All language subtitles for Complete CYBERSECURITY Fundamentals Everything You Need to Know

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
ceb Cebuano
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (SoranĂ®)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
my Myanmar (Burmese)
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,025 --> 00:00:05,225 Welcome to the world of cyber security. My name is Ismail. And in the next two hours or so, I'm going 2 00:00:05,225 --> 00:00:10,265 to do something most schools, most colleges, and even most parents never did for you. I'm 3 00:00:10,265 --> 00:00:16,825 going to show you how the internet actually works, who might be watching you right now and why, how 4 00:00:16,825 --> 00:00:22,345 hackers think and what they're really looking for. And most importantly, how to protect yourself, 5 00:00:22,345 --> 00:00:27,065 your family, and your future. And if you're someone who wants to turn this into a career, 6 00:00:27,065 --> 00:00:31,705 there's a full road map waiting for you in the second half of this video. By the end of this, 7 00:00:31,705 --> 00:00:36,665 you'll understand more about cyber security than most people using the internet today. Not hype, 8 00:00:36,665 --> 00:00:42,905 not exaggeration, just real knowledge. So stay with me, take notes if you want, and let's begin. 9 00:00:42,905 --> 00:00:49,065 Chapter 1. The internet is not safe. Let me start with a story. A 28-year-old woman named Sarah, 10 00:00:49,065 --> 00:00:53,065 a school teacher from Ohio, she thought she was just using the internet like everyone else, 11 00:00:53,065 --> 00:00:58,665 scrolling Instagram, ordering food online, checking her emails. Nothing unusual, nothing 12 00:00:58,665 --> 00:01:04,025 risky, just normal life. One evening, she received an email. It looked exactly like it came from 13 00:01:04,025 --> 00:01:10,825 her bank. Same logo, same design, same tone. It said her account had been flagged for suspicious 14 00:01:10,825 --> 00:01:16,825 activity. And there was a simple instruction. Click here to verify. So she clicked. She entered 15 00:01:16,825 --> 00:01:24,505 her username. She entered her password. And within 6 hours, $4,200 was gone. Transferred out of her 16 00:01:24,505 --> 00:01:31,225 account just like that. Her Instagram started posting content she never approved. Her Gmail 17 00:01:31,225 --> 00:01:37,145 was used to reset passwords on her Netflix, her Amazon, her PayPal. Everything started falling 18 00:01:37,145 --> 00:01:43,385 apart. Sarah wasn't careless. She wasn't dumb. She was just unaware. And that right there is 19 00:01:43,385 --> 00:01:50,185 the biggest cyber security problem in the world today. Not technology, not hackers, unawareness. 20 00:01:50,185 --> 00:01:56,345 Here's a fact that should make you pause. Every 39 seconds, a cyber attack happens somewhere in the 21 00:01:56,345 --> 00:02:01,305 world. Every 39 seconds, by the time you reach the end of this line, someone's data has already been 22 00:02:01,305 --> 00:02:08,345 stolen. Now, think about that. How many 39-second intervals happen in a single day? In a week, 23 00:02:08,345 --> 00:02:14,665 the numbers are massive. But here's the part most people don't realize. Most cyber attacks are never 24 00:02:14,665 --> 00:02:20,505 reported. People feel embarrassed. Companies avoid bad press. So, the real number, it's probably 10 25 00:02:20,505 --> 00:02:26,505 times higher. Now, let's talk about something even more dangerous. The illusion of safety. We live in 26 00:02:26,505 --> 00:02:32,185 a world where we feel safe just because we have a password on our phone. We feel safe because we use 27 00:02:32,185 --> 00:02:37,625 private browsing. We feel safe because we visit what we think are trusted websites. But let me 28 00:02:37,625 --> 00:02:43,225 break that illusion for a moment. Private browsing does not hide you from your internet provider, 29 00:02:43,225 --> 00:02:48,665 your employer, or skilled hackers. Passwords alone, they are cracked every single day by 30 00:02:48,665 --> 00:02:54,905 machines that can try billions of combinations in just one second. And those trusted websites, 31 00:02:54,905 --> 00:03:00,425 many of them get hacked too. Thousands of times every year. I'm not telling you this to scare you. 32 00:03:00,425 --> 00:03:04,985 I'm telling you this to wake you up because awareness is the first step. And right now, 33 00:03:04,985 --> 00:03:10,905 you're already taking it. Now, let's look at the scale of this problem. Real numbers. In 2024, 34 00:03:10,905 --> 00:03:17,785 cyber crime cost the world over $9.5 trillion. Think about that for a second. If cyber crime were 35 00:03:17,785 --> 00:03:21,785 a country, it would be the third largest economy in the world, only behind the United States and 36 00:03:21,785 --> 00:03:29,465 China, third largest in the world, and it's still growing. Experts predict that by 2027, that number 37 00:03:29,465 --> 00:03:35,945 could reach $23 trillion. Now, here's a question I I want you to really think about. Who do hackers 38 00:03:35,945 --> 00:03:42,345 target the most? Big corporations, government agencies, billionaires? No. The number one target 39 00:03:42,345 --> 00:03:48,425 is regular people. People like you. Why? because it's easier. Because protection is weaker, because 40 00:03:48,425 --> 00:03:54,505 there are billions of targets. It's not personal, it's math, your digital footprint. Here's 41 00:03:54,505 --> 00:04:01,065 something most people never realize. Right now, at this exact moment, there exists a digital profile 42 00:04:01,065 --> 00:04:06,825 of you, more detailed than what even your closest friends know. It knows the websites you visited, 43 00:04:06,825 --> 00:04:11,705 the things you've searched for, where you've been over the years, when you sleep and when 44 00:04:11,705 --> 00:04:17,545 you wake up, what you believe in, what you worry about, what you might be dealing with healthwise, 45 00:04:17,545 --> 00:04:24,265 how you spend your money, and even how you feel uh based on what you watch and what you click. All 46 00:04:24,265 --> 00:04:31,385 of this information is being collected, stored, bought, and sold every single day by hundreds of 47 00:04:31,385 --> 00:04:35,625 companies you've never even heard of. And that that's just the legal side because hackers want 48 00:04:35,625 --> 00:04:40,985 that same information too, but they don't ask for permission. They take it and once they have it, 49 00:04:40,985 --> 00:04:46,345 they use it to steal from you, manipulate you, or sell it to other criminals. Now, 50 00:04:46,345 --> 00:04:52,185 pause for a second and ask yourself honestly, before this video, did you know any of this? Most 51 00:04:52,185 --> 00:04:57,545 people don't. And that's exactly why cyber crime has become a multi-trillion dollar industry. But 52 00:04:57,545 --> 00:05:03,865 here's where things change. Because this isn't a horror story. This is a survival guide. The good 53 00:05:03,865 --> 00:05:09,065 news, cyber security is not as complicated as it sounds. The methods that protect you from most 54 00:05:09,065 --> 00:05:15,225 attacks are simple. They're small habits, things you can start doing today for free that make you 55 00:05:15,225 --> 00:05:20,425 dramatically safer online. And if you want to turn this into a career, we're going to cover 56 00:05:20,425 --> 00:05:27,865 that too in detail. Because the truth is, people who get hacked aren't weak. They're uninformed. 57 00:05:27,865 --> 00:05:33,465 And the people who stay safe aren't geniuses, they're prepared. And by the end of this video, 58 00:05:33,465 --> 00:05:38,665 you will be prepared. Now that you understand why this matters, let's go deeper because you 59 00:05:38,665 --> 00:05:43,785 can't protect something you don't understand. So, let's break it down. How the internet actually 60 00:05:43,785 --> 00:05:51,625 works. Chapter 2, how the internet actually works. Now, let's do something different. Let's 61 00:05:51,625 --> 00:05:58,105 play a simple game. I want you to imagine this. Every house in the world is connected by a giant 62 00:05:58,105 --> 00:06:03,385 invisible postal system. When you send a letter or in internet terms, when you open a website, 63 00:06:03,385 --> 00:06:08,665 you're sending a request from your house to someone else's house. That request travels 64 00:06:08,665 --> 00:06:13,785 through roads, through bridges, through multiple checkpoints until it reaches its destination, 65 00:06:13,785 --> 00:06:18,905 a server. A server is just a very powerful computer that stores the website you want to 66 00:06:18,905 --> 00:06:23,865 see. Once your request arrives, the server sends the website back to you. And this entire journey 67 00:06:23,865 --> 00:06:30,185 going there and coming back happens in less than a second. That is the internet. Simple, right? 68 00:06:30,185 --> 00:06:35,945 Good. Want to learn complete networking for cyber security? We've created a 1-hour video that people 69 00:06:35,945 --> 00:06:41,705 are loving. Check it out on our channel. Now, let's go one step deeper. IP addresses. Your home 70 00:06:41,705 --> 00:06:46,825 address on the internet. Every device connected to the internet has something called an IP address. 71 00:06:46,825 --> 00:06:52,825 IP stands for internet protocol. Think of it as your home address in the digital postal system. 72 00:06:52,825 --> 00:06:58,025 Just like a letter needs a delivery address, every piece of data traveling across the internet 73 00:06:58,025 --> 00:07:08,585 needs an IP address to know where to go. Your IP address looks something like this, 192.168.1.105. 74 00:07:08,585 --> 00:07:13,385 It's a series of numbers that identifies your device and your general location. Now, 75 00:07:13,385 --> 00:07:18,345 here's something interesting. Right now, as you're watching this video, your IP address is 76 00:07:18,345 --> 00:07:24,425 visible to YouTube, to your internet provider, and potentially to anyone running the right software. 77 00:07:24,425 --> 00:07:30,345 That doesn't mean immediate danger, but it is the first thing a hacker looks for when choosing a 78 00:07:30,345 --> 00:07:37,385 target. Servers, the warehouses of the internet. When you you type google.com into your browser, 79 00:07:37,385 --> 00:07:43,945 where does that request go? It goes to a server. A server is simply a powerful computer, usually 80 00:07:43,945 --> 00:07:50,025 stored inside massive buildings called data centers that hold websites, apps, and data. Google 81 00:07:50,025 --> 00:07:55,945 alone runs more than 2 million servers across the world. Facebook operates data centers as large as 82 00:07:55,945 --> 00:08:02,425 shopping malls. These servers work 24 hours a day, 7 days a week, storing your photos, your messages, 83 00:08:02,425 --> 00:08:07,785 your emails, everything. Now, think about this. There's a question hackers ask themselves every 84 00:08:07,785 --> 00:08:14,025 single day. What happens if I attack that server? One server, millions of users, maximum impact. 85 00:08:14,025 --> 00:08:18,825 That's how massive data breaches happen. When a company's server is compromised, every user's data 86 00:08:18,825 --> 00:08:25,465 is suddenly at risk. HTTP versus HTTPS, the lock on your digital door. You may have noticed some 87 00:08:25,465 --> 00:08:31,145 websites start with HTTP and others start with HTTPS. That one small letter changes everything. 88 00:08:31,145 --> 00:08:36,425 HTTP stands for hypertext transfer protocol. It's the language your browser uses to communicate 89 00:08:36,425 --> 00:08:43,865 with websites. HTTPS is the secure version. That extra S means the connection between you and the 90 00:08:43,865 --> 00:08:49,385 website is encrypted. Your data is scrambled in a way that makes it unrable to anyone trying to 91 00:08:49,385 --> 00:08:55,305 intercept it. Think of it like this. HTTP is like sending a postcard. Anyone handling it along the 92 00:08:55,305 --> 00:09:01,945 way can read what's written. HTTPS is like placing that message inside a locked safe with a key that 93 00:09:01,945 --> 00:09:09,145 only you and the receiver have. If you're on a website without HTTPS and you enter your password, 94 00:09:09,145 --> 00:09:15,385 your credit card details, or any personal information, that data is traveling in plain text, 95 00:09:15,385 --> 00:09:20,505 completely exposed. Anyone monitoring that traffic can read it. So, here's a simple rule. Before 96 00:09:20,505 --> 00:09:25,465 you enter any personal information, look at your browser's address bar. If you see a small padlock, 97 00:09:25,465 --> 00:09:32,585 you're on HTTPS. If you don't, leave immediately. DNS the internet's phone book. Here's something 98 00:09:32,585 --> 00:09:38,105 interesting. Computers don't actually understand names like google.com. They understand numbers, 99 00:09:38,105 --> 00:09:43,465 IP addresses. So, when you type a a website name, how does your browser know where to go? There's 100 00:09:43,465 --> 00:09:49,145 a system working quietly in the background. It's called DNS, the domain name system. Think 101 00:09:49,145 --> 00:09:56,185 of DNS as the internet's phone book. You type google.com and your browser sends a request. Hey, 102 00:09:56,185 --> 00:10:02,025 what's the IP address for this name? The DNS server responds. That's 142.250.19. 