Earn an IBM digital badge

Earning the Coursera certificate for this course will entitle you to receive an IBM digital badge without any
additional charge. (Note: payment is required to have full access to the course and to be eligible to qualify for the
course certificate.)

For this course you will earn the Introduction to Cybersecurity Tools & Cyber Attacks badge . Full details can be
seen here.

IBM digital badges are an on-line credential that validate the skills you acquired passing this course. You can
share IBM digital badges on popular social media sites, such as Linked-In, Twitter or Facebook. Each badge you
earn has a unique URL that you can embed in a website, email or CV, so it could not be easier to share your
badges and your achievements.

IBM digital badges adhere to the global Open Badges Standard managed by the IMS Global Learning
Consortium, so you can also share IBM digital badges with any OBS-compliant badge site, such as Mozilla
Backpack.

IBM has partnered with Credly Acclaim to issue and manages IBM digital badges. If you pass this course and
earn the Coursera certificate, you will be provided instructions for how to accept and claim your IBM digital badge.

Semaine 1
Welcome to History of Cybersecurity

Semaine 1
Your IBM Global Subject Matter Experts
Your IBM Global Subject Matter Experts

IBM is a global company with subject matter experts in a range of job roles. The material in
this course is intended to give you knowledge for a career in cybersecurity not from a set of
formal charts and instructors but from the knowledge and experience of the subject matter
experts that are assisting our clients every day in the field at their locations, as ethical hackers
and penetration testers as well as in our Security Operation Centers.

These subject matter experts (SMEs) for this course are from the United States, Costa Rica,
and Italy. As you continue your journey to enhance your skills in cybersecurity, you will also
hear from SMEs from Canada and the UK.

Here are your SMEs:

Semaine 4
Welcome to an Introduction to Key Security Tools

In Module 4, Warren Perez,

an SIEM administrator for
IBM's Manage Security Services Organization
in Costa Rica,
will give you an overview of some of
the many security tools used in the Cybersecurity field.
Warren and John, will then explain the use
of these tools and give some examples.
At the end of this module,
you will be able to describe the purpose of firewalls,
antivirus and anti-malware, cryptography,
penetration testing, and digital forensics.
You will also be introduced to two key resources,
security [Link] and Warren's article,
incident response, and digital forensics.
Let's get to it.
Semaine 1
Introduction to Cybersecurity Tools & Cyber Attacks

IBM Security Learning Services

This module will give you a brief overview of the history of cybersecurity. You will also learn key terms and roles in
cybersecurity.

History of Cybersecurity

Concepts clés

 Define cybersecurity and describe key terms and key security roles and functions within an IT
organization.
 Describe the history of cybersecurity and what events brought it into the national spotlight in the United
States.
 Describe why critical thinking is such an important skill for the security analyst to posses in the rapidly
evolving cyberattack landscape.
 Describe why it is so hard to secure online resources and what organizations and resources are
available to help.

Introduction to Cybersecurity Tools & Cyber Attacks

Vidéo: Vidéo de coursIntroduction to Cybersecurity Tools & Cyber Attacks

. Duration:7 min Hi everyone this is Jeff Crume, I am a security architect and distinguished engineer with IBM.

