DION: Hello, and
welcome to the course. I am Dion, a program
manager at Google. I've worked in security
for the past five years in areas ranging
from risk management to insider threat detection. I'll be your first
instructor in this course. As a security
analyst, you will help protect the assets of
the organization you work for, including
tangible or physical assets, such as software
and network devices, as well as intangible
assets like PII, copyrights, and intellectual property. Imagine if this kind of
sensitive information were to be exposed
by a threat actor. It would be devastating
to the reputation and financial stability of the
organization and the people the organization serves. In previous courses,
we discussed a variety of topics that are
relevant to the security profession, including core
security concepts, frameworks and controls, threats, risks,
and vulnerabilities, networks, incident detection and response,
and programming basics. Now it's time to put all of
these core security concepts to practical use. In this course,
we'll further explore how to protect assets and
communicate incidents. Then we'll discuss when
and how to escalate incidents to protect an
organization's assets and data. We'll also cover how to
communicate effectively to influence stakeholders'
decisions related to security. After that, Emily,
your instructor for the second part
of this course, will introduce some
reliable resources that will help you engage
with the security community after you complete the
certificate program. And finally, we'll cover how
to find, prepare for, and apply for security jobs. This will include
discussions about how to create a compelling
resume and tips to help you throughout the
interview process. When I started my first
security-based role, I was excited to be hired at
Google to protect information and devices. I was also happy to be
a part of a broader team that I could learn from and
reach out to for support. My team helped me
grow my expertise, and I'm proud of my
contribution to our projects. By the end of this
course, you'll have had multiple opportunities
to refine your understanding of key security concepts,
create a resume, build confidence in
your interview skills, and even participate in
an Artificial Intelligence or AI-generated interview. The security profession
is such an amazing field, and I'm looking forward
to you joining it. I have one question for you. Are you ready to get started? Welcome to the first
section of the course. In the next several
videos, we'll discuss what it means to
have a security mindset and how you'll use that mindset
to protect an organization's assets and data. Then we'll explore the
process of incident escalation in the event of a breach. Finally, we'll share
information to better help you understand the
sensitive nature of the data that you'll work to protect. Coming up, we'll focus on how
to develop a security mindset, then use that mindset
to protect organizations and the people they serve. Let's take a little time
to discuss a concept that will help you throughout
your security career, having a security mindset. In previous courses,
we discussed various threats, risks,
and vulnerabilities and how they can impact
organizational operations and the people served
by those organizations. These concepts are
key considerations when thinking about
having a security mindset. You'll have to
recognize not only what you're defending
but what or who you're defending against. For example, it's important to
recognize the types of assets that are essential to
maintaining an organization's business functions along
with types of threats, risks, and vulnerabilities that can
negatively impact those assets. And that's what having a
security mindset is all about. A security mindset
is the ability to evaluate risk and constantly
seek out and identify the potential or actual breach
of a system, application, or data. Earlier in the program, we
discussed threats, risks, and vulnerabilities that are
posed by social engineering attacks, such as phishing. These attacks are designed to
compromise an organization's assets to help the threat
actor or actors gain access to sensitive information. Using our security
mindset can help prevent these types of attacks. It's important that we're
constantly staying up to date with the kinds of attacks
that are happening. To do this, it's good to
develop a habit of seeking out information regarding
the latest security trends or vulnerabilities. As you do this, new ideas
for protecting company data may come to mind. Security is an everyday
objective for every security team in the industry. So having a security
mindset helps analysts defend against
the constant pressure from attackers. That mindset can make you
think every click of the mouse has the potential to lead
to a security breach. That level of scrutiny as
a security professional helps you prepare for
the worst-case scenario, even if it doesn't happen. Entry-level analysts
can help protect low level assets, such
as an organization's guest Wi-Fi network, and
high importance assets, such as intellectual
property, trade secrets, PII, and even financial information. Your security mindset
allows you to protect all levels of assets. However, if an
incident does occur, that doesn't mean you respond to
all incidents in the same way. So we'll discuss
incident prioritization a little later in the course. Having a strong security
mindset can help set you apart from
other candidates as you prepare to enter
the security profession. It may even be a good idea
to reference that foundation in future job interviews. We'll discuss
interview preparation in detail later in the course. Coming up, we'll focus
on incident detection in greater detail. Welcome back. In earlier courses, we
discussed the impact that security incidents can
have on the critical data and assets of an organization. If data and assets
are compromised, it can lead to financial
pains for an organization. It can even lead to
regulatory fines and the loss of credibility with
customers or other businesses in the same industry. This is why your role in
protecting company data and assets is so valuable. Collaboration is an exciting
part about working in security. There are so many individuals
across an organization that are interested in
various functions of security. No security professional
can do this alone. Some team members are
focused on protecting sensitive financial data. Others work on protecting
usernames and passwords. Some are more focused on
protecting third-party vendor security. And others may be concerned
with protecting employees' PII. These stakeholders and
others have an interest in the role the
security team plays for keeping the
organization and the people it serves safe from
malicious attacks. It's important to recognize that
the assets and data you protect affect multiple levels
of your organization. One of the most important
concerns for an organization is the protection
of customer data. Customers trust that an
organization they engage with will protect their
data at all times. This means credit card numbers,
Social Security numbers, emails, usernames,
passwords, and so much more. It's important to
keep this in mind when taking on a security role. Understanding the importance
of the data you're protecting is a big part of having a
strong security mindset. As a security professional,
it's important to handle sensitive data with
care while being mindful of the little details
to ensure that private data is protected from breaches. When a security event
results in a data breach, it is categorized as
a security incident. However, if the
event is resolved without resulting
in a breach, it's not considered an incident. It's better to be
safe when it comes to taking a job in the
security profession. That means paying
attention to details and raising your issues
to your supervisor. For example, a
seemingly small issue like an employee installing
an app on their work device without getting permission
from the help desk should be escalated
to a supervisor. This is because some
apps have vulnerabilities that can pose a threat to the
security of the organization. An example of a bigger
issue is noticing that a log may have malicious
code executed in it. Malicious code can lead
to operational downtime, severe financial
consequences, or the loss of critical high-level assets. The point is that there
are no issues that are too small or too big. If you're not sure of
the potential impact of an incident, it's always
best to be cautious and report events to the
appropriate team members. Each day on the job as
a security professional comes with a level
of responsibility to help protect the organization
and the people it serves. The decisions you make not
only affect the company but also its customers
and countless team members across the organization. Remember, what you do matters. You've had an
opportunity to learn more about the important role an
entry level analyst plays in protecting the data and
assets of an organization. Let's quickly review
what we covered. We started off by
discussing the importance of having a security
mindset, including how it supports incident detection. Then we examined the
relationship between incidents and events and further explored
the incident escalation process. We ended our discussion by
exploring the sensitive nature of the data that
you're protecting and the amount of
people counting on you to play your part
in protecting that data. Understanding how valuable you
are as a member of the security team can help you put the
work you do into perspective. Every role in security matters. Each individual contributes to
making a company's operations flow smoothly. I hope you enjoyed our
discussion as much as I did. Are you ready to continue
your journey into the security world? Coming up, we'll discuss
the importance of escalating security incidents. I'm excited that you