103 00:10:02,025 --> 00:10:08,185 250.190.14. Your browser takes that number, goes to that address, and just like that, 104 00:10:08,185 --> 00:10:12,825 Google appears. This entire process happens in milliseconds. You never see it. You never notice 105 00:10:12,825 --> 00:10:19,625 it. But it's happening billions of times every single day. Now, here's the real question. Why 106 00:10:19,625 --> 00:10:25,385 does this matter for cyber security? Because this system can be attacked. It's called DNS poisoning 107 00:10:25,385 --> 00:10:30,505 or DNS spoofing. Imagine someone breaking into that phone book and changing Google's number 108 00:10:30,505 --> 00:10:36,905 to their own fake website. A website that looks exactly like the real one. Same design, same logo, 109 00:10:36,905 --> 00:10:42,825 same layout. You type google.com and you land on that fake page. And if you enter your email, 110 00:10:42,825 --> 00:10:50,185 your password, it's gone. Stolen instantly. This is not theory. This happens. And we'll dive deeper 111 00:10:50,185 --> 00:10:54,585 into it when we talk about real attacks. Now, let's move into something most people only hear 112 00:10:54,585 --> 00:11:00,905 about in movies. Uh, the dark web. Let's clear the confusion. The internet you use every day, Google, 113 00:11:00,905 --> 00:11:06,745 YouTube, Instagram, news websites, that's only a tiny part of the whole system. About 5%. The 114 00:11:06,745 --> 00:11:13,465 remaining 95% is called the deep web. And most of it completely normal. Private databases, company 115 00:11:13,465 --> 00:11:18,985 systems, medical records, bank infrastructure, nothing secret or dangerous, just not public. 116 00:11:18,985 --> 00:11:25,065 But within that deep web, there's another layer, a hidden layer, the dark web. These are websites 117 00:11:25,065 --> 00:11:30,425 that are not indexed by search engines. You won't find them on Google. Their addresses look unusual, 118 00:11:30,425 --> 00:11:38,265 ending instead of.com. And to access them, you need a special browser tour, the onion 119 00:11:38,265 --> 00:11:43,785 router. Now, here's the truth. The dark web is not purely criminal. Journalists use it to communicate 120 00:11:43,785 --> 00:11:50,345 safely. Activists use it to avoid surveillance. In some places, it's a lifeline. But yes, it's also 121 00:11:50,345 --> 00:11:56,105 where a lot of illegal activity happens. Stolen passwords are sold there. Credit card data traded 122 00:11:56,105 --> 00:12:01,865 in marketplaces. Personal information from data breaches listed in bulk. Your email and password 123 00:12:01,865 --> 00:12:07,385 from something you signed up for years ago could be sitting there right now and you wouldn't even 124 00:12:07,385 --> 00:12:13,225 know. There are tools, simple ones, that let you check if your data has been exposed in a breach. 125 00:12:13,225 --> 00:12:18,745 One of the most trusted is called Have I Been Poned? It's free and it can show you if your email 126 00:12:18,745 --> 00:12:25,865 has ever been compromised. After this video, you should check it because awareness is protection. 127 00:12:25,865 --> 00:12:30,585 Now you understand how the internet is built. But here's the real shift. Who is moving inside this 128 00:12:30,585 --> 00:12:36,825 system? Who is searching for weaknesses? Who is looking for people just like you? Let's talk about 129 00:12:36,825 --> 00:12:43,705 hackers. And trust me, they're not what you think. Chapter three. Hackers. Who they are and how they 130 00:12:43,705 --> 00:12:51,145 think. Close your eyes for a second. I say the word hacker. What image comes to mind? A teenager 131 00:12:51,145 --> 00:12:56,825 in a dark hoodie typing furiously in a black room. Green code scrolling across multiple screens. 132 00:12:56,825 --> 00:13:02,585 Maybe they're in Russia. Maybe they're anonymous. Yeah, that image is about 95% Hollywood fiction. 133 00:13:02,585 --> 00:13:06,905 The reality of who hackers actually are and how they actually operate is both more ordinary and 134 00:13:06,905 --> 00:13:13,385 more fascinating than any movie. The three hats, white, gray, and black. In cyber security, we 135 00:13:13,385 --> 00:13:19,145 use a hat metaphor to describe different types of hackers. Don't ask me why hats. It's a tradition. 136 00:13:19,145 --> 00:13:25,865 Just go with it. White hat hackers. These are the good guys. White hat hackers, also called ethical 137 00:13:25,865 --> 00:13:30,745 hackers or penetration testers, are paid by companies to try to hack into their own systems. 138 00:13:30,745 --> 00:13:35,305 Think about it. The best way to find out if your security has holes is to have someone try to 139 00:13:35,305 --> 00:13:42,105 break through it on purpose in a controlled way. Companies like Google, Microsoft, and Apple pay 140 00:13:42,105 --> 00:13:47,385 white hat hackers millions of dollars every year to find their vulnerabilities before the bad guys 141 00:13:47,385 --> 00:13:53,065 do. This is a real career, a well-paying one. And we'll cover it in detail in the careers chapter. 142 00:13:53,065 --> 00:13:58,105 Black hat hackers, these are the bad guys. Black hat hackers break into systems without permission 143 00:13:58,105 --> 00:14:04,825 for personal gain, for crime, for chaos. They're the ones behind ransomware attacks, bank fraud, 144 00:14:04,825 --> 00:14:10,985 data theft, and identity theft. Some are highly sophisticated, others are just using tools that 145 00:14:10,985 --> 00:14:16,105 other people created. Here's a stat that might surprise you. The majority of cyber attacks 146 00:14:16,105 --> 00:14:22,505 are not carried out by elite programmers. They're carried out using pre-made tools and scripts that 147 00:14:22,505 --> 00:14:28,265 anyone can download. The technical bar to entry for basic cyber crime has dropped dramatically. 148 00:14:28,265 --> 00:14:34,345 And that is a serious problem. Grey hat hackers. Grey hats are in the middle. They might hack into 149 00:14:34,345 --> 00:14:40,105 a system without permission, but not to steal anything. Maybe to prove a point, maybe to show 150 00:14:40,105 --> 00:14:46,345 a company their security is weak. Maybe out of curiosity. They operate in an ethical gray zone. 151 00:14:46,345 --> 00:14:51,865 Their motives might be good, but their methods are illegal. The cyber security world has complicated 152 00:14:51,865 --> 00:14:56,905 feelings about gray hats, but they exist, and you should know about them. How hackers actually 153 00:14:56,905 --> 00:15:02,985 think. This is the part that's going to change how you see the digital world. Hackers, especially the 154 00:15:02,985 --> 00:15:08,265 skilled ones, don't think like criminals in the traditional sense. They think like detectives, 155 00:15:08,265 --> 00:15:14,665 like puzzle solvers, like engineers. The hacker mindset has three core pillars. Pillar one, 156 00:15:14,665 --> 00:15:20,025 find the weakness. Every system, no matter how secure, has a weakness. It could be a 157 00:15:20,025 --> 00:15:25,145 technical flaw in the software. It could be a misconfigured setting. It could be a tired 158 00:15:25,145 --> 00:15:30,985 employee who clicks the wrong link. Hackers are obsessed with finding that one crack in the wall. 159 00:15:30,985 --> 00:15:36,185 Uh they're patient. They're persistent. They think creatively. Think of a hacker trying to break into 160 00:15:36,185 --> 00:15:41,785 a bank. They're not going to walk through the front door. They know there's a guard, cameras, 161 00:15:41,785 --> 00:15:47,385 alarms. But what about the janitor who comes in at 3:00 a.m.? What about the service entrance around 162 00:15:47,385 --> 00:15:54,905 back? What about the IT support person who has admin access and uses the password one two three? 163 00:15:54,905 --> 00:16:00,345 The hackers who are most dangerous are the ones who understand people as much as they understand 164 00:16:00,345 --> 00:16:08,185 technology. Pillar two, least effort, maximum impact. Sophisticated hacking is actually rare. 165 00:16:08,185 --> 00:16:13,625 Most cyber criminals are looking for the path of least resistance. Why spend 10 hours trying 166 00:16:13,625 --> 00:16:18,905 to crack a complex encryption system when you can send a fake email to 10,000 people and wait 167 00:16:18,905 --> 00:16:24,105 for just one person to click? That's why fishing, which we'll cover in depth in the next chapter, 168 00:16:24,105 --> 00:16:29,785 is the number one attack vector in the world. Not because hackers are lazy, but because they're 169 00:16:29,785 --> 00:16:36,425 smart. If you can get someone to hand you the key, why would you ever pick the lock? Pillar three, 170 00:16:36,425 --> 00:16:43,225 anonymity and patience. Professional hackers are invisible by design. They use VPNs, proxy servers, 171 00:16:43,225 --> 00:16:48,985 the tour network, even compromised computers in other countries as launch pads. By the time 172 00:16:48,985 --> 00:16:53,145 investigators figure out where an attack came from, if they ever do, the attacker is already 173 00:16:53,145 --> 00:16:59,225 gone, hidden behind layers like an onion, and they are patient. Some hacking campaigns, called 174 00:16:59,225 --> 00:17:04,185 advanced persistent threats, stay hidden inside a company's network for months before making a 175 00:17:04,185 --> 00:17:08,825 move. Imagine a thief who breaks into your house and instead of stealing something immediately, 176 00:17:08,825 --> 00:17:14,025 lives quietly in your attic for eight months, watching your routine, learning your habits, 177 00:17:14,025 --> 00:17:20,185 waiting, and then strikes at the perfect moment. That is an AP. Now, let's talk about something 178 00:17:20,185 --> 00:17:27,305 even more real. Who hackers actually are in real life. Profile one, the lonewolf teenager. 179 00:17:27,305 --> 00:17:32,505 Kevin Mitnik was once called the most wanted computer criminal in US history. He started 180 00:17:32,505 --> 00:17:38,185 hacking at 16. By his 20s, he had broken into systems belonging to IBM, Motorola, and even 181 00:17:38,185 --> 00:17:43,385 the Pentagon. He wasn't doing it for money. He was doing it for the thrill, for the challenge. 182 00:17:43,385 --> 00:17:48,985 He served prison time and later became one of the world's most respected cyber security consultants. 183 00:17:48,985 --> 00:17:55,385 Profile two, the state sponsored hacker. Some hackers don't work for themselves. They work 184 00:17:55,385 --> 00:18:01,625 for governments. Countries like Russia, China, North Korea, and Iran have dedicated cyber units. 185 00:18:01,625 --> 00:18:07,225 Teams of professionals trained to attack foreign governments, steal intelligence, disrupt critical 186 00:18:07,225 --> 00:18:12,745 systems. These are not teenagers in basement. These are experts working in offices funded 187 00:18:12,745 --> 00:18:19,225 by national budgets. Operations like the 2016 US election interference, the wan to cry ransomware 188 00:18:19,225 --> 00:18:25,305 attack that shut down hospitals in the UK, and the Colonial Pipeline attack that caused fuel 189 00:18:25,305 --> 00:18:31,545 shortages on the US East Coast. These were not random events. They were organized and powerful. 190 00:18:31,545 --> 00:18:36,425 Profile three, the organized crime ring. These are the businessmen of the digital underworld. 191 00:18:36,425 --> 00:18:42,185 Organized cyber crime groups operate like real companies. They have developers, managers, 192 00:18:42,185 --> 00:18:48,105 even customer support teams. Yes, even criminals have support chat for their victims. Some even 193 00:18:48,105 --> 00:18:53,705 run affiliate programs. This is an entire underground economy generating billions of 194 00:18:53,705 --> 00:18:58,905 dollars every single year. Now, let's talk about something you might not expect. Reconnaissance. 195 00:18:58,905 --> 00:19:04,905 The first step of every hack. Before a hacker attacks you, they study you. They research you. 196 00:19:04,905 --> 00:19:11,225 This process is called reconnaissance or simply recon. And here's the uncomfortable truth. Most 197 00:19:11,225 --> 00:19:16,345 of the information they need, you've already shared publicly. Your full name on Facebook, 198 00:19:16,345 --> 00:19:22,745 your job on LinkedIn, your phone number leaked in some data breach. Your hometown, your pet's name, 199 00:19:22,745 --> 00:19:28,265 your birthday, your favorite team, all sitting there on your social media. Now, imagine this. 200 00:19:28,265 --> 00:19:34,345 A hacker decides to target you. They check your profile. They see your dog's name is Max. They see 201 00:19:34,345 --> 00:19:41,065 your birthday March 15th. They try logging into your account using passwords like max 190 or max 202 00:19:41,065 --> 00:19:47,705 315 and it works because nearly half of people use personal information in their passwords. 203 00:19:47,705 --> 00:19:54,585 That's not a guess. That's reality. So here's the lesson. Simple but powerful. Your digital presence 204 00:19:54,585 --> 00:19:59,545 is your attack surface. The more you share, the more exposed you become. Now that you understand 205 00:19:59,545 --> 00:20:04,665 how hackers think, let's move to the next level because thinking is only half the story. Next, 206 00:20:04,665 --> 00:20:09,145 you're going to see the tools, the weapons, the actual methods they use. And this is where 207 00:20:09,145 --> 00:20:15,465 things get very real, very fast. Chapter 4, the most common cyber attacks. It's time to talk 208 00:20:15,465 --> 00:20:21,545 about weapons. Not guns, not bombs, but digital weapons that are being used right now on millions 209 00:20:21,545 --> 00:20:25,865 of people around the world. Let's go through the most common and most dangerous ones with 210 00:20:25,865 --> 00:20:32,105 real examples so you never forget them. Attack number one, fishing. Say this word out loud, 211 00:20:32,105 --> 00:20:37,785 fishing. It sounds like fishing. And that's exactly what it is. A hacker casts a line, 212 00:20:37,785 --> 00:20:42,585 puts bait on it, and waits for you to bite. The bait is usually an email, a text message, 213 00:20:42,585 --> 00:20:49,305 or a social media message that looks exactly like it came from someone you trust, your bank, Apple, 214 00:20:49,305 --> 00:20:55,305 Amazon, Netflix, even your boss. The goal to get you to click a link that takes you to a fake 215 00:20:55,305 --> 00:21:00,745 website where you enter your login details or to open an attachment that installs malware on your 216 00:21:00,745 --> 00:21:08,105 device. Here's a real scenario. In 2020, Twitter was hacked and more than 130 high-profile accounts 217 00:21:08,105 --> 00:21:15,385 were compromised. Elon Musk, Barack Obama, Joe Biden, Jeff Bezos, all posting the same Bitcoin 218 00:21:15,385 --> 00:21:20,265 scam at the same time. So, how did it happen? The hackers didn't break Twitter's servers. 