selects their own set of tools. Therefore, the more tools you know, the more valuable you are to an organization. Tools help security analysts complete their tasks more efficiently and effectively.

Tools and Their Purposes for Cybersecurity Professionals:

1. Programming:

   • Programming Languages: Used to create instructions for computers to perform tasks.

   • Python: Commonly used for automation, which helps reduce manual work and human error.

   • SQL: Used to interact with and retrieve data from databases, which are organized collections of information.

2. Operating Systems:

   • Types: Linux, macOS, and Windows are common operating systems, each offering different functionalities.

   • Linux: An open-source operating system that allows users to modify and improve the software. It uses a command-line interface (CLI) to execute instructions.

3. Web Vulnerability:

   • A flaw in a web application that can be exploited by attackers to gain unauthorized access, steal data, or deploy malware.

   • Staying up-to-date with the OWASP Top 10 helps identify critical risks to web applications.

4. Antivirus Software:

   • Software designed to detect, prevent, and remove malware and viruses. It scans devices for patterns that indicate malware presence.

5. Intrusion Detection System (IDS):

   • A system that monitors network activity and alerts users of potential threats or intrusions. It scans network packets to detect theft and unauthorized access.

6. Encryption:

   • A method of securing data by converting it into an unreadable format (ciphertext). It ensures confidentiality by making data inaccessible to unauthorized users.

7. Penetration Testing (Pen Testing):

   • A simulated attack on systems or networks to identify vulnerabilities and assess risk. It helps identify both external and internal threats.

Key Takeaways:

• Cybersecurity professionals use various tools and programming languages to protect organizations.

• Automation and databases play a crucial role in managing repetitive tasks and large sets of data.

• Operating systems, such as Linux, are essential for interacting with computer hardware.

• Tools like antivirus software, IDS, encryption, and penetration testing help in detecting, preventing, and managing cyber threats.

• Being familiar with different tools makes security analysts more valuable to organizations.

Create a cybersecurity portfolio

Throughout this certificate program, you will have multiple opportunities to develop a professional cybersecurity portfolio to showcase your security skills and knowledge.

In this reading, you’ll learn what a portfolio is and why it’s important to develop a professional cybersecurity portfolio. You’ll also learn about options for creating an online or self-hosted portfolio that you can share with potential employers when you begin to look for cybersecurity jobs.

What is a portfolio, and why is it necessary?

Cybersecurity professionals use portfolios to demonstrate their security education, skills, and knowledge. Professionals typically use portfolios when they apply for jobs to show potential employers that they are passionate about their work and can do the job they are applying for. Portfolios are more in depth than a resume, which is typically a one-to-two page summary of relevant education, work experience, and accomplishments. You will have the opportunity to develop a resume, and finalize your portfolio, in the last course of this program. 

Options for creating your portfolio 

There are many ways to present a portfolio, including self-hosted and online options such as:

• Documents folder

• Google Drive or Dropbox™

• Google Sites

• Git repository

Option 1: Documents folder

Description: A documents folder is a folder created and saved to your computer’s hard drive. You manage the folder, subfolders, documents, and images within it. 

Document folders allow you to have direct access to your documentation. Ensuring that your professional documents, images, and other information are well organized can save you a lot of time when you’re ready to apply for jobs. For example, you may want to create a main folder titled something like “Professional documents.” Then, within your main folder, you could create subfolders with titles such as:

• Resume

• Education

• Portfolio documents

• Cybersecurity tools

• Programming 

Setup: Document folders can be created in multiple ways, depending on the type of computer you are using. If you’re unsure about how to create a folder on your device, you can search the internet for instructional videos or documents related to the type of computer you use.

Option 2: Google Drive or Dropbox

Description: Google Drive and Dropbox offer similar features that allow you to store your professional documentation on a cloud platform. Both options also have file-sharing features, so you can easily share your portfolio documents with potential employers. Any additions or changes you make to a document within that folder will be updated automatically for anyone with access to your portfolio.

Similar to a documents folder, keeping your Google Drive or Dropbox-based portfolio well organized will be helpful as you begin or progress through your career.

Setup: To learn how to upload and share files on these applications, visit the Google Drive and Dropbox websites for more information.  

Option 3: Google Sites

Description: Google Sites and similar website hosting options have a variety of easy-to-use features to help you present your portfolio items, including customizable layouts, responsive webpages, embedded content capabilities, and web publishing.

Responsive webpages automatically adjust their content to fit a variety of devices and screen sizes. This is helpful because potential employers can review your content using any device and your media will display just as you intend. When you’re ready, you can publish your website and receive a unique URL. You can add this link to your resume so hiring managers can easily access your work.