could join me today. Previously, you learned about
the importance of various asset types. You also learned
about the relationship between incidents and events. Now we'll focus on escalating
those incidents and events to the right people. Protecting the data and
assets of an organization is the primary goal
of a security team. The decisions you
make everyday are important for
helping the security team achieve that goal. Recognizing when and how to
escalate security incidents is crucial. It helps ensure simple issues
don't become larger problems for an organization. Escalation is a term you should
familiarize yourself with. It's likely to resurface often
as you continue your journey into the security profession. In the following videos, we'll
discuss incident escalation from an entry-level
analyst perspective. Then we'll explore various
incident classification types and the impact
security incidents can have on business operations. Finally, we'll share
some general guidelines for escalating incidents. Coming up, we'll start by
focusing on incident escalation and how it can be used to
prevent a seemingly small issue from becoming a bigger problem. Let's get started. Security analysts are hired
to protect company assets and data, including
knowing when and how to escalate security incidents. In this video, we'll define
security incident escalation and discuss your role
in making decisions that help protect your
organization's data and assets. So what is incident escalation? And why is it so important
for security professionals? Incident escalation is
a process of identifying a potential security
incident, triaging it, and, if appropriate, handing it
off to a more experienced team member. It's important to also recognize
that not every incident needs to be escalated. In this video, we'll cover
what types of incidents should be escalated. As an entry-level
analyst, it's unlikely that you'll be responding
to security incidents independently. However, it's important that
how to evaluate and escalate incidents to the
right individual or team when necessary. Let's discuss the essential
skills needed to properly escalate security incidents. There are two
essential skills that will help you identify
security incidents that need to be escalated,
attention to detail and an ability to follow an
organization's escalation guidelines or processes. Attention to detail
will help you quickly identify when something
doesn't seem right within the organization's
network or systems. Following your company's
escalation guidelines or processes will help you
know how to properly escalate the issue you've identified. Larger organization security
teams have many levels, and each level or
member of that team plays a major role in protecting
the company's assets and data. However, smaller and
medium-size companies have only one or two
people responsible for the organization's security. For now, we'll focus on the
roles in bigger organizations. From the Chief Information
Security Officer, also known as the CISO,
to the engineering team, public relations team,
and even the legal team, every member of the
security team matters. Each team member's role
depends on the nature and scope of the incident. These roles are highlighted
within a company's escalation process. Even the smallest
security incident can become a much larger
issue if not addressed. And that's where you come in. Imagine you're working at
your desk and notice what appears to be a minor
incident, but you decide to take a break before
addressing or escalating it. This decision could
have major consequences. If a small issue goes
unescalated for too long, it has the potential to
become a larger problem that costs the company money,
exposes sensitive customer data, or damages the
company's reputation. However, with a high level
of attention to detail and an ability to follow your
organization's escalation guidelines and
processes, it may be possible to avoid exposing
the business and its customers to harmful incidents. As an entry-level analyst,
you play an important role. You help the security
team identify issues within the network
and systems and help make sure the right
person on the team is alerted when incidents occur. Think about an assembly line. Would the final step in the
line be negatively impacted if the first step were done
incorrectly or not at all? Of course it would. Every decision you make helps
the entire security team protect an organization's
assets and data. Knowing when and how to
escalate security incidents is one of many
important decisions you'll need to make
on a daily basis. Later in this course, we'll
discuss the various levels of security incidents. Knowing those levels
will help you determine the level of urgency needed
to escalate different incident types. Previously, we defined what it
means to escalate an incident. We also discussed the skills
needed to properly escalate incidents when the time comes. In this video, we're going
to cover a few incident classification types
to be aware of-- malware infection, unauthorized
access, and improper usage. A malware infection
is the incident type that occurs when malicious
software designed to disrupt a system
infiltrates an organization's computers or network. As discussed in a
previous course, malware infections can
come in many forms. Some are simple, and others
are a bit more complex. One example is a
phishing attempt. These are relatively
simple malware infections. Another example is
a ransomware attack, which is considered
much more complex. Malware infections can
cause a system's network to run at unusually low speeds. Attackers can even
prevent an organization from viewing critical data
unless the organization pays the attacker ransom
to unlock the data. This incident type is especially
impactful to an organization because of the amount
of sensitive data stored on an organization's
network and computers. Escalating malware infections
is an important aspect of protecting the organization
that you work for. But wait. There's more. The second incident type we'll
discuss is unauthorized access. This is an incident type that
occurs when an individual gains digital or physical access
to a system or application without permission. As you may recall,
earlier in the program, we discussed brute
force attacks, which use trial and error to
compromise passwords, login credentials, and
encryption keys. These attacks are often
used to help attackers gain unauthorized access
to organization systems or applications. All unauthorized
access incidents are important to escalate. However, the urgency
of that escalation depends on how critical that
system is to the organization's business operations. We'll explore this idea in more
detail later in this course. The third incident we'll
discuss is improper usage. This is an incident
type that occurs when an employee
of an organization violates the organization's
acceptable use policies. This one can be a
bit complicated. There are instances
when improper usage is unintentional. For example, an
employee may attempt to access software
licenses for personal use or even use a company's
system to access a friend's or co-worker's data. Maybe the employee wasn't
aware of the policy they were violating. Or maybe the policy
wasn't properly defined and communicated to employees. But there are other times
where improper usage is an intentional act. So how do you know if an
improper usage incident is accidental or intentional? That can be a difficult
decision to make. That's why improper usage
incidents should always be escalated to a supervisor. As a member of an
organization's security team, it's likely that you'll
encounter a variety of incident types while on the job. So it's important to
know what they are and how to escalate them. So far, we've discussed
different incident types and the importance of
escalating those incidents to the right person. But what happens if an incident
goes unescalated for too long? In this video, we'll discuss
the potential impact that even the smallest incident can
have on an organization if it goes unnoticed. Are you ready? Great. Now let's take a journey into
the life of an organization's security team. It's been a quiet day
for the security team. Suddenly, you notice
there's been unusual log activity in an app
that was recently banned from the organization. You make a note to
mention this activity during the next meeting
with your supervisor. But you forget and
never mention it. Following this same
scenario, let's fast forward to a week later. You and your supervisor
are meeting again. But now the supervisor
indicates that a data breach has occurred. This breach has impacted
one of the manufacturing sites for the organization. Now all operations at
the manufacturing site have been put on hold. This causes the company to
lose money and precious time. Days later, the security team
discovers that the data breach began with suspicious activity
in the app that was recently banned from the organization. What we've learned
from this scenario is that a simple incident can
lead to a much larger issue if not escalated properly. Incident criticality is
also important to note here. Initially, an incident
can be escalated with a medium level
of criticality if the analyst doesn't
have enough information to determine the
amount of damage done to the organization. Once an experienced incident
handler reviews the incident, the incident may be
increased or decreased to a high or low
criticality level. Every security
incident you encounter is important to an
organization, but some incidents are certainly more
urgent than others. So what's the best way
to determine the urgency of a security incident? It really depends on
the asset or assets that the incident affects. For example, if an employee
forgets their login password for their work computer, a
low-level security incident may be prompted if they have
