Studying for the Sec+ Exam? Use What You Know
The Power of Analogies
As the cybersecurity workforce gap widens, the prospect of a career in cybersecurity becomes sweeter and sweeter. Given the tremendous growth of the cybersecurity industry, the field will undoubtedly see newcomers, or those without a security/IT background looking to join the cybersecurity workforce. Companies will invest in these newcomers and accept them with open arms and checkbooks. If you are one of the forward-thinking cybersecurity job seekers, but have no experience in the field, then earning the CompTIA Security+ Certification is a great place to start.
Passing the Security+ exam without a security background will take hard work but you can do it. One learning hint to help you on your path is the topic of today’s blog: the power of analogies. Clinical research has emphasized the power of metaphors and analogies in learning, especially for grasping completely new information.
Let’s examine two prominent but distinct fields that can help us digest cybersecurity content.
The Immune System = IDS/IPS
In terms of industry influence, cybersecurity has perhaps the most obvious ties with the scientific world. Indeed cybersecurity terms such as worms and viruses are taken right from microbiology. Cybersecurity also resembles cellular immunology – the body’s immune system at the cellular level. Intrusion Detection/Prevention (IDS/IPS) operations, which filter and prevent malicious traffic, are not unlike your body filtering malicious cells or bacteria. The goal is to prevent intrusion by harmful substances which can cause disease or even death.
The body has many layers of defense: the skin and the mucus in the nose and throat being two of the most familiar. They keep bacteria from migrating into the tissues and blood vessels. But when bacteria does enter the body, the immune system acts as both the IDS and IPS. The immune system continuously monitors the body for evidence of “foreign” cells. If it detects such foreign cells, it sends out a general alert to other cells of the immune system (IDS function) causing them to travel to the site of the invasion, multiply, wall off, and eventually, destroy the invading cells (the IPS) portion.
One important difference though, is that the bacteria that attack you are not malicious. They are just doing what bacteria do; what they are genetically programmed to do, unlike malware that is manipulated software used for nefarious purposes.
The close ties between science and cyber contributed to my sister (who knows way more about biology than biometric authentication) earning a passing score of 761 on her SY0-401 Security+ exam. The professional instruction and tutoring at CyberVista helped, too.
Separation of Powers = Separation of Duties
For our next example, let’s transition from molecular science to political science. If you read our post about the Founding Generation’s Perspective on Cybersecurity, you’d know that that the ties between political science and cybersecurity are closer than they appear. In that our company is based in Washington, D.C., it seems appropriate to connect the dots between cybersecurity and the U.S.’s Government.
A common administrative security control is borrowed directly from the mind of James Madison, the chief architect of the U.S. Constitution. In Federalist 47, Madison describes the principle of Separation of Powers. Madison explains that the U.S. Constitution is specifically designed to avoid giving too much power to one branch of Government. Each branch depends on the others, therefore limiting each’s overall power.
In the security world, Madison’s concept of Separation of Powers is called Segregation of Duties (SoD). Forward-thinking security teams take a page out of Madison’s Constitution when they set up administrative (admin) functions. A systems or security administrator is a role that has special and powerful duties and responsibilities. Unchecked admin powers represents a significant risk, either through administrator abuse of power or attackers stealing admin credentials.
That’s why it’s common for sensitive admin functions to be split among multiple administrators. For example, SoD is commonly implemented when it comes to backups. Since backups are copies of an organization’s data, information, and intellectual property, organizations make sure that the individual who creates the backup is different than the individual who stores the backup. This avoids allowing the opportunity for an individual to create and then walk away with an entire copy of an organization’s information and intellectual property.
Madison could have very well been talking about security admins when he noted, “The accumulation of all powers…in the same hands…may justly be pronounced the very definition of tyranny.”
Don’t be Intimidated by Cyber Content
While cybersecurity is a nascent industry, its general principles are familiar. If you’re new to the field of cybersecurity, or looking to enter it, don’t be intimidated by the unfamiliar lexicon. Think about what you do know, and use that to help you approach unfamiliar content. Making the content relatable is a great strategy to make it more digestible and easier to remember, one of the many learning science lessons we use to teach our Security+ Prep Course. Are you ready to launch your cybersecurity career? Let us help. Visit us at cybervista.net to learn more. We look forward to seeing you in class.