219 00:21:20,265 --> 00:21:24,505 They didn't hack the code. They called Twitter employees on the phone pretending to be IT support 220 00:21:24,505 --> 00:21:29,785 and they talked their way into internal access. One phone call, that's it. And they got inside 221 00:21:29,785 --> 00:21:36,585 one of the biggest platforms in the world. That is fishing. The human element, the weakest link in 222 00:21:36,585 --> 00:21:42,585 any security system. Now listen carefully. There are common signs you can always look for. Urgency. 223 00:21:42,585 --> 00:21:48,905 Your account will be closed in 24 hours. Fear. Suspicious activity detected. Verify now. Too 224 00:21:48,905 --> 00:21:55,385 good to be true. You've won an iPhone 15. Generic greetings, dear customer, instead of your actual 225 00:21:55,385 --> 00:22:02,825 name, and strange email addresses like support at azerandhelp.com instead of Amazon.com. Now there's 226 00:22:02,825 --> 00:22:08,825 an even more dangerous version, spear fishing. This is targeted fishing, personalized. Instead 227 00:22:08,825 --> 00:22:14,425 of sending one message to thousands of people, the hacker researches you, specifically your name, 228 00:22:14,425 --> 00:22:20,425 your job, your company, your colleagues, and then they craft a message that feels completely real. 229 00:22:20,425 --> 00:22:25,065 Hi Sarah, this is Mike from IT. We noticed an issue with your VPN access. Please confirm 230 00:22:25,065 --> 00:22:29,705 your credentials here. Everything looks correct. Everything feels normal, and that's what makes it 231 00:22:29,705 --> 00:22:36,825 dangerous. Attack number two, malware, malicious software. This is a broad term for any software 232 00:22:36,825 --> 00:22:42,825 designed to damage, disrupt, or gain unauthorized access to your system. Think of malware 233 00:22:42,825 --> 00:22:47,785 like different types of infections. Some are annoying, some are destructive, some are silent, 234 00:22:47,785 --> 00:22:54,505 working in the background for months before you even notice. Let's break it down. Viruses, just 235 00:22:54,505 --> 00:22:59,145 like biological viruses, they attach themselves to legitimate files and spread when those files 236 00:22:59,145 --> 00:23:05,545 are shared. Worms. These are more aggressive. They spread on their own across networks without 237 00:23:05,545 --> 00:23:11,305 you doing anything at all. Trojans, named after the Trojan horse from Greek mythology. They look 238 00:23:11,305 --> 00:23:18,025 like normal software. You install them willingly, but inside there's something hidden, a back door, 239 00:23:18,025 --> 00:23:25,065 a silent entry point for hackers. One example is Emoteet. First detected in 2014, it infected 240 00:23:25,065 --> 00:23:29,945 millions of computers worldwide. It spread through fake invoice emails and once installed, 241 00:23:29,945 --> 00:23:35,545 it didn't just steal banking data. It also acted as a delivery system for other malware. A malware 242 00:23:35,545 --> 00:23:43,065 that delivers malware like Russian nesting dolls, but for cyber attacks. Ransomware. This is the one 243 00:23:43,065 --> 00:23:47,785 that's been making headlines. Ransomware is malware that encrypts all your files, making 244 00:23:47,785 --> 00:23:53,785 them completely inaccessible, and then demands a ransom, usually in cryptocurrency, to unlock them. 245 00:23:53,785 --> 00:24:00,185 In May 2021, the Colonial Pipeline, which supplies about 45% of the fuel to the US East Coast, 246 00:24:00,185 --> 00:24:06,185 was hit by a ransomware attack. A group called Dark Side carried it out. Colonial Pipeline paid 247 00:24:06,185 --> 00:24:14,265 the ransom. $4.4 million in Bitcoin. Gas shortages spread across the Eastern United States. Panic 248 00:24:14,265 --> 00:24:18,825 buying, long lines at gas stations, all because of ransomware, spyware. This is 249 00:24:18,825 --> 00:24:24,105 software that silently watches everything you do. your keystrokes, your passwords, your credit card 250 00:24:24,105 --> 00:24:29,065 numbers, even screen recordings. All screen was all sent back to the attacker. Adwear, usually 251 00:24:29,065 --> 00:24:34,105 less dangerous, but extremely annoying. It floods your device with ads, and sometimes it becomes 252 00:24:34,105 --> 00:24:40,905 a gateway to more serious infections. Attack number three, man-in-the-middle attacks. Imagine 253 00:24:40,905 --> 00:24:46,585 you're passing a note to your friend in class, but someone is sitting between you. They intercept it, 254 00:24:46,585 --> 00:24:51,945 they read it, maybe even change it, and then pass it on. Both of you think you're talking directly 255 00:24:51,945 --> 00:24:58,105 to each other, but you're not. There is someone in the middle. That is a man-in-the-middle attack 256 00:24:58,105 --> 00:25:04,825 or midm. In digital terms, this happens when a hacker secretly inserts themselves between your 257 00:25:04,825 --> 00:25:10,985 device and the server you're communicating with. This becomes especially dangerous on public Wi-Fi. 258 00:25:10,985 --> 00:25:16,505 You're at Starbucks. You connect to Starbucks Wi-Fi. But what if that network was created by 259 00:25:16,505 --> 00:25:23,385 a hacker sitting just a few tables away? What if the real network is called Starbucks guest and you 260 00:25:23,385 --> 00:25:28,905 connected to a fake one instead? Everything you send, emails, passwords, banking details, passes 261 00:25:28,905 --> 00:25:34,345 through the hacker first. This is called an evil twin attack and it's one of the biggest reasons 262 00:25:34,345 --> 00:25:41,305 public Wi-Fi without protection is extremely risky. Attack number four, SQL injection. This one 263 00:25:41,305 --> 00:25:46,185 is a bit more technical, but I'll keep it simple. Most websites store data in databases. your 264 00:25:46,185 --> 00:25:51,785 username, your address, your purchase history, all stored in tables. To interact with that database, 265 00:25:51,785 --> 00:25:57,545 websites use a language called SQL, structured query language. SQL injection happens when a 266 00:25:57,545 --> 00:26:02,665 hacker inserts malicious SQL code into input fields like a login box or a search bar. For 267 00:26:02,665 --> 00:26:10,825 example, a normal user types John Doe. A hacker might type John Doe apostrophe or one equals 1. 268 00:26:10,825 --> 00:26:15,945 If the website is not protected, that code can trick the database into revealing everything, 269 00:26:15,945 --> 00:26:21,945 all users, or even deleting data. In 2008, a single SQL injection attack on H Heartland payment 270 00:26:21,945 --> 00:26:29,145 systems exposed 130 million credit card numbers. One injection, 130 million victims. Attack number 271 00:26:29,145 --> 00:26:34,905 five, social engineering. This is the big one. Because this attack is not against your computer, 272 00:26:34,905 --> 00:26:40,825 it is against you. Social engineering is the art of manipulating people into giving 273 00:26:40,825 --> 00:26:46,745 up confidential information or performing actions that break security. It exploits human psychology, 274 00:26:46,745 --> 00:26:52,585 not technical systems. Pretexting. This is when an attacker creates a fake scenario to trick 275 00:26:52,585 --> 00:26:57,945 you into sharing information. Hi, I'm from your bank's fraud department. We need to verify your 276 00:26:57,945 --> 00:27:05,945 PIN. No real bank will ever ask for your PIN, your full password, or your OTP ever. Baiting. This is 277 00:27:05,945 --> 00:27:12,185 psychological trap behavior. A USB drive is left somewhere. Parking lot, office, public place. It's 278 00:27:12,185 --> 00:27:18,585 labeled something tempting. Salary data 2024. You pick it up, you plug it in, and malware installs 279 00:27:18,585 --> 00:27:25,785 instantly. In real studies, almost half of people plugged in unknown USB drives. 48%. Tailgating. 280 00:27:25,785 --> 00:27:30,025 This is physical social engineering. Someone follows an authorized employee into a secure 281 00:27:30,025 --> 00:27:35,625 building. Oh, I forgot my badge. Can you hold the door? People are polite. They say yes. And 282 00:27:35,625 --> 00:27:42,425 just like that, an unauthorized person is inside. Quidd proquo, Latin for something for something. 283 00:27:42,425 --> 00:27:46,825 Free tech support. You call, they guide you step by step. But instead of helping you, 284 00:27:46,825 --> 00:27:53,625 they install malware while you think you are being assisted. In 2011, RSA security, a cyber security 285 00:27:53,625 --> 00:27:59,865 company itself, was breached. An employee opened a fishing email with an Excel file called 2011 286 00:27:59,865 --> 00:28:06,185 recruitment plan. One click. and RSA's security tokens used by governments and defense contractors 287 00:28:06,185 --> 00:28:11,625 were compromised. A cyber security company breached through social engineering. If it can 288 00:28:11,625 --> 00:28:17,305 happen to them, it can happen to anyone. Attack number six, denial of service or DOS. Imagine 289 00:28:17,305 --> 00:28:22,505 calling a restaurant to make a reservation. You get through. You book your table. Now, 290 00:28:22,505 --> 00:28:28,985 imagine 10,000 people all call at the same time. Every line is busy. No real customer can get 291 00:28:28,985 --> 00:28:34,745 through. The restaurant becomes unusable. That's a denial of service attack. In digital form, 292 00:28:34,745 --> 00:28:40,185 hackers flood a server with so much fake traffic that it can't respond to real users. The D and 293 00:28:40,185 --> 00:28:45,945 DDOS means distributed, meaning the attack comes from thousands of different devices at the same 294 00:28:45,945 --> 00:28:52,345 time. Often these devices are not even controlled directly by hackers. They are innocent devices 295 00:28:52,345 --> 00:28:58,745 infected with malware. Phones, computers, smart devices, all turned into an army. This army is 296 00:28:58,745 --> 00:29:06,265 called a botnet. In 2016, a massive DDoS attack using a botnet called Mi took down major websites 297 00:29:06,265 --> 00:29:11,785 including Netflix, Twitter, Amazon, and Reddit. Not because those companies were hacked directly, 298 00:29:11,785 --> 00:29:16,505 but because the infrastructure they relied on was overwhelmed. And the botnet, it was made 299 00:29:16,505 --> 00:29:23,065 of infected smart TVs, baby monitors, and routers. Your smart fridge could be part of a hacker's army 300 00:29:23,065 --> 00:29:27,785 without you ever knowing. I know that's a lot, but understanding these attacks is the first step 301 00:29:27,785 --> 00:29:33,305 to defending against them. Now the real question is why do these attacks succeed? And the honest 302 00:29:33,305 --> 00:29:39,785 answer is simple mistakes. Common, predictable, preventable mistakes. Let's talk about those 303 00:29:39,785 --> 00:29:45,625 next. Chapter five, the biggest mistakes people make online. The habits that make you vulnerable. 304 00:29:45,625 --> 00:29:50,265 All right, true confession time. I'm going to list some habits and I want you to honestly 305 00:29:50,265 --> 00:29:55,705 count how many you're guilty of. No judgment. I've been there, too. But after this chapter, 306 00:29:55,705 --> 00:30:01,385 there's no going back. Mistake number one, weak and reused passwords. Let's start with the most 307 00:30:01,385 --> 00:30:10,345 embarrassing one. The most common passwords in the world year after year are things like 1 2 3 4 5 6 308 00:30:10,345 --> 00:30:18,505 password 1 2 3 4 5 6 7 8 9 and I love you. I wish I was joking. These passwords are not protecting 309 00:30:18,505 --> 00:30:25,385 anything. A hacker's software can crack 1 2 3 4 5 6 in literally 0 seconds. Not milliseconds, 310 00:30:25,385 --> 00:30:31,625 zero. But here's the problem that's even worse than weak passwords. Password reuse. Using the 311 00:30:31,625 --> 00:30:37,385 same password, even a strong one, across multiple websites. Here's why this is catastrophic. Let's 312 00:30:37,385 --> 00:30:44,745 say you have a strong password like blue elephant #209. You use it for your email, your bank, 313 00:30:44,745 --> 00:30:51,225 your Instagram, and some random shopping website. You signed up for once and forgot about. Now that 314 00:30:51,225 --> 00:30:57,145 shopping website gets breached. Your email and password get sold on the dark web. The hacker 315 00:30:57,145 --> 00:31:02,185 takes that same password and tries it on Gmail. It works. Now they own your email. They use your 316 00:31:02,185 --> 00:31:07,785 email to reset your Instagram password. Now they own your Instagram. They try your bank. It works. 317 00:31:07,785 --> 00:31:12,825 Now they own your money. One breach. Total digital collapse. This is called a credential stuffing 318 00:31:12,825 --> 00:31:19,145 attack. And it works because people reuse passwords. The fix? Use a password manager. 