CIA Triad
The CIA Triad is a fundamental security model in cybersecurity and is composed of Confidentiality, Integrity, and Availability. Confidentiality is something that ensures that data is kept confidential by allowing only authorized users access to the data.
The main thing about Integrity is that data is kept to the same level of protection and that the data could only be changed by the person that changed it thus providing non-repudiation. Availability is the concept that data remains available for the authorized users provided that they are authenticated.
Confidentiality
Confidentiality is the thing that ensures data is kept private and only accessible for authorized users. This is ensured by encryption, access controls and with strong authentication measures. Confidentiality builds trust in the security measures and ensures legal compliance by protecting the organization’s reputation. Threats to confidentiality include phishing, social engineering and password attacks.
Integrity
This makes sure that data has not been altered by malicious users or compromised. Integrity of data is that it maintains its trustworthiness and accuracy. Hash validation is one way to maintain integrity and verify if data has been corrupted or altered. Integrity protects against intentional and accidental modifications of data ensuring that the information remains trustworthy. Threats to Integrity include modifying data, man in the middle attacks and unauthorized file modifications.
Availability
This is where data is available to users for business continuity. Also, where data and systems are available to authorized users when necessary. This includes items like data backups and server maintenance. Availability ensures that the business can continue to function in the event of an incident or a failure of a system. Threats to availability include ransomware, denial of service attacks, distributed denial of service attacks, hardware failures and natural disasters.
Substack Note on Impostor Syndrome
I have posted a note on Substack that is a short form blog post that is about imposter syndrome. It can be found at the following link:
https://substack.com/@dejongaaron/note/c-207972601
In this Substack note the main point that I was covering was that one of the pain points in studying for cybersecurity exams is imposter syndrome. This is further discussed in the Substack note. I will do a post next time; it was my first time doing Substack so bear with me.
Conclusion
The CIA Triad is useful as a security model for understanding fundamental cybersecurity principles, incident response and disaster recovery. It also serves as the basis for understanding security vulnerabilities and creating policies that protect data at rest, data in transit and data in use.
Introduction
In the Computer Networking industry there are some topologies for setting up the network in the LAN or Local Area Network. When you begin to develop a sense of computer networking you can group networks into network types and network topologies. Understanding the basics of computer networking will allow you to develop your skills in Cybersecurity.
There are also other network types like the LAN that are MAN (Metropolitan Area Network) or WAN (Wide Area Network). These are general network types that are non-vendor specific and can be instituted in other networks. Some of these other network types include the PAN or Personal Area Network and the CAN which is the Campus Area Network.
The network topologies include the bus, ring, star, mesh, full mesh, and hybrid topologies. The bus topology is something that has happened in the past and is less common where all of the computers are situated along one cable. This is a configuration that was common in the beginning of networking.
Ring Topology
The ring topology includes some older technology as well, which is Token Ring. Token Ring is a technology that was used by setting up computers in a ring-shaped topology where the computers are all located along the ring and use the token to communicate.
Star Topology
Going into the star topology, it is used today and is where the computers sit around a central switch which resembles a star shaped topology. The star topology could also be around a hub or a piece of technology that is centrally connecting computers together. The star topology is useful in a LAN environment where there are buildings or floors that need to be connected to each other from a central location.
Mesh and Full Mesh Topologies
There are some other topologies that are connected in either a mesh or full mesh shaped topology where the central devices are connected to each other resembling more of a modern network topology with the full mesh being something where the central devices are fully connected to all other switches.
Conclusion
There is also a hybrid topology which is a combination of network topologies. This is usually the most common type of topology. The network topologies can include the physical topology which is the physical equipment and a logical topology where the flow of data goes across the different network types.
Within computer networks there are some basic knowledge items that will help you in your journey in IT and in both computer networking and cybersecurity specifically. Helping you understand these topics will help you in the path that you are wanting to do for your IT career.
aaron597.com
The way that I am going about the content on this blog is to go over more technical training and educator kind of content. This blog is also more for the actual information on the technical content as I will be going through AWS, Microsoft, and Cisco technologies. This content is something that I am working on as far as my nine IT certifications and the things that I will be going through include Linux Essentials, ITF+, A+, CCST Networking, CCST Cybersecurity, CCNA, MS-900, AZ-900, and SC-900 topics.
