All language subtitles for Complete CYBERSECURITY Fundamentals Everything You Need to Know
Afrikaans
Akan
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bemba
Bengali
Bihari
Bosnian
Breton
Bulgarian
Cambodian
Catalan
Cebuano
Cherokee
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Ewe
Faroese
Filipino
Finnish
French
Frisian
Ga
Galician
Georgian
German
Greek
Guarani
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Interlingua
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Kinyarwanda
Kirundi
Kongo
Korean
Krio (Sierra Leone)
Kurdish
Kurdish (SoranĂ®)
Kyrgyz
Laothian
Latin
Latvian
Lingala
Lithuanian
Lozi
Luganda
Luo
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mauritian Creole
Moldavian
Mongolian
Myanmar (Burmese)
Montenegrin
Nepali
Nigerian Pidgin
Northern Sotho
Norwegian
Norwegian (Nynorsk)
Occitan
Oriya
Oromo
Pashto
Persian
Polish
Portuguese (Brazil)
Portuguese (Portugal)
Punjabi
Quechua
Romanian
Romansh
Runyakitara
Russian
Samoan
Scots Gaelic
Serbian
Serbo-Croatian
Sesotho
Setswana
Seychellois Creole
Shona
Sindhi
Sinhalese
Slovak
Slovenian
Somali
Spanish
Spanish (Latin American)
Sundanese
Swahili
Swedish
Tajik
Tamil
Tatar
Telugu
Thai
Tigrinya
Tonga
Tshiluba
Tumbuka
Turkish
Turkmen
Twi
Uighur
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Wolof
Xhosa
Yiddish
Yoruba
Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,025 --> 00:00:05,225
Welcome to the world of cyber security. My name is
Ismail. And in the next two hours or so, I'm going
2
00:00:05,225 --> 00:00:10,265
to do something most schools, most colleges,
and even most parents never did for you. I'm
3
00:00:10,265 --> 00:00:16,825
going to show you how the internet actually works,
who might be watching you right now and why, how
4
00:00:16,825 --> 00:00:22,345
hackers think and what they're really looking for.
And most importantly, how to protect yourself,
5
00:00:22,345 --> 00:00:27,065
your family, and your future. And if you're
someone who wants to turn this into a career,
6
00:00:27,065 --> 00:00:31,705
there's a full road map waiting for you in the
second half of this video. By the end of this,
7
00:00:31,705 --> 00:00:36,665
you'll understand more about cyber security than
most people using the internet today. Not hype,
8
00:00:36,665 --> 00:00:42,905
not exaggeration, just real knowledge. So stay
with me, take notes if you want, and let's begin.
9
00:00:42,905 --> 00:00:49,065
Chapter 1. The internet is not safe. Let me start
with a story. A 28-year-old woman named Sarah,
10
00:00:49,065 --> 00:00:53,065
a school teacher from Ohio, she thought she
was just using the internet like everyone else,
11
00:00:53,065 --> 00:00:58,665
scrolling Instagram, ordering food online,
checking her emails. Nothing unusual, nothing
12
00:00:58,665 --> 00:01:04,025
risky, just normal life. One evening, she received
an email. It looked exactly like it came from
13
00:01:04,025 --> 00:01:10,825
her bank. Same logo, same design, same tone. It
said her account had been flagged for suspicious
14
00:01:10,825 --> 00:01:16,825
activity. And there was a simple instruction.
Click here to verify. So she clicked. She entered
15
00:01:16,825 --> 00:01:24,505
her username. She entered her password. And within
6 hours, $4,200 was gone. Transferred out of her
16
00:01:24,505 --> 00:01:31,225
account just like that. Her Instagram started
posting content she never approved. Her Gmail
17
00:01:31,225 --> 00:01:37,145
was used to reset passwords on her Netflix, her
Amazon, her PayPal. Everything started falling
18
00:01:37,145 --> 00:01:43,385
apart. Sarah wasn't careless. She wasn't dumb.
She was just unaware. And that right there is
19
00:01:43,385 --> 00:01:50,185
the biggest cyber security problem in the world
today. Not technology, not hackers, unawareness.
20
00:01:50,185 --> 00:01:56,345
Here's a fact that should make you pause. Every 39
seconds, a cyber attack happens somewhere in the
21
00:01:56,345 --> 00:02:01,305
world. Every 39 seconds, by the time you reach the
end of this line, someone's data has already been
22
00:02:01,305 --> 00:02:08,345
stolen. Now, think about that. How many 39-second
intervals happen in a single day? In a week,
23
00:02:08,345 --> 00:02:14,665
the numbers are massive. But here's the part most
people don't realize. Most cyber attacks are never
24
00:02:14,665 --> 00:02:20,505
reported. People feel embarrassed. Companies avoid
bad press. So, the real number, it's probably 10
25
00:02:20,505 --> 00:02:26,505
times higher. Now, let's talk about something even
more dangerous. The illusion of safety. We live in
26
00:02:26,505 --> 00:02:32,185
a world where we feel safe just because we have a
password on our phone. We feel safe because we use
27
00:02:32,185 --> 00:02:37,625
private browsing. We feel safe because we visit
what we think are trusted websites. But let me
28
00:02:37,625 --> 00:02:43,225
break that illusion for a moment. Private browsing
does not hide you from your internet provider,
29
00:02:43,225 --> 00:02:48,665
your employer, or skilled hackers. Passwords
alone, they are cracked every single day by
30
00:02:48,665 --> 00:02:54,905
machines that can try billions of combinations
in just one second. And those trusted websites,
31
00:02:54,905 --> 00:03:00,425
many of them get hacked too. Thousands of times
every year. I'm not telling you this to scare you.
32
00:03:00,425 --> 00:03:04,985
I'm telling you this to wake you up because
awareness is the first step. And right now,
33
00:03:04,985 --> 00:03:10,905
you're already taking it. Now, let's look at the
scale of this problem. Real numbers. In 2024,
34
00:03:10,905 --> 00:03:17,785
cyber crime cost the world over $9.5 trillion.
Think about that for a second. If cyber crime were
35
00:03:17,785 --> 00:03:21,785
a country, it would be the third largest economy
in the world, only behind the United States and
36
00:03:21,785 --> 00:03:29,465
China, third largest in the world, and it's still
growing. Experts predict that by 2027, that number
37
00:03:29,465 --> 00:03:35,945
could reach $23 trillion. Now, here's a question
I I want you to really think about. Who do hackers
38
00:03:35,945 --> 00:03:42,345
target the most? Big corporations, government
agencies, billionaires? No. The number one target
39
00:03:42,345 --> 00:03:48,425
is regular people. People like you. Why? because
it's easier. Because protection is weaker, because
40
00:03:48,425 --> 00:03:54,505
there are billions of targets. It's not personal,
it's math, your digital footprint. Here's
41
00:03:54,505 --> 00:04:01,065
something most people never realize. Right now, at
this exact moment, there exists a digital profile
42
00:04:01,065 --> 00:04:06,825
of you, more detailed than what even your closest
friends know. It knows the websites you visited,
43
00:04:06,825 --> 00:04:11,705
the things you've searched for, where you've
been over the years, when you sleep and when
44
00:04:11,705 --> 00:04:17,545
you wake up, what you believe in, what you worry
about, what you might be dealing with healthwise,
45
00:04:17,545 --> 00:04:24,265
how you spend your money, and even how you feel
uh based on what you watch and what you click. All
46
00:04:24,265 --> 00:04:31,385
of this information is being collected, stored,
bought, and sold every single day by hundreds of
47
00:04:31,385 --> 00:04:35,625
companies you've never even heard of. And that
that's just the legal side because hackers want
48
00:04:35,625 --> 00:04:40,985
that same information too, but they don't ask for
permission. They take it and once they have it,
49
00:04:40,985 --> 00:04:46,345
they use it to steal from you, manipulate
you, or sell it to other criminals. Now,
50
00:04:46,345 --> 00:04:52,185
pause for a second and ask yourself honestly,
before this video, did you know any of this? Most
51
00:04:52,185 --> 00:04:57,545
people don't. And that's exactly why cyber crime
has become a multi-trillion dollar industry. But
52
00:04:57,545 --> 00:05:03,865
here's where things change. Because this isn't a
horror story. This is a survival guide. The good
53
00:05:03,865 --> 00:05:09,065
news, cyber security is not as complicated as it
sounds. The methods that protect you from most
54
00:05:09,065 --> 00:05:15,225
attacks are simple. They're small habits, things
you can start doing today for free that make you
55
00:05:15,225 --> 00:05:20,425
dramatically safer online. And if you want to
turn this into a career, we're going to cover
56
00:05:20,425 --> 00:05:27,865
that too in detail. Because the truth is, people
who get hacked aren't weak. They're uninformed.
57
00:05:27,865 --> 00:05:33,465
And the people who stay safe aren't geniuses,
they're prepared. And by the end of this video,
58
00:05:33,465 --> 00:05:38,665
you will be prepared. Now that you understand
why this matters, let's go deeper because you
59
00:05:38,665 --> 00:05:43,785
can't protect something you don't understand. So,
let's break it down. How the internet actually
60
00:05:43,785 --> 00:05:51,625
works. Chapter 2, how the internet actually
works. Now, let's do something different. Let's
61
00:05:51,625 --> 00:05:58,105
play a simple game. I want you to imagine this.
Every house in the world is connected by a giant
62
00:05:58,105 --> 00:06:03,385
invisible postal system. When you send a letter
or in internet terms, when you open a website,
63
00:06:03,385 --> 00:06:08,665
you're sending a request from your house to
someone else's house. That request travels
64
00:06:08,665 --> 00:06:13,785
through roads, through bridges, through multiple
checkpoints until it reaches its destination,
65
00:06:13,785 --> 00:06:18,905
a server. A server is just a very powerful
computer that stores the website you want to
66
00:06:18,905 --> 00:06:23,865
see. Once your request arrives, the server sends
the website back to you. And this entire journey
67
00:06:23,865 --> 00:06:30,185
going there and coming back happens in less than
a second. That is the internet. Simple, right?
68
00:06:30,185 --> 00:06:35,945
Good. Want to learn complete networking for cyber
security? We've created a 1-hour video that people
69
00:06:35,945 --> 00:06:41,705
are loving. Check it out on our channel. Now,
let's go one step deeper. IP addresses. Your home
70
00:06:41,705 --> 00:06:46,825
address on the internet. Every device connected to
the internet has something called an IP address.
71
00:06:46,825 --> 00:06:52,825
IP stands for internet protocol. Think of it as
your home address in the digital postal system.
72
00:06:52,825 --> 00:06:58,025
Just like a letter needs a delivery address,
every piece of data traveling across the internet
73
00:06:58,025 --> 00:07:08,585
needs an IP address to know where to go. Your IP
address looks something like this, 192.168.1.105.
74
00:07:08,585 --> 00:07:13,385
It's a series of numbers that identifies
your device and your general location. Now,
75
00:07:13,385 --> 00:07:18,345
here's something interesting. Right now, as
you're watching this video, your IP address is
76
00:07:18,345 --> 00:07:24,425
visible to YouTube, to your internet provider, and
potentially to anyone running the right software.
77
00:07:24,425 --> 00:07:30,345
That doesn't mean immediate danger, but it is the
first thing a hacker looks for when choosing a
78
00:07:30,345 --> 00:07:37,385
target. Servers, the warehouses of the internet.
When you you type google.com into your browser,
79
00:07:37,385 --> 00:07:43,945
where does that request go? It goes to a server.
A server is simply a powerful computer, usually
80
00:07:43,945 --> 00:07:50,025
stored inside massive buildings called data
centers that hold websites, apps, and data. Google
81
00:07:50,025 --> 00:07:55,945
alone runs more than 2 million servers across the
world. Facebook operates data centers as large as
82
00:07:55,945 --> 00:08:02,425
shopping malls. These servers work 24 hours a day,
7 days a week, storing your photos, your messages,
83
00:08:02,425 --> 00:08:07,785
your emails, everything. Now, think about this.
There's a question hackers ask themselves every
84
00:08:07,785 --> 00:08:14,025
single day. What happens if I attack that server?
One server, millions of users, maximum impact.
85
00:08:14,025 --> 00:08:18,825
That's how massive data breaches happen. When a
company's server is compromised, every user's data
86
00:08:18,825 --> 00:08:25,465
is suddenly at risk. HTTP versus HTTPS, the lock
on your digital door. You may have noticed some
87
00:08:25,465 --> 00:08:31,145
websites start with HTTP and others start with
HTTPS. That one small letter changes everything.
88
00:08:31,145 --> 00:08:36,425
HTTP stands for hypertext transfer protocol. It's
the language your browser uses to communicate
89
00:08:36,425 --> 00:08:43,865
with websites. HTTPS is the secure version. That
extra S means the connection between you and the
90
00:08:43,865 --> 00:08:49,385
website is encrypted. Your data is scrambled in
a way that makes it unrable to anyone trying to
91
00:08:49,385 --> 00:08:55,305
intercept it. Think of it like this. HTTP is like
sending a postcard. Anyone handling it along the
92
00:08:55,305 --> 00:09:01,945
way can read what's written. HTTPS is like placing
that message inside a locked safe with a key that
93
00:09:01,945 --> 00:09:09,145
only you and the receiver have. If you're on a
website without HTTPS and you enter your password,
94
00:09:09,145 --> 00:09:15,385
your credit card details, or any personal
information, that data is traveling in plain text,
95
00:09:15,385 --> 00:09:20,505
completely exposed. Anyone monitoring that traffic
can read it. So, here's a simple rule. Before
96
00:09:20,505 --> 00:09:25,465
you enter any personal information, look at your
browser's address bar. If you see a small padlock,
97
00:09:25,465 --> 00:09:32,585
you're on HTTPS. If you don't, leave immediately.
DNS the internet's phone book. Here's something
98
00:09:32,585 --> 00:09:38,105
interesting. Computers don't actually understand
names like google.com. They understand numbers,
99
00:09:38,105 --> 00:09:43,465
IP addresses. So, when you type a a website name,
how does your browser know where to go? There's
100
00:09:43,465 --> 00:09:49,145
a system working quietly in the background.
