Skip to main content
Search by keyword

Cybersecurity Advanced Learning Path - "Know yourself, know your enemy, and you will win the battle"

Cybersecurity Advanced Learning Path - "Know yourself, know your enemy, and you will win the battle"

An information system is made of a wide variety of constituents: hardware, software, network, data, people… All these have to be properly protected, since a chain is only as strong as its weakest link. In his famous ‘Art of War’, Sun Tzu wrote “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Thus protecting yourself means not only understanding where your values and vulnerabilities are, but also how an attacker could be able to reach and exploit them. It is thus critical to have a good grasp of what can constitute a target as well as the attack vectors that would lead to it. In this learning path, we will go deeper into some methodological aspects of cybersecurity. First of all, we will get into standards and approaches to manage risk, the basis for securing an information system. We will also cover more technical aspects, like software security, attack mechanisms, penetration tools and platforms.  

Introductory learning materials

Introduction to Computer Security

Let’s start this learning journey with a video that will give you a 360 degrees look at the field of cybersecurity: from the objectives and why it’s more important than ever to multi-layer security and methods of defence, it covers  also covers security criteria (CIA Triad), vulnerabilities, security controls.. It is a the same time a good wrap up and reminder of what you might already know, or just introduce you to the core concepts that will allow you to follow this learning path successfully.

ISO/IEC 27001 - The international standard for information security

As we have just heard in the previous video, cybersecurity is critical for companies, organizations and even individuals. It comes with no surprise that to raise awareness and maturity and to industrialize the approaches and methods in the field, standards and norms have been progressively developed. On the European side of the world, ISO 27001 is definitely the reference standard in terms of information security. Actually, ISO 27001 is only one of the standards of the ISO 27xxx family, that contains tens of other documents, the most prominent being ISO 27001, ISO 27002 and ISO 27005. But it also contains many others, further detailing the core ones, addressing particular economic sectors or covering the deployment of particular kinds of security controls.  

This article is a primer on the ISO 27001 and related standards and tools, an important reference in the domain of information security. Many other resources are available around the topic, in particular this one

EBIOS Risk Manager – The Method

Managing information system security requires a risk-based approach, i.e. a structured methodology to identify, analyse, evaluate and treat cybersecurity risks. There exists a variety of methods, targeting specific contexts or not, some heavier, others lighter, more or less verbose and time consuming. The EBIOS Risk Manager method is a risk management approach developed by the French National Agency for the Security of Information Systems (ANSSI) that in our eyes makes a good compromise between the level of complexity and the usefulness of the results. It comes with a good documentation, a set of methodological sheets, and it is supported by different software tools. It is definitely a good approach to try, since it is very flexible and versatile and can be tailored to a large variety of cases.

Advanced learning materials

Kali Linux – The most advanced Penetration Testing Distribution

Whether you’re a cybersecurity expert or you just want to experiment with some cybersecurity exercises, you will need to learn and use a wide variety of tools, depending of your goal and the target environment. It is often not easy to find those tools, that is where Kali Linux comes in. It is a Linux distribution that contains all the major tools for performing reconnaissance, target identification or perform attacks. It can be installed on a standalone computer or in a virtual machine alongside your existing operating system. Once installed, you will be ready to kick off your first pentest! 

Cryptography

This online course is definitely not for the faint-hearted ones as it focuses on theoretical and mathematical foundations of cryptography. But if you want to understand better how the protection mechanisms we all use every day work, and what guarantees their security level, and if you are not afraid of some mathematical notation, then this course is for you, as it covers the major cryptography primitives (symmetric, asymmetric, message authentication and digital signatures). Not easy, but definitely worth it! 

Root Me – Challenge your hacking skills

Continuing on the idea of the OWASP Juice Shop, you can turn to the Root Me platform to further develop your hacking skills. This platform offers a very wide catalogue of cybersecurity challenges in a lot of different domains: cryptography, steganography, network, forensics, software… The challenges are sorted by difficulty level, and there is a community behind that can help you find solutions (but that will never tell you the solution!) Take your cyberdetective skills to the next level! 

Learning path Details

Digital skill level
Digital technology / specialisation