Setup: To learn how to create a website in Google Sites, visit the Google Sites website.  

Option 4: Git repository

Description: A Git repository is a folder within a project. In this instance, the project is your portfolio, and you can use your repository to store the documents, labs, and screenshots you complete during each course of the certificate program. There are several Git repository sites you can use, including:

• GitLab

• Bitbucket™

• GitHub

Each Git repository allows you to showcase your skills and knowledge in a customizable space. To create an online project portfolio on any of the repositories listed, you need to use a version of Markdown.  

Setup: To learn about how to create a GitHub account and use Markdown, follow the steps outlined in the document Get started with GitHub.

Portfolio projects

As previously mentioned, you will have multiple opportunities throughout the certificate program to develop items to include in your portfolio. These opportunities include:

• Drafting a professional statement

• Conducting a security audit

• Analyzing network structure and security

• Using Linux commands to manage file permissions

• Applying filters to SQL queries

• Identifying vulnerabilities for a small business

• Documenting incidents with an incident handler’s journal 

• Importing and parsing a text file in a security-related scenario

• Creating or revising a resume

Note: Do not include any private, copyrighted, or proprietary documents in your portfolio. Also, if you use one of the sites described in this reading, keep your site set to “private” until it is finalized.

Key takeaways

Now that you’re aware of some options for creating and hosting a professional portfolio, you can consider these as you develop items for your portfolio throughout the certificate program. The more proactive you are about creating a polished portfolio, the higher your chances of impressing a potential employer and obtaining a new job opportunity in the cybersecurity profession. 

Summary of "Creating a Cybersecurity Portfolio"

What is a Portfolio and Its Importance?

• A portfolio demonstrates cybersecurity professionals' skills, education, and knowledge to potential employers.

• It provides more in-depth information than a resume, showcasing practical work and expertise.

• Portfolios highlight a candidate’s passion and capability to handle job responsibilities.

Options for Creating a Portfolio:

1. Documents Folder:

   • A locally saved folder on your computer containing organized subfolders (e.g., resume, education, cybersecurity tools).

   • Allows direct access to personal documentation.

2. Google Drive or Dropbox:

   • Cloud-based platforms for storing and sharing portfolio documents.

   • Easy to update, and changes are synced automatically for anyone with access.

3. Google Sites:

   • An easy-to-use website builder that allows customization, embedded content, and responsive design.

   • Suitable for creating a public-facing portfolio with a unique URL that can be shared with employers.

4. Git Repository:

   • GitHub, GitLab, or Bitbucket can be used to create a repository to store portfolio projects (e.g., code, labs, screenshots).

   • Requires knowledge of Markdown for creating and showcasing projects.

Portfolio Projects: Throughout the certificate program, participants will work on various projects to include in their portfolios, such as:

• Drafting professional statements

• Conducting security audits

• Applying Linux commands and SQL queries

• Identifying vulnerabilities

• Documenting security incidents

Key Takeaways:

• Building a portfolio is essential for standing out to potential employers.

• Multiple options for hosting portfolios exist, each suited to different needs (local, cloud-based, or online).

• Be proactive in polishing and organizing your portfolio for better job prospects in the cybersecurity field.

To pass this course item, you must complete the activity and receive at least 80%, or 4 out of 5 points, on the questions that follow. Once you have completed the activity and questions, review the feedback provided. You can learn more about graded and practice items in the program and course overview.

Activity Overview   

In this activity, you will review the professional statement outline to create a professional statement that you can include as part of your cybersecurity portfolio documentation. Previously, you learned about options for creating and hosting a cybersecurity portfolio. 

A professional statement is an introduction to employers that briefly describes who you are and what you care about. It allows you to showcase your interest in cybersecurity, work experience, knowledge, skills, and achievements. As you continue to learn more and refine your understanding of key cybersecurity concepts, you can return to this professional statement and revise it as needed.

To review the importance of building a professional portfolio and options for creating your portfolio, read Create a cybersecurity portfolio. 

Be sure to complete this activity and answer the questions that follow before moving on. The next course item will provide you with a completed exemplar to compare to your own work.

Scenario

You are excited to enter the field of cybersecurity. As you begin to consider the types of jobs you could apply for, you decide to create a draft professional statement that you can continue to refine, as your knowledge and skills evolve throughout the certificate program. Your goal is to have a professional statement that can be shared with potential employers, when you're ready to begin your job search.

Note: Creating a unique and authentic professional statement helps establish people’s perception of who you are and what you care about. 

