What’s in This Course?

Here's a quick overview of the contents of this course.

This course covers five basic practices to improve your security posture.

Start with Chapter 2: Patching. What happens when a serious vulnerability makes headlines? You need to quickly and authoritatively discover whether you use that software and then patch it if needed. Hopefully, you have this capability today. If not, you can build up the capability to respond to this scenario now, when you’re not rushed, when you can plan, prioritize, and test the work just like any other engineering work. Or you can wait until it’s an emergency.

Next, you’ll explore some basic software vulnerabilities in Chapter 3: Vulnerabilities. You’ll see how they work, how to prevent them, and, in some cases, how to make attempts to exploit them more detectable. You’ll also learn about some common misconfigurations that can take otherwise secure software and open it up to attack.

You’ve probably heard the advice, “Never write your own crypto.” In Chapter 4: Cryptography, you’ll find out why this is good advice. You’ll also discover some cryptography libraries you can use instead.

Odds are you have a lot of Windows computers in your organization. In Chapter 5: Windows, you’ll learn about configuration choices you can make to keep your Windows computers more secure.

Finally, in Chapter 6: Phishing, you’ll see what phishing is and what attackers typically try to achieve with phishing emails. You’ll learn what your organization should cover in its phishing training and what defenses you can put in place to make your organizations more resistant to phishing attacks.

In the next chapter, we’ll start by learning about patching.