It's called DNS, the domain name system. Think
101
00:09:49,145 --> 00:09:56,185
of DNS as the internet's phone book. You type
google.com and your browser sends a request. Hey,
102
00:09:56,185 --> 00:10:02,025
what's the IP address for this name? The
DNS server responds. That's 142.250.19.
103
00:10:02,025 --> 00:10:08,185
250.190.14. Your browser takes that number,
goes to that address, and just like that,
104
00:10:08,185 --> 00:10:12,825
Google appears. This entire process happens in
milliseconds. You never see it. You never notice
105
00:10:12,825 --> 00:10:19,625
it. But it's happening billions of times every
single day. Now, here's the real question. Why
106
00:10:19,625 --> 00:10:25,385
does this matter for cyber security? Because this
system can be attacked. It's called DNS poisoning
107
00:10:25,385 --> 00:10:30,505
or DNS spoofing. Imagine someone breaking into
that phone book and changing Google's number
108
00:10:30,505 --> 00:10:36,905
to their own fake website. A website that looks
exactly like the real one. Same design, same logo,
109
00:10:36,905 --> 00:10:42,825
same layout. You type google.com and you land
on that fake page. And if you enter your email,
110
00:10:42,825 --> 00:10:50,185
your password, it's gone. Stolen instantly. This
is not theory. This happens. And we'll dive deeper
111
00:10:50,185 --> 00:10:54,585
into it when we talk about real attacks. Now,
let's move into something most people only hear
112
00:10:54,585 --> 00:11:00,905
about in movies. Uh, the dark web. Let's clear the
confusion. The internet you use every day, Google,
113
00:11:00,905 --> 00:11:06,745
YouTube, Instagram, news websites, that's only
a tiny part of the whole system. About 5%. The
114
00:11:06,745 --> 00:11:13,465
remaining 95% is called the deep web. And most of
it completely normal. Private databases, company
115
00:11:13,465 --> 00:11:18,985
systems, medical records, bank infrastructure,
nothing secret or dangerous, just not public.
116
00:11:18,985 --> 00:11:25,065
But within that deep web, there's another layer,
a hidden layer, the dark web. These are websites
117
00:11:25,065 --> 00:11:30,425
that are not indexed by search engines. You won't
find them on Google. Their addresses look unusual,
118
00:11:30,425 --> 00:11:38,265
ending instead of.com. And to access them,
you need a special browser tour, the onion
119
00:11:38,265 --> 00:11:43,785
router. Now, here's the truth. The dark web is not
purely criminal. Journalists use it to communicate
120
00:11:43,785 --> 00:11:50,345
safely. Activists use it to avoid surveillance. In
some places, it's a lifeline. But yes, it's also
121
00:11:50,345 --> 00:11:56,105
where a lot of illegal activity happens. Stolen
passwords are sold there. Credit card data traded
122
00:11:56,105 --> 00:12:01,865
in marketplaces. Personal information from data
breaches listed in bulk. Your email and password
123
00:12:01,865 --> 00:12:07,385
from something you signed up for years ago could
be sitting there right now and you wouldn't even
124
00:12:07,385 --> 00:12:13,225
know. There are tools, simple ones, that let you
check if your data has been exposed in a breach.
125
00:12:13,225 --> 00:12:18,745
One of the most trusted is called Have I Been
Poned? It's free and it can show you if your email
126
00:12:18,745 --> 00:12:25,865
has ever been compromised. After this video, you
should check it because awareness is protection.
127
00:12:25,865 --> 00:12:30,585
Now you understand how the internet is built. But
here's the real shift. Who is moving inside this
128
00:12:30,585 --> 00:12:36,825
system? Who is searching for weaknesses? Who is
looking for people just like you? Let's talk about
129
00:12:36,825 --> 00:12:43,705
hackers. And trust me, they're not what you think.
Chapter three. Hackers. Who they are and how they
130
00:12:43,705 --> 00:12:51,145
think. Close your eyes for a second. I say the
word hacker. What image comes to mind? A teenager
131
00:12:51,145 --> 00:12:56,825
in a dark hoodie typing furiously in a black room.
Green code scrolling across multiple screens.
132
00:12:56,825 --> 00:13:02,585
Maybe they're in Russia. Maybe they're anonymous.
Yeah, that image is about 95% Hollywood fiction.
133
00:13:02,585 --> 00:13:06,905
The reality of who hackers actually are and how
they actually operate is both more ordinary and
134
00:13:06,905 --> 00:13:13,385
more fascinating than any movie. The three hats,
white, gray, and black. In cyber security, we
135
00:13:13,385 --> 00:13:19,145
use a hat metaphor to describe different types of
hackers. Don't ask me why hats. It's a tradition.
136
00:13:19,145 --> 00:13:25,865
Just go with it. White hat hackers. These are the
good guys. White hat hackers, also called ethical
137
00:13:25,865 --> 00:13:30,745
hackers or penetration testers, are paid by
companies to try to hack into their own systems.
138
00:13:30,745 --> 00:13:35,305
Think about it. The best way to find out if your
security has holes is to have someone try to
139
00:13:35,305 --> 00:13:42,105
break through it on purpose in a controlled way.
Companies like Google, Microsoft, and Apple pay
140
00:13:42,105 --> 00:13:47,385
white hat hackers millions of dollars every year
to find their vulnerabilities before the bad guys
141
00:13:47,385 --> 00:13:53,065
do. This is a real career, a well-paying one. And
we'll cover it in detail in the careers chapter.
142
00:13:53,065 --> 00:13:58,105
Black hat hackers, these are the bad guys. Black
hat hackers break into systems without permission
143
00:13:58,105 --> 00:14:04,825
for personal gain, for crime, for chaos. They're
the ones behind ransomware attacks, bank fraud,
144
00:14:04,825 --> 00:14:10,985
data theft, and identity theft. Some are highly
sophisticated, others are just using tools that
145
00:14:10,985 --> 00:14:16,105
other people created. Here's a stat that might
surprise you. The majority of cyber attacks
146
00:14:16,105 --> 00:14:22,505
are not carried out by elite programmers. They're
carried out using pre-made tools and scripts that
147
00:14:22,505 --> 00:14:28,265
anyone can download. The technical bar to entry
for basic cyber crime has dropped dramatically.
148
00:14:28,265 --> 00:14:34,345
And that is a serious problem. Grey hat hackers.
Grey hats are in the middle. They might hack into
149
00:14:34,345 --> 00:14:40,105
a system without permission, but not to steal
anything. Maybe to prove a point, maybe to show
150
00:14:40,105 --> 00:14:46,345
a company their security is weak. Maybe out of
curiosity. They operate in an ethical gray zone.
151
00:14:46,345 --> 00:14:51,865
Their motives might be good, but their methods are
illegal. The cyber security world has complicated
152
00:14:51,865 --> 00:14:56,905
feelings about gray hats, but they exist, and
you should know about them. How hackers actually
153
00:14:56,905 --> 00:15:02,985
think. This is the part that's going to change how
you see the digital world. Hackers, especially the
154
00:15:02,985 --> 00:15:08,265
skilled ones, don't think like criminals in the
traditional sense. They think like detectives,
155
00:15:08,265 --> 00:15:14,665
like puzzle solvers, like engineers. The hacker
mindset has three core pillars. Pillar one,
156
00:15:14,665 --> 00:15:20,025
find the weakness. Every system, no matter
how secure, has a weakness. It could be a
157
00:15:20,025 --> 00:15:25,145
technical flaw in the software. It could be
a misconfigured setting. It could be a tired
158
00:15:25,145 --> 00:15:30,985
employee who clicks the wrong link. Hackers are
obsessed with finding that one crack in the wall.
159
00:15:30,985 --> 00:15:36,185
Uh they're patient. They're persistent. They think
creatively. Think of a hacker trying to break into
160
00:15:36,185 --> 00:15:41,785
a bank. They're not going to walk through the
front door. They know there's a guard, cameras,
161
00:15:41,785 --> 00:15:47,385
alarms. But what about the janitor who comes in at
3:00 a.m.? What about the service entrance around
162
00:15:47,385 --> 00:15:54,905
back? What about the IT support person who has
admin access and uses the password one two three?
163
00:15:54,905 --> 00:16:00,345
The hackers who are most dangerous are the ones
who understand people as much as they understand
164
00:16:00,345 --> 00:16:08,185
technology. Pillar two, least effort, maximum
impact. Sophisticated hacking is actually rare.
165
00:16:08,185 --> 00:16:13,625
Most cyber criminals are looking for the path
of least resistance. Why spend 10 hours trying
166
00:16:13,625 --> 00:16:18,905
to crack a complex encryption system when you
can send a fake email to 10,000 people and wait
167
00:16:18,905 --> 00:16:24,105
for just one person to click? That's why fishing,
which we'll cover in depth in the next chapter,
168
00:16:24,105 --> 00:16:29,785
is the number one attack vector in the world.
Not because hackers are lazy, but because they're
169
00:16:29,785 --> 00:16:36,425
smart. If you can get someone to hand you the key,
why would you ever pick the lock? Pillar three,
170
00:16:36,425 --> 00:16:43,225
anonymity and patience. Professional hackers are
invisible by design. They use VPNs, proxy servers,
171
00:16:43,225 --> 00:16:48,985
the tour network, even compromised computers
in other countries as launch pads. By the time
172
00:16:48,985 --> 00:16:53,145
investigators figure out where an attack came
from, if they ever do, the attacker is already
173
00:16:53,145 --> 00:16:59,225
gone, hidden behind layers like an onion, and
they are patient. Some hacking campaigns, called
174
00:16:59,225 --> 00:17:04,185
advanced persistent threats, stay hidden inside
a company's network for months before making a
175
00:17:04,185 --> 00:17:08,825
move. Imagine a thief who breaks into your house
and instead of stealing something immediately,
176
00:17:08,825 --> 00:17:14,025
lives quietly in your attic for eight months,
watching your routine, learning your habits,
177
00:17:14,025 --> 00:17:20,185
waiting, and then strikes at the perfect moment.
That is an AP. Now, let's talk about something
178
00:17:20,185 --> 00:17:27,305
even more real. Who hackers actually are in
real life. Profile one, the lonewolf teenager.
179
00:17:27,305 --> 00:17:32,505
Kevin Mitnik was once called the most wanted
computer criminal in US history. He started
180
00:17:32,505 --> 00:17:38,185
hacking at 16. By his 20s, he had broken into
systems belonging to IBM, Motorola, and even
181
00:17:38,185 --> 00:17:43,385
the Pentagon. He wasn't doing it for money. He
was doing it for the thrill, for the challenge.
182
00:17:43,385 --> 00:17:48,985
He served prison time and later became one of the
world's most respected cyber security consultants.
183
00:17:48,985 --> 00:17:55,385
Profile two, the state sponsored hacker. Some
hackers don't work for themselves. They work
184
00:17:55,385 --> 00:18:01,625
for governments. Countries like Russia, China,
North Korea, and Iran have dedicated cyber units.
185
00:18:01,625 --> 00:18:07,225
Teams of professionals trained to attack foreign
governments, steal intelligence, disrupt critical
186
00:18:07,225 --> 00:18:12,745
systems. These are not teenagers in basement.
These are experts working in offices funded
187
00:18:12,745 --> 00:18:19,225
by national budgets. Operations like the 2016 US
election interference, the wan to cry ransomware
188
00:18:19,225 --> 00:18:25,305
attack that shut down hospitals in the UK, and
the Colonial Pipeline attack that caused fuel
189
00:18:25,305 --> 00:18:31,545
shortages on the US East Coast. These were not
random events. They were organized and powerful.
190
00:18:31,545 --> 00:18:36,425
Profile three, the organized crime ring. These
are the businessmen of the digital underworld.
191
00:18:36,425 --> 00:18:42,185
Organized cyber crime groups operate like real
companies. They have developers, managers,
192
00:18:42,185 --> 00:18:48,105
even customer support teams. Yes, even criminals
have support chat for their victims. Some even
193
00:18:48,105 --> 00:18:53,705
run affiliate programs. This is an entire
underground economy generating billions of
194
00:18:53,705 --> 00:18:58,905
dollars every single year. Now, let's talk about
something you might not expect. Reconnaissance.
195
00:18:58,905 --> 00:19:04,905
The first step of every hack. Before a hacker
attacks you, they study you. They research you.
196
00:19:04,905 --> 00:19:11,225
This process is called reconnaissance or simply
recon. And here's the uncomfortable truth. Most
197
00:19:11,225 --> 00:19:16,345
of the information they need, you've already
shared publicly. Your full name on Facebook,
198
00:19:16,345 --> 00:19:22,745
your job on LinkedIn, your phone number leaked in
some data breach. Your hometown, your pet's name,
199
00:19:22,745 --> 00:19:28,265
your birthday, your favorite team, all sitting
there on your social media. Now, imagine this.
200
00:19:28,265 --> 00:19:34,345
A hacker decides to target you. They check your
profile. They see your dog's name is Max. They see
201
00:19:34,345 --> 00:19:41,065
your birthday March 15th. They try logging into
your account using passwords like max 190 or max
202
00:19:41,065 --> 00:19:47,705
315 and it works because nearly half of people
use personal information in their passwords.
203
00:19:47,705 --> 00:19:54,585
That's not a guess. That's reality. So here's the
lesson. Simple but powerful. Your digital presence
204
00:19:54,585 --> 00:19:59,545
is your attack surface. The more you share, the
more exposed you become. Now that you understand
205
00:19:59,545 --> 00:20:04,665
how hackers think, let's move to the next level
because thinking is only half the story. Next,
206
00:20:04,665 --> 00:20:09,145
you're going to see the tools, the weapons,
the actual methods they use. And this is where
207
00:20:09,145 --> 00:20:15,465
things get very real, very fast. Chapter 4, the
most common cyber attacks. It's time to talk
208
00:20:15,465 --> 00:20:21,545
about weapons. Not guns, not bombs, but digital
weapons that are being used right now on millions
209
00:20:21,545 --> 00:20:25,865
of people around the world. Let's go through
the most common and most dangerous ones with
210
00:20:25,865 --> 00:20:32,105
real examples so you never forget them. Attack
number one, fishing. Say this word out loud,
211
00:20:32,105 --> 00:20:37,785
fishing. It sounds like fishing. And that's
exactly what it is. A hacker casts a line,
212
00:20:37,785 --> 00:20:42,585
puts bait on it, and waits for you to bite.
