Gain insights into cyber security fundamentals, explore common threats, discover protection mechanisms like firewalls, learn monitoring and response strategies, and develop secure systems as a developer.

Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Maintain an organization’s security posture

Each security decision should address at least one of the following concepts in this section. If it doesn’t, challenge its value. Implementing a new control means making a change to the production environment. Any change runs the risk of breaking something that was working before or even increasing the attack surface. Changes shouldn’t be taken lightly. Any change should maintain, if not improve, an organization’s security posture. Therefore, if we decide to implement a security control, the net benefit of that change should be mapped back to a core security concept.


## Security theater

**Security theater** means implementing a security control only to say that a security control has been implemented without actually improving security. Since changes like this don’t make the organization any safer, we want to avoid them.


## An increase in an organization’s complexity

Changes also run the risk of increasing an organization’s complexity. There’s a general rule that the more complex something is, the greater the chance that something will go wrong. In a security context, complexity increases the likelihood of vulnerabilities and bugs being exploited. In addition to their contribution to security, proposed changes should also be evaluated for complexity. Changes that increase complexity should be considered carefully because they can adversely impact the organization’s overall security.






# Maintain an organization’s security posture

Each security decision should address at least one of the following concepts in this section. If it doesn’t, challenge its value. Implementing a new control means making a change to the production environment. Any change runs the risk of breaking something that was working before or even increasing the attack surface. Changes shouldn’t be taken lightly. Any change should maintain, if not improve, an organization’s security posture. Therefore, if we decide to implement a security control, the net benefit of that change should be mapped back to a core security concept.


# Security theater

**Security theater** means implementing a security control only to say that a security control has been implemented without actually improving security. Since changes like this don’t make the organization any safer, we want to avoid them.


# An increase in an organization’s complexity

Changes also run the risk of increasing an organization’s complexity. There’s a general rule that the more complex something is, the greater the chance that something will go wrong. In a security context, complexity increases the likelihood of vulnerabilities and bugs being exploited. In addition to their contribution to security, proposed changes should also be evaluated for complexity. Changes that increase complexity should be considered carefully because they can adversely impact the organization’s overall security.






Learn to secure an organization by carefully introducting security measures.


General Security Concepts

Learn to secure an organization by carefully introducting security measures.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

General Security Concepts

Maintain an organization’s security posture