repeated failed login attempts. This incident needs
to be addressed, but the impact of this
incident is likely minimal. In other instances, assets are
critical to an organization's business operations, such as a
manufacturing plant or database that stores PII. These types of assets
need to be protected with a high level of urgency. The impact of an attacker
gaining unauthorized access to a manufacturing
application or PII is far greater than
a forgotten password because the attacker
could interfere with the manufacturing processes
or expose private customer data. I hope this video has
helped you understand the importance of knowing the
relationship between assets and security incidents. Later in this course, we'll
share some new concepts related to escalation timing and
why your role in that process matters. We've shared quite a bit about
the importance of your role when it comes to
escalating incidents. We've even discussed
a few incident types that you may encounter. But what are the
actual steps you need to take to properly
escalate that incident? The answer to that
question actually depends on the organization
you're working for. There is no set standard or
process for incident escalation that all organizations use. Every security team
has their own processes and procedures when it
comes to handling incidents. In this video, we're going
to discuss general guidelines for incident escalation and
how to apply them on the job. Let's get started. Each organization
has its own process for handling security incidents. That process is known as
an escalation policy, which is a set of actions that outline
who should be notified when an incident alert occurs
and how that incident should be handled. Ideally, the escalation process
would go smoothly every time. But in a workplace,
challenges to that process can happen unexpectedly. For example, what if
your immediate supervisor is out of office? If an incident occurs
that day, it still needs to be
escalated to someone. This is one example
of why understanding your organization's escalation
policy is important. You don't need to memorize
your organization's escalation policy, but it is wise
to save or bookmark it on your work device. This way, you'll always have
access to it when you need it. Following an organization's
escalation policy is essential because
the actions you take help protect the
organization and the people it serves from malicious actors. The escalation policy
for an organization can be an extensive document. So it's up to you
to pay attention to the small details
within the escalation policy of your organization. Attention to detail
can make the difference between escalating an incident
to the right or wrong person. It can also help
you prioritize which incidents need to be escalated
with more or less urgency. Every organization handles
incident escalation differently. But analysts need to
ensure that incidents are handled correctly. Great work expanding
your security mindset. Now you've had an opportunity to
learn about the essential role you'll be playing by
escalating incidents. Let's review what we've covered
in this section of the course. We started off by defining
incident escalation and discussing
useful traits needed to properly escalate incidents. We also explored a few
incident classification types and their potential
impacts on organization. From there, we discussed
how small security incidents can become bigger problems
if not properly addressed. Finally, we covered
some general guidelines for the actual process
of incident escalation. This process varies depending on
the organization you work for. But one thing should
always remain the same, your attention to detail. Understanding how each incident
affects the data and assets of an organization
is really important because the decisions you make
can affect the entire security team and organization. Are you ready to continue
your security journey? Coming up, we'll
discuss stakeholders and how to communicate
effectively with them. We've covered so much
in previous courses, from the foundations of security
to a basic understanding of networks, and programming
languages like SQL and Python. These concepts
are core knowledge when preparing for a role
in the security profession. But how does this information
help you on a day-to-day basis? And to whom do you
communicate this information? In this course, we'll
start by discussing who stakeholders are. Then we'll identify their
roles in relation to security. Finally, we'll share effective
communication strategies for relaying key
information to stakeholders. But before we can communicate
with stakeholders, we have to understand who they
are and why they are important. So let's get started. Let's discuss the hierarchy
within an organization. It goes from you, the analyst,
to management, all the way up to executives. Hierarchy is a great way
to understand stakeholders. A stakeholder is defined as
an individual or group that has an interest in the
decisions or activities of an organization. This is important for your
role as an entry-level analyst because the decisions
made on a day-to-day basis by stakeholders will
impact how you do your job. Let's focus on
stakeholders who have an interest in the daily
choices analysts make. After all, you may be asked
to communicate your findings to them. So let's learn a little
bit more about who they are and the roles they play
in regards to security. Security threats, risks,
and vulnerabilities can affect an entire
company's operations. From financial implications
to the loss of customer data and trust, the impact
of security incidents are limitless. Each stakeholder
has a responsibility to provide inputs on
the various decisions and activities of
the security team and how to best protect
the organization. There are many stakeholders
that pay close attention to the security of critical
organizational assets and data. We're going to focus on
five of those stakeholders-- risk managers; the Chief
Executive Officer, also known as a CEO; the Chief Financial
Officer, also known as a CFO; the Chief Information
Security Officer, or CISO; and operations managers. Let's discuss each of these
stakeholders in more detail. Risk managers are important
to an organization because they help identify
risks and manage the response to security incidents. They also notify
the legal department regarding regulatory issues
that need to be addressed. Additionally, risk managers
inform the organization's public relations
team in case there is a need to publish public
communications regarding an incident. Next is the Chief Executive
Officer, also known as a CEO. This is the highest ranking
person in an organization. CEOs are responsible for
financial and managerial decisions. They also have an obligation
to report to shareholders and manage the
operations of a company. So naturally, security is
a top priority for the CEO. Now let's discuss
the Chief Financial Officer, known as a CFO. CFOs are senior executives
responsible for managing the financial
operations of a company. They are concerned
about security from a financial standpoint
because of the potential cost of an incident to the business. They are also interested
in the costs associated with tools and strategies
that are necessary to combat security incidents. Another stakeholder with
an interest in security is the Chief Information
Security Officer, or CISO. CISOs are high-level executives
responsible for developing an organization's
security architecture and conducting risk
analysis and system audits. They're also tasked with
creating security and business continuity plans. Last, we have
operations managers. Operations managers oversee
security professionals to help identify and
safeguard an organization from security threats. These individuals
often work directly with analysts as the
first line of defense when it comes to protecting the
company from threats, risks, and vulnerabilities. They are also
generally responsible for the daily maintenance
of security operations. As an entry-level analyst
at a large organization, it's unlikely that you'll
communicate directly with the risk manager,
CEO, CFO, or the CISO. However, the operations
manager will likely ask you to create
communications to share with those individuals. Coming up, we'll focus a
bit more on stakeholders and how to effectively
communicate with them. Welcome back. Previously, we
discussed stakeholders and the important
security roles they play within an organization. Now let's explore the role
you play in communicating with those stakeholders. The information that's
communicated to stakeholders is sensitive. For example, if
you send an email to stakeholders about a
recent security breach, it's important to be mindful
of what you communicate and who you communicate to. Different stakeholders
may need to be informed about different issues. As a result, your
communications with them need to be clear,
concise, and focused. Security is a
detail-driven profession, so it's essential that you
stay mindful of the details when sending your
communications. Stakeholders are
very busy people. Your communication
should be precise, avoid unnecessary
technical terms, and have a clear purpose. You don't want them to have to
guess the reason for your email or why it matters to them. To help with this,
ask your manager or immediate
supervisors questions to find out what the
stakeholders you communicate with need to know. As you may recall,
earlier, we discussed what it means to have
a security mindset. A part of that mindset
means asking questions about the assets and
data you're protecting. For example, you could ask,
what's the most important data to protect on a daily basis? Or what security tool
has been most important or useful to protect
our data and assets? Having a security mindset
also means understanding what matters most
to stakeholders so you know what information
to share with them. Effective communication