319 00:31:19,145 --> 00:31:25,705 Apps like Bit Warden, one password or Dashlane generate and store unique complex passwords for 320 00:31:25,705 --> 00:31:30,665 every single website. You only remember one master password. The manager handles everything else. 321 00:31:30,665 --> 00:31:36,425 It's like having a different key for every lock in your life and keeping them all in a super secure 322 00:31:36,425 --> 00:31:44,585 keychain. Mistake number two, skipping two-factor authentication. Two-factor authentication, 2FA. 323 00:31:44,585 --> 00:31:49,705 You've probably seen it when you log in and then get a code sent to your phone. And yes, it feels 324 00:31:49,705 --> 00:31:54,905 annoying. One extra step. But here's what 2FA actually does. Even if a hacker has your username 325 00:31:54,905 --> 00:32:01,065 and your password, they still can't get in without that second factor, that code on your phone. Think 326 00:32:01,065 --> 00:32:06,505 of your account like a bank vault. Your password is the combination lock. Two-factor authentication 327 00:32:06,505 --> 00:32:12,665 is the second key that only you physically hold. Without both, the vault doesn't open. Microsoft 328 00:32:12,665 --> 00:32:20,825 research shows that enabling 2FA blocks 99.9% of automated account attacks. 99.9%. For one extra 329 00:32:20,825 --> 00:32:27,705 step, turn on 2FA for every account that offers it. Start with your email and your bank right now. 330 00:32:27,705 --> 00:32:33,785 Mistake number three, clicking without thinking. The most dangerous thing you do online is click. 331 00:32:33,785 --> 00:32:39,625 Before clicking any link in an email, a text, or a message, ask yourself three questions. One, 332 00:32:39,625 --> 00:32:45,705 did I expect this message? Two, does the sender's address look exactly right? Not almost right, 333 00:32:45,705 --> 00:32:52,185 exactly right, like amazon.com or paypawone.com. Three, what's the worst thing that happens if 334 00:32:52,185 --> 00:32:57,545 I I click this and it's fake? If you have any hesitation, don't click. Instead, go directly to 335 00:32:57,545 --> 00:33:02,025 the website by typing the address yourself or call the company using a number from their official 336 00:33:02,025 --> 00:33:08,425 website. Here's something hackers rely on. Urgency. Your account will be deleted in 2 hours. 337 00:33:08,425 --> 00:33:13,545 You have a package pending. Confirm now. Urgent tax refund available. Claim before midnight. 338 00:33:13,545 --> 00:33:19,225 Urgency kills critical thinking. It forces you to react before you think. So the next time you feel 339 00:33:19,225 --> 00:33:26,985 rushed by a message, stop. Breathe. Because that urgency is almost always manufactured. Mistake 340 00:33:26,985 --> 00:33:31,225 number four, using public Wi-Fi without protection. We touched on this briefly, 341 00:33:31,225 --> 00:33:37,865 but let's go deeper. Airports, cafes, hotels, malls, public Wi-Fi is everywhere. and almost 342 00:33:37,865 --> 00:33:43,145 all of it is either unencrypted, poorly secured, or sometimes even spoofed by a hacker sitting 343 00:33:43,145 --> 00:33:49,065 nearby. When you connect to an open Wi-Fi network, your traffic can potentially be visible to anyone 344 00:33:49,065 --> 00:33:55,065 on that same network. Now, imagine this. You're at a hotel. You connect to hotel Wi-Fi. You log into 345 00:33:55,065 --> 00:33:59,385 your work email. You check your bank balance. You even enter your credit card details for 346 00:33:59,385 --> 00:34:06,665 room service. Every single one of those actions could be monitored, intercepted, stolen. The fix? 347 00:34:06,665 --> 00:34:12,905 Use a VPN, a virtual private network. A VPN creates an encrypted tunnel between your device 348 00:34:12,905 --> 00:34:18,185 and the internet. So even if a hacker is sitting right next to you on that same hotel Wi-Fi, 349 00:34:18,185 --> 00:34:23,785 all they see is scrambled data, unreadable. VPNs are not just for tech experts, they're a basic 350 00:34:23,785 --> 00:34:29,385 safety tool, like a seat belt for the internet. Mistake number five, oversharing on social media. 351 00:34:29,385 --> 00:34:34,345 Quick question. Does your Facebook profile show your full birthday, your hometown, your school, 352 00:34:34,345 --> 00:34:39,705 your pet's names? Does your Instagram have location tags, photos showing your neighborhood, 353 00:34:39,705 --> 00:34:45,225 your house area, even your car plate? All of this is gold for a hacker doing reconnaissance. 354 00:34:45,225 --> 00:34:50,025 Remember those security questions? What is your mother's maiden name? What was your first pet's 355 00:34:50,025 --> 00:34:55,385 name? What street did you grow up on? Now imagine all of that information is already publicly 356 00:34:55,385 --> 00:35:01,305 available on your social media, even old posts, even forgotten photos. A determined attacker can 357 00:35:01,305 --> 00:35:08,025 collect it all and reset your accounts. The fix is not to delete everything. It's to be intentional. 358 00:35:08,025 --> 00:35:13,305 Limit what is public. Turn off location tagging and never use real personal answers for security 359 00:35:13,305 --> 00:35:19,625 questions. Use random words. Things that mean nothing to your real life. Mistake number six, 360 00:35:19,625 --> 00:35:25,625 ignoring software updates. I know updates are annoying. Update available. Remind me later. 361 00:35:25,625 --> 00:35:30,585 Remind me later. Again and again. But here's what you're actually doing. When software companies 362 00:35:30,585 --> 00:35:35,705 release updates, they are often fixing security holes, vulnerabilities that hackers already know 363 00:35:35,705 --> 00:35:41,145 about. The moment a patch is released, hackers also learn what was fixed, and they immediately 364 00:35:41,145 --> 00:35:48,985 start targeting people who haven't updated yet. In 2017, the W to Cry ransomware attack infected 365 00:35:48,985 --> 00:35:57,225 300,000 computers across 150 countries, including hospitals in the UK where surgeries were cancelled 366 00:35:57,225 --> 00:36:02,985 and patient records became inaccessible. And here's the shocking part. Microsoft had already 367 00:36:02,985 --> 00:36:08,425 released the fix. The vulnerability was patched, but hundreds of thousands of systems never 368 00:36:08,425 --> 00:36:14,025 installed the update. 300,000 computers because people kept clicking remind me later. Update your 369 00:36:14,025 --> 00:36:19,865 software. Update your phone. Update your apps. When the notification comes, don't delay it. 370 00:36:19,865 --> 00:36:26,665 Mistake number seven, trusting everything you read online. Misinformation, disinformation, fake news. 371 00:36:26,665 --> 00:36:32,425 These are not just social problems. They are cyber security tools. Hackers create fake articles, fake 372 00:36:32,425 --> 00:36:37,625 giveaways, fake celebrity promotions, all designed to trick you into clicking links or downloading 373 00:36:37,625 --> 00:36:43,225 malware. Before you trust anything online, verify it with a second source. If something feels 374 00:36:43,225 --> 00:36:49,545 extreme, extremely angry, or extremely exciting, pause because that emotion is often the weapon. 375 00:36:49,545 --> 00:36:56,345 And now there's something even more dangerous. AI generated content, deep fakes, videos, audio, 376 00:36:56,345 --> 00:37:02,425 even liveing calls that are completely fake. In 2024, a finance employee at a multinational 377 00:37:02,425 --> 00:37:08,905 company joined a video call with what looked like their CFO. Same face, same voice, same mannerisms. 378 00:37:08,905 --> 00:37:15,785 They were instructed to transfer funds and they did. $25 million transferred to criminals. The CFO 379 00:37:15,785 --> 00:37:22,905 was not real. It was a deep fake. $25 million gone. The landscape of deception is evolving 380 00:37:22,905 --> 00:37:28,345 faster than most people realize. Now you know the mistakes and more importantly, you understand why 381 00:37:28,345 --> 00:37:33,545 they happen. So, let's flip everything now because knowing what not to do is only half the story. 382 00:37:33,545 --> 00:37:39,625 Next, let's talk about what smart, prepared, security aware people actually do. Chapter six, 383 00:37:39,625 --> 00:37:44,345 how to protect yourself like a pro. All right, this is where we stop talking about problems and 384 00:37:44,345 --> 00:37:49,705 start talking about solutions. Everything in this chapter is something you can do today and most 385 00:37:49,705 --> 00:37:55,785 of it is free. Let's build your digital armor. Protection number one, the password system. The 386 00:37:55,785 --> 00:38:00,105 goal is simple. Never use the same password twice and every password should be long and 387 00:38:00,105 --> 00:38:07,705 complex. The method, a password manager. My top free recommendation is Bit Warden, open-source, 388 00:38:07,705 --> 00:38:13,545 audited, and trusted by security professionals worldwide. Here's how it works. You create one 389 00:38:13,545 --> 00:38:19,225 master password for Bit Warden. Make it strong but memorable. Something like a sentence. My dog 390 00:38:19,225 --> 00:38:25,385 exclamation mark ate three tacos at Tuesday. Easy to remember, almost impossible to crack. Then, 391 00:38:25,385 --> 00:38:31,145 Bit Warden generates random unique 20 character passwords for every website you use, and it stores 392 00:38:31,145 --> 00:38:37,225 them all. The result, even if 10 websites you use get breached, your other accounts stay safe 393 00:38:37,225 --> 00:38:42,185 because every password is different. And that one change alone puts you ahead of almost everyone 394 00:38:42,185 --> 00:38:48,505 online. If you don't want a password manager, at minimum, use passphrases. A passphrase is a random 395 00:38:48,505 --> 00:38:54,825 string of four or five unrelated words. Purple rocket exclamation mark cloud banana. That's 24 396 00:38:54,825 --> 00:39:01,465 characters. And it would take a computer billions of years to crack through brute force. But it's 397 00:39:01,465 --> 00:39:05,945 still something you can actually remember. Protection number two, activate two-factor 398 00:39:05,945 --> 00:39:11,385 authentication everywhere. We talked about this. Now, let's apply it. Start with priorities. One, 399 00:39:11,385 --> 00:39:15,545 email. This is your master key. If someone gets access to your email, they can reset everything 400 00:39:15,545 --> 00:39:20,745 else. Two, bank and financial accounts. Three, social media, Instagram, Facebook, 401 00:39:20,745 --> 00:39:27,225 X, Tik Tok. Four, shopping accounts, Amazon, eBay. Five, cloud storage, Google Drive, Dropbox, 402 00:39:27,225 --> 00:39:32,825 iCloud. Now, listen carefully. Not all two-factor authentication is equal. SMS codes are better 403 00:39:32,825 --> 00:39:38,505 than nothing, but they can be intercepted through something called SIM swapping, where an attacker 404 00:39:38,505 --> 00:39:43,945 tricks your mobile carrier into transferring your number to their SIM card. The better option is 405 00:39:43,945 --> 00:39:50,105 an authenticator app, Google authenticator, AI, Microsoft Authenticator. These generate 406 00:39:50,105 --> 00:39:54,985 timebased codes that change every 30 seconds. They don't go through the phone network. They stay on 407 00:39:54,985 --> 00:39:59,945 your device. Use an authenticator app whenever possible. Protection number three, secure your 408 00:39:59,945 --> 00:40:05,385 home network. Your Wi-Fi router is the front door to your entire digital life. Most people set it 409 00:40:05,385 --> 00:40:11,785 up once and never touch it again. Here's a quick checklist. Step one, change the default router 410 00:40:11,785 --> 00:40:18,265 login. Every router comes with default credentials like admin, admin, or admin password. Hackers 411 00:40:18,265 --> 00:40:25,705 already know these. Change them immediately. Log into your router, usually by typing 1 192.168.1.1 412 00:40:25,705 --> 00:40:32,505 into your browser and update the admin username and password. Step two, use WPA3 encryption in 413 00:40:32,505 --> 00:40:39,225 your Wi-Fi settings. Set security to WPA3 or at minimum WPA2. Never use open networks or 414 00:40:39,225 --> 00:40:45,145 web. They are not secure. Step three, create a guest network. Most modern routers allow this. 415 00:40:45,145 --> 00:40:50,425 Put smart devices like TVs, smart speakers, baby monitors, and thermostats on the guest 416 00:40:50,425 --> 00:40:54,585 network. Keep your phones and computers on the main network. Why? Because smart devices 417 00:40:54,585 --> 00:40:59,705 are often the weakest link. If one gets hacked, it won't spread to everything else. Step four, 418 00:40:59,705 --> 00:41:05,785 update your router firmware. Just like your phone, your router needs updates, too. These updates fix 419 00:41:05,785 --> 00:41:11,305 security holes. Check your router settings or the manufacturer's website at least once a year, 420 00:41:11,305 --> 00:41:16,505 and install updates when available. These four steps turn your home network from a weak entry 421 00:41:16,505 --> 00:41:22,345 point into a much stronger defense. Protection number four, use a VPN on public networks. We 422 00:41:22,345 --> 00:41:27,225 already covered this, but let's make it practical. When should you use a VPN? Anytime you are on 423 00:41:27,225 --> 00:41:34,585 public Wi-Fi, cafes, airports, hotels, libraries, also when you want an extra layer of privacy while 424 00:41:34,585 --> 00:41:39,865 browsing or when you're traveling, especially in places with strict internet restrictions. Now, 425 00:41:39,865 --> 00:41:46,185 here are some trusted VPN providers. ProtonVPN. It also has a solid free tier created by the same 426 00:41:46,185 --> 00:41:53,865 people behind Proton Mail, a privacy focused email service, MolvadVPN, and ExpressVPN. But 427 00:41:53,865 --> 00:41:59,945 listen carefully. Important warning. Not all VPNs are safe. There are hundreds of freeVPN apps, 428 00:41:59,945 --> 00:42:04,905 especially on mobile, that actually spy on your traffic. They don't protect you. They watch you, 429 00:42:04,905 --> 00:42:10,585 and they can be more dangerous than using noVPN at all. So stick to trusted well-reviewed providers 430 00:42:10,585 --> 00:42:16,345 because if something is completely free with no clear business model then you are not the customer 431 00:42:16,345 --> 00:42:22,025 you are the product. Protection number five encrypt your devices. Encryption is not just for 432 00:42:22,025 --> 00:42:28,345 companies. It is for everyone. Your phone should be encrypted. Your laptop should be encrypted. 