Secure Systems: A Quick Introduction to 4 Types of Cybersecurity

In the modern age, our lives are deeply entangled with digital technology, creating a vast web of connections that span across the globe. As we become increasingly reliant on these connections to navigate daily life, it becomes equally important to understand how exploitable these connections can be.

There’s a fascinating dynamic between those who protect networks, systems and data, and those who attempt to penetrate them, creating a unique challenge for cybersecurity professionals. Cybersecurity is a digital battleground where defenders and attackers constantly engage in a high-stakes, ever-evolving game of strategy and tactics.

Attackers and other cybercriminals often attempt to gain unauthorized access to, modify, or corrupt sensitive information, extort money from users, or disrupt normal business operations.

Defenders, on the other hand, work to secure networks, systems, information technology, and data. Cybersecurity professionals are responsible for anticipating vulnerabilities, designing robust security measures, and rapidly responding to incidents.

This ongoing struggle makes cybersecurity an especially intriguing and captivating field for individuals willing to tangle with cybersecurity threats on a regular basis.

However, cybersecurity isn’t a monolith but a multifaceted field with various domains and specializations.

So, for today, we’ll take a closer look at four key domains within cybersecurity.

Let’s get started!

Core concepts every introduction to cybersecurity should define#

Before diving into domains, align on the basics you’ll see everywhere:

• CIA triad: Confidentiality (only the right people see data), Integrity (data can’t be altered unnoticed), Availability (systems are up when needed). Almost every control you’ll encounter maps to one of these goals.

• Risk, threat, vulnerability: Risk is the potential for loss, typically expressed as likelihood × impact. A threat is anything that can cause harm (criminals, insiders, natural events). A vulnerability is a weakness that a threat can exploit.

• Attack surface: All the ways an adversary could interact with your systems—externally facing services, endpoints, identities, third-party vendors, misconfigurations.

• Defense in depth: Layer controls so one failure doesn’t lead to compromise.

• Threat actors: From financially motivated groups and ransomware affiliates to insiders and nation-state operators—motivations and capabilities differ, so defenses must be layered and contextual.

These anchors make the rest of this introduction to cybersecurity easier to apply in real environments.

Network Security#

Network security refers to the processes and practices designed to safeguard computer networks from unauthorized access, misuse, or damage. It involves implementing both hardware and software solutions to maintain the confidentiality, integrity, and availability of network infrastructure.

Network security protects data transmission across networks using firewalls, intrusion detection/prevention systems, and secure protocols like SSL/TLS. This can also involve securing DNS servers and routers to prevent cyber attacks and unauthorized access to the network.

It is the first line of defense against external threats.

Why is network security important?#

Network security is crucial for protecting sensitive data, preventing unauthorized access to systems, and ensuring the smooth operation of your network.

A secure network forms the foundation for the overall cybersecurity of an organization or individual, ensuring that data and communications are safe from threats. Network security also plays a significant role in maintaining user trust and meeting regulatory and compliance requirements.

Examples of network security measures#

• Firewalls: These are hardware or software-based systems that control incoming and outgoing network traffic. They act as a barrier between trusted and untrusted networks, allowing only authorized traffic to pass through.
• Virtual Private Networks (VPNs): VPNs create a secure, encrypted tunnel for data transmission between a user’s device and the network, ensuring that data remains confidential and cannot be intercepted.
• Intrusion Detection Systems (IDS): IDS monitors network traffic for suspicious activity, alerting administrators to potential threats.
• Secure Network Protocols: Protocols like HTTPS and SSL/TLS provide secure communication over the internet by encrypting data transmitted between devices.

Common network security threats#

• Malware: Malicious software such as viruses, worms, and Trojans that can infect and compromise systems.
• Phishing Attacks: Cyber attackers use deceptive emails and websites to trick users into revealing sensitive information or installing malware.
• Distributed Denial of Service (DDoS) Attacks: Attackers overwhelm a network or website with a flood of traffic, rendering it unavailable to users.
• Unauthorized Access: Hackers exploit network vulnerabilities to gain unauthorized access to sensitive data and systems.

Additional types of cybersecurity#

Here are some additional types of cybersecurity that you may encounter:

• Information Security: Focuses on protecting information systems and data from unauthorized access, while cybersecurity encompasses protecting computer systems, networks, and data from digital attacks.
• Infrastructure Security: A set of practices, processes, and technologies designed to protect an organization’s physical and digital infrastructure, including its hardware, software, network devices, data centers, and other critical components, from potential cyber threats. These measures include physical security controls such as access controls, monitoring, and security systems, as well as digital security measures such as firewalls, intrusion detection/prevention systems, and network segmentation.
• Identity and Access Management (IAM): A set of processes and technologies used to manage and control access to systems and data, ensuring that only authorized users can access sensitive resources.
• Mobile Device Security: As more people use mobile devices to access the internet and store sensitive data, mobile device security has become increasingly important. Mobile device security measures help protect devices and end users from cybercrimes like malware and data theft.
• Internet of Things (IoT) Security: IoT security refers to the security measures used to protect connected devices and systems, such as smart homes and industrial control systems, from cyber threats.
• Behavioral Analytics: A type of cybersecurity that uses machine learning algorithms to detect anomalous behavior that could indicate a cyber attack or security breach.

