The Cybersecurity Landscape

September 7, 2017 — the day 147 million people got robbed without knowing it

Imagine waking up one morning to discover that your Social Security number, birth date, home address, and driver's license number were sitting on a hacker's server. You didn't click a bad link. You didn't download a shady app. You didn't do anything wrong.

Equifax — one of the three companies that controls your credit score in the United States — had a web application running on a server. That server had a known vulnerability in a software framework called Apache Struts. A patch had been available for two months. Nobody applied it.

Attackers walked in through that unpatched door. They moved laterally through Equifax's network for 76 days before anyone noticed. By the time it was over, the personal data of 147 million Americans was gone. Equifax eventually paid over $700 million in settlements.

One server. One missing patch. Two months of neglect. That's all it took.

This is the world of cybersecurity — and this module is your first look at the battlefield.

💡What you'll walk away with

By the end of this module you will be able to classify any attacker by type and motivation, evaluate any security scenario through the CIA Triad, map an organization's attack surface across five categories, and explain defense in depth using the medieval castle analogy. These mental models anchor every module that follows.

147Mpeople affected by Equifax breach

76 daysattackers went undetected

700M+dollars in settlements

Who is attacking — and why?

Not all attackers are the same. A teenager running downloaded hacking tools from their bedroom is a very different threat than a team of military intelligence officers backed by a nation-state budget. Understanding who is attacking helps you understand how to defend.

Threat actor	Motivation	Sophistication	Real-world example
Script kiddies	Bragging rights, curiosity	Low — uses pre-built tools	Teenager DDoSing a gaming server with LOIC
Hacktivists	Ideology, political protest	Low to medium	Anonymous taking down government websites
Organized crime	Money — ransomware, fraud	Medium to high	REvil demanding $70M from Kaseya (2021)
Nation-state actors	Espionage, sabotage, geopolitical	Very high — custom tools, APTs	SolarWinds attack attributed to Russian SVR
Insider threats	Revenge, money, or just carelessness	Varies — already has access	Edward Snowden, or an employee clicking a phishing link

🔑The human is always the weakest link

Over 80% of breaches involve a human element — a clicked phishing email, a weak password, an accidental misconfiguration ([Verizon Data Breach Investigations Report, 2022–2023](https://www.verizon.com/business/resources/reports/dbir/); exact percentage varies by year but the human element consistently dominates). The most expensive firewall in the world cannot protect you from someone who writes their password on a sticky note. This is why security awareness training matters as much as technology.

There Are No Dumb Questions

"Are hackers always criminals?"

No. "Hacker" originally meant someone who loves to take things apart and understand how they work. Today, the security industry distinguishes between black hat (malicious), white hat (ethical, hired to test security), and grey hat (finds vulnerabilities without permission but reports them). Many of the best defenders started as hackers in the original sense — deeply curious tinkerers.

"Can a small business really be a target? We have nothing worth stealing."

Small businesses are disproportionately targeted precisely because they think this way. Attackers use automated scanning tools that probe millions of systems at once. They don't care if you have 5 employees or 50,000 — if your door is unlocked, they walk in. Small businesses also have less security budget, making them easier targets for ransomware.

🔒

Classify the Attacker

25 XP

For each scenario, identify the threat actor type. **Categories:** Script kiddie | Hacktivist | Organized crime | Nation-state | Insider threat 1. A group floods a bank's website with traffic during a political protest against corporate greed. → ___ 2. A government-funded team spends 18 months infiltrating a defense contractor's email system to steal weapons designs. → ___ 3. A 16-year-old downloads a tool from a forum and uses it to crash their school's Wi-Fi network. → ___ 4. A ransomware gang encrypts a hospital's patient records and demands $2 million in Bitcoin. → ___ 5. An IT administrator copies the customer database to a USB drive before quitting to join a competitor. → ___ _Hint: Look at the motivation first. Money points to organized crime. Ideology points to hacktivism. Curiosity with low skill points to script kiddies. Geopolitics and patience point to nation-states. Already having access points to insiders._

The CIA Triad — the foundation of everything

If cybersecurity were a religion, the CIA Triad would be its holy trinity. Every security decision, every control, every tool maps back to protecting one or more of these three principles.