involves relaying only the information that is
most relevant to stakeholders. Staying informed
about security issues helps stakeholders do their
jobs more effectively. Your role in communicating
with stakeholders is to help them obtain
that information. This is yet another example
of how essential your role is within a security team. Coming up, we'll
discuss the information that is most important to
communicate with stakeholders. Previously, we discussed
communicating information that is important to stakeholders. It's essential
that communications are specific and
clear so stakeholders understand what's
happening and what actions may need to be taken. In this video, we'll
go into more detail about how to create precise
and clear communications. Creating security communications
to share with stakeholders is similar to telling
a great story. Stories typically have a
beginning, middle, and end. Somewhere in that
story, there is some sort of conflict and
an eventual resolution. This concept is also true
when telling security stories to stakeholders. The security story details
what the security challenge is, how it impacts
the organization, and possible solutions
to the issue. The security story
also includes data related to the challenge, its
impact, and proposed solutions. This data could be in
the form of reports that summarize key findings
or a list of issues that may need immediate attention. Let's use the following
scenario as an example. You've been monitoring
system logs and notice possible malicious code
execution in the logs that could lead to the exposure of
sensitive user information. Now you need to communicate what
is happening to a stakeholder, in this case, your
immediate supervisor. The first step is to
detail the issue-- potential malicious
code execution found while monitoring the logs. The next step is to refer to
the organization's incident response playbook and mention
the suggested guidance from the playbook regarding
malicious code found in system logs. This shows your
supervisor that you've been paying attention to the
procedures already established by the team. The final piece of your story is
to provide a possible solution to the issue. In this scenario, you may not
be the final decision-maker regarding what action is taken. But you've explained to the
stakeholder what has happened and a possible solution
to the problem. You can communicate the story we
just discussed in various ways. Send an email, share a
document, or even communicate through the use of a
visual representation. You can also use
incident management or ticketing systems. Many organizations have incident
management or ticketing systems that follow the steps outlined
in their security playbooks. Some scenarios are
better expressed by using visual elements. Visuals are used to
convey key details in the form of graphs,
charts, videos, or other visual effects. This allows stakeholders to
view a pictorial representation of what is being explained. Visual dashboards can help
you tell a full security story to stakeholders. Later in this course,
you'll have an opportunity to learn how to use
Google Sheets to create a visual security story. That's going to be fun. A security
professional who knows how to tell a compelling
and concise security story can help stakeholders make
decisions about the best ways to respond to an incident. Ideally, you want
to be someone that makes stakeholders' jobs easier,
and communicating effectively will certainly help you do that. Coming up, we'll
continue our discussion about communicating
with stakeholders. The ability to communicate
threats, risks, vulnerabilities, or incidents,
and possible solutions is a valuable skill for
security professionals. In this video, we'll focus
on various communication strategies that can help
you engage with and convey key ideas to stakeholders. Let's start with visuals. The use of visuals to
tell a security story can help you communicate
impactful data and metrics. Charts and graphs are
particularly helpful for this. They can be used to
compare data points or show small parts
of a larger issue. Using relevant and
detailed graphics can help you develop the story
you want to tell stakeholders so they can make
decisions that will help protect the organization. While visuals are
a compelling way to capture the attention
of your stakeholders, some issues are best explained
in an email or even a phone call. Be mindful of the sensitive
information contained in these types of
communications. For security purposes, it's
important to communicate sensitive information with care. Be sure to follow the procedures
outlined in your organization's playbooks, and always
make sure to send emails to the right email
recipient as it could create a risk if the wrong person
receives confidential security information. One challenging
thing about emails is the potentially long
wait time for a response. Stakeholders have
many responsibilities. This means they may
sometimes miss an email or fail to respond
in a timely manner. In these instances, a simple
phone call or instant message may be a better option. My experience in
security has taught me that sometimes a simple
instant message or a call can help move a
situation forward. Direct communication
is often better than waiting days or weeks
for an email response to an issue that requires
immediate attention. When appropriate,
take the initiative to follow-up with a stakeholder
if they haven't responded to an email in a timely manner. It sounds simple,
but a friendly call can often prevent a major
issue from occurring. It's important to stand out
in the security profession, especially if you don't
have previous experience in the industry. Visual representations,
emails, and phone calls are great ways to showcase
your written and verbal communication skills. The visual aspect
shows your ability to put metrics and data
together in an impactful way. If you don't receive a timely
response from a stakeholder, following up shows initiative. In this video, we're going
to have a bit of fun. We'll create a visual
security story. Here's the scenario. The operations manager, one of
the stakeholders we previously discussed, has been informed
that the chief information security officer, also
known as the CISO, wants to know how many
employees are often clicking on phishing emails. The goal is to identify
which five departments click on those emails most often. An investigation reveals that
the five departments that most frequently click
on phishing emails are human resources, customer
service, global security, media relations, and
professional development. Based on this information,
the security team can create a visual
representation of the data to share with the operations
manager and the CISO. Those stakeholders
and the security team can then work
together to determine how to address the issue. There are many different
platforms available that can be used to create and
share visual stories of data. Apache OpenOffice is a free
open-source office suite that allows users to
create spreadsheets and other visual
representations. Another new course
option is Google Sheets. Today, we'll enter our
data into Google Sheets. Then we'll create a
bar chart visualization to develop the data story. If you don't have
a Google account, you'll need to create one. Let's start by demonstrating
how to create an account. First, go to google.com,
and click on Sign In. Click Create Account and
select For My Personal Use. Then complete each step to
create your personal account. Now that you've created
your Google account, it's time for us to begin
creating our Google Sheets bar chart visualization. Click the Dots menu in
the top-right corner. Click the Sheets icon. Click Blank to start
a new spreadsheet. Select cell A1. Type Department. Select cell B1. Type # of clicked
phishing emails. Select cell A2. Type Human Resources. Select cell B2. Type 30. Select cell A3. Type Customer Service. Select cell B3. Type 18. Select cell A4. Type Global Security. Select cell B4. Type 10. Select cell A5. Type Media Relations. Select cell B5. Type 40. Select cell A6. Type Professional Development. Select cell B6. Type 27. Then select the rows and
columns containing headers, department names, and data. Click Insert at the
top of the sheet. Select Chart in the
Chart Editor menu. Click Chart Type Dropdown menu. Scroll down to the
Bar Chart Options. Then select the first bar chart. In the chart editor
menu, click Customize. Then click on the Chart
& Axis Titles section. Now update the title to read
something like Clicked phishing emails by departments or another
title related to the data. Then click on the X icon at
the top of the chart editor to Close the Editor menu. Great job creating your
first visual security story. Creating visual stories of data
allows security team members to convey essential
information to stakeholders so issues can be communicated in
a meaningful and understandable way. These data stories can also help
promote a better understanding of issues that exist
within an organization and allow decision-makers
to determine how to address
security issues that put the organization at risk. You've had an opportunity to
learn about the important role stakeholders play and different
ways to communicate with them. Let's review what we covered. We started by defining
stakeholders and their roles in protecting an organization. We also explored the sensitive
nature of communications with stakeholders
and the importance of sharing that information
with care and confidentiality. Then we discussed
information that needs to be communicated
to stakeholders. After all, stakeholders
are extremely busy, so we only want to share
relevant information that they need to be aware of. We ended our discussion
by introducing various communication
strategies, including emails, phone
calls, and visual dashboards. Understanding who
the stakeholders are within your organization and
