What should beginners do to get a broad understanding of cybersecurity in 1-3 months' time?

1.6k views5 Upvotes6 Comments

Director in Construction, 1,001 - 5,000 employees
It really depends on who these "beginners" are and the expectations they have in understanding.  Are they journalists looking to write better articles, executives and board members trying to understand how to better governs the cybersecurity aspects of their business, a small business owner scared of a ransomware incident or hack, or a high school student interested in a career in cybersecurity.
For executives and small business owners it would be best to make connections with those in the cybersecurity industry (and not vendors).  Find out who in your organization is responsible for cybersecurity and develop a relationship, pay for lunch, make a friend.  I also think working with Cybersecurity consultants (try to stay away from Partners in the big accounting firms) would be a good place to start.
For the high school student, it is all about your interests.  Cybersecurity professionals need to understand the mind of a threat actor - so build your own linux system, read about firewalls and networking and read the details about how high profile hacks occurred and what controls failed. Get some books about Cyberworms, Cybersecurity history (Mitnick, phone freaking etc) and read.
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
1. Fundamentals of risk management. 
2. Basic concept of Information Security and tools. 
3. Understanding of business and business requirements is crucial to play the role. 
CISO in Finance (non-banking), 10,001+ employees
1-3 months time may not give broad understanding of cyber security domain, however beginners should start with the basics of understanding Information Security Domain. Cyber security is subset of information security domain. They must learn the CIA triad in detail. Basic training on ISO27001 and ISMS will help them to give fair idea on various Information security controls. Basic security risk assessment knowledge will help them to understand different cyber security domains including network security, data security, application security, endpoint security and accordingly they will understand the security threats around this domains. They need gain as much knowledge on Threats and vulnerabilities. 
Senior Information Security Manager in Software, 501 - 1,000 employees
One of the best information security books is ‘Security Engineering: A Guide to Building Dependable Distributed Systems’.

I’d suggest the person spends an hour a day reading it. And when they are done, read it again. Once they complete the book, they will have an extremely solid understanding of information security.

Chief Information Security Officer in Services (non-Government), 51 - 200 employees
Take a 360 degree view of what affects and matters most to an organisation. Understand the mission of the company and key business processes, the assets then begin to identify what needs to be done to provide balance protection and support revenue generation.
Director of IT in Education, 501 - 1,000 employees
1-3months time for the beginner to understand the cybersecurity is not easy to archieve, you can learn to get certificate by remember the question/lesson, but for the real experience is not the same, I recommend you try to understand the business context in your organization first, what is the main function and concern in your business section. then you can start the cybersecurity.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.7k views131 Upvotes319 Comments

Very difficult28%

Somewhat difficult69%

Not at all difficult3%

We're not looking for IT staff with cloud skills0%


1.6k views1 Upvote1 Comment



Planning to8%


982 views2 Upvotes