And no, we are not talking about the Central Intelligence Agency.

CIA stands for Confidentiality, Integrity, and Availability. Think of them like this:

Principle	The question it answers	Everyday analogy
Confidentiality	Can only the right people see this?	A locked diary — only you have the key
Integrity	Has anyone tampered with this?	A sealed envelope — you can tell if it has been opened
Availability	Can I access this when I need it?	A library that is always open during posted hours

Confidentiality means keeping secrets secret. When Equifax's data was stolen, confidentiality was violated. Encryption, access controls, and classification systems all serve confidentiality.

Integrity means data is accurate and unaltered. If someone changes your bank balance from $5,000 to $500 without authorization, that is an integrity violation — even if they didn't steal anything. Checksums, digital signatures, and version control protect integrity.

Availability means systems work when they need to. When the WannaCry ransomware locked NHS hospital computers in 2017, doctors couldn't access patient records. Nobody stole data — the data was just unavailable. Redundancy, backups, and DDoS protection serve availability.

✗ CIA violated

✗Customer data posted on dark web (Confidentiality)
✗Medical records altered by malware (Integrity)
✗E-commerce site down during Black Friday (Availability)

✓ CIA protected

✓Data encrypted at rest and in transit (Confidentiality)
✓Checksums verify file has not changed (Integrity)
✓Redundant servers keep site running 24/7 (Availability)

There Are No Dumb Questions

"Do you always need all three? Can I just focus on confidentiality?"

All three matter, but the balance shifts based on context. A military intelligence system prioritizes confidentiality above all else — better for the system to go offline than to leak secrets. A hospital emergency system prioritizes availability — a doctor needs patient records now, even if it means slightly relaxed access controls. An online banking system needs all three equally. Understanding these trade-offs is a core skill.

"What about privacy? Is that the same as confidentiality?"

Related but distinct. Confidentiality is a technical property — is the data protected from unauthorized access? Privacy is a legal and ethical concept — does the individual have control over how their personal information is collected, used, and shared? You can have confidentiality without privacy (the data is secure, but the company uses it in ways you never agreed to), and you can have privacy policies without confidentiality (a company promises to protect your data but leaves a database exposed to the internet).

🔒

CIA Triad Scenarios

25 XP

For each scenario, identify which CIA principle is primarily being violated. **Categories:** Confidentiality | Integrity | Availability 1. A ransomware attack encrypts all files on a company's file server. Employees cannot access any documents. → ___ 2. An attacker intercepts and reads emails between a CEO and their lawyer. → ___ 3. A disgruntled employee modifies payroll records so their salary appears $20,000 higher. → ___ 4. A DDoS attack takes down an online retailer's website during its biggest sale of the year. → ___ 5. A hacker gains access to a medical database and downloads patient health records. → ___ 6. Malware silently changes shipping addresses in an e-commerce database so orders go to the attacker. → ___ _Hint: Ask yourself — was data seen by someone who should not see it? (Confidentiality) Was data changed without authorization? (Integrity) Was a system or data made unavailable? (Availability)_

The attack surface — where do attackers get in?

An "attack surface" is every possible point where an unauthorized user could try to enter or extract data. Think of it like the doors, windows, vents, and skylights of a building — the more openings you have, the more places you need to guard.

People — the number one attack vector

Phishing emails, phone scams, fake login pages, pretexting (pretending to be IT support) — social engineering targets the human operating system. Technology can be patched; human nature cannot. An attacker who can convince one employee to hand over their password has bypassed every firewall in the building.

Software vulnerabilities

Every piece of software has bugs. Some bugs are security vulnerabilities — flaws that an attacker can exploit. A "zero-day" is a vulnerability that the software vendor does not know about yet, meaning there are zero days of available protection. The Equifax breach exploited a known vulnerability. Worse attacks exploit unknown ones.