how to communicate with them will help you throughout
your career as a security professional. Be intentional
about the strategies you use to communicate. Remove unnecessary details
from your communications, and be specific and precise
when relaying information to stakeholders. Stakeholders are
depending on you as a storyteller to
tell them the security story or the potential issues
and solutions in a way that makes sense. The communication
strategies we discussed will help you stand
out as someone who has a combination of
technical and transferable skills. Coming up, your instructor
for the final sections of this course, Emily,
will discuss a few ways to engage with the
security community and how to find and apply for
jobs in the security field. EMILY: Welcome back. I'm Emily, and I've been
working in security education at Google for nearly nine years. My team works closely with our
remarkable security experts to craft innovative and
engaging educational solutions for our workforce to keep
security at the forefront. I'll be your instructor for
the remainder of the course to discuss important
career-related topics, such as how to engage with
the security community, find jobs in the security
field, create a resume, and navigate the
interview process. We're approaching the end
of the certificate program. What an incredible
journey it's been so far. We've discussed a lot up
to this point, including incident detection and
escalation and the roles that stakeholders play in
protecting an organization. We've also explored
the sensitive nature of the communications
we share and strategies for conveying critical
information to stakeholders. But does the learning stop
now that we're approaching the end of the program? Absolutely not. In the following videos, we'll
identify reliable security resources you can use to stay
up to date on security news and trends. Then we'll share some
ways to become involved with the security community. We'll end with a
discussion about how to establish and advance
a career in security. Coming up, we'll highlight
some great resources to help you stay current
on what's happening in the security industry. As we approach the
end of our program, it's important to start
thinking about ways to engage with the security community. As the industry evolves,
it's essential to stay up to date on the latest
security trends and news. Let's discuss a few
good resources for you to review periodically. What excites me about
the security profession is the constant evolution
of the industry. Take the OWASP Top
10, for example. Earlier in the program,
we discussed the fact that this is a globally
recognized standard awareness document that lists the top
10 most critical security risks to web applications. This list is updated
every three to four years. So it's a great example of the
evolving nature of the field. Continuing your
security education beyond this certificate
program will help you stand out
to hiring managers and could give you an extra
edge over other candidates because it shows
your willingness to remain current on what's
happening in the industry. A few well-known
security websites and blogs to get you started are
CSO Online, Krebs on Security, and Dark Reading. The CSO Online site provides
news, analysis, and research on various security and
risk management topics. Many CISOs view this
site for tips and ideas. It would be great for you
to review this publication every now and then. Krebs on Security is an
in-depth security blog created by former "Washington
Post" reporter Brian Krebs. This blog covers security
news and investigations into various cyber attacks. Accessing the Krebs
blog is a good way to stay up to date on the latest
security news and happenings around the world. Dark Reading is
a popular website for security professionals. This site provides information
about various security topics, like analytics and
application security, mobile and cloud
security, as well as the Internet of Things, IoT. Security is a constantly
evolving industry. As professionals in security,
we must evolve with it by seeking out new information. Be sure to explore a
few of the websites and blogs we discussed
in this video to stay up to date with what's
happening in the industry. Coming up, we'll discuss
how to become engaged with the security
community and ways to establish and advance
your career and security. Bye for now. Earlier, we discussed
the importance of staying up to date on
security trends and news. In this video,
we're going to share ways to establish and advance
your career and security by connecting with people who
are already in the industry. Social media is a great way
to connect to other security professionals in the industry. However, it's important to
be mindful of the information you share on your
social media page and when responding to messages
from people you don't know. With that in mind, let's
discuss ways to effectively use social media to establish or
advance your security career. One way to use social
media is to follow or read the posts of leaders in
the security industry. Chief information security
officers, for example, are great individuals to follow. They often post
interviews they've done in the security
space and share articles they've read or contributed to. Here's a question you
might be asking yourself. How can I find CISOs to
follow on social media? The best way would be to
conduct an internet search for the name of the CISO
of a popular organization or an organization you're
interested in working for. After you find their name, you
can simply go to a social media site to look them up. Ideally, you want
to use LinkedIn when following
security professionals. That's because the
LinkedIn platform focuses on connecting
professionals with other professionals in
the same or similar field. Another way to use social
media to establish or advance your career in the
security industry is to connect with other
security analysts currently employed in the field. On social networks
like LinkedIn, you can find security
professionals by searching for cybersecurity
analysts or a similar search term, then filtering for
people and people who talk about hashtag #cybersecurity. Once you've found
other professionals you'd like to connect with, you
can send a connection request with a brief comment,
such as, hi, I'd like to connect to learn more
about why you became interested in security and your
experiences as an analyst. Additionally, you
can set your filter to locate events and
groups that focus on security-related
topics that interest you. While social media
platforms like LinkedIn are excellent for connecting
with professionals, some people are more
comfortable with being active on social
media than others. For those of us who aren't
very active on social media, there are other ways to connect
with security professionals or find mentors in the industry. Joining different
security associations is a good way to
connect with others. There are many
associations out there. So you're going to have to
do a little bit of research to find the best ones for you. Here's a tip. In your internet
search engine, type cybersecurity
industry associations. This search term will
populate a variety of different associations. So be sure to select
ones that align with your professional goals. Now that we've discussed ways
to engage with the security community, consider
following a CISO on LinkedIn, connecting with other
analysts, or searching for cybersecurity
organizations to join. That's all for now. I'll meet you in the next video. Great job. Now you've had an opportunity
to learn about different ways to stay engaged with
the security community. Let's take a moment to
review what we've covered. First, we identified
reliable security resources. Then we discussed different
ways to engage with the security community. We also explored the
usefulness of social media to connect with other
security professionals and stay informed about
current topics of interest. Finally, we shared ways
to establish and advance a career in security,
including following a CISO on social
media or joining a professional organization. We've come a long
way in this journey. You should be proud
of your progress and how far you've come. I'm certainly proud of you. In the final section
of this course, we'll take the time to
prepare you for the job search and interviewing process. How exciting is that? Welcome back. We've covered so many
security-related topics in detail. Throughout this
program, we've discussed protecting organizational
assets and data and the tools and procedures
used to protect them. We've also explored how to
communicate with stakeholders, reliable sources to help you
stay up to date on security news and trends, and ways to
get involved with the security community to help
establish and advance your career in the field. Now we need to get
you prepared to find a job as an entry-level
security analyst. Security is a huge field with
countless job opportunities. By 2030, the US Bureau
of Labor statistics expects the number of security
roles to grow by more than 30%. But how can you find the
right opportunity for you? In the next several
videos, we'll discuss specific strategies
to help you find and apply for jobs in the
industry, including how to create your resume
and develop rapport with interviewers. We'll also cover how to use the
STAR method for interviewing and how to develop
an elevator pitch. | remember initially being
interested in my role because education is my passion. Researching the security field
and industry in preparation for my interviews cemented my
fascination for cybersecurity. I'll be honest, I had
taken a lot of what security does for granted. Now I feel incredibly
fortunate to be a part of this industry and
the exciting opportunities it offers. Now it's time to get you
ready to find security jobs. Let's get started. I hope you feel really proud