433 00:42:28,345 --> 00:42:32,585 The good news most modern devices already do this automatically. iPhones are encrypted by 434 00:42:32,585 --> 00:42:37,865 default as soon as you set a passcode. Android devices are usually encrypted by default on on 435 00:42:37,865 --> 00:42:43,705 newer versions. You can check in settings under security. On Windows laptops, you can use Bit 436 00:42:43,705 --> 00:42:49,305 Locker or Veraracrypt, a free love open source tool. On Mac, you can enable File Vault under 437 00:42:49,305 --> 00:42:55,465 security and privacy settings. Now, why does this matter? Imagine your laptop gets stolen. If it is 438 00:42:55,465 --> 00:43:00,745 not encrypted, someone can remove the hard drive and access every file, every password, 439 00:43:00,745 --> 00:43:06,345 every document without even logging in. But if it is encrypted, all they see is scrambled data, 440 00:43:06,345 --> 00:43:12,265 completely unreadable. Protection number six, be smart about email. Email is still the number one 441 00:43:12,265 --> 00:43:17,705 attack vector, so we need to harden it. First, use a secure email provider. Gmail and Outlook 442 00:43:17,705 --> 00:43:24,025 are fine if configured properly, but for sensitive communication, Proton Mail is a strong option. It 443 00:43:24,025 --> 00:43:29,385 is endto-end encrypted and based in Switzerland. Second, always check the sender's address 444 00:43:29,385 --> 00:43:36,025 carefully. Not just the name you see, the actual email address. A message might say PayPal security 445 00:43:36,025 --> 00:43:41,785 team, but the real address could be something like random letters at suspiciousdommain.com. Third, 446 00:43:41,785 --> 00:43:46,505 never trust display names. A hacker can name themselves anything, bank support, 447 00:43:46,505 --> 00:43:53,625 security team, even CEO, but the real email behind it can be completely fake. Fourth, 448 00:43:53,625 --> 00:43:58,905 never enable macros and unknown documents. If you receive a Word or Excel file and it says enable 449 00:43:58,905 --> 00:44:03,945 macros to view content, do not do it. That is one of the most common ways malware enters systems, 450 00:44:03,945 --> 00:44:10,105 delete it immediately. Protection number seven, monitor your digital exposure. Start with have I 451 00:44:10,105 --> 00:44:15,625 beenpawned.com. Enter your email. Check if it has appeared in any known data breaches. Then 452 00:44:15,625 --> 00:44:22,585 Google yourself regularly. See what information about you you is public. Set up Google alerts 453 00:44:22,585 --> 00:44:27,465 for your name so you know when new information appears online. And check your credit reports 454 00:44:27,465 --> 00:44:32,745 at least once a year. Look for any accounts or loans you did not open because that can be 455 00:44:32,745 --> 00:44:38,665 a sign of identity theft. In many countries, you are entitled to free annual credit reports. This 456 00:44:38,665 --> 00:44:43,625 is not about fear. It is about awareness. The people who do these things get hacked far less 457 00:44:43,625 --> 00:44:50,105 often. It is that simple. You do not need to be a tech expert. You just need to be intentional. 458 00:44:50,105 --> 00:44:55,945 And if you're still here, that already says a lot. Now, we're going even deeper because next we 459 00:44:55,945 --> 00:45:01,625 move from protection to understanding the science behind it all. The core principles that the entire 460 00:45:01,625 --> 00:45:09,785 cyber security world is built on. And trust me, even this part will stay simple. Chapter 7, cyber 461 00:45:09,785 --> 00:45:14,745 security fundamentals. If cyber security were a building, this chapter would be the foundation. 462 00:45:14,745 --> 00:45:19,465 The concepts we're covering here are what every security professional builds on, from entry- 463 00:45:19,465 --> 00:45:24,825 level analysts to chief information security officers. Understanding this makes you fluent 464 00:45:24,825 --> 00:45:30,585 in the language of cyber security. Let's start with the most important one, the CIA triad. No, 465 00:45:30,585 --> 00:45:37,385 not the intelligence agency. In cyber security, CIA stands for confidentiality, integrity, 466 00:45:37,385 --> 00:45:43,465 availability. These three principles form the foundation of every security system, policy, and 467 00:45:43,465 --> 00:45:48,825 decision. Let's break them down. Confidentiality. Information should only be accessible to those 468 00:45:48,825 --> 00:45:52,825 who are authorized to see it. Your medical records should only be seen by your doctor, 469 00:45:52,825 --> 00:45:59,145 not random employees, not unauthorized systems, not hackers. Your bank PIN should only be known by 470 00:45:59,145 --> 00:46:05,545 you. Confidentiality is violated when unauthorized people gain access to information they should 471 00:46:05,545 --> 00:46:11,625 never see. The main tools used here are encryption, access control, and authentication, 472 00:46:11,625 --> 00:46:17,705 integrity. Information should remain accurate and untouched. When your bank records a transaction, 473 00:46:17,705 --> 00:46:24,345 it should stay exactly what it is, $50, not 500, not 50,000. When a doctor writes a prescription, 474 00:46:24,345 --> 00:46:30,665 it should not be changed by anyone unauthorized. Integrity is broken when data is modified without 475 00:46:30,665 --> 00:46:37,545 permission, by hackers, by software errors, or even by insiders. The main tools for integrity 476 00:46:37,545 --> 00:46:43,865 are check sums, cryptographic hashing and audit logs, availability. Information in systems should 477 00:46:43,865 --> 00:46:48,985 be accessible when authorized users need them. Remember the DDoS attack that took down platforms 478 00:46:48,985 --> 00:46:54,505 like Netflix and Twitter? That was an attack on availability. Even if your data is secure and 479 00:46:54,505 --> 00:47:00,105 even if it is untouched, if you cannot access it when needed, the system has failed. Hospitals have 480 00:47:00,105 --> 00:47:06,505 been hit hard by ransomware. Not only because data was locked but because systems became unavailable. 481 00:47:06,505 --> 00:47:12,025 Patient records, medical equipment, everything disrupted. Lives were put at risk. The main tools 482 00:47:12,025 --> 00:47:18,825 for availability are redundancy, backups, failover systems, and DDoS protection. Every cyber security 483 00:47:18,825 --> 00:47:24,105 decision, every system design, every security policy is built around these three principles. 484 00:47:24,105 --> 00:47:29,705 When you hear about a data breach, ask yourself which one was broken. Most of the time it's 485 00:47:29,705 --> 00:47:35,145 confidentiality. When you hear about ransomware, it's availability. When you hear about altered or 486 00:47:35,145 --> 00:47:41,465 fake data, it's integrity. The CIA triad gives you a simple framework to understand any cyber 487 00:47:41,465 --> 00:47:46,585 security incident. No matter how complex it looks, it always comes back to these three 488 00:47:46,585 --> 00:47:53,385 ideas. Encryption, the language of secrets. We've mentioned encryption several times now. So, let's 489 00:47:53,385 --> 00:47:59,145 actually understand it. Encryption is the process of scrambling data so that only someone with the 490 00:47:59,145 --> 00:48:04,425 correct key can read it. Imagine you and your best friend create a secret code. Every letter of the 491 00:48:04,425 --> 00:48:11,385 alphabet gets replaced. Uh becomes X, B becomes Q, and so on. You write hello, but to everyone else 492 00:48:11,385 --> 00:48:16,985 it looks like complete nonsense. However, your friend has the same code book, so they decode 493 00:48:16,985 --> 00:48:24,105 it instantly. That is encryption at its simplest level. Now, here's the reality. Modern encryption 494 00:48:24,105 --> 00:48:30,105 is millions of times more advanced than this. It uses complex mathematical algorithms that even the 495 00:48:30,105 --> 00:48:35,865 most powerful supercomputers would take millions of years to crack. Types of encryption you should 496 00:48:35,865 --> 00:48:41,625 know. Symmetric encryption. This is where both the sender and receiver use the same key to encrypt 497 00:48:41,625 --> 00:48:47,065 and decrypt data. It's fast and efficient. But here's the problem. How do you securely share 498 00:48:47,065 --> 00:48:52,505 that key in the first place? Because if someone intercepts it, the entire system is compromised. 499 00:48:52,505 --> 00:48:58,185 Think of it like this. You and your friend both have the same physical key to a lock box. But how 500 00:48:58,185 --> 00:49:03,865 do you safely give each other that key without someone stealing it? Now, asymmetric encryption, 501 00:49:03,865 --> 00:49:10,825 also called public key cryptography. This solved the key sharing problem. Each person has two keys 502 00:49:10,825 --> 00:49:16,425 that are mathematically linked. A public key and a private key. The public key you can share with 503 00:49:16,425 --> 00:49:22,985 anyone. The private key you keep completely secret. Here is the magic. Anything encrypted 504 00:49:22,985 --> 00:49:27,465 with your public key can only be decrypted with your private key. And it also works the 505 00:49:27,465 --> 00:49:32,905 other way around. So I can give you my public key openly. You use it to encrypt a message, 506 00:49:32,905 --> 00:49:39,705 but only my private key, which only I possess, can unlock it. Even if someone intercepts that message 507 00:49:39,705 --> 00:49:46,105 and even if they have the public key, they still cannot read it. This is the foundation of HTTPS, 508 00:49:46,105 --> 00:49:50,265 digital signatures, and most secure communication systems today. End-to-end 509 00:49:50,265 --> 00:49:55,865 encryption. When people say a messaging app is endto-end encrypted, like WhatsApp or Signal, 510 00:49:55,865 --> 00:50:00,985 it means only the sender and receiver can read the messages, not the company, not the server, 511 00:50:00,985 --> 00:50:05,945 and in most cases, not even attackers in the middle. The encryption and decryption happen 512 00:50:05,945 --> 00:50:12,025 directly on your device. The server only passes along scrambled data without ever understanding 513 00:50:12,025 --> 00:50:18,105 it. Now, let's move to something equally important. Authentication versus authorization. 514 00:50:18,105 --> 00:50:23,865 These two words get confused constantly. Let's separate them clearly. Authentication means 515 00:50:23,865 --> 00:50:29,225 are you who you say you are. It is identity verification. Logging in with a username and 516 00:50:29,225 --> 00:50:35,225 password is authentication. You are proving you are the account owner. Two-factor authentication 517 00:50:35,225 --> 00:50:41,145 adds another layer of proof. Biometrics like fingerprints or face recognition are also forms of 518 00:50:41,145 --> 00:50:47,625 authentication. Authorization means what are you allowed to do? Once the system knows who you are, 519 00:50:47,625 --> 00:50:52,745 it decides your permissions. For example, a bank employee might be able to view customer accounts, 520 00:50:52,745 --> 00:50:57,705 but only a senior manager can approve large transfers and only IT staff can access 521 00:50:57,705 --> 00:51:03,785 server systems. Authentication opens the door. Authorization decides which rooms you can enter. 522 00:51:03,785 --> 00:51:09,945 And this distinction is critical because attackers target both. Stealing your password is breaking 523 00:51:09,945 --> 00:51:15,865 authentication. But once inside trying to access things you should not access is called privilege 524 00:51:15,865 --> 00:51:21,945 escalation. That is an attack on authorization. Both layers matter and both are essential in cyber 525 00:51:21,945 --> 00:51:27,545 security defense. A firewall is exactly what it sounds like. In buildings, a firewall is 526 00:51:27,545 --> 00:51:33,545 a physical barrier that stops fire from spreading from one room to another. In networks, a firewall 527 00:51:33,545 --> 00:51:40,185 is software or hardware that monitors all incoming and outgoing traffic and decides based on rules 528 00:51:40,185 --> 00:51:45,385 what is allowed and what is blocked. Think of a firewall as a bouncer at a nightclub. The bouncer 529 00:51:45,385 --> 00:51:52,425 has rules, no weapons, must be over 18, must have a reservation on certain nights. Now, think of 530 00:51:52,425 --> 00:51:58,585 network traffic as people trying to enter. The firewall checks every request against its rules. 531 00:51:58,585 --> 00:52:04,585 This traffic is coming from a known malicious IP address. Blocked. This request is trying to access 532 00:52:04,585 --> 00:52:09,945 a sensitive port without permission. Blocked. This is a normal legitimate request from a trusted 533 00:52:09,945 --> 00:52:15,865 website. Allowed. Firewalls are one of the first lines of defense in any network. Your home router 534 00:52:15,865 --> 00:52:21,545 already has a basic firewall built in. But large organizations use enterprisegrade firewalls with 535 00:52:21,545 --> 00:52:27,705 far more advanced control and intelligence. Now, let's move to something more modern. Zero trust. 