Networks

When data travels between your computer and a server, it passes through routers, switches, DNS servers, and Wi-Fi access points. Each is a potential interception point. Man-in-the-middle attacks intercept traffic. DNS poisoning redirects you to fake websites. Unsecured Wi-Fi is an open invitation.

Physical access

The most underrated attack vector. A USB drive left in a parking lot ("USB drop") is a classic social engineering trick — curiosity makes people plug it in. Tailgating (following someone through a secured door) bypasses access cards. Dumpster diving through discarded documents is still shockingly effective.

Cloud misconfigurations

With organizations moving infrastructure to AWS, Azure, and Google Cloud, misconfigured storage buckets have become one of the most common breach causes. An S3 bucket set to "public" is the digital equivalent of leaving your filing cabinet on the sidewalk.

90%of breaches start with phishing

26000vulnerabilities disclosed in 2023

12minaverage to exploit a new zero-day

Defense in depth — the medieval castle strategy

Here is an analogy that has been used by cybersecurity professionals for decades, because it works perfectly.

Imagine a medieval castle. A castle does not rely on a single wall to keep invaders out. It uses layers — each one makes it harder for an attacker to get through, and each one buys defenders more time to respond.

This is called defense in depth — the principle that no single security control is enough. You need multiple overlapping layers so that when (not if) one layer fails, the next one catches the attacker.

The Moat = Firewall — the first barrier. Filters traffic before it reaches your network. Makes casual attackers turn around.

The Outer Walls = Network segmentation — divides your network into zones. Even if attackers breach the perimeter, they cannot move freely everywhere.

The Guards = Intrusion Detection / Prevention Systems (IDS/IPS) — sentries watching for suspicious behavior and raising the alarm.

ID Checks at the Gate = Authentication and access control — proving you are who you say you are (passwords, MFA, biometrics) and verifying you are allowed in.

Locked Rooms and Vaults = Encryption — even if attackers get inside, the valuables are locked in ciphered containers they cannot open.

The Escape Plan = Incident response — when a breach happens, you have a rehearsed plan to contain the damage, preserve evidence, and recover.

⚠️No castle is unbreachable

Defense in depth does not guarantee security — nothing does. Its goal is to make attacks expensive, slow, and noisy. An attacker who has to bypass six layers of defense is far more likely to be detected than one who only faces a single firewall. The question is never "Can we be hacked?" (yes). The question is "How hard is it, and how fast will we know?"

🔒

Build Your Castle

50 XP

You are the new security lead for a small e-commerce company that sells handmade furniture online. You have 50 employees, a website hosted on AWS, a customer database with 200,000 records including payment information, and a warehouse with physical inventory. Your CEO says: "Just buy a good firewall and we are fine." Explain to your CEO why a firewall alone is not enough. Design a defense-in-depth strategy using the castle analogy. For each of the six layers (Moat, Walls, Guards, ID Checks, Locked Rooms, Escape Plan), describe the specific security measure you would implement and explain what threat it addresses. _Hint: Think about all five attack surface areas — people, software, networks, physical, and cloud. A good defense-in-depth plan addresses each one. Do not forget employee security awareness training — remember, people are the number one attack vector._

The cybersecurity career landscape

Here is the good news: cybersecurity is one of the fastest-growing, highest-paying, and most in-demand career fields on the planet. And unlike many tech careers, you do not necessarily need a computer science degree to break in.

4M+unfilled cybersecurity jobs globally

0%unemployment rate in cybersecurity

35%projected job growth through 2031

Key roles and what they pay

Role	What you do	Typical salary (USD)	Entry requirement
SOC Analyst	Monitor security alerts, triage incidents, first responder	$65,000 - $90,000	Security+ cert, basic networking knowledge
Penetration Tester	Legally hack organizations to find vulnerabilities before criminals do	$90,000 - $130,000	CEH or OSCP, strong technical skills
Security Engineer	Design, build, and maintain security infrastructure	$110,000 - $160,000	3-5 years experience, cloud/networking expertise
Incident Responder	Investigate breaches, contain damage, perform digital forensics	$85,000 - $120,000	GCIH cert, analytical mindset
CISO	Chief Information Security Officer — leads security strategy for an entire organization	$200,000 - $400,000	10+ years experience, business and leadership skills

The SOC Analyst role is where most people start. Think of it as the emergency room of cybersecurity — you are the first person to see the alerts, decide what is real, and escalate serious incidents. It is not glamorous, but it is where you build the instincts that every other role requires.