The bait is usually an email, a text message,
213
00:20:42,585 --> 00:20:49,305
or a social media message that looks exactly like
it came from someone you trust, your bank, Apple,
214
00:20:49,305 --> 00:20:55,305
Amazon, Netflix, even your boss. The goal to
get you to click a link that takes you to a fake
215
00:20:55,305 --> 00:21:00,745
website where you enter your login details or to
open an attachment that installs malware on your
216
00:21:00,745 --> 00:21:08,105
device. Here's a real scenario. In 2020, Twitter
was hacked and more than 130 high-profile accounts
217
00:21:08,105 --> 00:21:15,385
were compromised. Elon Musk, Barack Obama, Joe
Biden, Jeff Bezos, all posting the same Bitcoin
218
00:21:15,385 --> 00:21:20,265
scam at the same time. So, how did it happen?
The hackers didn't break Twitter's servers.
219
00:21:20,265 --> 00:21:24,505
They didn't hack the code. They called Twitter
employees on the phone pretending to be IT support
220
00:21:24,505 --> 00:21:29,785
and they talked their way into internal access.
One phone call, that's it. And they got inside
221
00:21:29,785 --> 00:21:36,585
one of the biggest platforms in the world. That
is fishing. The human element, the weakest link in
222
00:21:36,585 --> 00:21:42,585
any security system. Now listen carefully. There
are common signs you can always look for. Urgency.
223
00:21:42,585 --> 00:21:48,905
Your account will be closed in 24 hours. Fear.
Suspicious activity detected. Verify now. Too
224
00:21:48,905 --> 00:21:55,385
good to be true. You've won an iPhone 15. Generic
greetings, dear customer, instead of your actual
225
00:21:55,385 --> 00:22:02,825
name, and strange email addresses like support at
azerandhelp.com instead of Amazon.com. Now there's
226
00:22:02,825 --> 00:22:08,825
an even more dangerous version, spear fishing.
This is targeted fishing, personalized. Instead
227
00:22:08,825 --> 00:22:14,425
of sending one message to thousands of people,
the hacker researches you, specifically your name,
228
00:22:14,425 --> 00:22:20,425
your job, your company, your colleagues, and then
they craft a message that feels completely real.
229
00:22:20,425 --> 00:22:25,065
Hi Sarah, this is Mike from IT. We noticed
an issue with your VPN access. Please confirm
230
00:22:25,065 --> 00:22:29,705
your credentials here. Everything looks correct.
Everything feels normal, and that's what makes it
231
00:22:29,705 --> 00:22:36,825
dangerous. Attack number two, malware, malicious
software. This is a broad term for any software
232
00:22:36,825 --> 00:22:42,825
designed to damage, disrupt, or gain unauthorized
access to your system. Think of malware
233
00:22:42,825 --> 00:22:47,785
like different types of infections. Some are
annoying, some are destructive, some are silent,
234
00:22:47,785 --> 00:22:54,505
working in the background for months before you
even notice. Let's break it down. Viruses, just
235
00:22:54,505 --> 00:22:59,145
like biological viruses, they attach themselves
to legitimate files and spread when those files
236
00:22:59,145 --> 00:23:05,545
are shared. Worms. These are more aggressive.
They spread on their own across networks without
237
00:23:05,545 --> 00:23:11,305
you doing anything at all. Trojans, named after
the Trojan horse from Greek mythology. They look
238
00:23:11,305 --> 00:23:18,025
like normal software. You install them willingly,
but inside there's something hidden, a back door,
239
00:23:18,025 --> 00:23:25,065
a silent entry point for hackers. One example
is Emoteet. First detected in 2014, it infected
240
00:23:25,065 --> 00:23:29,945
millions of computers worldwide. It spread
through fake invoice emails and once installed,
241
00:23:29,945 --> 00:23:35,545
it didn't just steal banking data. It also acted
as a delivery system for other malware. A malware
242
00:23:35,545 --> 00:23:43,065
that delivers malware like Russian nesting dolls,
but for cyber attacks. Ransomware. This is the one
243
00:23:43,065 --> 00:23:47,785
that's been making headlines. Ransomware is
malware that encrypts all your files, making
244
00:23:47,785 --> 00:23:53,785
them completely inaccessible, and then demands a
ransom, usually in cryptocurrency, to unlock them.
245
00:23:53,785 --> 00:24:00,185
In May 2021, the Colonial Pipeline, which supplies
about 45% of the fuel to the US East Coast,
246
00:24:00,185 --> 00:24:06,185
was hit by a ransomware attack. A group called
Dark Side carried it out. Colonial Pipeline paid
247
00:24:06,185 --> 00:24:14,265
the ransom. $4.4 million in Bitcoin. Gas shortages
spread across the Eastern United States. Panic
248
00:24:14,265 --> 00:24:18,825
buying, long lines at gas stations, all
because of ransomware, spyware. This is
249
00:24:18,825 --> 00:24:24,105
software that silently watches everything you do.
your keystrokes, your passwords, your credit card
250
00:24:24,105 --> 00:24:29,065
numbers, even screen recordings. All screen was
all sent back to the attacker. Adwear, usually
251
00:24:29,065 --> 00:24:34,105
less dangerous, but extremely annoying. It floods
your device with ads, and sometimes it becomes
252
00:24:34,105 --> 00:24:40,905
a gateway to more serious infections. Attack
number three, man-in-the-middle attacks. Imagine
253
00:24:40,905 --> 00:24:46,585
you're passing a note to your friend in class, but
someone is sitting between you. They intercept it,
254
00:24:46,585 --> 00:24:51,945
they read it, maybe even change it, and then pass
it on. Both of you think you're talking directly
255
00:24:51,945 --> 00:24:58,105
to each other, but you're not. There is someone
in the middle. That is a man-in-the-middle attack
256
00:24:58,105 --> 00:25:04,825
or midm. In digital terms, this happens when a
hacker secretly inserts themselves between your
257
00:25:04,825 --> 00:25:10,985
device and the server you're communicating with.
This becomes especially dangerous on public Wi-Fi.
258
00:25:10,985 --> 00:25:16,505
You're at Starbucks. You connect to Starbucks
Wi-Fi. But what if that network was created by
259
00:25:16,505 --> 00:25:23,385
a hacker sitting just a few tables away? What if
the real network is called Starbucks guest and you
260
00:25:23,385 --> 00:25:28,905
connected to a fake one instead? Everything you
send, emails, passwords, banking details, passes
261
00:25:28,905 --> 00:25:34,345
through the hacker first. This is called an evil
twin attack and it's one of the biggest reasons
262
00:25:34,345 --> 00:25:41,305
public Wi-Fi without protection is extremely
risky. Attack number four, SQL injection. This one
263
00:25:41,305 --> 00:25:46,185
is a bit more technical, but I'll keep it simple.
Most websites store data in databases. your
264
00:25:46,185 --> 00:25:51,785
username, your address, your purchase history, all
stored in tables. To interact with that database,
265
00:25:51,785 --> 00:25:57,545
websites use a language called SQL, structured
query language. SQL injection happens when a
266
00:25:57,545 --> 00:26:02,665
hacker inserts malicious SQL code into input
fields like a login box or a search bar. For
267
00:26:02,665 --> 00:26:10,825
example, a normal user types John Doe. A hacker
might type John Doe apostrophe or one equals 1.
268
00:26:10,825 --> 00:26:15,945
If the website is not protected, that code can
trick the database into revealing everything,
269
00:26:15,945 --> 00:26:21,945
all users, or even deleting data. In 2008, a
single SQL injection attack on H Heartland payment
270
00:26:21,945 --> 00:26:29,145
systems exposed 130 million credit card numbers.
One injection, 130 million victims. Attack number
271
00:26:29,145 --> 00:26:34,905
five, social engineering. This is the big one.
Because this attack is not against your computer,
272
00:26:34,905 --> 00:26:40,825
it is against you. Social engineering is
the art of manipulating people into giving
273
00:26:40,825 --> 00:26:46,745
up confidential information or performing actions
that break security. It exploits human psychology,
274
00:26:46,745 --> 00:26:52,585
not technical systems. Pretexting. This is when
an attacker creates a fake scenario to trick
275
00:26:52,585 --> 00:26:57,945
you into sharing information. Hi, I'm from your
bank's fraud department. We need to verify your
276
00:26:57,945 --> 00:27:05,945
PIN. No real bank will ever ask for your PIN, your
full password, or your OTP ever. Baiting. This is
277
00:27:05,945 --> 00:27:12,185
psychological trap behavior. A USB drive is left
somewhere. Parking lot, office, public place. It's
278
00:27:12,185 --> 00:27:18,585
labeled something tempting. Salary data 2024. You
pick it up, you plug it in, and malware installs
279
00:27:18,585 --> 00:27:25,785
instantly. In real studies, almost half of people
plugged in unknown USB drives. 48%. Tailgating.
280
00:27:25,785 --> 00:27:30,025
This is physical social engineering. Someone
follows an authorized employee into a secure
281
00:27:30,025 --> 00:27:35,625
building. Oh, I forgot my badge. Can you hold
the door? People are polite. They say yes. And
282
00:27:35,625 --> 00:27:42,425
just like that, an unauthorized person is inside.
Quidd proquo, Latin for something for something.
283
00:27:42,425 --> 00:27:46,825
Free tech support. You call, they guide you
step by step. But instead of helping you,
284
00:27:46,825 --> 00:27:53,625
they install malware while you think you are being
assisted. In 2011, RSA security, a cyber security
285
00:27:53,625 --> 00:27:59,865
company itself, was breached. An employee opened
a fishing email with an Excel file called 2011
286
00:27:59,865 --> 00:28:06,185
recruitment plan. One click. and RSA's security
tokens used by governments and defense contractors
287
00:28:06,185 --> 00:28:11,625
were compromised. A cyber security company
breached through social engineering. If it can
288
00:28:11,625 --> 00:28:17,305
happen to them, it can happen to anyone. Attack
number six, denial of service or DOS. Imagine
289
00:28:17,305 --> 00:28:22,505
calling a restaurant to make a reservation.
You get through. You book your table. Now,
290
00:28:22,505 --> 00:28:28,985
imagine 10,000 people all call at the same time.
Every line is busy. No real customer can get
291
00:28:28,985 --> 00:28:34,745
through. The restaurant becomes unusable. That's
a denial of service attack. In digital form,
292
00:28:34,745 --> 00:28:40,185
hackers flood a server with so much fake traffic
that it can't respond to real users. The D and
293
00:28:40,185 --> 00:28:45,945
DDOS means distributed, meaning the attack comes
from thousands of different devices at the same
294
00:28:45,945 --> 00:28:52,345
time. Often these devices are not even controlled
directly by hackers. They are innocent devices
295
00:28:52,345 --> 00:28:58,745
infected with malware. Phones, computers, smart
devices, all turned into an army. This army is
296
00:28:58,745 --> 00:29:06,265
called a botnet. In 2016, a massive DDoS attack
using a botnet called Mi took down major websites
297
00:29:06,265 --> 00:29:11,785
including Netflix, Twitter, Amazon, and Reddit.
Not because those companies were hacked directly,
298
00:29:11,785 --> 00:29:16,505
but because the infrastructure they relied on
was overwhelmed. And the botnet, it was made
299
00:29:16,505 --> 00:29:23,065
of infected smart TVs, baby monitors, and routers.
Your smart fridge could be part of a hacker's army
300
00:29:23,065 --> 00:29:27,785
without you ever knowing. I know that's a lot,
but understanding these attacks is the first step
301
00:29:27,785 --> 00:29:33,305
to defending against them. Now the real question
is why do these attacks succeed? And the honest
302
00:29:33,305 --> 00:29:39,785
answer is simple mistakes. Common, predictable,
preventable mistakes. Let's talk about those
303
00:29:39,785 --> 00:29:45,625
next. Chapter five, the biggest mistakes people
make online. The habits that make you vulnerable.
304
00:29:45,625 --> 00:29:50,265
All right, true confession time. I'm going to
list some habits and I want you to honestly
305
00:29:50,265 --> 00:29:55,705
count how many you're guilty of. No judgment.
I've been there, too. But after this chapter,
306
00:29:55,705 --> 00:30:01,385
there's no going back. Mistake number one, weak
and reused passwords. Let's start with the most
307
00:30:01,385 --> 00:30:10,345
embarrassing one. The most common passwords in the
world year after year are things like 1 2 3 4 5 6
308
00:30:10,345 --> 00:30:18,505
password 1 2 3 4 5 6 7 8 9 and I love you. I wish
I was joking. These passwords are not protecting
309
00:30:18,505 --> 00:30:25,385
anything. A hacker's software can crack 1 2 3
4 5 6 in literally 0 seconds. Not milliseconds,
310
00:30:25,385 --> 00:30:31,625
zero. But here's the problem that's even worse
than weak passwords. Password reuse. Using the
311
00:30:31,625 --> 00:30:37,385
same password, even a strong one, across multiple
websites. Here's why this is catastrophic. Let's
312
00:30:37,385 --> 00:30:44,745
say you have a strong password like blue elephant
#209. You use it for your email, your bank,
313
00:30:44,745 --> 00:30:51,225
your Instagram, and some random shopping website.
You signed up for once and forgot about. Now that
314
00:30:51,225 --> 00:30:57,145
shopping website gets breached. Your email and
password get sold on the dark web. The hacker
315
00:30:57,145 --> 00:31:02,185
takes that same password and tries it on Gmail.