of how far you've come. You may remember that
earlier in this program, we discussed a few security
roles in the industry. Now we'll explore
three of those roles. We'll start with
security analyst. Security analyst is
typically an entry-level role that might interest
you as you prepare to enter the security field. The role generally focuses
on monitoring networks for security breaches,
developing strategies to help secure an organization,
and even researching IT security trends. In previous courses, we
discussed log monitoring and SIEM tools. Having a solid
foundational understanding of how to use those
tools will certainly be useful in this role. Another role that
might interest you is information security analyst. This role generally focuses on
creating plans and implementing security measures to protect
organizations, networks, and systems. Earlier in the
program, you learned about controls and
frameworks that can be used to develop
security plans and procedures, as well as how to
use SIEMs and packet sniffers to identify risks. That knowledge
will be beneficial when it comes to developing
plans and determining the best tools to strengthen an
organization's security posture. Finally, we'll explore
the security operations center analyst role. Security Operations
Center analyst, also known as a SOC
analyst, is another role you might find exciting. This role generally focuses on
ensuring security incidents are handled rapidly and efficiently
by following established policies and procedures. Earlier in this program, we
discussed security playbooks and how they are unique
to each organization. We also covered the
importance of being able to follow the
processes outlined in playbooks to respond to
security events or incidents. That knowledge
will certainly help you stand out as a potential
candidate for this role. There are many more job roles
that you may be interested in. A great way to find
more of these roles is to create an account
on various job sites and search for
cybersecurity positions. A few well-known job
sites in the United States and internationally are
ZipRecruiter, Indeed, and Monster Jobs. Each of these sites have
hundreds of open job listings with roles, responsibilities,
and skill set requirements posted under the job title. How exciting is
it that we're now discussing jobs and sites that
you can use to apply for them? It's important that you do
your research before applying to any position. Gather plenty of information
about the company, the job role, as well as required
and preferred skills. This will help prepare you
for a potential interview by knowing exactly what
the employer is looking for and how your skills align with
the employer's expectations. This will also help you align
your own values and passions with the organization's
mission and vision. But before you can apply
for a security job, it's important to create
a resume that will catch an employer's attention. Coming up, we'll discuss the
resume development process in detail. In this video, we'll
discuss how to create a resume that is tailored to
the job you're applying for. Note that a resume is
sometimes called a Curriculum Vitae, or CV for short. Remember that it's
OK if you don't have any cybersecurity experience. This certificate program has
covered key skills and concepts that employers are looking
for in an entry-level security analyst position. You can mention all
that you've learned in this program on
your resume, including programming languages
such as Python and SQL and Linux line-command. You can also share
your understanding of what it means
to have a security mindset, your knowledge
of standard frameworks and controls like the NIST
CSF and CIA triad model, as well as your familiarity
with how to use SIEM tools and packet sniffers. It's also possible that some
of your earlier job experiences allowed you to develop
knowledge and skills that are transferable
to a security role. These skills could include being
detail-oriented, collaborative, and having strong written and
verbal communication skills. Here's an example of a resume. You'll want to
start with your name at the top of the
resume followed by your professional title. Your title could be something
like security analyst or a title that matches the
position you're applying for. You'll also want to include at
least one way that employers or recruiters can contact you,
for example, an email address or phone number. After your name
and title, you'll provide a summary statement. This section should be brief,
just one or two sentences related to your strengths
and relevant skills. Make sure the statement
includes specific words from the Responsibility
section of the job description. You can include something
like this in your statement. "I am a motivated
security analyst seeking an entry-level
cybersecurity position to apply my skills in
network security, security policy, and organizational
risk management." Following your name
and summary statement is the Skills section. This is a bulleted
list of the skills you've learned in
this program that are related to the position. Employers usually like to
know about your previous work experience. In the Experience section,
you'll list your work history. Underneath each
job entry, provide a list of the skills and
responsibilities you performed. It's a good idea to
start each bullet with a verb and, if
possible, details that quantify an
accomplishment, for example, "Collaborated with a team of
six to develop training for more than 25 company employees." Try to highlight the security
or technology-related skills and knowledge that you have
based on your experiences in previous jobs and
this certificate program. The next section of the
resume lists your education and certifications. Start with the most
recent education you've completed, including
certifications, trade schools, online courses, or
college experience. Also include the names of
sites and organizations that issued your certifications
and schools you attended. List any subjects
you studied related to the job you're applying for. If you're currently enrolled
in school or a certification program but haven't
graduated, note, in progress. As you develop your resume,
keep a couple of things in mind. Make sure there are no
spelling or grammatical errors in your resume before sending
it to your potential employer. Also note that resumes are
typically about two pages long and list only your last 10 years
or less of work experience. Resumes can be created using
word processing applications like Google Docs or OpenOffice. However, you might find some
simple but professional resume templates online
to get you started. To find them, type, "free resume
template" or a similar search term into your internet browser. If you use a template,
be sure to replace all of the prefilled text
with your information and qualifications. There is so much to consider
when creating your resume. But what we covered today
will help you get started. Coming up, we'll explore
the interview process. After you've submitted your
resume to several job postings, you'll hopefully get an
opportunity for an interview. The interview process
usually starts with a short
prescreening phone call. It typically involves having
a 15-minute conversation with a hiring
manager or recruiter who will ask you some
questions to make sure that you are who your
resume says you are and that you meet the minimum
requirements for the job. Following the
prescreening, you could be invited to an
in-person interview, either on site or online. This could be a panel
interview with a few members of the team that you
would be working with or a one-on-one interview. Let's discuss some strategies
that can help prepare you for an interview. Review the job description
and your resume ahead of time. Practice speaking about
the experiences and skills that the employer
is looking for. Consider practicing
this with a friend by participating in
a mock interview. Your friend will act
as the interviewer, and you will answer their
questions as if you're meeting with the employer. It can also be helpful to
dress professionally and feel comfortable in the
clothes you choose to wear for the interview. Before the interview begins,
take a few deep breaths and remind yourself of all
the preparation you've done. If the interview is online
via video conference, prepare a location in your
home that is quiet, tidy, and professional. Also be sure to test your
video and audio settings and, if necessary, download the
video conference application specified by the interviewer. This will help ensure that you
correct any technical issues before the interview. Interviews usually include two
parts, a background interview and a technical interview. The background interview
will likely include questions about your education,
work experience, skills, and abilities. You might even be asked
some personal questions unrelated to the job posting. The interviewer is
trying to get to know you to determine if you'll
be a good match for the team and company culture. At the same time, you
want to ask questions to help you decide if the
team and company culture are a good match for you. The other portion
of the interview is the technical interview. This is when the
interviewer will ask you specific questions
about technical skills related to the role. You might be asked
how you would respond to a specific situation or to
explain a technical concept that's listed on your resume. Do your best to answer these
types of questions confidently and concisely based on
your current knowledge. It's OK to say that you don't
know the answer to a question or that you need a
moment to respond so you can think about your answer. Employers respect honesty. Just follow up
with an explanation of how you would
figure out the answer, either by researching it or
collaborating with the team. Even after you've completed
this certificate program, you'll still have access
