Given the constant barrage of malware, scams, cyber attacks, and the like, having a firm understanding of how and why cyber security helps to protect users and companies is critical. This course, Building Your Cyber Security Vocabulary, will help get you to that understanding. You'll start with an overview of cyber security and why it matters. Next, you'll learn about the most commonly used vocabulary in the industry, how to use it, and the distinct meaning of some of the words that often get used interchangeably and incorrectly. Last, you'll focus in on using the new vocabulary in a meaningful way, getting your point across in a given situation, and how to tailor your message to a specific audience. When you're finished with this course, you should be ready to understand and use the common language surrounding cyber security risks, threats, attacks, and solutions.
Serge Borso is the owner and principal consultant of SpyderSec and a SANS Community Instructor. He is an active member in the information security community and has consulted with dozens of organizations to improve their security posture. He has previously developed enterprise vulnerability management programs, created security awareness training solutions and worked to implement a transparent biometric security system for over one million unique online banking users to help combat fraudulent transactions. Currently Serge leads penetration testing engagements and is responsible for the vision, strategy, and product/service offerings of SpyderSec.
Putting It All Together Think about the audience in the room when you deliver a message, lead the meeting, or contribute to a conversation. This lesson focuses on utilizing your new vocabulary in an effective manner so that accurate information can be conveyed regardless of the form or the audience's level of comprehension. Your audience will dictate the way you communicate your message. You may be speaking with peers where acronyms and jargon is common, but when speaking with people not familiar with this vocabulary, it's important to tailor your message so that it makes sense. Culture is key as every organization has their own way of solving problems, creating value, and dealing with clients. When an acronym is not needed, there may be a different way to communicate exactly what a problem is. For example, if the TLS connection to the IPS is down, one could state that the connection to the Intrusion Prevention System is not working. Think about the message and the medium that the message is being communicated over. It's hard to judge tone in an email, and oftentimes a face to face meeting or phone call can be more effective than a long technical email. Focus on what information needs to be communicated and how that information pertains to risk and required action. Oftentimes, it is the role of security professionals to provide guidance and recommendations. Being clear about the risk versus rewards also needs to be taken into account in order to provide good guidance on a possible change to the environment, expenditure, training tool, or whatever the case may be. How important is it to use jargon? Challenge yourself to communicate the same information in a meeting or an email both with and without jargon, and see which message is more meaningful to your intended audience. Commit to the message, and find out if it had the expected outcome.
Conclusion Cyber security is evolving. Terminology gets added from time to time as new companies and technologies emerge in the marketplace with a new solution to a common problem. There are cornerstones of cyber security that have not changed since day one, and there are components that change on a regular basis. One of the best ways to stay up to date with technology, gain confidence, and increase your skillset is to put in the time behind the keyboard. Actively participate in cyber security programs, and become a constant learner. Challenge yourself to deepen your understanding of the vocabulary and concepts discussed throughout this course. If cyber security is something that you are interested in and want to learn more about, there are many options to increase your educational endeavors. People often ask me how I got into cyber security and what it takes to be a security professional. In my opinion, a security is imperative, as is the desire to constantly learn new information. And at the end of the day, enjoy what you do. Most of us have had jobs that we don't care for, but we do anyway. I can't imagine cyber security in that capacity. I firmly believe that you have to have an interest in technology, a passion for security, and a high level of integrity to excel in this field. I hope you enjoyed this course, and remember, like anything in life, you get out what you put in. Good luck on your journey.