It works. Now they own your email. They use your
316
00:31:02,185 --> 00:31:07,785
email to reset your Instagram password. Now they
own your Instagram. They try your bank. It works.
317
00:31:07,785 --> 00:31:12,825
Now they own your money. One breach. Total digital
collapse. This is called a credential stuffing
318
00:31:12,825 --> 00:31:19,145
attack. And it works because people reuse
passwords. The fix? Use a password manager.
319
00:31:19,145 --> 00:31:25,705
Apps like Bit Warden, one password or Dashlane
generate and store unique complex passwords for
320
00:31:25,705 --> 00:31:30,665
every single website. You only remember one master
password. The manager handles everything else.
321
00:31:30,665 --> 00:31:36,425
It's like having a different key for every lock in
your life and keeping them all in a super secure
322
00:31:36,425 --> 00:31:44,585
keychain. Mistake number two, skipping two-factor
authentication. Two-factor authentication, 2FA.
323
00:31:44,585 --> 00:31:49,705
You've probably seen it when you log in and then
get a code sent to your phone. And yes, it feels
324
00:31:49,705 --> 00:31:54,905
annoying. One extra step. But here's what 2FA
actually does. Even if a hacker has your username
325
00:31:54,905 --> 00:32:01,065
and your password, they still can't get in without
that second factor, that code on your phone. Think
326
00:32:01,065 --> 00:32:06,505
of your account like a bank vault. Your password
is the combination lock. Two-factor authentication
327
00:32:06,505 --> 00:32:12,665
is the second key that only you physically hold.
Without both, the vault doesn't open. Microsoft
328
00:32:12,665 --> 00:32:20,825
research shows that enabling 2FA blocks 99.9% of
automated account attacks. 99.9%. For one extra
329
00:32:20,825 --> 00:32:27,705
step, turn on 2FA for every account that offers
it. Start with your email and your bank right now.
330
00:32:27,705 --> 00:32:33,785
Mistake number three, clicking without thinking.
The most dangerous thing you do online is click.
331
00:32:33,785 --> 00:32:39,625
Before clicking any link in an email, a text,
or a message, ask yourself three questions. One,
332
00:32:39,625 --> 00:32:45,705
did I expect this message? Two, does the sender's
address look exactly right? Not almost right,
333
00:32:45,705 --> 00:32:52,185
exactly right, like amazon.com or paypawone.com.
Three, what's the worst thing that happens if
334
00:32:52,185 --> 00:32:57,545
I I click this and it's fake? If you have any
hesitation, don't click. Instead, go directly to
335
00:32:57,545 --> 00:33:02,025
the website by typing the address yourself or call
the company using a number from their official
336
00:33:02,025 --> 00:33:08,425
website. Here's something hackers rely on.
Urgency. Your account will be deleted in 2 hours.
337
00:33:08,425 --> 00:33:13,545
You have a package pending. Confirm now. Urgent
tax refund available. Claim before midnight.
338
00:33:13,545 --> 00:33:19,225
Urgency kills critical thinking. It forces you to
react before you think. So the next time you feel
339
00:33:19,225 --> 00:33:26,985
rushed by a message, stop. Breathe. Because that
urgency is almost always manufactured. Mistake
340
00:33:26,985 --> 00:33:31,225
number four, using public Wi-Fi without
protection. We touched on this briefly,
341
00:33:31,225 --> 00:33:37,865
but let's go deeper. Airports, cafes, hotels,
malls, public Wi-Fi is everywhere. and almost
342
00:33:37,865 --> 00:33:43,145
all of it is either unencrypted, poorly secured,
or sometimes even spoofed by a hacker sitting
343
00:33:43,145 --> 00:33:49,065
nearby. When you connect to an open Wi-Fi network,
your traffic can potentially be visible to anyone
344
00:33:49,065 --> 00:33:55,065
on that same network. Now, imagine this. You're at
a hotel. You connect to hotel Wi-Fi. You log into
345
00:33:55,065 --> 00:33:59,385
your work email. You check your bank balance.
You even enter your credit card details for
346
00:33:59,385 --> 00:34:06,665
room service. Every single one of those actions
could be monitored, intercepted, stolen. The fix?
347
00:34:06,665 --> 00:34:12,905
Use a VPN, a virtual private network. A VPN
creates an encrypted tunnel between your device
348
00:34:12,905 --> 00:34:18,185
and the internet. So even if a hacker is sitting
right next to you on that same hotel Wi-Fi,
349
00:34:18,185 --> 00:34:23,785
all they see is scrambled data, unreadable. VPNs
are not just for tech experts, they're a basic
350
00:34:23,785 --> 00:34:29,385
safety tool, like a seat belt for the internet.
Mistake number five, oversharing on social media.
351
00:34:29,385 --> 00:34:34,345
Quick question. Does your Facebook profile show
your full birthday, your hometown, your school,
352
00:34:34,345 --> 00:34:39,705
your pet's names? Does your Instagram have
location tags, photos showing your neighborhood,
353
00:34:39,705 --> 00:34:45,225
your house area, even your car plate? All of
this is gold for a hacker doing reconnaissance.
354
00:34:45,225 --> 00:34:50,025
Remember those security questions? What is your
mother's maiden name? What was your first pet's
355
00:34:50,025 --> 00:34:55,385
name? What street did you grow up on? Now imagine
all of that information is already publicly
356
00:34:55,385 --> 00:35:01,305
available on your social media, even old posts,
even forgotten photos. A determined attacker can
357
00:35:01,305 --> 00:35:08,025
collect it all and reset your accounts. The fix is
not to delete everything. It's to be intentional.
358
00:35:08,025 --> 00:35:13,305
Limit what is public. Turn off location tagging
and never use real personal answers for security
359
00:35:13,305 --> 00:35:19,625
questions. Use random words. Things that mean
nothing to your real life. Mistake number six,
360
00:35:19,625 --> 00:35:25,625
ignoring software updates. I know updates are
annoying. Update available. Remind me later.
361
00:35:25,625 --> 00:35:30,585
Remind me later. Again and again. But here's what
you're actually doing. When software companies
362
00:35:30,585 --> 00:35:35,705
release updates, they are often fixing security
holes, vulnerabilities that hackers already know
363
00:35:35,705 --> 00:35:41,145
about. The moment a patch is released, hackers
also learn what was fixed, and they immediately
364
00:35:41,145 --> 00:35:48,985
start targeting people who haven't updated yet.
In 2017, the W to Cry ransomware attack infected
365
00:35:48,985 --> 00:35:57,225
300,000 computers across 150 countries, including
hospitals in the UK where surgeries were cancelled
366
00:35:57,225 --> 00:36:02,985
and patient records became inaccessible. And
here's the shocking part. Microsoft had already
367
00:36:02,985 --> 00:36:08,425
released the fix. The vulnerability was patched,
but hundreds of thousands of systems never
368
00:36:08,425 --> 00:36:14,025
installed the update. 300,000 computers because
people kept clicking remind me later. Update your
369
00:36:14,025 --> 00:36:19,865
software. Update your phone. Update your apps.
When the notification comes, don't delay it.
370
00:36:19,865 --> 00:36:26,665
Mistake number seven, trusting everything you read
online. Misinformation, disinformation, fake news.
371
00:36:26,665 --> 00:36:32,425
These are not just social problems. They are cyber
security tools. Hackers create fake articles, fake
372
00:36:32,425 --> 00:36:37,625
giveaways, fake celebrity promotions, all designed
to trick you into clicking links or downloading
373
00:36:37,625 --> 00:36:43,225
malware. Before you trust anything online, verify
it with a second source. If something feels
374
00:36:43,225 --> 00:36:49,545
extreme, extremely angry, or extremely exciting,
pause because that emotion is often the weapon.
375
00:36:49,545 --> 00:36:56,345
And now there's something even more dangerous.
AI generated content, deep fakes, videos, audio,
376
00:36:56,345 --> 00:37:02,425
even liveing calls that are completely fake.
In 2024, a finance employee at a multinational
377
00:37:02,425 --> 00:37:08,905
company joined a video call with what looked like
their CFO. Same face, same voice, same mannerisms.
378
00:37:08,905 --> 00:37:15,785
They were instructed to transfer funds and they
did. $25 million transferred to criminals. The CFO
379
00:37:15,785 --> 00:37:22,905
was not real. It was a deep fake. $25 million
gone. The landscape of deception is evolving
380
00:37:22,905 --> 00:37:28,345
faster than most people realize. Now you know the
mistakes and more importantly, you understand why
381
00:37:28,345 --> 00:37:33,545
they happen. So, let's flip everything now because
knowing what not to do is only half the story.
382
00:37:33,545 --> 00:37:39,625
Next, let's talk about what smart, prepared,
security aware people actually do. Chapter six,
383
00:37:39,625 --> 00:37:44,345
how to protect yourself like a pro. All right,
this is where we stop talking about problems and
384
00:37:44,345 --> 00:37:49,705
start talking about solutions. Everything in this
chapter is something you can do today and most
385
00:37:49,705 --> 00:37:55,785
of it is free. Let's build your digital armor.
Protection number one, the password system. The
386
00:37:55,785 --> 00:38:00,105
goal is simple. Never use the same password
twice and every password should be long and
387
00:38:00,105 --> 00:38:07,705
complex. The method, a password manager. My top
free recommendation is Bit Warden, open-source,
388
00:38:07,705 --> 00:38:13,545
audited, and trusted by security professionals
worldwide. Here's how it works. You create one
389
00:38:13,545 --> 00:38:19,225
master password for Bit Warden. Make it strong
but memorable. Something like a sentence. My dog
390
00:38:19,225 --> 00:38:25,385
exclamation mark ate three tacos at Tuesday. Easy
to remember, almost impossible to crack. Then,
391
00:38:25,385 --> 00:38:31,145
Bit Warden generates random unique 20 character
passwords for every website you use, and it stores
392
00:38:31,145 --> 00:38:37,225
them all. The result, even if 10 websites you
use get breached, your other accounts stay safe
393
00:38:37,225 --> 00:38:42,185
because every password is different. And that one
change alone puts you ahead of almost everyone
394
00:38:42,185 --> 00:38:48,505
online. If you don't want a password manager, at
minimum, use passphrases. A passphrase is a random
395
00:38:48,505 --> 00:38:54,825
string of four or five unrelated words. Purple
rocket exclamation mark cloud banana. That's 24
396
00:38:54,825 --> 00:39:01,465
characters. And it would take a computer billions
of years to crack through brute force. But it's
397
00:39:01,465 --> 00:39:05,945
still something you can actually remember.
Protection number two, activate two-factor
398
00:39:05,945 --> 00:39:11,385
authentication everywhere. We talked about this.
Now, let's apply it. Start with priorities. One,
399
00:39:11,385 --> 00:39:15,545
email. This is your master key. If someone gets
access to your email, they can reset everything
400
00:39:15,545 --> 00:39:20,745
else. Two, bank and financial accounts.
Three, social media, Instagram, Facebook,
401
00:39:20,745 --> 00:39:27,225
X, Tik Tok. Four, shopping accounts, Amazon,
eBay. Five, cloud storage, Google Drive, Dropbox,
402
00:39:27,225 --> 00:39:32,825
iCloud. Now, listen carefully. Not all two-factor
authentication is equal. SMS codes are better
403
00:39:32,825 --> 00:39:38,505
than nothing, but they can be intercepted through
something called SIM swapping, where an attacker
404
00:39:38,505 --> 00:39:43,945
tricks your mobile carrier into transferring your
number to their SIM card. The better option is
405
00:39:43,945 --> 00:39:50,105
an authenticator app, Google authenticator,
AI, Microsoft Authenticator. These generate
406
00:39:50,105 --> 00:39:54,985
timebased codes that change every 30 seconds. They
don't go through the phone network. They stay on
407
00:39:54,985 --> 00:39:59,945
your device. Use an authenticator app whenever
possible. Protection number three, secure your
408
00:39:59,945 --> 00:40:05,385
home network. Your Wi-Fi router is the front door
to your entire digital life. Most people set it
409
00:40:05,385 --> 00:40:11,785
up once and never touch it again. Here's a quick
checklist. Step one, change the default router
410
00:40:11,785 --> 00:40:18,265
login. Every router comes with default credentials
like admin, admin, or admin password. Hackers
411
00:40:18,265 --> 00:40:25,705
already know these. Change them immediately. Log
into your router, usually by typing 1 192.168.1.1
412
00:40:25,705 --> 00:40:32,505
into your browser and update the admin username
and password. Step two, use WPA3 encryption in
413
00:40:32,505 --> 00:40:39,225
your Wi-Fi settings. Set security to WPA3 or
at minimum WPA2. Never use open networks or
414
00:40:39,225 --> 00:40:45,145
web. They are not secure. Step three, create a
guest network. Most modern routers allow this.
415
00:40:45,145 --> 00:40:50,425
Put smart devices like TVs, smart speakers,
baby monitors, and thermostats on the guest
416
00:40:50,425 --> 00:40:54,585
network. Keep your phones and computers on
the main network. Why? Because smart devices
417
00:40:54,585 --> 00:40:59,705
are often the weakest link. If one gets hacked,
it won't spread to everything else. Step four,
418
00:40:59,705 --> 00:41:05,785
update your router firmware. Just like your phone,
your router needs updates, too. These updates fix
419
00:41:05,785 --> 00:41:11,305
security holes. Check your router settings or
the manufacturer's website at least once a year,
420
00:41:11,305 --> 00:41:16,505
and install updates when available. These four
steps turn your home network from a weak entry
421
00:41:16,505 --> 00:41:22,345
point into a much stronger defense. Protection
number four, use a VPN on public networks. We
422
00:41:22,345 --> 00:41:27,225
already covered this, but let's make it practical.
When should you use a VPN? Anytime you are on
423
00:41:27,225 --> 00:41:34,585
public Wi-Fi, cafes, airports, hotels, libraries,
also when you want an extra layer of privacy while
424
00:41:34,585 --> 00:41:39,865
browsing or when you're traveling, especially in
places with strict internet restrictions. Now,
425
00:41:39,865 --> 00:41:46,185
here are some trusted VPN providers. ProtonVPN.