I've been with IBM for 36 years and most of that has been spent in the security space.
I've been interested in this particular topic all the way back into high school where I spent
most of my afternoons in the lab hacking and trying to figure out how systems worked, and
how they would break and how you could defend against attacks and all of those kinds of
things.
So it's been a fascinating topic for me always as long as I can remember and hope you'll find
it to be so as well.
So welcome to this course, and I hope you'll find it interesting.
We're going to move on to the next slide which refers to the challenge that we faced currently
in the cybersecurity space.
The challenges are significant.
In fact most of these challenges have been true for a long time and I suspect will continue to
be true for a long time moving forward which is one of the things that makes this such an
interesting space and such a good place to develop and spend your time developing skills in.
So for instance, the threats continue to increase.
That's been the case for as long as we've been interconnecting computers across the internet.
The threats have continued to increase, there's no reason to think that that's going to change.
There's an increasing incentive for the bad guys to try to hack, and why is that?
Well because more and more we're putting important information, valuable
information, resources that have actual monetary work on IT systems.
So as the famous or infamous bank robber Willie Sutton was asked, why do you keep robbing
banks?
He said, "Because that's where the money is".
Well if Willie Sutton was robbing banks today he'd probably be on IT systems and be a
hacker because that's where the money is and it will continue to be the case.
So the threats continue to increase, system gets more complex which also increase the threat
space and increase the size of the target that we place on these systems.
The alerts that we get to continue to increase, in other words the notifications that people are
attacking and doing certain techniques using different types of attack vectors that continues to
change and more.
We have some general themes that continue, but the details of the attacks will continuously
change.
Unfortunately, those things are good for the bad guys, for the good guys, the number of
analysts is down and you see a statistic down at the bottom of this slide in particular, that talks
about a skill shortage that we're projecting that by the year 2022, their will be 1.8 million
unfilled cybersecurity jobs.
Now that's a lot, but some people will argue and say well, that number is exaggerated, so let's
cut it in half.
Let's say it's roughly a million just in terms of round numbers.
That's still a huge number.
That means if you have the jog Rex to go out and get the skilled people, there's simply not
enough skilled people and we can't create cybersecurity experts fast enough to meet that
demand.
Now you may watch this course, this is being recorded at one point in time, so anytime you
put statistics like this out there, there's always a risk that in the future the odds are that the
dynamics will be somewhat different.
I suspect this is going to be a problem for us going forward.
So we're going to need a lot more cybersecurity experts in the field to accomplish what we
need to be able to accomplish and they're going to need more and more knowledge.
The knowledge that's required in order to deal with more complex attacks continues to
increase.
Then unfortunately we have less and less time to work on these.
Because literally time is money when it comes to these attacks, the longer it takes you
to respond the more it will cause, the more data that gets leaked, the more damage that's
done, and in some cases when we're talking about compliance regulations like the Generalized
Data Protection Regulation from Europe GDPR.
If you don't respond quickly enough and notify all the people that need to be notified of a
breach, it will cost your company significant money as well in terms of fines.
So all of those things taken together really come up to one inescapable conclusion, that we
need more cybersecurity skilled individuals to help deal with the threat. So what do these
folks need to do on a regular basis?
Well if you're a SOC by the way as a security operation center so that's the control center, the
nerve center of where we received the security information and event management
information, that's the acronym you see their SIEM.
That refers to bringing in all the alarms and security information into one place.
So we need to be able to see those events on a console, see the incidence which ones of them
are important and which ones of them aren't.
That's a huge part of the triage that goes on here. In doing that triage we have to decide is this
something a real thing or not?
If it is, then I need to do more investigation.
If it's not, well then I could move on.
Maybe I want to classify it so that I don't waste time on those similar types of information and
alarms that come in in the future.
So we're constantly wanting to tune this to our environment so that we don't waste time.
We're productive with what we do.
You want to be able to do the investigations and some cases that involves using all sorts of
different security tools, you may have lots of different consoles, although, we're more and
more about trying to create an integrated whole so that we can bring in the information from
the data layer, the operating system layer, the network layer, the application layer, the identity
layer, bring all of those in an integrated way together, but in many cases these indicators of
compromise may occur on different systems and we need to be able to bring them all
together.
So being able to be skilled at doing searches, doing investigations, having a curious mind that
can go out and piece together all the different threads that we have into an integrated whole
and start building a narrative around.
Okay, this happened and then that resulted in this and then we add this happened, and now
what we have is not a single incident but we have a large malware campaign for instance,
that is affecting lots of systems.
The way we mitigate and orchestrate our response to that, then will become the next skill that
we really have to focus on.
So first job is identifying the problem, then trying to discover the extent of that, the risk that's
involved in it, for instance, how big of an impact does this have on the organization and then
ultimately what kind of response do we do with this?
Can we automate some of the response for the future?
Is this something we will have to deal as a one-off?
Are there individuals that we need to notify to get response to this particular problem?
Do we have to work with other partners who systems may be connected to ours, ISP
upstream?
Do we need to have them put blocks on the network to get rid of the bad stuff?
Do we need to install new tools that can help us do mitigations in the future?
So you can see there's a lot of different kinds of things and I've only touched the tip of the
iceberg.
But again, I'll say to you I think is a fascinating area, it's one that is constantly moving.
If you like a challenge,
if you like hard problems, this is a good place to work.
I hope you find this information in this course useful.

Introduction to Cybersecurity Tools & Cyber Attacks

TOTAL DES POINTS 2

1.

Question 1

Jeff Crume described 5 challenges in security today. Which three (3) of these are challenges because their
numbers are increasing rapidly?

1 point
Available time

Threats

Alerts

Needed knowledge

Available analysts

2.

Question 2

About how many unfilled cybersecurity jobs are expected by the year 2022?

1 point

180,000

1.8 million

180 million

There is expected to be a surplus of available skills by 2022.

Lecture: Earn an IBM digital badge

. Duration:5 min


 Vidéo: Vidéo de coursWelcome to History of Cybersecurity

. Duration:1 min

As you just heard and just welcome to this course, skills in cybersecurity are in high
demand.
Companies, organizations, and government agencies around the world are finding it very
difficult to hire the number of skilled cybersecurity professionals to meet their demand.
Hi, I'm Terry Pucket, a content strategist and instructional designer here at IBM Security.
I will be with you throughout your journey to help tie together the material you will need to
master in order to be successful in today's cybersecurity marketplace.
You will be hearing from IBM subject matter experts who have a global perspective on
cybersecurity challenges facing analysts today.
They will provide you with information to meet the learning objectives for each of the
modules in this course.
Lire la vidéo à 52 secondes et suivre la transcription0:52
In module one, Kenneth Gonzalez, a penetration tester in Costa Rica from IBM's Explores
Red Team, will start you off with a brief history of cybersecurity.
John McLaughlin, an Executive Security Architect, focus on US federal government projects
will further explain why cybersecurity has become such a challenge in today's world.
Kristin Dahl, a security consultant with IBM X-Force, will talk about critical thinking, the
first of many soft skills introduced in this program.
Kristen's video is borrowed from a web seminar she presented to an IBM chapter of WiCyS,
women in cybersecurity.
In fact, joining a cybersecurity organization is a great way to learn from like minded people of
all skill and experience levels.
There is a link to WiCyS and similar organizations noted throughout this course.
So with that, let's get started.

Lecture: Your IBM Global Subject Matter Experts

. Duration:10 min