If you’re new to the world of cybersecurity, it can be overwhelming to navigate all the different best practices and guidelines. One resource that can help is the National Institute of Standards and Technology (NIST) Cybersecurity Framework^[1].

This framework provides a set of guidelines and best practices for managing and reducing cybersecurity risks and is widely adopted by organizations of all sizes and types.

Social Engineering and Cybersecurity#

Despite robust technical security measures, social engineering attacks can bypass the most advanced security systems by targeting the weakest link in the security chain: people. Cybercriminals use social engineering to bypass security controls, gain access to critical data or systems, or deliver malware and viruses to targeted individuals or organizations.

Social engineering is a critical aspect of cybersecurity, as it involves exploiting human behavior to gain unauthorized access to systems, data, or sensitive information.

Social engineering techniques can include phishing emails, pretexting, baiting, and other methods that aim to manipulate individuals into divulging confidential information or taking actions that can compromise security. Cybercriminals often use phishing scams to try and trick people into providing their credit card information because it’s lucrative and relatively easy to obtain.

Incident response in five steps#

Even with strong prevention, detection and response determine blast radius:

1. Prepare: Run tabletop exercises, define playbooks, inventory assets, and ensure logging/telemetry coverage.

2. Detect & analyze: Triage alerts, correlate signals (e.g., unusual logins, anomalous data egress), confirm scope and entry vector.

3. Contain: Isolate affected endpoints/accounts, apply network blocks, snapshot evidence. Choose short-term vs. long-term containment to balance business continuity.

4. Eradicate & recover: Remove malware, rotate credentials/keys, patch root-cause vulnerabilities, restore from clean backups, validate integrity before going live.

5. Lessons learned: Update controls and runbooks, close gaps in monitoring, and share findings. Measure mean time to detect (MTTD) and mean time to respond (MTTR) to track progress.

This operational lens complements a conceptual introduction to cybersecurity with concrete muscle memory.

Vulnerability management, crypto basics, and your first 30-day learning plan#

• Vulnerability management: Start with an asset inventory (you can’t secure what you don’t know), run authenticated scans, prioritize using exploitability and business impact (not just CVSS score), and track remediation SLAs. Pair patching with compensating controls when downtime is constrained.

• Crypto in practice:

  • Encryption in transit: Use TLS everywhere between clients, services, and databases.

  • Encryption at rest: Enable managed encryption for disks, S3-style object stores, and databases.

  • Hashing: Store passwords with slow, salted hashes.

  • Key management: Centralize keys; rotate and restrict access; avoid embedding secrets in code.

• 30-day plan to operationalize this introduction to cybersecurity:

  • Week 1: Build a glossary (terms above), diagram a simple home or lab network, and enable MFA on all critical services.

  • Week 2: Stand up a small lab (VMs or containers) with a web app behind a reverse proxy; capture logs; practice basic hardening (firewall rules, least privilege).

  • Week 3: Run a vulnerability scan against the lab, remediate findings, and write a short incident response playbook for a mock phishing incident.

  • Week 4: Add identity controls (SSO if possible, otherwise role-based auth), enable backups, and conduct a tabletop exercise using the five-step IR flow.

Completing this plan turns an introduction to cybersecurity into actionable skills you can demonstrate in interviews or on the job.

Wrapping up and next steps#

To pursue a career in cybersecurity, it’s important to have a strong foundation in computer science, information technology, or a related field. Many cybersecurity jobs also require industry certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Ethical Hacker (CEH) certification.

So, what’s next?

An indispensable tool for cybersecurity that you can learn to use today is the Command Line Interface (CLI). It’s important to become comfortable using the command line because it’s fundamental for interacting with computer systems, managing files, and accessing network information.

To get started with mastering the CLI, consider checking out our Master the Bash Shell course. This comprehensive resource will help you unlock the full potential of the command line, and pave the way for you to become an effective cybersecurity expert.

Continue reading about cybersecurity#

• Bash cheat sheet: Top 25 commands
• Guide to Cybersecurity: Learn how to defend your systems
• What is ethical hacking and penetration testing? Get paid to hack