Cybersecurity · Practice and strategy
Cybersecurity Practice and Strategy revision
Review the key terms, check questions, and outcomes from every module in this stage.
Module 1: Secure SDLC
Security becomes real when it is built into how work ships.
- 1 Explain what a secure SDLC is and what it is not
- 2 Choose a small set of gates that catch the right failures early
- 3 Write controls that are verifiable through evidence
What is the point of a secure SDLC
To build safety and verification into delivery so failures are caught early and contained fast, without relying on heroics.
Module 2: Exposure reduction and zero trust
Zero trust is simple.
- 1 Explain trust boundaries and blast radius in plain language
- 2 Map implicit trust and remove the highest risk edges
- 3 Plan layered controls with ownership and logging
- zero trust
- Design where no implicit trust is granted based on network location
- microsegment
- Breaking systems into small zones with tight policy
Scenario. One service is compromised. What architecture choice most reduces 'how far the attacker can go'
Segmentation and least privilege. Microsegmentation and scoped identities limit lateral movement and blast radius.
Module 3: Runtime and cloud security
Crypto is only useful when it is applied correctly.
- 1 Explain why certificate validation matters and what should fail closed
- 2 Spot common protocol weaknesses that create false safety
- 3 Write a short crypto policy with rotation and exception rules
- cipher suite
- set of algorithms for key exchange, encryption and integrity
- certificate authority
- trusted issuer of certificates
- mutual TLS
- Both client and server present certificates
Scenario. A team proposes skipping certificate validation to unblock an integration. What is the correct response
Treat it as a serious risk. Fix trust properly with correct CA roots, renewal automation, and hostname verification. Bypassing validation turns encryption into a false sense of safety.
Module 4: Supply chain security
Supply chain risk is the uncomfortable truth that you inherit other people’s security decisions.
- 1 Explain why dependencies and vendors are part of your system
- 2 Choose controls for provenance, isolation, and rollback
- 3 Reduce blast radius in CI and build pipelines
What is supply chain risk in security
Risk introduced through third parties such as dependencies, build tools, vendors, and services you rely on.
Module 5: Vulnerability management
Vulnerability management is not a panic feed.
- 1 Prioritise vulnerabilities using exposure, impact, and exploit signals
- 2 Choose containment when patching is not possible yet
- 3 Record decisions so you can defend them later
What is the goal of vulnerability management
To reduce risk through prioritised remediation and sensible compensating controls.
Module 6: Detection and incident response
Detection closes the gap between compromise and action.
- 1 Explain the detection and response loop and who owns each step
- 2 Build a timeline that supports scope and containment decisions
- 3 Tune detections with an explicit trade off between noise and misses
- SIEM
- Security information and event management (SIEM), a platform that collects and correlates security events
- SOC
- security operations centre (SOC), a team that monitors and responds
- dwell time
- how long an attacker stays unnoticed
Scenario. Your SIEM fires constantly and nobody trusts it. What should you do
Reduce noise. Tune rules, add context, tie alerts to playbooks and owners, and prioritise a small set of high value detections first.
Module 7: Privacy, ethics, and auditability
This section is the glue.
- 1 Explain the difference between policy, standard, procedure, and control
- 2 Map controls to a framework to make gaps and coverage visible
- 3 Choose metrics that measure outcomes rather than comfort
- security theatre
- activity that looks reassuring but does not reduce real risk
- control effectiveness
- whether a control changes outcomes, not whether it exists on paper
Why use a framework such as NIST CSF 2.0
It provides shared language and coverage across Govern, Identify, Protect, Detect, Respond and Recover, making gaps and priorities easier to communicate.
Module 8: System ilities
System ilities are the properties that decide whether you survive a bad day.
- 1 Explain attacker economics and how defenders change cost of attack
- 2 Run a simple failure analysis without blame
- 3 Turn lessons learned into a concrete system change
What do attackers typically optimise for
Low cost and high probability of success, not perfect technique.
Module 9: Capstone professional practice
Pick one system you understand.
- 1 Produce a defensible pack that links risks, controls, and evidence
- 2 Explain your security posture to a non technical stakeholder
- 3 Choose what to do next quarter and why
What makes a capstone defensible
Clear scope, clear risk choices, and clear evidence you can show.