
Introduction to the course goals, SME and key topics.
Introduction to the module, key topics to be covered, and call to action.
In this video we will introduce the fundamental concept of cybersecurity, explaining its importance in protecting networks, devices, software, and data from attacks, damage, or unauthorized access. It will highlight the urgent need for intelligent systems to combat the growing volume and sophistication of cyber threats.
In this video we will delve into the core principles of the CIA Triad, explaining how confidentiality ensures authorized access, integrity maintains data accuracy, and availability guarantees timely access to resources. It serves as a foundational checklist for designing secure systems.
In this video we will cover essential security principles, such as defense in depth (using multiple layers of security), least privilege (granting minimal necessary access), and security by design (integrating security from the outset). It will also touch on the importance of simplicity in security to avoid complexity, which undermines security.
In this video we will explore the main cybersecurity domains, including asset security, communication and network security, operations, and many more. Together, all these domains cover everything from strategy to real-time actions.
In this video we will understand what an attack surface is, how it expands with interconnected devices, and how to identify critical assets that need protection. This includes recognizing potential entry points for attackers.
In this video we will introduce key cybersecurity frameworks like NIST and MITRE ATT&CK, explaining how they provide a structured approach to managing cybersecurity risks and developing programs.
In this video we will define various roles within cybersecurity operations, such as SOC managers, engineers, analysts, and threat hunters. It will explain how different teams, including Incident Response and Penetration Testing, contribute to an organization's overall security posture.
In this video we will emphasize that human awareness and training are crucial defenses against cyberattacks, especially social engineering. It will discuss how ongoing education can significantly improve an organization's readiness and resilience.
In this video we will address the global cybersecurity skills shortage and explore how AI can act as a force multiplier, automating mundane tasks, improving analysis, and augmenting human capabilities to manage escalating threats.
Introduction to the module, key topics to be covered, and call to action.
In this video we will cover the core components of Identity and Access Management (IAM): Administration (provisioning/deprovisioning accounts), Authentication (verifying identity), Authorization (determining permissions), and Audit (reviewing compliance).
In this video we will explain different access control models and highlight the principle of least privilege, which dictates granting only the necessary access for a specific task and role. It will illustrate how this reduces the attack surface and potential for abuse.
This video will delve into Role-Based Access Control (RBAC), demonstrating how grouping users into business roles and assigning application roles simplifies identity management, reduces complexity, and enhances security compared to individual permission assignments.
In this video we will compare single-factor authentication with Multi-Factor Authentication (MFA), explaining how MFA combines "something you know," "something you have," and "something you are" to significantly strengthen identity verification against credential theft.
In this video we will introduce the concept of passwordless authentication, focusing on FIDO (Fast IDentity Online) passkeys as a more secure and user-friendly alternative to traditional passwords. It will explain how passkeys leverage cryptography to eliminate phishing risks.
In this video we will provide a comprehensive overview of Zero Trust, emphasizing its core principle of "never trust, always verify." It will discuss how this framework assumes internal and external networks are hostile, requiring continuous verification of all access requests.
In this video we will explain Privileged Access Management (PAM) systems, which secure high-level accounts (e.g., sysadmins) by enforcing unique, temporary credentials, session monitoring, and automated password rotation, enhancing accountability and reducing insider threat risks.
This video will define "secrets" in an IT context, including passwords, API keys, and cryptographic keys, emphasizing their critical importance and the risks associated with their exposure. It will highlight the need for centralized, secure storage of these sensitive items.
In this video, we will explore various approaches to secrets management, including using vaults for secure storage, implementing dynamic and ephemeral secrets, and integrating audit and monitoring capabilities to track access and usage.
Introduction to the module, key topics to be covered, and call to action.
This video will categorize malicious actors, from script kiddies to nation-state hats, and discuss their diverse motivations, such as financial gain, political agendas, or intellectual property theft.
Learners will understand the stages of a typical cyberattack through models like the Cyber Kill Chain, covering reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.
This video will introduce the MITRE ATT&CK framework, explaining how it provides a standardized taxonomy for classifying attacker Tactics, Techniques, and Procedures (TTPs), aiding defenders in understanding and responding to attacks. (I am going to share my screen showing my browser with website https://attack.mitre.org/ to show how to work with that framework and how it can be useful for learners)
In this video we will define social engineering as the manipulation of individuals to gain unauthorized access to information. It will explain how attackers exploit human psychology, leveraging desires for gain or fears of loss.
This video will focus on phishing, including spear phishing and other variants delivered via email or SMS. It will discuss how AI enhances phishing sophistication by eliminating grammatical errors, making attacks more convincing.
In this video we will cover the emerging threat of deepfakes, where AI mimics voices and appearances to facilitate impersonation scams. It will highlight real-world examples and the challenges in detecting such advanced deception.
This video will provide a broad overview of malicious software (malware), including its various categories (e.g., viruses, worms, Trojans, ransomware) and basic analysis techniques like static and dynamic analysis.
This video will explain common web application vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, which are frequently exploited by attackers. It will also cover prevention strategies like input validation and output encoding.
In this video we will introduce the fundamental concepts of encryption (symmetric and asymmetric), explaining how it protects data confidentiality. It will also discuss the role of digital certificates in establishing trust and securing communications.
Cybersecurity is no longer optional. It's a critical skill for every IT and business professional. As cyber threats like ransomware, phishing, data breaches, and insider attacks become more sophisticated, organisations urgently need individuals who can detect, respond to, and prevent security incidents.
This beginner-friendly course, Foundations of Cybersecurity Operations, offers a clear and practical introduction to the essential principles, tools, and practices that safeguard systems, networks, and sensitive data. Guided by expert instructor Gleb Marchenko, you'll explore key cybersecurity concepts, including the CIA triad (Confidentiality, Integrity, Availability), risk management frameworks, identity and access management (IAM), and the role and structure of the Security Operations Centre (SOC).
Additionally, you’ll gain hands-on experience with tools like SIEM and XDR to detect and analyse cyber threats, build secure access controls using multi-factor authentication, and understand how to identify and mitigate human vulnerabilities commonly exploited by attackers. Real-world examples, hands-on labs, and interactive activities will ensure you understand not just the theory, but also the practical application of these concepts.
By the end of this course, you’ll be equipped with the knowledge and confidence to identify cyber risks, strengthen security defences, and contribute to improving your organisation’s cybersecurity posture. Whether you're starting a career in cybersecurity or enhancing your IT knowledge, this course provides the solid foundations needed for long-term success in the field.