It also has a solid free tier created by the same
426
00:41:46,185 --> 00:41:53,865
people behind Proton Mail, a privacy focused
email service, MolvadVPN, and ExpressVPN. But
427
00:41:53,865 --> 00:41:59,945
listen carefully. Important warning. Not all VPNs
are safe. There are hundreds of freeVPN apps,
428
00:41:59,945 --> 00:42:04,905
especially on mobile, that actually spy on your
traffic. They don't protect you. They watch you,
429
00:42:04,905 --> 00:42:10,585
and they can be more dangerous than using noVPN at
all. So stick to trusted well-reviewed providers
430
00:42:10,585 --> 00:42:16,345
because if something is completely free with no
clear business model then you are not the customer
431
00:42:16,345 --> 00:42:22,025
you are the product. Protection number five
encrypt your devices. Encryption is not just for
432
00:42:22,025 --> 00:42:28,345
companies. It is for everyone. Your phone should
be encrypted. Your laptop should be encrypted.
433
00:42:28,345 --> 00:42:32,585
The good news most modern devices already do
this automatically. iPhones are encrypted by
434
00:42:32,585 --> 00:42:37,865
default as soon as you set a passcode. Android
devices are usually encrypted by default on on
435
00:42:37,865 --> 00:42:43,705
newer versions. You can check in settings under
security. On Windows laptops, you can use Bit
436
00:42:43,705 --> 00:42:49,305
Locker or Veraracrypt, a free love open source
tool. On Mac, you can enable File Vault under
437
00:42:49,305 --> 00:42:55,465
security and privacy settings. Now, why does this
matter? Imagine your laptop gets stolen. If it is
438
00:42:55,465 --> 00:43:00,745
not encrypted, someone can remove the hard
drive and access every file, every password,
439
00:43:00,745 --> 00:43:06,345
every document without even logging in. But if
it is encrypted, all they see is scrambled data,
440
00:43:06,345 --> 00:43:12,265
completely unreadable. Protection number six, be
smart about email. Email is still the number one
441
00:43:12,265 --> 00:43:17,705
attack vector, so we need to harden it. First,
use a secure email provider. Gmail and Outlook
442
00:43:17,705 --> 00:43:24,025
are fine if configured properly, but for sensitive
communication, Proton Mail is a strong option. It
443
00:43:24,025 --> 00:43:29,385
is endto-end encrypted and based in Switzerland.
Second, always check the sender's address
444
00:43:29,385 --> 00:43:36,025
carefully. Not just the name you see, the actual
email address. A message might say PayPal security
445
00:43:36,025 --> 00:43:41,785
team, but the real address could be something like
random letters at suspiciousdommain.com. Third,
446
00:43:41,785 --> 00:43:46,505
never trust display names. A hacker can
name themselves anything, bank support,
447
00:43:46,505 --> 00:43:53,625
security team, even CEO, but the real email
behind it can be completely fake. Fourth,
448
00:43:53,625 --> 00:43:58,905
never enable macros and unknown documents. If you
receive a Word or Excel file and it says enable
449
00:43:58,905 --> 00:44:03,945
macros to view content, do not do it. That is one
of the most common ways malware enters systems,
450
00:44:03,945 --> 00:44:10,105
delete it immediately. Protection number seven,
monitor your digital exposure. Start with have I
451
00:44:10,105 --> 00:44:15,625
beenpawned.com. Enter your email. Check if it
has appeared in any known data breaches. Then
452
00:44:15,625 --> 00:44:22,585
Google yourself regularly. See what information
about you you is public. Set up Google alerts
453
00:44:22,585 --> 00:44:27,465
for your name so you know when new information
appears online. And check your credit reports
454
00:44:27,465 --> 00:44:32,745
at least once a year. Look for any accounts
or loans you did not open because that can be
455
00:44:32,745 --> 00:44:38,665
a sign of identity theft. In many countries, you
are entitled to free annual credit reports. This
456
00:44:38,665 --> 00:44:43,625
is not about fear. It is about awareness. The
people who do these things get hacked far less
457
00:44:43,625 --> 00:44:50,105
often. It is that simple. You do not need to be
a tech expert. You just need to be intentional.
458
00:44:50,105 --> 00:44:55,945
And if you're still here, that already says a
lot. Now, we're going even deeper because next we
459
00:44:55,945 --> 00:45:01,625
move from protection to understanding the science
behind it all. The core principles that the entire
460
00:45:01,625 --> 00:45:09,785
cyber security world is built on. And trust me,
even this part will stay simple. Chapter 7, cyber
461
00:45:09,785 --> 00:45:14,745
security fundamentals. If cyber security were a
building, this chapter would be the foundation.
462
00:45:14,745 --> 00:45:19,465
The concepts we're covering here are what every
security professional builds on, from entry-
463
00:45:19,465 --> 00:45:24,825
level analysts to chief information security
officers. Understanding this makes you fluent
464
00:45:24,825 --> 00:45:30,585
in the language of cyber security. Let's start
with the most important one, the CIA triad. No,
465
00:45:30,585 --> 00:45:37,385
not the intelligence agency. In cyber security,
CIA stands for confidentiality, integrity,
466
00:45:37,385 --> 00:45:43,465
availability. These three principles form the
foundation of every security system, policy, and
467
00:45:43,465 --> 00:45:48,825
decision. Let's break them down. Confidentiality.
Information should only be accessible to those
468
00:45:48,825 --> 00:45:52,825
who are authorized to see it. Your medical
records should only be seen by your doctor,
469
00:45:52,825 --> 00:45:59,145
not random employees, not unauthorized systems,
not hackers. Your bank PIN should only be known by
470
00:45:59,145 --> 00:46:05,545
you. Confidentiality is violated when unauthorized
people gain access to information they should
471
00:46:05,545 --> 00:46:11,625
never see. The main tools used here are
encryption, access control, and authentication,
472
00:46:11,625 --> 00:46:17,705
integrity. Information should remain accurate and
untouched. When your bank records a transaction,
473
00:46:17,705 --> 00:46:24,345
it should stay exactly what it is, $50, not 500,
not 50,000. When a doctor writes a prescription,
474
00:46:24,345 --> 00:46:30,665
it should not be changed by anyone unauthorized.
Integrity is broken when data is modified without
475
00:46:30,665 --> 00:46:37,545
permission, by hackers, by software errors, or
even by insiders. The main tools for integrity
476
00:46:37,545 --> 00:46:43,865
are check sums, cryptographic hashing and audit
logs, availability. Information in systems should
477
00:46:43,865 --> 00:46:48,985
be accessible when authorized users need them.
Remember the DDoS attack that took down platforms
478
00:46:48,985 --> 00:46:54,505
like Netflix and Twitter? That was an attack on
availability. Even if your data is secure and
479
00:46:54,505 --> 00:47:00,105
even if it is untouched, if you cannot access it
when needed, the system has failed. Hospitals have
480
00:47:00,105 --> 00:47:06,505
been hit hard by ransomware. Not only because data
was locked but because systems became unavailable.
481
00:47:06,505 --> 00:47:12,025
Patient records, medical equipment, everything
disrupted. Lives were put at risk. The main tools
482
00:47:12,025 --> 00:47:18,825
for availability are redundancy, backups, failover
systems, and DDoS protection. Every cyber security
483
00:47:18,825 --> 00:47:24,105
decision, every system design, every security
policy is built around these three principles.
484
00:47:24,105 --> 00:47:29,705
When you hear about a data breach, ask yourself
which one was broken. Most of the time it's
485
00:47:29,705 --> 00:47:35,145
confidentiality. When you hear about ransomware,
it's availability. When you hear about altered or
486
00:47:35,145 --> 00:47:41,465
fake data, it's integrity. The CIA triad gives
you a simple framework to understand any cyber
487
00:47:41,465 --> 00:47:46,585
security incident. No matter how complex it
looks, it always comes back to these three
488
00:47:46,585 --> 00:47:53,385
ideas. Encryption, the language of secrets. We've
mentioned encryption several times now. So, let's
489
00:47:53,385 --> 00:47:59,145
actually understand it. Encryption is the process
of scrambling data so that only someone with the
490
00:47:59,145 --> 00:48:04,425
correct key can read it. Imagine you and your best
friend create a secret code. Every letter of the
491
00:48:04,425 --> 00:48:11,385
alphabet gets replaced. Uh becomes X, B becomes Q,
and so on. You write hello, but to everyone else
492
00:48:11,385 --> 00:48:16,985
it looks like complete nonsense. However, your
friend has the same code book, so they decode
493
00:48:16,985 --> 00:48:24,105
it instantly. That is encryption at its simplest
level. Now, here's the reality. Modern encryption
494
00:48:24,105 --> 00:48:30,105
is millions of times more advanced than this. It
uses complex mathematical algorithms that even the
495
00:48:30,105 --> 00:48:35,865
most powerful supercomputers would take millions
of years to crack. Types of encryption you should
496
00:48:35,865 --> 00:48:41,625
know. Symmetric encryption. This is where both the
sender and receiver use the same key to encrypt
497
00:48:41,625 --> 00:48:47,065
and decrypt data. It's fast and efficient. But
here's the problem. How do you securely share
498
00:48:47,065 --> 00:48:52,505
that key in the first place? Because if someone
intercepts it, the entire system is compromised.
499
00:48:52,505 --> 00:48:58,185
Think of it like this. You and your friend both
have the same physical key to a lock box. But how
500
00:48:58,185 --> 00:49:03,865
do you safely give each other that key without
someone stealing it? Now, asymmetric encryption,
501
00:49:03,865 --> 00:49:10,825
also called public key cryptography. This solved
the key sharing problem. Each person has two keys
502
00:49:10,825 --> 00:49:16,425
that are mathematically linked. A public key and
a private key. The public key you can share with
503
00:49:16,425 --> 00:49:22,985
anyone. The private key you keep completely
secret. Here is the magic. Anything encrypted
504
00:49:22,985 --> 00:49:27,465
with your public key can only be decrypted
with your private key. And it also works the
505
00:49:27,465 --> 00:49:32,905
other way around. So I can give you my public
key openly. You use it to encrypt a message,
506
00:49:32,905 --> 00:49:39,705
but only my private key, which only I possess, can
unlock it. Even if someone intercepts that message
507
00:49:39,705 --> 00:49:46,105
and even if they have the public key, they still
cannot read it. This is the foundation of HTTPS,
508
00:49:46,105 --> 00:49:50,265
digital signatures, and most secure
communication systems today. End-to-end
509
00:49:50,265 --> 00:49:55,865
encryption. When people say a messaging app is
endto-end encrypted, like WhatsApp or Signal,
510
00:49:55,865 --> 00:50:00,985
it means only the sender and receiver can read
the messages, not the company, not the server,
511
00:50:00,985 --> 00:50:05,945
and in most cases, not even attackers in the
middle. The encryption and decryption happen
512
00:50:05,945 --> 00:50:12,025
directly on your device. The server only passes
along scrambled data without ever understanding
513
00:50:12,025 --> 00:50:18,105
it. Now, let's move to something equally
important. Authentication versus authorization.
514
00:50:18,105 --> 00:50:23,865
These two words get confused constantly. Let's
separate them clearly. Authentication means
515
00:50:23,865 --> 00:50:29,225
are you who you say you are. It is identity
verification. Logging in with a username and
516
00:50:29,225 --> 00:50:35,225
password is authentication. You are proving you
are the account owner. Two-factor authentication
517
00:50:35,225 --> 00:50:41,145
adds another layer of proof. Biometrics like
fingerprints or face recognition are also forms of
518
00:50:41,145 --> 00:50:47,625
authentication. Authorization means what are you
allowed to do? Once the system knows who you are,
519
00:50:47,625 --> 00:50:52,745
it decides your permissions. For example, a bank
employee might be able to view customer accounts,
520
00:50:52,745 --> 00:50:57,705
but only a senior manager can approve large
transfers and only IT staff can access
521
00:50:57,705 --> 00:51:03,785
server systems. Authentication opens the door.
Authorization decides which rooms you can enter.
522
00:51:03,785 --> 00:51:09,945
And this distinction is critical because attackers
target both. Stealing your password is breaking
523
00:51:09,945 --> 00:51:15,865
authentication. But once inside trying to access
things you should not access is called privilege
524
00:51:15,865 --> 00:51:21,945
escalation. That is an attack on authorization.
Both layers matter and both are essential in cyber
525
00:51:21,945 --> 00:51:27,545
security defense. A firewall is exactly what
it sounds like. In buildings, a firewall is
526
00:51:27,545 --> 00:51:33,545
a physical barrier that stops fire from spreading
from one room to another. In networks, a firewall
527
00:51:33,545 --> 00:51:40,185
is software or hardware that monitors all incoming
and outgoing traffic and decides based on rules
528
00:51:40,185 --> 00:51:45,385
what is allowed and what is blocked. Think of a
firewall as a bouncer at a nightclub. The bouncer
529
00:51:45,385 --> 00:51:52,425
has rules, no weapons, must be over 18, must have
a reservation on certain nights. Now, think of
530
00:51:52,425 --> 00:51:58,585
network traffic as people trying to enter. The
firewall checks every request against its rules.
531
00:51:58,585 --> 00:52:04,585
This traffic is coming from a known malicious IP
address. Blocked. This request is trying to access
532
00:52:04,585 --> 00:52:09,945
a sensitive port without permission. Blocked.
This is a normal legitimate request from a trusted
533
00:52:09,945 --> 00:52:15,865
website. Allowed. Firewalls are one of the first
lines of defense in any network. Your home router
534
00:52:15,865 --> 00:52:21,545
already has a basic firewall built in. But large
organizations use enterprisegrade firewalls with
535
00:52:21,545 --> 00:52:27,705
far more advanced control and intelligence. Now,
let's move to something more modern. Zero trust.
536
00:52:27,705 --> 00:52:33,785
For decades, network security worked on a simple
idea. Build a strong wall around the system. Trust
537
00:52:33,785 --> 00:52:40,345
everything inside and block everything outside.