536 00:52:27,705 --> 00:52:33,785 For decades, network security worked on a simple idea. Build a strong wall around the system. Trust 537 00:52:33,785 --> 00:52:40,345 everything inside and block everything outside. But this model had a major flaw. Once an attacker 538 00:52:40,345 --> 00:52:44,825 gets inside through a stolen password, a fishing attack or a compromised device, 539 00:52:44,825 --> 00:52:49,785 they can move freely inside the system. This approach failed as companies move to 540 00:52:49,785 --> 00:52:56,745 cloud systems and remote work. So a new model was created, zero trust. And the principle is simple. 541 00:52:56,745 --> 00:53:02,425 Never trust. Always verify. In a zero trust system, nothing is automatically trusted. 542 00:53:02,425 --> 00:53:07,945 Not devices inside the network, not employees at their desks, not even high level executives. Every 543 00:53:07,945 --> 00:53:13,065 access request must be verified. Every identity must be confirmed. Every device must meet security 544 00:53:13,065 --> 00:53:19,145 requirements. And access is strictly limited to only what is necessary, nothing more. This is now 545 00:53:19,145 --> 00:53:24,985 the standard for modern enterprise security. And it is a core concept in cyber security. Now, now 546 00:53:24,985 --> 00:53:31,225 let's talk about where real-time defense happens. Security operations center, also known as SOCK. A 547 00:53:31,225 --> 00:53:36,665 SOCK is a team of cyber security professionals who monitor an organization's systems 24 hours a day, 548 00:53:36,665 --> 00:53:42,745 7 days a week. Their job is to detect threats and respond to incidents in real time. Think of it 549 00:53:42,745 --> 00:53:49,145 like mission control, but instead of rockets, they are watching network traffic, security alerts, 550 00:53:49,145 --> 00:53:54,905 and system behavior. Sock analysts use tools called CM systems, security information and 551 00:53:54,905 --> 00:54:00,425 event management. These systems collect logs from hundreds of sources and look for suspicious 552 00:54:00,425 --> 00:54:06,425 patterns. For example, a user logs in from one country and just minutes later logs in from 553 00:54:06,425 --> 00:54:11,705 another country. That is physically impossible. So it gets flagged. Or a server suddenly starts 554 00:54:11,705 --> 00:54:18,025 sending 10 times more data than usual. That could mean data is being stolen. So it gets investigated 555 00:54:18,025 --> 00:54:24,105 immediately. This is where active defense happens in real time. And for many people, this is where 556 00:54:24,105 --> 00:54:29,385 a cyber security career begins. You have now learned the core language and core concepts of 557 00:54:29,385 --> 00:54:35,385 cyber security. More than most people in IT could clearly explain a few years ago. And now that this 558 00:54:35,385 --> 00:54:41,545 foundation is in place, we move to the exciting part. What can you actually build with all of this 559 00:54:41,545 --> 00:54:47,865 knowledge? Let's talk about careers. Chapter 8. Cyber security career paths explained. the road 560 00:54:47,865 --> 00:54:54,265 mapap to a fulfilling high-paying career. Let me set a scene for you. You wake up, no alarm stress. 561 00:54:54,265 --> 00:55:01,225 You open your laptop or sometimes you walk into a company headquarters somewhere exciting. Your job, 562 00:55:01,225 --> 00:55:05,545 you think like a criminal, you find weaknesses in systems before the bad guys do, and you get 563 00:55:05,545 --> 00:55:10,825 paid very well for it. Or maybe your role is different. You analyze threat intelligence. You 564 00:55:10,825 --> 00:55:16,185 help organizations stay safe. You design security systems for hospitals, banks, or even government 565 00:55:16,185 --> 00:55:21,705 agencies. Here's the truth. Cyber security is not one career. It is dozens of careers, 566 00:55:21,705 --> 00:55:28,265 each with its own focus, its own skills, and its own personality fit. And and right now, there is a 567 00:55:28,265 --> 00:55:34,985 global shortage of over 3.5 million cyber security professionals. 3.5 million empty positions waiting 568 00:55:34,985 --> 00:55:41,865 to be filled. This is not a saturated field. It is the opposite. Let's explore the major paths. 569 00:55:41,865 --> 00:55:48,825 Career path one, penetration tester, also known as ethical hacker. Here's the simple idea. Companies 570 00:55:48,825 --> 00:55:54,185 pay you to hack them. A penetration tester is hired to simulate real world cyber attacks against 571 00:55:54,185 --> 00:55:59,545 a company's systems, networks, and applications. The goal is simple. Find vulnerabilities before 572 00:55:59,545 --> 00:56:05,145 malicious hackers do and report them so they can be fixed. This is the career that sounds like a 573 00:56:05,145 --> 00:56:11,225 movie, and honestly, it kind of is. What you do? You attempt to break into systems legally and 574 00:56:11,225 --> 00:56:16,585 with permission. You test web applications, mobile apps, networks, and sometimes even 575 00:56:16,585 --> 00:56:23,865 physical security. Then you write detailed reports explaining what you found and how to fix it. Who 576 00:56:23,865 --> 00:56:28,825 it is for? People who love puzzles, people who think creatively, people who enjoy the thrill of 577 00:56:28,825 --> 00:56:34,825 the hunt, and people who are deeply curious about how systems work underneath the surface. Average 578 00:56:34,825 --> 00:56:42,745 salary range around $80,000 to $140,000 per year and higher depending on experience and region. 579 00:56:42,745 --> 00:56:48,825 Key certifications Certified Ethical Hacker and OCP Offensive Security Certified Professional. 580 00:56:48,825 --> 00:56:55,225 This is considered the gold standard in offensive security. Career path two sock analyst security 581 00:56:55,225 --> 00:57:02,105 operations center analyst. Here's the simple idea. You are the first line of defense in a cyber war. 582 00:57:02,105 --> 00:57:07,305 Sassi analysts monitor security systems in real time. They detect threats, investigate alerts, 583 00:57:07,305 --> 00:57:12,985 and respond to incidents. Just this is often the entry-level gateway into cyber security careers. 584 00:57:12,985 --> 00:57:18,585 What you do, you monitor dashboards for suspicious activity. You investigate security alerts. You 585 00:57:18,585 --> 00:57:24,425 respond to and contain security incidents and you document everything carefully. Then you escalate 586 00:57:24,425 --> 00:57:30,745 serious threats to higher level teams. Who it is for? people who are detail oriented, methodical, 587 00:57:30,745 --> 00:57:36,185 calm under pressure, and who enjoy detective style thinking. Sock roles are divided into 588 00:57:36,185 --> 00:57:41,945 levels. Level one analysts handle initial alerts. Level two analysts handle deeper investigations, 589 00:57:41,945 --> 00:57:46,985 and level three, often senior analysts focus on advanced threat hunting. Average salary range 590 00:57:46,985 --> 00:57:54,425 from $45,000 to $85,000 depending on level and experience. Key certifications, CompTIA Security 591 00:57:54,425 --> 00:58:01,145 Plus and CompTIA CISA Plus. Career path three, incident responder. Here's the simple idea. The 592 00:58:01,145 --> 00:58:07,065 SWAT team of cyber security. When something goes wrong, when a hospital gets hit by ransomware, 593 00:58:07,065 --> 00:58:11,705 when a company suffers a major data breach, incident responders are the ones who get called 594 00:58:11,705 --> 00:58:17,705 in. They don't wait. They move fast. They contain the damage. They investigate what happened. And 595 00:58:17,705 --> 00:58:24,025 they help restore systems back to normal. What you do? You respond to active cyber incidents. 596 00:58:24,025 --> 00:58:30,425 You perform forensic analysis to understand how the attack happened. You contain and remove the 597 00:58:30,425 --> 00:58:35,065 threat and you create detailed reports to prevent it from happening again, who it is 598 00:58:35,065 --> 00:58:41,305 for. People who stay calm under pressure, people who enjoy solving problems in crisis situations, 599 00:58:41,305 --> 00:58:48,585 and people with a forensic investigative mindset. Average salary range around $85,000 to $130,000 or 600 00:58:48,585 --> 00:58:57,625 more depending on experience. Key certifications GCI GAC certified incident handler and GCFE 601 00:58:57,625 --> 00:59:03,785 JIAK certified forensic examiner. Career path 4 digital forensics analyst. Here's the simple idea. 602 00:59:03,785 --> 00:59:08,825 The CSI of the cyber world. Digital forensics analysts investigate cyber crime by recovering 603 00:59:08,825 --> 00:59:16,105 and analyzing digital evidence, deleted files, hidden data, malware traces, and attack timelines. 604 00:59:16,105 --> 00:59:21,065 What you do? You recover data from computers, phones, and storage devices. You build timelines 605 00:59:21,065 --> 00:59:26,185 of exactly what happened during a cyber incident. You analyze evidence for legal cases and sometimes 606 00:59:26,185 --> 00:59:32,905 you testify in court as an expert witness, who it is for. People who are extremely detail oriented, 607 00:59:32,905 --> 00:59:38,265 patient, analytical, and interested in both technology and law. Average salary range around 608 00:59:38,265 --> 00:59:46,825 $65,000 to $110,000. Key certifications GCFE and ENCE NK certified examiner. Career path five, 609 00:59:46,825 --> 00:59:51,785 security engineer, also known as security architect. Here's the simple idea. You are 610 00:59:51,785 --> 00:59:56,985 the builder of digital fortresses. Security engineers design and build the systems that 611 00:59:56,985 --> 01:00:03,625 protect organizations. They don't just respond to attacks. They design defenses from the ground up. 612 01:00:03,625 --> 01:00:09,545 What you do, you design and implement firewalls, VPNs, and intrusion detection systems. You build 613 01:00:09,545 --> 01:00:15,225 secure cloud infrastructure. You create security policies and frameworks. And you review systems 614 01:00:15,225 --> 01:00:20,345 for vulnerabilities. Who it is for? People who enjoy building systems, people with strong 615 01:00:20,345 --> 01:00:25,785 engineering thinking or Alif, and people who like designing solutions rather than just reacting to 616 01:00:25,785 --> 01:00:34,825 problems. Average salary range around 100,000 to $160,000. Key certifications, CISSP, certified 617 01:00:34,825 --> 01:00:40,265 information system security professional, and cloud security certifications from AWS, Azure, 618 01:00:40,265 --> 01:00:46,425 and others. Career path six, cloud security specialist. Here's the simple idea. Security 619 01:00:46,425 --> 01:00:51,305 for the modern internet. As companies move everything to the cloud on platforms like AWS, 620 01:00:51,305 --> 01:00:57,385 Microsoft Azure, and Google Cloud, cloud security has become critical. What you do? You secure 621 01:00:57,385 --> 01:01:02,745 cloud environments. You manage identity and access control systems. You monitor cloud infrastructure 622 01:01:02,745 --> 01:01:08,025 for threats. And you ensure compliance with security regulations. Who it is for? People 623 01:01:08,025 --> 01:01:14,985 interested in cloud technology with a strong focus on security. Average salary range around 110,000 624 01:01:14,985 --> 01:01:22,265 to $170,000. Key certifications AWS certified security specialty, Microsoft Azure security 625 01:01:22,265 --> 01:01:27,225 engineer and Google cloud security engineer. And now you can see something important. Cyber 626 01:01:27,225 --> 01:01:33,625 security is not one path. It is a full ecosystem of careers. Different roles, different skills, 627 01:01:33,625 --> 01:01:39,945 different personalities, but all connected by one mission, protecting the digital world. Career path 628 01:01:39,945 --> 01:01:46,745 7, GRC analyst, governance, risk, and compliance. Here's the simple idea. Not every cyber security 629 01:01:46,745 --> 01:01:52,345 role is about hacking systems. Some roles focus on rules, policies, and risk management. GRC 630 01:01:52,345 --> 01:01:57,785 analysts work on the business side of security, making sure organizations follow laws, standards, 631 01:01:57,785 --> 01:02:03,545 and internal security policies. What you do? You develop and enforce security policies. You 632 01:02:03,545 --> 01:02:09,785 assess risks to business operations. You ensure compliance with frameworks like ISO 27,0001, 633 01:02:09,785 --> 01:02:16,425 SOCK 2, GDPR and HIPPA. You also conduct security audits and assessments. Who it is for? People who 634 01:02:16,425 --> 01:02:21,865 are detail oriented, people who enjoy structure and policy work, and people who like working at 635 01:02:21,865 --> 01:02:27,545 the intersection of technology, business, and law. Average salary range around $70,000 to 636 01:02:27,545 --> 01:02:35,465 $120,000. Key certifications CISM certified information security manager and CRISK certified 637 01:02:35,465 --> 01:02:42,185 in risk and information systems control. Career path 8 cyber security educator or trainer. Here's 638 01:02:42,185 --> 01:02:47,145 the simple idea. The cyber security skills gap will not close on its own. It needs teachers, 639 01:02:47,145 --> 01:02:51,945 trainers, and communicators. Cyber security educators work with companies, universities, 640 01:02:51,945 --> 01:02:56,185 and governments to train the next generation of defenders. They build learning programs, 641 01:02:56,185 --> 01:03:02,185 run awareness sessions, and explain complex security concepts in simple, practical ways. 642 01:03:02,185 --> 01:03:07,865 Who it is for? People who love teaching, people who enjoy communication, and people who can break 643 01:03:07,865 --> 01:03:14,505 down complex ideas so anyone can understand them. Average salary range, it varies widely from around 644 01:03:14,505 --> 01:03:20,585 50,000 to over $120,000 depending on role and organization. Now, let's talk about something 645 01:03:20,585 --> 01:03:27,225 important. The most in- demand paths right now based on current job market trends. The most in- 646 01:03:27,225 --> 01:03:33,785 demand cyber security roles are cloud security engineers, penetration testers, sock analysts, 647 01:03:33,785 --> 01:03:39,545 incident responders, and application security engineers. The beauty of cyber security is 648 01:03:39,545 --> 01:03:45,465 that everything is connected. Many people start as sock analysts, then move into penetration testing, 649 01:03:45,465 --> 01:03:50,105 then into security architecture, and eventually become sessos, chief information security 650 01:03:50,105 --> 01:03:56,665 officers. the executives responsible for an entire organization's security. Your starting point does 651 01:03:56,665 --> 01:04:03,465 not define your ceiling. Now the real question, how do you actually begin? No experience, maybe 652 01:04:03,465 --> 01:04:08,665 no degree. Where do you start? That is exactly what the next chapter is about. Chapter nine, 653 01:04:08,665 --> 01:04:14,905 stepbystep road map to start cyber security. The clear actionable path from zero to career 654 01:04:14,905 --> 01:04:20,185 ready. All right, let's get real. The most common question beginners usually ask is this. 655 01:04:20,185 --> 01:04:25,385 I'm interested in cyber security, but I don't know where to start. It feels overwhelming. 