Defensive Level 2 — Core Security

Core Security Concepts

🎯 Goal

Grasp the foundational principles of cybersecurity: how to think about threats, risk, and defense. This is the theoretical backbone that connects all technical skills—from penetration testing to governance.

🔑 Key Skills to Learn

  • CIA Triad: Confidentiality, Integrity, Availability – and how they apply to real systems.
  • Authentication vs. Authorization: Multi-factor authentication (MFA), identity, and access control models (RBAC, ABAC).
  • Risk Management Fundamentals: Threats, vulnerabilities, impacts, likelihood. Basic risk calculation.
  • Security Controls: Administrative, technical, physical controls; preventative, detective, corrective functions.
  • Defense in Depth: Layered security strategy.
  • Common Attack Categories: Malware, phishing, social engineering, denial of service, man-in-the-middle, SQL injection (high-level awareness).
  • Cryptography Basics: Hashing, symmetric vs. asymmetric encryption, digital signatures, PKI – core concepts, not deep math.
  • Security Policies & Governance: Acceptable Use Policy (AUP), incident response policy, separation of duties, principle of least privilege.
  • Frameworks & Standards Overview: MITRE ATT&CK, NIST Cybersecurity Framework (CSF), ISO 27001, OWASP Top 10 – what they are and when to use them.

📖 Free Learning Resources

  • TryHackMe – Intro to Cyber Security – A full learning path covering fundamentals. Link
  • SANS Security Awareness Posters – Free visual summaries of key topics like phishing, passwords, and social engineering. Link
  • Cybrary – Introduction to IT & Cybersecurity – Free video course. Link
  • NIST Cybersecurity Framework – Official, free document with core functions (Identify, Protect, Detect, Respond, Recover). Link
  • MITRE ATT&CK Framework – Interactive matrix of adversary tactics and techniques. Link
  • OWASP Top 10 – The definitive list of web application security risks. Link
  • Professor Messer’s Security+ Videos – Covers all foundational concepts. Link

🔗 Roadmap Placement

  • Prerequisites: IT Fundamentals, Linux, and Networking. You now understand systems and how they communicate; here you learn how to protect them.
  • Directly Enables: All specialized paths – red teaming uses MITRE ATT&CK, blue teaming relies on defense in depth, GRC uses NIST and ISO frameworks.
  • Next Step: With core concepts down, you’re ready to branch into Web & Application Security (for bug bounty), Blue Team Operations, or any other Level 3 specialization.
Prerequisite Linux Fundamentals Next Web & Application Security