Step-By-Step Instructions

Follow the instructions to complete each step of the activity. Then, answer the five questions at the end of the activity before going to the next course item to compare your work to a completed exemplar.

Step 1: Access supporting materials

The following supporting materials will help you complete this activity. Keep it open as you proceed to the next steps. 

To use the supporting materials for this course item, click the link. 

Link to supporting materials: Professional statement outline

OR

If you don’t have a Google account, you can download the supporting materials directly from the following attachment.

Professional statement outline

DOCX File

Step 2: Draft your professional statement

Your professional statement is your opportunity to show prospective employers who you are as a person and potential employee, and it allows them to understand the value you can bring to the organization.

Note: You will not submit/upload your professional statement directly into this activity; you will need to download/save it to your own device. Then, upload it to the portfolio platform/site of your choice when it’s ready to share with potential employers. 

Use these guidelines to develop your draft professional statement:

1. Use your own device to open a word processing document or application (or use a blank piece of paper).

2. Refer to your professional statement outline notes from step one and consider:

   1. What are your strengths (ones you currently have or plan to develop)?

   2. What are your values?

   3. What interests you most about a career in cybersecurity?

   4. How can your strengths, values, and interest in cybersecurity support the security goals of various organizations?

3. Draft a two- to three-sentence professional statement that includes details about your strengths, values, and interest in cybersecurity, as well as how they can support the security goals of various organizations.

Refer to the following professional statement examples for ideas: 

Example A: I am a highly motivated and detail-oriented cybersecurity analyst. I actively work to identify and analyze potential risks, threats, and vulnerabilities to security and ensure the confidentiality, integrity, and availability of assets, to help safeguard organizations and people alike. 

Example B: I am enthusiastic about information security and enjoy finding solutions that can positively impact an organization and the people it serves. I place a high value on maintaining a strong security posture to help protect sensitive information and mitigate risk.

Step 3: Refine your professional statement

Open the document Refine your professional statement for additional guidance about strengthening your professional statement.

OR

If you don’t have a Google account, you can download the supporting materials directly from the following attachment.

Refine your professional statement

DOCX File

Pro Tip: Save a copy of your work

Finally, be sure to save a copy of your completed activity. You can use it for your professional portfolio to demonstrate your knowledge and/or experience to potential employers.

What to Include in Your Response

Be sure to address the following elements in your completed activity:

• Be intentional about how you want to be perceived by potential employers. 

• Include your strengths and values, and be genuine about why you want to enter the cybersecurity profession.

• Regularly update your statement to reflect your growing professional skills and knowledge.

Step 4: Assess your activity

Following is the self-assessment for your professional statement. You will use these statements to review your own work. The self-assessment process is an important part of the learning experience because it allows you to objectively assess your professional statement.

There are a total of 5 points possible for this activity and each statement is worth 1 point. The items correspond to each step you completed for the activity. 

To complete the self-assessment, first open your professional statement. Then respond yes or no to each statement. 

When you complete and submit your responses, you will receive a percentage score. This score will help you confirm whether you completed the required steps of the activity. The recommended passing grade for this project is at least 80% (or 4/5 points). If you want to increase your score, you can revise your project and then resubmit your responses to reflect any changes you made. Try to achieve at least 4 points before continuing on to the next course item.

1.

Question 1

Your professional statement includes strengths. 

1 point

Yes

No

2.

Question 2

Your professional statement includes values.

1 point

Yes

No

3.

Question 3

Your professional statement explains your interest in the cybersecurity profession.

1 point

Yes

No

4.

Question 4

Your professional statement explains how your strengths, values, and interest in the field of cybersecurity can meet the security goals of an organization.

Yes

No

5.

Question 5

Your professional statement is free from grammar, spelling, and punctuation errors.

1 point

Yes

No

https://docs.google.com/document/d/1OTd-dLWjZKK2DttlyaM2k1YMpg9y-NvR1jIcws5gJ30/edit?usp=sharing 

Glossary terms from module 4

Terms and definitions from Course 1, Module 4

Antivirus software: A software program used to prevent, detect, and eliminate malware and viruses

Database: An organized collection of information or data

Data point: A specific piece of information

Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions

Linux: An open-source operating system

Log: A record of events that occur within an organization’s systems 

Network protocol analyzer (packet sniffer): A tool designed to capture and analyze data traffic within a network

Order of volatility: A sequence outlining the order of data that must be preserved from first to last

Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks

Protecting and preserving evidence: The process of properly working with fragile and volatile digital evidence

Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization

SQL (Structured Query Language): A query language used to create, interact with, and request information from a database