But this model had a major flaw. Once an attacker
538
00:52:40,345 --> 00:52:44,825
gets inside through a stolen password, a
fishing attack or a compromised device,
539
00:52:44,825 --> 00:52:49,785
they can move freely inside the system.
This approach failed as companies move to
540
00:52:49,785 --> 00:52:56,745
cloud systems and remote work. So a new model was
created, zero trust. And the principle is simple.
541
00:52:56,745 --> 00:53:02,425
Never trust. Always verify. In a zero trust
system, nothing is automatically trusted.
542
00:53:02,425 --> 00:53:07,945
Not devices inside the network, not employees at
their desks, not even high level executives. Every
543
00:53:07,945 --> 00:53:13,065
access request must be verified. Every identity
must be confirmed. Every device must meet security
544
00:53:13,065 --> 00:53:19,145
requirements. And access is strictly limited to
only what is necessary, nothing more. This is now
545
00:53:19,145 --> 00:53:24,985
the standard for modern enterprise security. And
it is a core concept in cyber security. Now, now
546
00:53:24,985 --> 00:53:31,225
let's talk about where real-time defense happens.
Security operations center, also known as SOCK. A
547
00:53:31,225 --> 00:53:36,665
SOCK is a team of cyber security professionals who
monitor an organization's systems 24 hours a day,
548
00:53:36,665 --> 00:53:42,745
7 days a week. Their job is to detect threats and
respond to incidents in real time. Think of it
549
00:53:42,745 --> 00:53:49,145
like mission control, but instead of rockets, they
are watching network traffic, security alerts,
550
00:53:49,145 --> 00:53:54,905
and system behavior. Sock analysts use tools
called CM systems, security information and
551
00:53:54,905 --> 00:54:00,425
event management. These systems collect logs
from hundreds of sources and look for suspicious
552
00:54:00,425 --> 00:54:06,425
patterns. For example, a user logs in from one
country and just minutes later logs in from
553
00:54:06,425 --> 00:54:11,705
another country. That is physically impossible.
So it gets flagged. Or a server suddenly starts
554
00:54:11,705 --> 00:54:18,025
sending 10 times more data than usual. That could
mean data is being stolen. So it gets investigated
555
00:54:18,025 --> 00:54:24,105
immediately. This is where active defense happens
in real time. And for many people, this is where
556
00:54:24,105 --> 00:54:29,385
a cyber security career begins. You have now
learned the core language and core concepts of
557
00:54:29,385 --> 00:54:35,385
cyber security. More than most people in IT could
clearly explain a few years ago. And now that this
558
00:54:35,385 --> 00:54:41,545
foundation is in place, we move to the exciting
part. What can you actually build with all of this
559
00:54:41,545 --> 00:54:47,865
knowledge? Let's talk about careers. Chapter 8.
Cyber security career paths explained. the road
560
00:54:47,865 --> 00:54:54,265
mapap to a fulfilling high-paying career. Let me
set a scene for you. You wake up, no alarm stress.
561
00:54:54,265 --> 00:55:01,225
You open your laptop or sometimes you walk into a
company headquarters somewhere exciting. Your job,
562
00:55:01,225 --> 00:55:05,545
you think like a criminal, you find weaknesses
in systems before the bad guys do, and you get
563
00:55:05,545 --> 00:55:10,825
paid very well for it. Or maybe your role is
different. You analyze threat intelligence. You
564
00:55:10,825 --> 00:55:16,185
help organizations stay safe. You design security
systems for hospitals, banks, or even government
565
00:55:16,185 --> 00:55:21,705
agencies. Here's the truth. Cyber security
is not one career. It is dozens of careers,
566
00:55:21,705 --> 00:55:28,265
each with its own focus, its own skills, and its
own personality fit. And and right now, there is a
567
00:55:28,265 --> 00:55:34,985
global shortage of over 3.5 million cyber security
professionals. 3.5 million empty positions waiting
568
00:55:34,985 --> 00:55:41,865
to be filled. This is not a saturated field. It
is the opposite. Let's explore the major paths.
569
00:55:41,865 --> 00:55:48,825
Career path one, penetration tester, also known as
ethical hacker. Here's the simple idea. Companies
570
00:55:48,825 --> 00:55:54,185
pay you to hack them. A penetration tester is
hired to simulate real world cyber attacks against
571
00:55:54,185 --> 00:55:59,545
a company's systems, networks, and applications.
The goal is simple. Find vulnerabilities before
572
00:55:59,545 --> 00:56:05,145
malicious hackers do and report them so they can
be fixed. This is the career that sounds like a
573
00:56:05,145 --> 00:56:11,225
movie, and honestly, it kind of is. What you do?
You attempt to break into systems legally and
574
00:56:11,225 --> 00:56:16,585
with permission. You test web applications,
mobile apps, networks, and sometimes even
575
00:56:16,585 --> 00:56:23,865
physical security. Then you write detailed reports
explaining what you found and how to fix it. Who
576
00:56:23,865 --> 00:56:28,825
it is for? People who love puzzles, people who
think creatively, people who enjoy the thrill of
577
00:56:28,825 --> 00:56:34,825
the hunt, and people who are deeply curious about
how systems work underneath the surface. Average
578
00:56:34,825 --> 00:56:42,745
salary range around $80,000 to $140,000 per year
and higher depending on experience and region.
579
00:56:42,745 --> 00:56:48,825
Key certifications Certified Ethical Hacker and
OCP Offensive Security Certified Professional.
580
00:56:48,825 --> 00:56:55,225
This is considered the gold standard in offensive
security. Career path two sock analyst security
581
00:56:55,225 --> 00:57:02,105
operations center analyst. Here's the simple idea.
You are the first line of defense in a cyber war.
582
00:57:02,105 --> 00:57:07,305
Sassi analysts monitor security systems in real
time. They detect threats, investigate alerts,
583
00:57:07,305 --> 00:57:12,985
and respond to incidents. Just this is often the
entry-level gateway into cyber security careers.
584
00:57:12,985 --> 00:57:18,585
What you do, you monitor dashboards for suspicious
activity. You investigate security alerts. You
585
00:57:18,585 --> 00:57:24,425
respond to and contain security incidents and you
document everything carefully. Then you escalate
586
00:57:24,425 --> 00:57:30,745
serious threats to higher level teams. Who it is
for? people who are detail oriented, methodical,
587
00:57:30,745 --> 00:57:36,185
calm under pressure, and who enjoy detective
style thinking. Sock roles are divided into
588
00:57:36,185 --> 00:57:41,945
levels. Level one analysts handle initial alerts.
Level two analysts handle deeper investigations,
589
00:57:41,945 --> 00:57:46,985
and level three, often senior analysts focus on
advanced threat hunting. Average salary range
590
00:57:46,985 --> 00:57:54,425
from $45,000 to $85,000 depending on level and
experience. Key certifications, CompTIA Security
591
00:57:54,425 --> 00:58:01,145
Plus and CompTIA CISA Plus. Career path three,
incident responder. Here's the simple idea. The
592
00:58:01,145 --> 00:58:07,065
SWAT team of cyber security. When something goes
wrong, when a hospital gets hit by ransomware,
593
00:58:07,065 --> 00:58:11,705
when a company suffers a major data breach,
incident responders are the ones who get called
594
00:58:11,705 --> 00:58:17,705
in. They don't wait. They move fast. They contain
the damage. They investigate what happened. And
595
00:58:17,705 --> 00:58:24,025
they help restore systems back to normal. What
you do? You respond to active cyber incidents.
596
00:58:24,025 --> 00:58:30,425
You perform forensic analysis to understand how
the attack happened. You contain and remove the
597
00:58:30,425 --> 00:58:35,065
threat and you create detailed reports to
prevent it from happening again, who it is
598
00:58:35,065 --> 00:58:41,305
for. People who stay calm under pressure, people
who enjoy solving problems in crisis situations,
599
00:58:41,305 --> 00:58:48,585
and people with a forensic investigative mindset.
Average salary range around $85,000 to $130,000 or
600
00:58:48,585 --> 00:58:57,625
more depending on experience. Key certifications
GCI GAC certified incident handler and GCFE
601
00:58:57,625 --> 00:59:03,785
JIAK certified forensic examiner. Career path 4
digital forensics analyst. Here's the simple idea.
602
00:59:03,785 --> 00:59:08,825
The CSI of the cyber world. Digital forensics
analysts investigate cyber crime by recovering
603
00:59:08,825 --> 00:59:16,105
and analyzing digital evidence, deleted files,
hidden data, malware traces, and attack timelines.
604
00:59:16,105 --> 00:59:21,065
What you do? You recover data from computers,
phones, and storage devices. You build timelines
605
00:59:21,065 --> 00:59:26,185
of exactly what happened during a cyber incident.
You analyze evidence for legal cases and sometimes
606
00:59:26,185 --> 00:59:32,905
you testify in court as an expert witness, who it
is for. People who are extremely detail oriented,
607
00:59:32,905 --> 00:59:38,265
patient, analytical, and interested in both
technology and law. Average salary range around
608
00:59:38,265 --> 00:59:46,825
$65,000 to $110,000. Key certifications GCFE and
ENCE NK certified examiner. Career path five,
609
00:59:46,825 --> 00:59:51,785
security engineer, also known as security
architect. Here's the simple idea. You are
610
00:59:51,785 --> 00:59:56,985
the builder of digital fortresses. Security
engineers design and build the systems that
611
00:59:56,985 --> 01:00:03,625
protect organizations. They don't just respond to
attacks. They design defenses from the ground up.
612
01:00:03,625 --> 01:00:09,545
What you do, you design and implement firewalls,
VPNs, and intrusion detection systems. You build
613
01:00:09,545 --> 01:00:15,225
secure cloud infrastructure. You create security
policies and frameworks. And you review systems
614
01:00:15,225 --> 01:00:20,345
for vulnerabilities. Who it is for? People
who enjoy building systems, people with strong
615
01:00:20,345 --> 01:00:25,785
engineering thinking or Alif, and people who like
designing solutions rather than just reacting to
616
01:00:25,785 --> 01:00:34,825
problems. Average salary range around 100,000 to
$160,000. Key certifications, CISSP, certified
617
01:00:34,825 --> 01:00:40,265
information system security professional, and
cloud security certifications from AWS, Azure,
618
01:00:40,265 --> 01:00:46,425
and others. Career path six, cloud security
specialist. Here's the simple idea. Security
619
01:00:46,425 --> 01:00:51,305
for the modern internet. As companies move
everything to the cloud on platforms like AWS,
620
01:00:51,305 --> 01:00:57,385
Microsoft Azure, and Google Cloud, cloud security
has become critical. What you do? You secure
621
01:00:57,385 --> 01:01:02,745
cloud environments. You manage identity and access
control systems. You monitor cloud infrastructure
622
01:01:02,745 --> 01:01:08,025
for threats. And you ensure compliance with
security regulations. Who it is for? People
623
01:01:08,025 --> 01:01:14,985
interested in cloud technology with a strong focus
on security. Average salary range around 110,000
624
01:01:14,985 --> 01:01:22,265
to $170,000. Key certifications AWS certified
security specialty, Microsoft Azure security
625
01:01:22,265 --> 01:01:27,225
engineer and Google cloud security engineer.
And now you can see something important. Cyber
626
01:01:27,225 --> 01:01:33,625
security is not one path. It is a full ecosystem
of careers. Different roles, different skills,
627
01:01:33,625 --> 01:01:39,945
different personalities, but all connected by one
mission, protecting the digital world. Career path
628
01:01:39,945 --> 01:01:46,745
7, GRC analyst, governance, risk, and compliance.
Here's the simple idea. Not every cyber security
629
01:01:46,745 --> 01:01:52,345
role is about hacking systems. Some roles focus
on rules, policies, and risk management. GRC
630
01:01:52,345 --> 01:01:57,785
analysts work on the business side of security,
making sure organizations follow laws, standards,
631
01:01:57,785 --> 01:02:03,545
and internal security policies. What you do?
You develop and enforce security policies. You
632
01:02:03,545 --> 01:02:09,785
assess risks to business operations. You ensure
compliance with frameworks like ISO 27,0001,
633
01:02:09,785 --> 01:02:16,425
SOCK 2, GDPR and HIPPA. You also conduct security
audits and assessments. Who it is for? People who
634
01:02:16,425 --> 01:02:21,865
are detail oriented, people who enjoy structure
and policy work, and people who like working at
635
01:02:21,865 --> 01:02:27,545
the intersection of technology, business, and
law. Average salary range around $70,000 to
636
01:02:27,545 --> 01:02:35,465
$120,000. Key certifications CISM certified
information security manager and CRISK certified
637
01:02:35,465 --> 01:02:42,185
in risk and information systems control. Career
path 8 cyber security educator or trainer. Here's
638
01:02:42,185 --> 01:02:47,145
the simple idea. The cyber security skills gap
will not close on its own. It needs teachers,
639
01:02:47,145 --> 01:02:51,945
trainers, and communicators. Cyber security
educators work with companies, universities,
640
01:02:51,945 --> 01:02:56,185
and governments to train the next generation
of defenders. They build learning programs,
641
01:02:56,185 --> 01:03:02,185
run awareness sessions, and explain complex
security concepts in simple, practical ways.
642
01:03:02,185 --> 01:03:07,865
Who it is for? People who love teaching, people
who enjoy communication, and people who can break
643
01:03:07,865 --> 01:03:14,505
down complex ideas so anyone can understand them.
