Cybersecurity Knowledge Map
Checking access...
Course Structure
The course is organised into four phases, each building on the previous:
Phase 1: Security Foundations (Modules 1-3)
| Module | Core Concepts | Key Takeaway |
|---|---|---|
| Security Fundamentals | CIA triad, risk management, cryptography, frameworks (NIST CSF, ISO 27001) | Security is about managing risk, not eliminating it |
| Network Security | Segmentation, firewalls, IDS/IPS, VPNs, wireless security | Network controls are the first line of defence |
| Application Security | OWASP Top 10, SQL injection, XSS, secure SDLC | Security must be built in, not bolted on |
Phase 2: Threat Management (Modules 4-6)
| Module | Core Concepts | Key Takeaway |
|---|---|---|
| Threat Detection | SIEM, SOC, threat intel, threat hunting, detection engineering | You can’t stop what you can’t see |
| Incident Response | NIST lifecycle, forensics, malware analysis, ransomware | Expect to be breached — plan your response |
| Vulnerability Management | Scanning, prioritisation (CVSS/EPSS), pen testing, bug bounties | You can’t patch everything — prioritise by risk |
Phase 3: Defence & Access (Modules 7-9)
| Module | Core Concepts | Key Takeaway |
|---|---|---|
| Identity & Access Management | AuthN/AuthZ, RBAC/ABAC, PAM, JIT access, identity governance | Identity is the new perimeter |
| Security Tools | EDR/XDR, SIEM, SOAR, DevSecOps, cloud scanners | Tools amplify people — they don’t replace them |
| Cloud Security | Shared responsibility, AWS/Azure/GCP, cloud compliance | The cloud provider secures the cloud — YOU secure your data |
Phase 4: Governance & Operations (Modules 10-12)
| Module | Core Concepts | Key Takeaway |
|---|---|---|
| Compliance & Auditing | GDPR, HIPAA, PCI DSS, SOC 2, audit evidence | If it isn’t documented, it didn’t happen |
| Security Automation | SOAR, DevSecOps, policy-as-code, security pipelines | Automate everything you can — humans handle exceptions |
| Cybersecurity Capstone | Integrated assessment, career paths | Security is a journey, not a destination |
The Cybersecurity Mindset
The single most important thing to understand about cybersecurity:
Security is about managing risk, not eliminating it. Security is a process, not a product. Security is everyone’s responsibility, not just the security team’s.