Technical Training
On this blog, I will be posting about my journey in the technical training and educator certifications. I’m working on some training before I can get the Microsoft Certified Trainer certification as I need to have an eligible certification which I have chosen as the AZ-104. There are also some courses that I will be studying on Udemy which include a CTT+ course and a Train the Trainer course. The CTT+ is a retired certification and is no longer offered by CompTIA.
Technical Content
I will be focusing on the certifications that I have passed for the technical content that I will be working on for this blog. Some of the topics that I will be doing include Computer Networking, Cybersecurity, and Linux. Focusing on these areas will help to alleviate some of the pain points that come up with studying for certification exams which is what my sole proprietorship’s mission is.
There are some things that I could do with my technical content like Microsoft focused snippets on my blog and some more in-depth articles about similar topics. In addition, I could work with Cybersecurity focusing more on the SC-900 and CCST Cybersecurity content. There are some IT Fundamentals that I could do with the ITF+, A+, and MS-900. There is also Networking and Linux content that I could do for the CCNA and Linux Essentials building on the prerequisites for Cybersecurity.
Conclusion
There will be technical content that I will be doing next week on this blog which will be scheduled for 2:05pm MST on Saturday’s. This is only a portion of what we do at Aaron W. DeJong, to see the other content please check out aaronwdejong.net and I will be rolling out another website. This website will focus on alleviating pain points on studying for certification exams. It will be on mrcertification.tech and I am working on this coming out in the next few weeks.
I will be working on more content this year and will work more on the blogs and articles with a better plan on how to structure my content. The way that I am going to deliver on this is by developing more content and expanding my reach on Medium, aaron597.com, and aaronwdejong.net along with developing another channel on mrcertification.tech.
Career Milestones
I have six career milestones that I am working on as aims for my career. The six career milestones will include the CCIE Enterprise Infrastructure, GIAC Security Professional, CISSP, Certified Ethical Hacker, PMI-ACP and the CCISO. These certifications will define my career and future business prospects. There are some other specialties that I will want to do as well regarding Cloud Networking, Network Security, Network Defense and Network Penetration Testing.
The specialties are some of the things that I am working on as subsidiary goals to my career milestones. These are my interests that I am having to work on for more of a networking focus to my career. There are some things that I am grappling with on the certifications and skills needed to do the specialties. I will work on this additionally and will provide more of an update when I am ready on the specialties.
Career Goals
In addition to the career milestones, I do have some goals about what I want to accomplish for my career. I want to become a CIO, CISO or CTO eventually and do it before I turn 51 which is the average age of a CTO. This aim will shape how my career will turn out and how I prepare to be better equipped for this eventuality. Working on my soft skills, business skills and technology skills will enable me to get closer to landing my dream job as a CTO, CISO, or CIO.
Goal Setting
These career milestones and career goals shape my approach to setting goals for the year. This year I am focusing on mainly recertification and Cloud Networking skills. I will be doing four or five certifications this year around this aim. The certifications that I will be working on will include the AWS Certified Cloud Practitioner - Foundational, Google Cloud Digital Leader, Microsoft AZ-104, CompTIA Security+, and the Cisco ENCC Specialist Exam.
In addition, I will be working on my Microsoft Certified Trainer certification that will be available after I pass the AZ-104 exam. I have smaller goals that I am working on as well. These include certain courses on Udemy, LinkedIn Learning and YouTube. I will be attending to my Security Operations and IAM knowledge for the CISSP domains and work on my specialties more.
Conclusion
As I work through my aims this year towards the goals of my career milestones and career goals, I will be better than I am now at the end of this journey. There are some goals for reading as well as some more content creation, influencer marketing and coaching courses. As the journey continues, we will continue down the path to a better future.