656 01:04:25,385 --> 01:04:30,585 I hear you. The field is broad. There are hundreds of certifications, dozens of tools, 657 01:04:30,585 --> 01:04:35,465 thousands of tutorials. But here's the truth that most people miss. You don't need to learn 658 01:04:35,465 --> 01:04:39,865 everything. You need to follow a path. And that's exactly what I'm going to give you. Phase zero, 659 01:04:39,865 --> 01:04:46,505 mindset preparation. Week one to week two. Before a single line of study, mindset. Cyber security 660 01:04:46,505 --> 01:04:51,785 rewards curiosity. Always wanting to know how things work. Persistence. Things will break. You 661 01:04:51,785 --> 01:04:58,105 will fail. You keep going. Ethical thinking. Power comes with responsibility. Continuous 662 01:04:58,105 --> 01:05:03,545 learning. This field changes faster than almost any other. You do not need a computer science 663 01:05:03,545 --> 01:05:09,785 degree. Helpful, but not required. To be great at math, basic logic, and some algebra is enough 664 01:05:09,785 --> 01:05:15,945 for most roles. To have hacked before, obviously, some of the cyber security professionals came from 665 01:05:15,945 --> 01:05:20,985 completely different backgrounds. Psychology, law, the military, customer service, what they share, 666 01:05:20,985 --> 01:05:25,545 curiosity, and commitment. You have both. You're watching a 2-hour cyber security 667 01:05:25,545 --> 01:05:30,345 video voluntarily. That's all the proof you need. At phase one, build the foundation. 668 01:05:30,345 --> 01:05:34,985 Month one to month two. Step one, learn how computers and networks work. You can watch 669 01:05:34,985 --> 01:05:39,865 the complete networking for cyber security video on this channel. Before you can secure a network, 670 01:05:39,865 --> 01:05:45,305 you need to understand one. Start with Comptier Network Plus study materials. Even if you never 671 01:05:45,305 --> 01:05:54,505 take the exam, the curriculum covers networking protocols, TCP/IP, DNS, DHCP. Network hardware, 672 01:05:54,505 --> 01:05:59,705 routers, switches, firewalls, and network troubleshooting. Free resources. Professor 673 01:05:59,705 --> 01:06:04,905 Messer's free network plus course on YouTube. Professor Messer has been the go-to free resource 674 01:06:04,905 --> 01:06:12,105 for network fundamentals for years. Step two, learn the Linux command line. The majority of 675 01:06:12,105 --> 01:06:17,625 cyber security tools run on Linux. Servers run Linux. Hacking environments run Linux. You don't 676 01:06:17,625 --> 01:06:22,905 need to be a Linux expert, but you do need to be comfortable. Start with the Linux command line, 677 01:06:22,905 --> 01:06:29,385 a free book at linxcommand.org and try Hackme's Linux fundamentals pathway. Step three, understand 678 01:06:29,385 --> 01:06:34,265 basic programming concepts. Uh you don't need to be a programmer. Uh but understanding code 679 01:06:34,265 --> 01:06:41,305 helps you read and understand scripts, automate tasks, understand vulnerabilities in code. Start 680 01:06:41,305 --> 01:06:46,105 with Python. It's beginner friendly and widely used in cyber security. There's a new channel 681 01:06:46,105 --> 01:06:50,905 that's about to start a beginnerfriendly Python series focused on cyber security. They've already 682 01:06:50,905 --> 01:06:56,585 uploaded an introduction video. You can check it out. Free resources, python.org's official 683 01:06:56,585 --> 01:07:02,025 tutorial and Free Code Camp's Python course. The goal at this phase isn't to become a programmer. 684 01:07:02,025 --> 01:07:08,425 It's to be programming literate. Phase two, core cyber security knowledge. Month two to month four, 685 01:07:08,425 --> 01:07:13,065 step four, earn CompTIA security plus. This is the single most universally recognized 686 01:07:13,065 --> 01:07:18,185 entry-level cyber security certification. It covers threats, attacks and vulnerabilities, 687 01:07:18,185 --> 01:07:23,625 technologies and tools, architecture and design, identity and access management, risk management, 688 01:07:23,625 --> 01:07:29,785 cryptography, and PKI. It is vendorneutral, meaning it applies to any technology environment. 689 01:07:29,785 --> 01:07:35,865 It is often a requirement for many government and corporate cyber security positions. Cost around 690 01:07:35,865 --> 01:07:42,665 $370 for the exam, but study materials can be free or low cost. Free study resources, Professor 691 01:07:42,665 --> 01:07:48,425 Messer's Security Plus course, phenomenal, free and thorough. Jason Dion's Udemy course, 692 01:07:48,425 --> 01:07:55,065 usually on sale for $15 to $20. Timeline, two to three months of dedicated study if you are working 693 01:07:55,065 --> 01:08:01,625 from the foundation. Step five, get hands-on with Try Hackme. Certifications give you knowledge. 694 01:08:01,625 --> 01:08:07,465 Try Hackme gives you skills. Try Hackme, a browser-based learning platform with hundreds of 695 01:08:07,465 --> 01:08:13,625 hands-on cyber security labs covering everything from basic networking to penetration testing. No 696 01:08:13,625 --> 01:08:19,545 special equipment needed. Everything runs in your browser. Their pre-security pathway is the perfect 697 01:08:19,545 --> 01:08:25,305 companion to security plus study. Their SOC level one pathway is ideal if you're aiming for 698 01:08:25,305 --> 01:08:32,265 that career path. Their junior penetration tester pathway prepares you for ethical hacking. Create 699 01:08:32,265 --> 01:08:38,665 an account. Start with the free content upgrade when you are ready for more. Step six. Hack the 700 01:08:38,665 --> 01:08:43,625 box for the more adventurous. Hack the box is the more challenging, more realistic cousin of 701 01:08:43,625 --> 01:08:50,185 try hackme. real world vulnerable machines, real penetration testing scenarios, a global community 702 01:08:50,185 --> 01:08:55,385 of security professionals. Once you have two to three months of foundational knowledge, start 703 01:08:55,385 --> 01:09:01,385 tackling hack the box challenges. It is where the learning goes from classroom to battlefield. Phase 704 01:09:01,385 --> 01:09:07,545 three, specialization. Month four to month eight. By now, you have a sense of what excites you most. 705 01:09:07,545 --> 01:09:12,185 Are you drawn to the offense, the hacking side, or the defense, the monitoring and response side, 706 01:09:12,185 --> 01:09:18,265 or the architecture, the design side? Choose a direction and go deeper. If you want offensive 707 01:09:18,265 --> 01:09:24,505 penetration testing, next certification, EJPT, e-learn security junior penetration tester. 708 01:09:24,505 --> 01:09:30,665 Beginnerfriendly, practical, and affordable. After that, OCP, Offensive Security Certified 709 01:09:30,665 --> 01:09:34,985 Professional. The most respected practical pen testing certification. This is the hard one. 710 01:09:34,985 --> 01:09:40,105 Budget 6 to 12 months of serious preparation. Tools to learn Kali Linux Nap Metas-ploit, 711 01:09:40,105 --> 01:09:45,625 Burpuite, Wireshark. If you want defensive so or blue team next certification, CompTIA plus 712 01:09:45,625 --> 01:09:52,985 cyber security and plus cyber security analyst tools delunk sim Wireark, Snort, IDS, Yara rules, 713 01:09:52,985 --> 01:09:59,545 ELKS stack course, blue team labs online. It's an excellent platform for defensive skill building. 714 01:09:59,545 --> 01:10:04,505 If you want cloud security, start with AWS cloud practitioner to understand cloud basics. 715 01:10:04,505 --> 01:10:10,665 then move to AWS certified security specialty or follow Microsoft's path A900 then SC900 then 716 01:10:10,665 --> 01:10:17,225 SC200 on Azure if you want GRC governance risk and compliance study the NIST cyber security 717 01:10:17,225 --> 01:10:27,545 framework ISO 2701 and GDPR and HIPAA basics CISM and CISC become your targets phase four 718 01:10:27,545 --> 01:10:33,225 build your portfolio ongoing from month three very important often overlooked certifications 719 01:10:33,225 --> 01:10:38,985 tell employers what You know, a portfolio shows them what you can do. How to build a portfolio? 720 01:10:38,985 --> 01:10:44,745 Option one, build a home lab. A home lab is your personal cyber security playground. Using free 721 01:10:44,745 --> 01:10:50,185 software like virtual box or VMware, you can run multiple virtual machines. A Kali Linux attacker, 722 01:10:50,185 --> 01:10:55,785 a Windows victim, a vulnerable web application, all on your own computer. Practice attacks, 723 01:10:55,785 --> 01:11:02,585 practice defenses, document your findings. This is something hiring managers love to see. Option two, 724 01:11:02,585 --> 01:11:08,345 CTF competitions. Capture the flag. These are cyber security challenges, puzzles, 725 01:11:08,345 --> 01:11:13,945 hacking scenarios, cryptography problems designed to test and build skills. Sites like CTF time.org 726 01:11:13,945 --> 01:11:19,625 list hundreds of competitions throughout the year. Many are free and open to beginners. Each CTF you 727 01:11:19,625 --> 01:11:25,865 complete becomes a portfolio item. Document your writeups. Explain how you solved each challenge. 728 01:11:25,865 --> 01:11:31,385 Option three, bug bounty programs. Companies like Google, Meta, Microsoft, and thousands of others 729 01:11:31,385 --> 01:11:36,185 pay money to people who find and responsibly report security vulnerabilities. These are 730 01:11:36,185 --> 01:11:42,105 called bug bounty programs. Platforms like Hacker 1 and Bug Crowd host these programs. Finding and 731 01:11:42,105 --> 01:11:48,105 reporting even one valid bug, even a small one, is an impressive portfolio entry. Option four, 732 01:11:48,105 --> 01:11:54,985 GitHub. Create a GitHub account. Document your HomeLab setup. Share your CTF writeups. Contribute 733 01:11:54,985 --> 01:12:00,905 to open source security tools. A GitHub profile with real cyber security work is often worth more 734 01:12:00,905 --> 01:12:07,225 to a hiring manager than an extra certification. Phase five, job search, month 6 to 12 and beyond. 735 01:12:07,225 --> 01:12:12,905 Practical job hunting guidance. Your first job does not have to be purely cyber security. Many 736 01:12:12,905 --> 01:12:19,465 cyber security professionals got their start in IT help desk or support, network administration, 737 01:12:19,465 --> 01:12:24,825 system administration. These roles build foundational skills and often have pathways 738 01:12:24,825 --> 01:12:30,505 into security teams. Where to look? LinkedIn. Most important, optimize your profile. Connect 739 01:12:30,505 --> 01:12:37,145 with cyber security professionals. Engage with content. Indeed, glass door. Cyber sec jobs.com. 740 01:12:37,145 --> 01:12:41,225 Government job boards. In many countries, government agencies are major cyber security 741 01:12:41,225 --> 01:12:46,105 employers. Company career pages, especially for companies with large security teams. Networking, 742 01:12:46,105 --> 01:12:52,585 the humankind. Join cyber security communities online. Discord servers. Many try hackme and 743 01:12:52,585 --> 01:12:58,505 hack the box communities have them. LinkedIn groups. local DFcon groups, DC groups, free meetup 744 01:12:58,505 --> 01:13:03,865 groups in hundreds of cities worldwide. Besides conferences, communityrun security conferences, 745 01:13:03,865 --> 01:13:10,665 often affordable or free. 80% of jobs are filled through networking, not job boards. Know people be 746 01:13:10,665 --> 01:13:17,785 known. You have the map. But I want to make this even more concrete. What if I gave you a specific 747 01:13:17,785 --> 01:13:23,545 day-by-day plan for your very first month? because that's exactly what the final chapter is. Your 748 01:13:23,545 --> 01:13:30,425 first 30 days action plan. Concrete day-by-day steps to launch your journey. Okay, this is it. 749 01:13:30,425 --> 01:13:36,985 Chapter 10, the launchpad. I'm going to give you the most specific actionable 30-day plan I can. 750 01:13:36,985 --> 01:13:44,985 No fluff, no vague advice, real steps for real days. Your only job, execute. Let's go. Week one, 751 01:13:44,985 --> 01:13:50,425 foundation and security habits. Days 1 to 7. Day one, secure your digital life today. Before you 752 01:13:50,425 --> 01:13:56,265 learn to defend others, defend yourself. Morning, 1 to two hours. Download Bit Warden. Set up your 753 01:13:56,265 --> 01:14:00,585 master password. Start adding your accounts. Check if I've beenoon.com for all your email 754 01:14:00,585 --> 01:14:08,105 addresses. Enable two-factor authentication using Google Authenticator or AY on Gmail, your bank, 755 01:14:08,105 --> 01:14:13,705 Instagram, Facebook. Evening 30 minutes. Review your phone's privacy settings. Limit which apps 756 01:14:13,705 --> 01:14:18,105 have access to your location, camera, and microphone. Check that your phone's storage 757 01:14:18,105 --> 01:14:24,665 is encrypted. Settings. Security on Android, automatic on iPhone with passcode set. Day two. 758 01:14:24,665 --> 01:14:30,025 Understand your attack surface. Google your own name. See what information is publicly available. 