to all of the content. So before the interview, go
back and review your notes, the glossary, and any
concepts that you might need to refresh your memory on. This can help you feel prepared
for the questions you'll be asked. Remember, you can
prepare for the interview by participating in
a mock interview, reviewing the job description,
and taking a few deep breaths before the interview begins. You've learned a
lot in this course and are ready to move ahead and
find a position as a security analyst. Coming up, we'll discuss how to
conduct pre-intervew research. Previously, we discussed
how to create a resume and what to expect
during an interview. In this video, we're going
to cover a few more things that you need to do to
prepare for the interview and that could
help set you apart as an excellent candidate
for the position. Before the interview, it's
important to do some research about the organization
you're interviewing with. Interviewers want
to know that you're a good match for their team and
that you value the things that are important to the company. It's just as important for
you to decide if the company matches your values. So make sure you know the
organization's mission and vision. Understand their core
values and company culture. This information is usually
easy to find, either in the job description or on the About page
of the organization's website. Think about why these values
and the company culture are also important to you. Then practice how you
will communicate this to potential employers. Remember that you will
not be the only applicant for the position. Consider what sets you
apart from other candidates, and be prepared to
emphasize those qualities during the interview. What about your skills,
experience, or work ethic make you the best match
for this position? How do your goals align to
the goals of the organization? You want the employer to
remember you after they've interviewed several candidates. So highlight things
that make you the best candidate for the role. You also want to think about
the employer's perspective. The organization
has needs that must be met by filling the position. They may have productivity
or compliance goals, or the team might be growing
because the company is expanding. Take some time to think
about what the interviewer is seeking in a candidate. Then prepare yourself
to state directly how you can meet the
employer's needs. The interviewer may
have reservations about hiring you because
of your lack of experience as a security analyst. If this comes up
in the interview, be prepared to address any
possible concerns by speaking about your strong work ethic. This could include an ability to
learn quickly based on feedback or to collaborate and
communicate with others. Also, you could discuss
having a security mindset or problem-solving
skills that you've developed from
personal life, work, or educational experiences. Learning about the
organization's culture and mission and
preparing to demonstrate how you can add value to
the team are essential. It's also a good idea
to write down questions that you can ask the interviewer
about the organization's past accomplishments
and future goals. This shows potential
employers that you've done your research and care
about the organization's success. Coming up, we'll discuss
how to build rapport with interviewers. In this video, we'll
explore a topic that can contribute
to your success during the interview process-- how to build rapport with
your potential employer. Rapport is a
friendly relationship in which the people involved
understand each other's ideas and communicate well
with each other. Building rapport begins with
the very first interaction you have with the company
staff by phone, email, or video conference. It's important to use
a professional tone in the email you
write expressing your interest in the job. But it's also important
to be polite and friendly. Expressing appreciation for
being considered and having the potential
opportunity to interview is one way to build rapport. When and if you have an
initial phone screen, you can use a friendly,
conversational tone of voice. To do this, try
smiling while you talk. And while it's true
that nobody can see you smile on a phone
call, smiling while you talk can make you sound friendlier. During the phone screening
and in-person interview, you can ease
interview nervousness by engaging actively in a way
that feels natural to you. That can mean simply saying,
hello, nice to meet you. You can even start a short,
friendly conversation by asking the interviewer
how their day is going. Or if the weekend just passed,
you might ask the interviewer, how was your weekend? Make eye contact when
you ask these questions during an in-person interview. Or be sure to look
directly into the camera during a video interview. This will show the
interviewer that you're engaged in the conversation. Oftentimes during
the second half of an interview,
the interviewer will ask if you have any
questions for them. As we discussed earlier,
it's important to have some questions prepared
to ask at this point. Here are some suggestions. You could ask, what is
the biggest challenge I might face coming
into this role, and how would I be expected
to meet that challenge? Or you might ask,
what would you say is the best part about
working for this company? Or what is a typical
day like for an analyst? Another great question
is, what is the potential for growth in this role? Asking questions
shows that you're engaged in the
conversation and are interested in the
company and the position. It also shows the employer
that you are confident and that you want to make
sure that their company is a good match for you before
you make a commitment. It's nice to send a
follow-up email a day or two after your
in-person interview. This is just a brief email
thanking the interviewer for the opportunity
to meet with them and learn more about
the organization. It's also a good idea to
mention something specific from your interview
in this email. It shows that you were actively
engaged in the conversation. Remember, the
employer is probably interviewing other candidates. So sending a
follow-up email will help set you apart and
remind the interviewer of your discussion. Building rapport with the
interviewer and other employees is an important skill
when interviewing for your first
security position. Writing friendly but
professional emails before and after the
interview and engaging in friendly conversation
during the interview can help set you apart as a
great candidate for the job. Welcome back. Preparing for job interviews
in the security field is such an exciting process. You've learned a lot through
this program that can help you stand out as a candidate. Let's discuss some
useful interview strategies to consider when
speaking to an employer. Your interviewer is going
to ask several questions when you meet. Carefully consider each
question before responding. Let's discuss the STAR
method, which can help you prepare for interviews. The STAR method is
a technique used to answer behavioral and
situational interview questions. Using this method is
a great way to help you understand each
interview question and provide a thoughtful
and thorough response. STAR stands for
Situation, Task, Action, Result. The STAR
method is typically used to answer open-ended
questions, such as, tell me about a time
when you encountered a challenge on the job. Let's go through an example
of how this question could be answered using the STAR method. The situation--
two people needed to stay home from
work due to illness, and I was the only person
available to assist customers. The task-- I needed
to answer phone calls from customers
while assisting shoppers in the store. The action-- I came up
with a strategy that allowed me to assist
customers as they entered the store while also ensuring
that customers who called were helped or
politely placed on hold until I was able
to address their needs. The result-- I managed the
in-store operations for the day without many mistakes, and
my manager complimented me during the next team meeting. Hopefully this example
highlights the benefits of answering open-ended
interview questions using the STAR method. But the STAR method
isn't the only strategy you can use during an interview. You can also answer
questions with confidence. One way to
demonstrate confidence is by admitting when you
don't know something. For example, if an
interviewer asks you to discuss a skill
that you don't have, it's OK to admit you
haven't learned it yet. However, the trick is
to confidently mention that, while you don't have
that particular skill, you're a quick learner and
eager to develop that skill. Treat it as an opportunity to
emphasize your ability to adapt and learn on the job,
which shows confidence. You know what else
shows confidence? Taking the time to
fully understand a problem or question to
provide the best solution or answer possible. When interviewing, don't be
afraid to ask the interviewer for a moment to think
about your answer. It shows that you're willing
to take the time needed to understand the question
and provide a response that is meaningful and relevant. We've discussed a
few strategies that can help you overcome the
nervousness you may feel about interviewing for a job. Coming up, we'll
continue to explore ways to prepare for interviews. In this video, we'll
take a little time to discuss additional
strategies you can use during a job interview. In past job interviews,
your potential employer may have asked, do you
have any questions for me? This type of question can
be an opportunity for you to show the
interviewer that you're prepared and ready to have
a meaningful conversation with them. A big part of
interview preparation is researching the company
before the interview because it will allow you to
ask questions that demonstrate you took the time to learn about
