Coursera: Google Cybersecurity Course
One of the areas I want to get a better background and also want to focus more is security. This not only means securing an application while developing it, but also while running it. If I have to put a label on this, it may be DevSecOps. But I’m not a big friend of vague labels. Everyone understands them differently. My primary goal is to be able to develop applications in a team which are
- maintainable
- observable
- secure
- useful and working (yes, this should always be the case and may be a bit obvious)
I tend to read up about security issues in frameworks, I use and keep up to date with the OWASP Top 10 and how they affect the code I write. But when it comes to logging and monitoring an application or traffic, I start to struggle. I’m always torn between ‘log everything’ and ‘log only relevant things’. Well, I guess the hard decision is what relevant means. On one of my journeys through the internet, I stumbled about the “Google Cybersecurity” course on Coursera. While being an entry-level course, I decided to take it anyway.
What is part of this course?
You will learn about a lot of different topics. There are modules about network security, basic Linux command, basic SQL queries, basic Python programming. And not only lectures, but also hands on. Even packet sniffing was performed in guided labs. This was quite fun, albeit sometimes a bit boring. But this was to be expected from an entry level course.
Besides these technical aspects, there were modules about:
- Asset Management and Asset Security
- Audits and Audits Types
- CIA Triad
- NIST Risk Management Framework (NIST RMF)
- Privacy regulations like GDPR, HIPAA
- NIST Cybersecurity Framework (NIST CSF)
- OWASP Principles
- Certified Information Systems Security Professional (CISSP) Domains
- Threat modeling frameworks like STRIDE, PASTA, Trike and VAST
- Intrusion Detection and Prevention Systems (with hands-on on Suricata)
- Social Engineering Attacks
- Security Incident Event Management (SIEM) tools like SPLUNK and Chronicle (with a bit of hands-on)
- Playbooks (which reminded me a lot of Standard Operation Procedures (SOPs) from my wet-lab time)
- Security Orchestration, automation and response (SOAR) tools
- Incident Handlers Journal
- Different areas a security analyst may be working in
- How companies may organize a Computer Security Incident Response Team (CSIRT)
- How to prepare for a job interview
And there were a lot of terminologies and a lot of resources. Most of the modules also had some hands-on tasks with either tested solutions or examples solutions.
Was it worth the time?
Yes, it was. If you are working in the application development and IT fields for some time, you may know already parts or a lot of these courses. While I did not learn mind-blowing things, the whole course gave me structure and put name on things. For me, it was a great way to get to a starting point from where I can branch out. For example, I never heard the term SIEM or SOAR before.
To be frank, I put not much effort into some tasks. Especially in the ‘portfolio’ tasks. Nevertheless, I found these tasks useful in structuring my thoughts. And I powered through the courses and did no extensive reading of the linked resources and frameworks.
The only think I did dislike a bit was the credly badge going with the certificate from coursera never showed up.
However, there was one thing I did like very much: Google employees were telling how they ended up in cybersecurity at Google. This was a real diverse crowd, coming from a lot of different backgrounds.