759 01:14:30,025 --> 01:14:34,665 Review your social media privacy settings. Limit who can see your birthday, hometown, and personal 760 01:14:34,665 --> 01:14:40,425 info. Check your router settings. Change the default admin credentials if you haven't. Day 761 01:14:40,425 --> 01:14:45,065 three, set up your learning environment. Create accounts on Tryh Hackme. Have I been pawned? 762 01:14:45,065 --> 01:14:50,425 GitHub. Download and install Virtual Box free on your computer. You'll need it for a home lab 763 01:14:50,425 --> 01:14:57,705 later. Bookmark your study resources. Professor Messer, try Hackme N cyber security resources. Day 764 01:14:57,705 --> 01:15:04,505 four, start Try Hackme's pre-security path. Begin the first module. Take it seriously. Take notes. 765 01:15:04,505 --> 01:15:09,865 Day five, networking fundamentals. Watch Professor Messer's first three video modules on network plus 766 01:15:09,865 --> 01:15:16,105 fundamentals. You can also watch our video on this channel. Take handwritten notes. Um, studies show 767 01:15:16,105 --> 01:15:22,665 handwriting improves retention by up to 34%. Day six, deep dive study day. Review everything you've 768 01:15:22,665 --> 01:15:28,825 learned this week. Make flashc cards using Anki, a free spaced repetition app. Key terms: IP address, 769 01:15:28,825 --> 01:15:36,025 DNS, HTTPS, firewall, CIA triad, authentication versus authorization, encryption, day seven, rest, 770 01:15:36,025 --> 01:15:40,265 reflect, and plan. Look at what you covered. What's unclear? Find one YouTube video that 771 01:15:40,265 --> 01:15:44,585 explains it better. Join one cyber security community online. Introduce yourself. Ask one 772 01:15:44,585 --> 01:15:50,505 question. Week two, core knowledge, days 8 to 14. Day eight, continue try Hackme. Complete the how 773 01:15:50,505 --> 01:15:56,265 the web works section. Take notes on HTTP, DNS, and web application basics. Day nine, 774 01:15:56,265 --> 01:16:01,145 start Linux fundamentals. Begin the Linux fundamentals pathway on Try Hackme. Learn 775 01:16:01,145 --> 01:16:06,745 basic terminal commands. Navigate directories. Create files. Change permissions. This is where 776 01:16:06,745 --> 01:16:12,905 many beginners feel uncomfortable. Push through. It gets intuitive quickly. Day 10. Security Plus 777 01:16:12,905 --> 01:16:19,225 study begins. Start Professor Messer's CompTIA Security Plus course. Begin with domain one, 778 01:16:19,225 --> 01:16:24,745 threats, attacks, and vulnerabilities. You'll recognize a lot from this video. Day 11, 779 01:16:24,745 --> 01:16:30,505 hands-on fishing analysis. Search fishing email examples analysis. Study 5 to 10 real fishing 780 01:16:30,505 --> 01:16:36,185 email examples. Practice identifying the red flags. Learn about email header analysis. How 781 01:16:36,185 --> 01:16:41,065 to trace where an email really came from. It's like detective work. You'll love it. 782 01:16:41,065 --> 01:16:46,265 Day 12, introduction to cryptography. Review our encryption chapter again, then go deeper. 783 01:16:46,265 --> 01:16:50,825 Try Hackme has a cryptography for beginners room. Complete it. Watch a 15-minute YouTube video on 784 01:16:50,825 --> 01:16:58,265 how HTTPS uses TLS, transport layer security, encryption. Day 13. Day 13. OSINT introduction 785 01:16:58,265 --> 01:17:03,945 OSIN open- source intelligence. It is the art of gathering information from public sources. A skill 786 01:17:03,945 --> 01:17:10,505 used by both hackers and investigators. Try hackme has an OSINT module. Start it. Practice OSINT 787 01:17:10,505 --> 01:17:18,665 on yourself. What can you find about you using only Google? Day 14, week two. Review flashcards 788 01:17:18,665 --> 01:17:23,545 review. Make sure your notes are organized. Post an update in your cyber security community. Share 789 01:17:23,545 --> 01:17:28,505 what you've learned. Teaching others is one of the best ways to learn. Week three, 790 01:17:28,505 --> 01:17:35,545 practical skills, days 15 to 21. Day 15, set up a basic home lab in Virtual Box. Install Kali Linux, 791 01:17:35,545 --> 01:17:41,625 a free Linux distribution specifically designed for cyber security and penetration testing. Follow 792 01:17:41,625 --> 01:17:47,625 a beginner's home lab setup guide on YouTube. Search Kali Linux virtual box beginner setup. Day 793 01:17:47,625 --> 01:17:53,065 16. Explore Kali Linux tools. Get familiar with your new environment. Run your first NAPAP scan on 794 01:17:53,065 --> 01:17:58,505 your own network. Legally, it's your own network. End MAPAP maps out what devices and open ports 795 01:17:58,505 --> 01:18:06,185 exist on a network. Day 17. Capture the flag. First attempt. Go to ctfttime.org. Find a beginner 796 01:18:06,185 --> 01:18:11,945 or Jeopardy style CTF that is currently running or has recently ended. Try to solve the easiest 797 01:18:11,945 --> 01:18:18,105 challenges. If you get stuck, search beginner CTF write up on YouTube. Day 18. Web application 798 01:18:18,105 --> 01:18:23,225 security basics. Install Burpuite Community Edition. Free. Work through Try Hackme's OWSP 799 01:18:23,225 --> 01:18:28,505 top 10 module. The OASP top 10 is the definitive list of the most critical web application security 800 01:18:28,505 --> 01:18:35,625 vulnerabilities. Learn each one. Day 19. Security plus study. Continue. Domain two, 801 01:18:35,625 --> 01:18:43,065 technologies and tools. Firewalls, IDSPs, VPNs, SIM tools. Review our chapter content alongside 802 01:18:43,065 --> 01:18:49,545 the course. Day 20. Wireshark. Analyze network traffic. Download Wireshark. Free. Capture traffic 803 01:18:49,545 --> 01:18:54,825 on your own network. See the packets flowing. Try HackMe has a Wireshark room. Complete it. 804 01:18:54,825 --> 01:18:59,625 This is the first time most beginners feel like a real security professional. It's a good feeling. 805 01:18:59,625 --> 01:19:05,065 Day 21. Week three review and portfolio planning. Write down what you've done this month. This is 806 01:19:05,065 --> 01:19:11,305 your early portfolio. Create a GitHub repository. Write a readme documenting your learning journey. 807 01:19:11,305 --> 01:19:16,345 What you've studied, what labs you've completed, what tools you've used. Week four, direction and 808 01:19:16,345 --> 01:19:22,425 momentum. Days 22 to 30. Day 22. Decide your specialization based on the past three weeks. 809 01:19:22,425 --> 01:19:27,865 Offense, defense, or engineering. If you loved the Kylie Linux labs and the pen testing mindset, 810 01:19:27,865 --> 01:19:33,865 offensive pen testing. If you love the monitoring, analysis and detection side, defensive, 811 01:19:33,865 --> 01:19:42,265 soek. If you are more drawn to architecture and policy, GRC or security engineering. Day 23 to 25, 812 01:19:42,265 --> 01:19:47,065 deep dive into your chosen path. Offensive. Continue through Try Hackme's junior penetration 813 01:19:47,065 --> 01:19:52,185 tester pathway. Research the OCP certification. Watch a YouTube video about what OCP candidates 814 01:19:52,185 --> 01:19:57,545 say about the experience. Defensive. Start Tryh Hackme's SOC level one pathway. Research 815 01:19:57,545 --> 01:20:05,145 CompTS CISA plus certification GRC read NIST's introduction to the cyber security framework. 816 01:20:05,145 --> 01:20:12,185 It is a free PDF research CISM certification. Day 26 LinkedIn optimization create or update 817 01:20:12,185 --> 01:20:17,145 your LinkedIn profile. Add Try Hackme Progress. They have sharable profiles, your GitHub link, 818 01:20:17,145 --> 01:20:22,025 any certifications you have started studying for. Relevant skills. Start connecting with 819 01:20:22,025 --> 01:20:26,745 cyber security professionals. Do not just connect. Engage with their content. Comment thoughtfully. 820 01:20:26,745 --> 01:20:33,385 Ask a genuine question. Day 27. Find your local or online community. Find your nearest DC group, 821 01:20:33,385 --> 01:20:41,065 DFC group. Many groups meet monthly, often virtually. These are your future colleagues, 822 01:20:41,065 --> 01:20:46,825 mentors, and references. Day 28. Create your study schedule for month two. Reverse engineer 823 01:20:46,825 --> 01:20:53,065 your certification goal. Security plus exam. Most people need 8 to 12 weeks of dedicated study. Set 824 01:20:53,065 --> 01:20:59,145 a target exam date. Book it. Having a deadline. makes you study. Create a weekly study schedule. 825 01:20:59,145 --> 01:21:04,585 Block the time in your calendar. Treat it like a class. Day 29. Write your why. This sounds 826 01:21:04,585 --> 01:21:10,985 non-technical. Do it anyway. Write even just for yourself why you want to be in cyber security. Is 827 01:21:10,985 --> 01:21:16,185 it financial stability, intellectual challenge, protecting people, making a career change. Your 828 01:21:16,185 --> 01:21:22,745 why is your fuel on the hard days. And there will be hard days. Everyone has them. Write it, 829 01:21:22,745 --> 01:21:27,785 save it, read it when you need it. Day 30. Celebrate and set month two goals. You have 830 01:21:27,785 --> 01:21:32,985 done more in 30 days than most people who say I want to get into cyber security do in a year. 831 01:21:32,985 --> 01:21:40,105 Celebrate that genuinely. Then set three specific goals for month two. One, complete X modules or 832 01:21:40,105 --> 01:21:46,425 certifications. Two, complete XCTF challenges. Three, make X new professional connections. 833 01:21:46,425 --> 01:21:51,545 Write them down. Make them specific. Make them real. We have been on a journey together today. 834 01:21:51,545 --> 01:21:56,745 We started with a woman named Sarah who woke up to find her digital life dismantled overnight. And 835 01:21:56,745 --> 01:22:02,825 we have ended here with you holding a road map that can change the trajectory of your safety, 836 01:22:02,825 --> 01:22:08,665 your awareness, and potentially your entire career. Let me remind you of what you now 837 01:22:08,665 --> 01:22:13,625 know. You know how the internet actually works. The infrastructure underneath everything we take 838 01:22:13,625 --> 01:22:19,145 for granted. You know how hackers think, not as cartoon villains, but as creative, patient human 839 01:22:19,145 --> 01:22:25,465 beings exploiting human weakness. You know the most common attacks, fishing, malware, 840 01:22:25,465 --> 01:22:31,305 social engineering, ransomware, and you will never look at a suspicious email the same way again. You 841 01:22:31,305 --> 01:22:38,745 know the mistakes that make people vulnerable. And you have real actionable tools to fix them today. 842 01:22:38,745 --> 01:22:44,265 You understand the foundations of cyber security, the CIA triad, encryption, authentication, zero 843 01:22:44,265 --> 01:22:49,225 trust, concepts that professionals spend careers building on. You know the career paths that exist 844 01:22:49,225 --> 01:22:54,265 and you know they are accessible with the right road map. And you have that roadmap. 30 days, 845 01:22:54,265 --> 01:23:00,585 clear steps, no guesswork. But here is the thing I want to leave you with. Cyber security 846 01:23:00,585 --> 01:23:06,345 is ultimately not about technology. It is about people. It is about protecting a grandmother from 847 01:23:06,345 --> 01:23:12,905 losing her savings to a scam. It is about keeping a hospital systems running so doctors can save 848 01:23:12,905 --> 01:23:19,225 lives. It is about ensuring that journalists in authoritarian countries can communicate safely. It 849 01:23:19,225 --> 01:23:24,585 is about making sure that the 16-year-old version of me who did not know any of this does not become 850 01:23:24,585 --> 01:23:30,105 the next victim of a sophisticated fishing attack. The people who go into cyber security 851 01:23:30,105 --> 01:23:35,945 carry a profound responsibility and honestly they are some of the most thoughtful, creative, 852 01:23:35,945 --> 01:23:41,865 curious and committed people you will find. I hope whether you watch this for personal safety, 853 01:23:41,865 --> 01:23:48,105 for career inspiration or pure curiosity, I hope you feel the weight and the wonder of this field 854 01:23:48,105 --> 01:23:53,945 because the internet is where we live now and it deserves defenders. Maybe you are one of them. 855 01:23:53,945 --> 01:23:58,905 If this video helped you even a little, please like it. Share it with someone who needs to see 856 01:23:58,905 --> 01:24:05,065 it and subscribe for more content like this. Drop a comment below telling me one thing you learned 857 01:24:05,065 --> 01:24:10,505 today, one thing that surprised you, one thing you are going to change or one step you are going to 858 01:24:10,505 --> 01:24:15,945 take. I read every comment seriously. And if you want the condensed version of this road map in a 859 01:24:15,945 --> 01:24:22,025 free PDF, follow me on Instagram and DM me. If you made it this far, thank you for your 860 01:24:22,025 --> 01:24:27,065 time. I genuinely appreciate it. Stay curious, stay secure, and I will see you in the next112077

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.