Breaking in without a CS degree

Many of the best security professionals came from non-traditional backgrounds — military, law enforcement, IT support, even teaching. What matters more than a specific degree:

Curiosity — you genuinely enjoy figuring out how things work (and break)
Problem-solving — you can think like an attacker to defend like a pro
Continuous learning — threats evolve daily; you have to evolve with them
Communication — explaining risk to non-technical executives is half the job

The certification roadmap

Certifications are the currency of the cybersecurity job market. They prove to employers that you have a baseline of verified knowledge. Here is the path most professionals follow:

Certification	What it covers	Cost	Difficulty	Best for
CompTIA Security+	Foundational security concepts, threats, architecture, operations	~$404 (verify at comptia.org for current pricing)	Beginner-friendly	Your first security role — SOC Analyst, junior security
CEH (Certified Ethical Hacker)	Hacking tools and techniques from the attacker perspective	~$1,200	Intermediate	Aspiring penetration testers
CISSP	Security management, risk, architecture — broad and deep	~$750	Advanced (requires 5 years experience)	Senior roles, management, CISO track
OSCP	Hands-on penetration testing — 24-hour practical exam	~$1,600	Very hard — purely practical	Serious penetration testers and red teamers

🔑Start with Security+

If you are new to cybersecurity, CompTIA Security+ is the recommended starting point. It is vendor-neutral, widely recognized, and meets the DoD 8140 (formerly 8570) baseline certification requirement (meaning it qualifies you for many US government security roles). Many employers list it as a minimum requirement for entry-level positions. Everything in this course aligns with Security+ exam objectives.

Back to Equifax

One server. One missing patch. Two months of neglect. The attackers moved through Equifax's network for 76 days before anyone noticed, and 147 million Americans lost their personal data. Every concept in this module — threat actors, attack surfaces, the CIA Triad, defense in depth — maps directly to what went wrong. The patch existed. The vulnerability was known. The failure was not technical complexity; it was the absence of basic security discipline applied consistently.

Key takeaways

The Equifax breach showed that a single unpatched server can expose 147 million records — cybersecurity failures have real, massive consequences
Five threat actor types operate with different motivations and capabilities — from script kiddies seeking bragging rights to nation-states conducting espionage
The CIA Triad (Confidentiality, Integrity, Availability) is the foundation of every security decision — learn to evaluate any scenario through this lens
Attack surfaces span people, software, networks, physical access, and cloud — people remain the weakest link
Defense in depth means layering security controls so no single failure is catastrophic — think medieval castle, not single fence
Cybersecurity careers offer strong salaries, near-zero unemployment, and accessible entry paths — start with Security+ and a SOC Analyst role

Next up: You know the battlefield — who is attacking, what is at stake, and how defense works in layers. But what do those attacks actually look like? In the next module, you will dissect the playbooks behind phishing, ransomware, zero-days, and social engineering — and learn the seven-step Kill Chain that every sophisticated attack follows.

Knowledge Check

1.In the 2017 Equifax breach, what was the root cause that allowed attackers to gain initial access?

2.A ransomware attack encrypts a hospital's patient records, preventing doctors from accessing critical medical information during emergencies. Which CIA Triad principle is PRIMARILY violated?

3.A company installs a state-of-the-art firewall but takes no other security measures. An employee falls for a phishing email, gives away their password, and an attacker accesses the internal network. Which security principle did the company fail to follow?

4.Which entry-level cybersecurity certification is most widely recommended as a starting point, is vendor-neutral, and meets US Department of Defense baseline requirements?