the organization and its needs. For example, if you discover
that the company suffered a major security
breach two years ago, don't be afraid to ask about it. One question you could
ask is, what do you think is the main reason
the company suffered a breach two years ago? And follow that
question up with, how could my role on
the security team help prevent a breach like
that in the future? These kinds of
questions show that you are passionate about
your career and that you want to help the company
strengthen its security posture. There are also some
general questions you can ask the
interviewer to determine if the job and the
organization itself are a good match for you. Here are some examples. What's the biggest challenge
for a new person in this role? In what ways can I contribute
to the success of the team and the organization? What qualities or
traits are most important for working
well with the team and other stakeholders? Questions like these can
help you develop rapport with the interviewer
and show that you're interested in learning
more about the role and the organizational culture. Interviewing for jobs can be
a really exciting process when you're prepared,
and asking questions is an essential part of
the interview process. Don't be afraid to ask potential
employers tough questions. This will help
them understand you as a thoughtful, curious person
who can add value to the team. Coming up, we'll discuss another
strategy-- the elevator pitch. Now let's discuss a concept
that can help you identify your strengths and allow you
to highlight those strengths to others-- an elevator pitch. An elevator pitch is a brief
summary of your experience, skills, and background. It's called an elevator
pitch because it should be short enough to
say in 60 seconds or less, which is the average amount of
time you might spend talking with someone on an elevator. Elevator pitches allow
you to demonstrate who you are to potential
employers in a very short time span. They can be used at job
fairs, career expos, and other networking situations,
like professional conferences and social media job
sites, such as LinkedIn. Now let's examine how to
create an elevator pitch. Your elevator pitch needs
to be short and persuasive. There's no need to list all
of your previous experiences and accomplishments. Instead, explain
who you are and why you care about being a
security professional, as well as the qualifications
and skills you have that are specifically related
to getting a job as a security analyst. For example, critical
thinking, problem solving, and the ability to build
collaborative relationships with others are
transferable skills that most organizations
are looking for. So highlight those in
your elevator pitch. You could also mention
technical skills you've learned in this
certificate program, such as using various
SIEM tools and programming languages like SQL and Python to
identify and respond to risks. Now we'll cover a few
things to avoid when delivering your elevator pitch. It's important to avoid rambling
or sharing irrelevant details during your elevator pitch. Potential employers only
want to know who you are and why they should consider
you for a security role. As you develop your
elevator pitch, you're going to want to
practice it several times. However, don't
practice it so much that you end up sounding
ingenuine or robotic when it's time to
share your pitch with a possible decision-maker. Instead, speak
naturally, like you're having a conversation, when
you give your elevator pitch. That will help keep people
engaged and interested in what you're saying. Another thing to avoid-- speaking too quickly. Because an elevator
page is fairly short, it can be easy to
rush through it. But that can cause people to
miss out on some key skills you have to offer simply
because you sped past them. One last tip-- search the
internet for elevator pitches to find examples that
may help you generate ideas for your own pitch. In essence, your
elevator pitch is a way to tell people why you
are an amazing candidate for a security position,
with great skills and a clear direction for what
you want to do in your career. While it's natural
to be nervous when speaking to potential
employers, just remember, take a deep breath,
gather your composure, and deliver your pitch with
confidence, conviction, and at a normal pace. You'll be just fine. You've done a great
job completing this section of the course. Let's take a moment to
review what we've covered. We started by discussing
how to find and apply for jobs in the security field. Then we explored how
to create your resume. Next, we shared some
strategies to develop rapport with interviewers. We also covered how
to use the STAR method to answer open-ended interview
questions thoughtfully. We finished by discussing how
to develop an elevator pitch. Hopefully this has
helped you feel confident as you begin to search and apply
for jobs in the security field. Good luck. Congratulations on
completing the final course of the certificate program. We covered a lot of information. So let's take a
moment to review. We started by discussing how to
protect assets and communicate incidents by developing
a security mindset. Then we covered when and
how to escalate incidents to the appropriate team
members to make sure that small issues don't
become big problems for an organization and
the people it serves. Next, we explored ways to
communicate effectively to influence stakeholders'
decisions related to security. This included
discussions about how to use visuals to convey
important information and sending emails,
making phone calls, or sending instant messages. After that, we shared some ways
to engage with the security community, including attending
conferences and connecting with other analysts
through a networking site. Then we moved on to
the final section of the course, which covered how
to find, prepare for, and apply for jobs. This included
discussions about how to create a compelling
resume and tips to help you navigate the interview process. It's been an absolute
pleasure guiding you through this journey. This certificate covered some
rigorous security content. You could have given up at
any point, but you didn't. And for that, you deserve
to be proud of yourself. As we discussed at the
beginning of this program, the security field is
growing and in need of security professionals
just like you to help protect organizations
around the world and the people they serve. The knowledge and
skills you've obtained throughout this
certificate program will allow you to begin applying
for entry-level security analyst jobs. Now let's take a moment to
summarize what we've discussed throughout this program. We started by exploring
core security concepts, including the definition of
security and core skills. Then we covered the focus
of eight security domains and discussed how
security supports critical organizational
operations. Following that, we
discussed network security, including network architecture
and the mechanisms used to secure an
organization's network. In the next course,
we turned our focus to computing basics
for security analysts. In this section, we
introduced Linux and SQL. After that, we explored assets,
threats, and vulnerabilities in depth. This included discussions
about how assets are classified and the security controls
used by organizations to protect valuable
information and minimize risks. In the next course, we
focused on incident detection and response. Here, we defined what
a security incident is and explained the
incident response lifecycle. In the following course,
we introduced the Python programming language
and explored how to develop code related
to common security tasks. Finally, in the last
course of the program, we explored topics
related to your pathway into the security
profession, including how to find and apply for jobs. You put a lot of
valuable time and energy into completing this
certificate program. Remember that the learning
doesn't stop here. As you move forward
in your career, always be mindful of the
new trends developing in the world of security. As technology
continues to advance, the threats to organizations
and people will evolve as well. It's up to you to stay informed
and always be willing to learn. You just completed the Google
Cybersecurity Certificate. What a remarkable
accomplishment that shows just how committed you
are to learning new skills that will allow you to
pursue your career goals. On behalf of myself and my
fellow course instructors, congratulations. SPEAKER: Congratulations,
you did it. SPEAKER: Congrats. I can't wait to see
how many of you decide to pursue this career
and visit some really cool places in cybersecurity. SPEAKER: Way to go. Congratulations. SPEAKER: Congratulations. SPEAKER: You're a rock star. SPEAKER: Congratulations. SPEAKER: Congratulations. DION: Great job. you did it. Congratulations. SPEAKER: Congratulations. I am rooting for you and
wishing you continued success. SPEAKER: Congratulations
on your big accomplishment. Now it's time to get to work. SPEAKER: This is
probably one of the best decisions you've ever made. And I can't wait to hear
about all the opportunities that you're going to experience. SPEAKER: Congratulations. SPEAKER: Congratulations,
you've made it to the end, and you're now ready to
keep everyone safe online. SPEAKER: Congratulations. Continue to learn. Continue to grow. You'll find this is a
very rewarding career. SPEAKER: Congratulations. You did it. Welcome to cybersecurity. SPEAKER: The adventure
continues after this. SPEAKER: There's
still a lot more to explore in the
world of security. But you're off to a great start. EMILY: It's been my
pleasure guiding you through the final
part of this program. I know you're well prepared
to begin or continue a remarkable career in security. Congratulations, and best
of luck on your journey. [MUSIC PLAYING]