Average salary range, it varies widely from around
644
01:03:14,505 --> 01:03:20,585
50,000 to over $120,000 depending on role and
organization. Now, let's talk about something
645
01:03:20,585 --> 01:03:27,225
important. The most in- demand paths right now
based on current job market trends. The most in-
646
01:03:27,225 --> 01:03:33,785
demand cyber security roles are cloud security
engineers, penetration testers, sock analysts,
647
01:03:33,785 --> 01:03:39,545
incident responders, and application security
engineers. The beauty of cyber security is
648
01:03:39,545 --> 01:03:45,465
that everything is connected. Many people start as
sock analysts, then move into penetration testing,
649
01:03:45,465 --> 01:03:50,105
then into security architecture, and eventually
become sessos, chief information security
650
01:03:50,105 --> 01:03:56,665
officers. the executives responsible for an entire
organization's security. Your starting point does
651
01:03:56,665 --> 01:04:03,465
not define your ceiling. Now the real question,
how do you actually begin? No experience, maybe
652
01:04:03,465 --> 01:04:08,665
no degree. Where do you start? That is exactly
what the next chapter is about. Chapter nine,
653
01:04:08,665 --> 01:04:14,905
stepbystep road map to start cyber security.
The clear actionable path from zero to career
654
01:04:14,905 --> 01:04:20,185
ready. All right, let's get real. The most
common question beginners usually ask is this.
655
01:04:20,185 --> 01:04:25,385
I'm interested in cyber security, but I don't
know where to start. It feels overwhelming.
656
01:04:25,385 --> 01:04:30,585
I hear you. The field is broad. There are
hundreds of certifications, dozens of tools,
657
01:04:30,585 --> 01:04:35,465
thousands of tutorials. But here's the truth
that most people miss. You don't need to learn
658
01:04:35,465 --> 01:04:39,865
everything. You need to follow a path. And that's
exactly what I'm going to give you. Phase zero,
659
01:04:39,865 --> 01:04:46,505
mindset preparation. Week one to week two. Before
a single line of study, mindset. Cyber security
660
01:04:46,505 --> 01:04:51,785
rewards curiosity. Always wanting to know how
things work. Persistence. Things will break. You
661
01:04:51,785 --> 01:04:58,105
will fail. You keep going. Ethical thinking.
Power comes with responsibility. Continuous
662
01:04:58,105 --> 01:05:03,545
learning. This field changes faster than almost
any other. You do not need a computer science
663
01:05:03,545 --> 01:05:09,785
degree. Helpful, but not required. To be great
at math, basic logic, and some algebra is enough
664
01:05:09,785 --> 01:05:15,945
for most roles. To have hacked before, obviously,
some of the cyber security professionals came from
665
01:05:15,945 --> 01:05:20,985
completely different backgrounds. Psychology, law,
the military, customer service, what they share,
666
01:05:20,985 --> 01:05:25,545
curiosity, and commitment. You have both.
You're watching a 2-hour cyber security
667
01:05:25,545 --> 01:05:30,345
video voluntarily. That's all the proof you
need. At phase one, build the foundation.
668
01:05:30,345 --> 01:05:34,985
Month one to month two. Step one, learn how
computers and networks work. You can watch
669
01:05:34,985 --> 01:05:39,865
the complete networking for cyber security video
on this channel. Before you can secure a network,
670
01:05:39,865 --> 01:05:45,305
you need to understand one. Start with Comptier
Network Plus study materials. Even if you never
671
01:05:45,305 --> 01:05:54,505
take the exam, the curriculum covers networking
protocols, TCP/IP, DNS, DHCP. Network hardware,
672
01:05:54,505 --> 01:05:59,705
routers, switches, firewalls, and network
troubleshooting. Free resources. Professor
673
01:05:59,705 --> 01:06:04,905
Messer's free network plus course on YouTube.
Professor Messer has been the go-to free resource
674
01:06:04,905 --> 01:06:12,105
for network fundamentals for years. Step two,
learn the Linux command line. The majority of
675
01:06:12,105 --> 01:06:17,625
cyber security tools run on Linux. Servers run
Linux. Hacking environments run Linux. You don't
676
01:06:17,625 --> 01:06:22,905
need to be a Linux expert, but you do need to be
comfortable. Start with the Linux command line,
677
01:06:22,905 --> 01:06:29,385
a free book at linxcommand.org and try Hackme's
Linux fundamentals pathway. Step three, understand
678
01:06:29,385 --> 01:06:34,265
basic programming concepts. Uh you don't need
to be a programmer. Uh but understanding code
679
01:06:34,265 --> 01:06:41,305
helps you read and understand scripts, automate
tasks, understand vulnerabilities in code. Start
680
01:06:41,305 --> 01:06:46,105
with Python. It's beginner friendly and widely
used in cyber security. There's a new channel
681
01:06:46,105 --> 01:06:50,905
that's about to start a beginnerfriendly Python
series focused on cyber security. They've already
682
01:06:50,905 --> 01:06:56,585
uploaded an introduction video. You can check
it out. Free resources, python.org's official
683
01:06:56,585 --> 01:07:02,025
tutorial and Free Code Camp's Python course. The
goal at this phase isn't to become a programmer.
684
01:07:02,025 --> 01:07:08,425
It's to be programming literate. Phase two, core
cyber security knowledge. Month two to month four,
685
01:07:08,425 --> 01:07:13,065
step four, earn CompTIA security plus. This
is the single most universally recognized
686
01:07:13,065 --> 01:07:18,185
entry-level cyber security certification. It
covers threats, attacks and vulnerabilities,
687
01:07:18,185 --> 01:07:23,625
technologies and tools, architecture and design,
identity and access management, risk management,
688
01:07:23,625 --> 01:07:29,785
cryptography, and PKI. It is vendorneutral,
meaning it applies to any technology environment.
689
01:07:29,785 --> 01:07:35,865
It is often a requirement for many government and
corporate cyber security positions. Cost around
690
01:07:35,865 --> 01:07:42,665
$370 for the exam, but study materials can be
free or low cost. Free study resources, Professor
691
01:07:42,665 --> 01:07:48,425
Messer's Security Plus course, phenomenal,
free and thorough. Jason Dion's Udemy course,
692
01:07:48,425 --> 01:07:55,065
usually on sale for $15 to $20. Timeline, two to
three months of dedicated study if you are working
693
01:07:55,065 --> 01:08:01,625
from the foundation. Step five, get hands-on with
Try Hackme. Certifications give you knowledge.
694
01:08:01,625 --> 01:08:07,465
Try Hackme gives you skills. Try Hackme, a
browser-based learning platform with hundreds of
695
01:08:07,465 --> 01:08:13,625
hands-on cyber security labs covering everything
from basic networking to penetration testing. No
696
01:08:13,625 --> 01:08:19,545
special equipment needed. Everything runs in your
browser. Their pre-security pathway is the perfect
697
01:08:19,545 --> 01:08:25,305
companion to security plus study. Their SOC
level one pathway is ideal if you're aiming for
698
01:08:25,305 --> 01:08:32,265
that career path. Their junior penetration tester
pathway prepares you for ethical hacking. Create
699
01:08:32,265 --> 01:08:38,665
an account. Start with the free content upgrade
when you are ready for more. Step six. Hack the
700
01:08:38,665 --> 01:08:43,625
box for the more adventurous. Hack the box is
the more challenging, more realistic cousin of
701
01:08:43,625 --> 01:08:50,185
try hackme. real world vulnerable machines, real
penetration testing scenarios, a global community
702
01:08:50,185 --> 01:08:55,385
of security professionals. Once you have two to
three months of foundational knowledge, start
703
01:08:55,385 --> 01:09:01,385
tackling hack the box challenges. It is where the
learning goes from classroom to battlefield. Phase
704
01:09:01,385 --> 01:09:07,545
three, specialization. Month four to month eight.
By now, you have a sense of what excites you most.
705
01:09:07,545 --> 01:09:12,185
Are you drawn to the offense, the hacking side,
or the defense, the monitoring and response side,
706
01:09:12,185 --> 01:09:18,265
or the architecture, the design side? Choose a
direction and go deeper. If you want offensive
707
01:09:18,265 --> 01:09:24,505
penetration testing, next certification, EJPT,
e-learn security junior penetration tester.
708
01:09:24,505 --> 01:09:30,665
Beginnerfriendly, practical, and affordable.
After that, OCP, Offensive Security Certified
709
01:09:30,665 --> 01:09:34,985
Professional. The most respected practical pen
testing certification. This is the hard one.
710
01:09:34,985 --> 01:09:40,105
Budget 6 to 12 months of serious preparation.
Tools to learn Kali Linux Nap Metas-ploit,
711
01:09:40,105 --> 01:09:45,625
Burpuite, Wireshark. If you want defensive so
or blue team next certification, CompTIA plus
712
01:09:45,625 --> 01:09:52,985
cyber security and plus cyber security analyst
tools delunk sim Wireark, Snort, IDS, Yara rules,
713
01:09:52,985 --> 01:09:59,545
ELKS stack course, blue team labs online. It's an
excellent platform for defensive skill building.
714
01:09:59,545 --> 01:10:04,505
If you want cloud security, start with AWS
cloud practitioner to understand cloud basics.
715
01:10:04,505 --> 01:10:10,665
then move to AWS certified security specialty
or follow Microsoft's path A900 then SC900 then
716
01:10:10,665 --> 01:10:17,225
SC200 on Azure if you want GRC governance risk
and compliance study the NIST cyber security
717
01:10:17,225 --> 01:10:27,545
framework ISO 2701 and GDPR and HIPAA basics
CISM and CISC become your targets phase four
718
01:10:27,545 --> 01:10:33,225
build your portfolio ongoing from month three
very important often overlooked certifications
719
01:10:33,225 --> 01:10:38,985
tell employers what You know, a portfolio shows
them what you can do. How to build a portfolio?
720
01:10:38,985 --> 01:10:44,745
Option one, build a home lab. A home lab is your
personal cyber security playground. Using free
721
01:10:44,745 --> 01:10:50,185
software like virtual box or VMware, you can run
multiple virtual machines. A Kali Linux attacker,
722
01:10:50,185 --> 01:10:55,785
a Windows victim, a vulnerable web application,
all on your own computer. Practice attacks,
723
01:10:55,785 --> 01:11:02,585
practice defenses, document your findings. This is
something hiring managers love to see. Option two,
724
01:11:02,585 --> 01:11:08,345
CTF competitions. Capture the flag. These
are cyber security challenges, puzzles,
725
01:11:08,345 --> 01:11:13,945
hacking scenarios, cryptography problems designed
to test and build skills. Sites like CTF time.org
726
01:11:13,945 --> 01:11:19,625
list hundreds of competitions throughout the year.
Many are free and open to beginners. Each CTF you
727
01:11:19,625 --> 01:11:25,865
complete becomes a portfolio item. Document your
writeups. Explain how you solved each challenge.
728
01:11:25,865 --> 01:11:31,385
Option three, bug bounty programs. Companies like
Google, Meta, Microsoft, and thousands of others
729
01:11:31,385 --> 01:11:36,185
pay money to people who find and responsibly
report security vulnerabilities. These are
730
01:11:36,185 --> 01:11:42,105
called bug bounty programs. Platforms like Hacker
1 and Bug Crowd host these programs. Finding and
731
01:11:42,105 --> 01:11:48,105
reporting even one valid bug, even a small one,
is an impressive portfolio entry. Option four,
732
01:11:48,105 --> 01:11:54,985
GitHub. Create a GitHub account. Document your
HomeLab setup. Share your CTF writeups. Contribute
733
01:11:54,985 --> 01:12:00,905
to open source security tools. A GitHub profile
with real cyber security work is often worth more
734
01:12:00,905 --> 01:12:07,225
to a hiring manager than an extra certification.
Phase five, job search, month 6 to 12 and beyond.
735
01:12:07,225 --> 01:12:12,905
Practical job hunting guidance. Your first job
does not have to be purely cyber security. Many
736
01:12:12,905 --> 01:12:19,465
cyber security professionals got their start in
IT help desk or support, network administration,
737
01:12:19,465 --> 01:12:24,825
system administration. These roles build
foundational skills and often have pathways
738
01:12:24,825 --> 01:12:30,505
into security teams. Where to look? LinkedIn.
Most important, optimize your profile. Connect
739
01:12:30,505 --> 01:12:37,145
with cyber security professionals. Engage with
content. Indeed, glass door. Cyber sec jobs.com.
740
01:12:37,145 --> 01:12:41,225
Government job boards. In many countries,
government agencies are major cyber security
741
01:12:41,225 --> 01:12:46,105
employers. Company career pages, especially for
companies with large security teams. Networking,
742
01:12:46,105 --> 01:12:52,585
the humankind. Join cyber security communities
online. Discord servers. Many try hackme and
743
01:12:52,585 --> 01:12:58,505
hack the box communities have them. LinkedIn
groups. local DFcon groups, DC groups, free meetup
744
01:12:58,505 --> 01:13:03,865
groups in hundreds of cities worldwide. Besides
conferences, communityrun security conferences,
745
01:13:03,865 --> 01:13:10,665
often affordable or free. 80% of jobs are filled
through networking, not job boards. Know people be
746
01:13:10,665 --> 01:13:17,785
known. You have the map. But I want to make this
even more concrete. What if I gave you a specific
747
01:13:17,785 --> 01:13:23,545
day-by-day plan for your very first month? because
that's exactly what the final chapter is. Your
748
01:13:23,545 --> 01:13:30,425
first 30 days action plan. Concrete day-by-day
steps to launch your journey. Okay, this is it.
749
01:13:30,425 --> 01:13:36,985
Chapter 10, the launchpad. I'm going to give you
the most specific actionable 30-day plan I can.
750
01:13:36,985 --> 01:13:44,985
No fluff, no vague advice, real steps for real
days. Your only job, execute. Let's go. Week one,
751
01:13:44,985 --> 01:13:50,425
foundation and security habits. Days 1 to 7. Day
one, secure your digital life today. Before you
752
01:13:50,425 --> 01:13:56,265
learn to defend others, defend yourself. Morning,
1 to two hours. Download Bit Warden. Set up your
753
01:13:56,265 --> 01:14:00,585
master password. Start adding your accounts.
Check if I've beenoon.com for all your email
754
01:14:00,585 --> 01:14:08,105
addresses. Enable two-factor authentication using
Google Authenticator or AY on Gmail, your bank,
755
01:14:08,105 --> 01:14:13,705
Instagram, Facebook. Evening 30 minutes. Review
your phone's privacy settings. Limit which apps
756
01:14:13,705 --> 01:14:18,105
have access to your location, camera, and
microphone. Check that your phone's storage
757
01:14:18,105 --> 01:14:24,665
is encrypted. Settings. Security on Android,
automatic on iPhone with passcode set. Day two.
758
01:14:24,665 --> 01:14:30,025
Understand your attack surface. Google your own
name. See what information is publicly available.
759
01:14:30,025 --> 01:14:34,665
Review your social media privacy settings. Limit
who can see your birthday, hometown, and personal
760
01:14:34,665 --> 01:14:40,425
info. Check your router settings. Change the
default admin credentials if you haven't. Day
761
01:14:40,425 --> 01:14:45,065
three, set up your learning environment. Create
accounts on Tryh Hackme. Have I been pawned?
762
01:14:45,065 --> 01:14:50,425
GitHub. Download and install Virtual Box free
on your computer. You'll need it for a home lab
763
01:14:50,425 --> 01:14:57,705
later. Bookmark your study resources. Professor
Messer, try Hackme N cyber security resources. Day
764
01:14:57,705 --> 01:15:04,505
four, start Try Hackme's pre-security path. Begin
the first module. Take it seriously. Take notes.
765
01:15:04,505 --> 01:15:09,865
Day five, networking fundamentals. Watch Professor
Messer's first three video modules on network plus
766
01:15:09,865 --> 01:15:16,105
fundamentals. You can also watch our video on this
channel. Take handwritten notes. Um, studies show
767
01:15:16,105 --> 01:15:22,665
handwriting improves retention by up to 34%. Day
six, deep dive study day. Review everything you've
768
01:15:22,665 --> 01:15:28,825
learned this week. Make flashc cards using Anki, a
free spaced repetition app. Key terms: IP address,
769
01:15:28,825 --> 01:15:36,025
DNS, HTTPS, firewall, CIA triad, authentication
versus authorization, encryption, day seven, rest,
770
01:15:36,025 --> 01:15:40,265
reflect, and plan. Look at what you covered.
What's unclear? Find one YouTube video that
771
01:15:40,265 --> 01:15:44,585
explains it better. Join one cyber security
community online. Introduce yourself. Ask one
772
01:15:44,585 --> 01:15:50,505
question. Week two, core knowledge, days 8 to 14.
Day eight, continue try Hackme. Complete the how
773
01:15:50,505 --> 01:15:56,265
the web works section. Take notes on HTTP,
DNS, and web application basics. Day nine,
774
01:15:56,265 --> 01:16:01,145
start Linux fundamentals. Begin the Linux
fundamentals pathway on Try Hackme. Learn
775
01:16:01,145 --> 01:16:06,745
basic terminal commands. Navigate directories.
Create files. Change permissions. This is where
776
01:16:06,745 --> 01:16:12,905
many beginners feel uncomfortable. Push through.
It gets intuitive quickly. Day 10. Security Plus
777
01:16:12,905 --> 01:16:19,225
study begins. Start Professor Messer's CompTIA
Security Plus course. Begin with domain one,
778
01:16:19,225 --> 01:16:24,745
threats, attacks, and vulnerabilities. You'll
recognize a lot from this video. Day 11,
779
01:16:24,745 --> 01:16:30,505
hands-on fishing analysis. Search fishing email
examples analysis. Study 5 to 10 real fishing
780
01:16:30,505 --> 01:16:36,185
email examples. Practice identifying the red
flags. Learn about email header analysis. How
781
01:16:36,185 --> 01:16:41,065
to trace where an email really came from.
It's like detective work. You'll love it.
782
01:16:41,065 --> 01:16:46,265
Day 12, introduction to cryptography. Review
our encryption chapter again, then go deeper.
783
01:16:46,265 --> 01:16:50,825
Try Hackme has a cryptography for beginners room.
Complete it. Watch a 15-minute YouTube video on
784
01:16:50,825 --> 01:16:58,265
how HTTPS uses TLS, transport layer security,
encryption. Day 13. Day 13. OSINT introduction
785
01:16:58,265 --> 01:17:03,945
OSIN open- source intelligence. It is the art of
gathering information from public sources. A skill
786
01:17:03,945 --> 01:17:10,505
used by both hackers and investigators. Try hackme
has an OSINT module. Start it. Practice OSINT
787
01:17:10,505 --> 01:17:18,665
on yourself. What can you find about you using
only Google? Day 14, week two. Review flashcards
788
01:17:18,665 --> 01:17:23,545
review. Make sure your notes are organized. Post
an update in your cyber security community. Share
789
01:17:23,545 --> 01:17:28,505
what you've learned. Teaching others is
one of the best ways to learn. Week three,
790
01:17:28,505 --> 01:17:35,545
practical skills, days 15 to 21. Day 15, set up a
basic home lab in Virtual Box. Install Kali Linux,
791
01:17:35,545 --> 01:17:41,625
a free Linux distribution specifically designed
for cyber security and penetration testing. Follow
792
01:17:41,625 --> 01:17:47,625
a beginner's home lab setup guide on YouTube.
Search Kali Linux virtual box beginner setup. Day
793
01:17:47,625 --> 01:17:53,065
16. Explore Kali Linux tools. Get familiar with
your new environment. Run your first NAPAP scan on
794
01:17:53,065 --> 01:17:58,505
your own network. Legally, it's your own network.
End MAPAP maps out what devices and open ports
795
01:17:58,505 --> 01:18:06,185
exist on a network. Day 17. Capture the flag.
First attempt. Go to ctfttime.org. Find a beginner
796
01:18:06,185 --> 01:18:11,945
or Jeopardy style CTF that is currently running
or has recently ended. Try to solve the easiest
797
01:18:11,945 --> 01:18:18,105
challenges. If you get stuck, search beginner
CTF write up on YouTube. Day 18. Web application
798
01:18:18,105 --> 01:18:23,225
security basics. Install Burpuite Community
Edition. Free. Work through Try Hackme's OWSP
799
01:18:23,225 --> 01:18:28,505
top 10 module. The OASP top 10 is the definitive
list of the most critical web application security
800
01:18:28,505 --> 01:18:35,625
vulnerabilities. Learn each one. Day 19.
Security plus study. Continue. Domain two,
801
01:18:35,625 --> 01:18:43,065
technologies and tools. Firewalls, IDSPs, VPNs,
SIM tools. Review our chapter content alongside
802
01:18:43,065 --> 01:18:49,545
the course. Day 20. Wireshark. Analyze network
traffic. Download Wireshark. Free. Capture traffic
803
01:18:49,545 --> 01:18:54,825
on your own network. See the packets flowing.
Try HackMe has a Wireshark room. Complete it.
804
01:18:54,825 --> 01:18:59,625
This is the first time most beginners feel like a
real security professional. It's a good feeling.
805
01:18:59,625 --> 01:19:05,065
Day 21. Week three review and portfolio planning.
Write down what you've done this month. This is
806
01:19:05,065 --> 01:19:11,305
your early portfolio. Create a GitHub repository.
Write a readme documenting your learning journey.
807
01:19:11,305 --> 01:19:16,345
What you've studied, what labs you've completed,
what tools you've used. Week four, direction and
808
01:19:16,345 --> 01:19:22,425
momentum. Days 22 to 30. Day 22. Decide your
specialization based on the past three weeks.
809
01:19:22,425 --> 01:19:27,865
Offense, defense, or engineering. If you loved
the Kylie Linux labs and the pen testing mindset,
810
01:19:27,865 --> 01:19:33,865
offensive pen testing. If you love the monitoring,
analysis and detection side, defensive,
811
01:19:33,865 --> 01:19:42,265
soek. If you are more drawn to architecture and
policy, GRC or security engineering. Day 23 to 25,
812
01:19:42,265 --> 01:19:47,065
deep dive into your chosen path. Offensive.
Continue through Try Hackme's junior penetration
813
01:19:47,065 --> 01:19:52,185
tester pathway. Research the OCP certification.
Watch a YouTube video about what OCP candidates
814
01:19:52,185 --> 01:19:57,545
say about the experience. Defensive. Start
Tryh Hackme's SOC level one pathway. Research
815
01:19:57,545 --> 01:20:05,145
CompTS CISA plus certification GRC read NIST's
introduction to the cyber security framework.
816
01:20:05,145 --> 01:20:12,185
It is a free PDF research CISM certification.
Day 26 LinkedIn optimization create or update
817
01:20:12,185 --> 01:20:17,145
your LinkedIn profile. Add Try Hackme Progress.
They have sharable profiles, your GitHub link,
818
01:20:17,145 --> 01:20:22,025
any certifications you have started studying
for. Relevant skills. Start connecting with
819
01:20:22,025 --> 01:20:26,745
cyber security professionals. Do not just connect.
Engage with their content. Comment thoughtfully.
820
01:20:26,745 --> 01:20:33,385
Ask a genuine question. Day 27. Find your local
or online community. Find your nearest DC group,
821
01:20:33,385 --> 01:20:41,065
DFC group. Many groups meet monthly, often
virtually. These are your future colleagues,
822
01:20:41,065 --> 01:20:46,825
mentors, and references. Day 28. Create your
study schedule for month two. Reverse engineer
823
01:20:46,825 --> 01:20:53,065
your certification goal. Security plus exam. Most
people need 8 to 12 weeks of dedicated study. Set
824
01:20:53,065 --> 01:20:59,145
a target exam date. Book it. Having a deadline.
makes you study. Create a weekly study schedule.
825
01:20:59,145 --> 01:21:04,585
Block the time in your calendar. Treat it like
a class. Day 29. Write your why. This sounds
826
01:21:04,585 --> 01:21:10,985
non-technical. Do it anyway. Write even just for
yourself why you want to be in cyber security. Is
827
01:21:10,985 --> 01:21:16,185
it financial stability, intellectual challenge,
protecting people, making a career change. Your
828
01:21:16,185 --> 01:21:22,745
why is your fuel on the hard days. And there
will be hard days. Everyone has them. Write it,
829
01:21:22,745 --> 01:21:27,785
save it, read it when you need it. Day 30.
Celebrate and set month two goals. You have
830
01:21:27,785 --> 01:21:32,985
done more in 30 days than most people who say
I want to get into cyber security do in a year.
831
01:21:32,985 --> 01:21:40,105
Celebrate that genuinely. Then set three specific
goals for month two. One, complete X modules or
832
01:21:40,105 --> 01:21:46,425
certifications. Two, complete XCTF challenges.
Three, make X new professional connections.
833
01:21:46,425 --> 01:21:51,545
Write them down. Make them specific. Make them
real. We have been on a journey together today.
834
01:21:51,545 --> 01:21:56,745
We started with a woman named Sarah who woke up
to find her digital life dismantled overnight. And
835
01:21:56,745 --> 01:22:02,825
we have ended here with you holding a road map
that can change the trajectory of your safety,
836
01:22:02,825 --> 01:22:08,665
your awareness, and potentially your entire
career. Let me remind you of what you now
837
01:22:08,665 --> 01:22:13,625
know. You know how the internet actually works.
The infrastructure underneath everything we take
838
01:22:13,625 --> 01:22:19,145
for granted. You know how hackers think, not as
cartoon villains, but as creative, patient human
839
01:22:19,145 --> 01:22:25,465
beings exploiting human weakness. You know
the most common attacks, fishing, malware,
840
01:22:25,465 --> 01:22:31,305
social engineering, ransomware, and you will never
look at a suspicious email the same way again. You
841
01:22:31,305 --> 01:22:38,745
know the mistakes that make people vulnerable. And
you have real actionable tools to fix them today.
842
01:22:38,745 --> 01:22:44,265
You understand the foundations of cyber security,
the CIA triad, encryption, authentication, zero
843
01:22:44,265 --> 01:22:49,225
trust, concepts that professionals spend careers
building on. You know the career paths that exist
844
01:22:49,225 --> 01:22:54,265
and you know they are accessible with the right
road map. And you have that roadmap. 30 days,
845
01:22:54,265 --> 01:23:00,585
clear steps, no guesswork. But here is the
thing I want to leave you with. Cyber security
846
01:23:00,585 --> 01:23:06,345
is ultimately not about technology. It is about
people. It is about protecting a grandmother from
847
01:23:06,345 --> 01:23:12,905
losing her savings to a scam. It is about keeping
a hospital systems running so doctors can save
848
01:23:12,905 --> 01:23:19,225
lives. It is about ensuring that journalists in
authoritarian countries can communicate safely. It
849
01:23:19,225 --> 01:23:24,585
is about making sure that the 16-year-old version
of me who did not know any of this does not become
850
01:23:24,585 --> 01:23:30,105
the next victim of a sophisticated fishing
attack. The people who go into cyber security
851
01:23:30,105 --> 01:23:35,945
carry a profound responsibility and honestly
they are some of the most thoughtful, creative,
852
01:23:35,945 --> 01:23:41,865
curious and committed people you will find. I
hope whether you watch this for personal safety,
853
01:23:41,865 --> 01:23:48,105
for career inspiration or pure curiosity, I hope
you feel the weight and the wonder of this field
854
01:23:48,105 --> 01:23:53,945
because the internet is where we live now and it
deserves defenders. Maybe you are one of them.
855
01:23:53,945 --> 01:23:58,905
If this video helped you even a little, please
like it. Share it with someone who needs to see
856
01:23:58,905 --> 01:24:05,065
it and subscribe for more content like this. Drop
a comment below telling me one thing you learned
857
01:24:05,065 --> 01:24:10,505
today, one thing that surprised you, one thing you
are going to change or one step you are going to
858
01:24:10,505 --> 01:24:15,945
take. I read every comment seriously. And if you
want the condensed version of this road map in a
859
01:24:15,945 --> 01:24:22,025
free PDF, follow me on Instagram and DM me.
If you made it this far, thank you for your
860
01:24:22,025 --> 01:24:27,065
time. I genuinely appreciate it. Stay curious,
stay secure, and I will see you in the next112077
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.