A practical reference guide covering cybersecurity fundamentals, common threats, tools, and defence strategies — by Frank Armah, Cybersecurity Certified Professional (ZSecurity).
This repo documents my cybersecurity knowledge and hands-on learning. It covers:
- ✅ Core cybersecurity concepts and terminology
- ✅ Common attack types and how they work
- ✅ Defence strategies and best practices
- ✅ Essential tools every IT professional should know
- ✅ Real-world security scenarios and how to handle them
| Certificate | Issuer |
|---|---|
| 🔐 Cybersecurity Fundamentals | ZSecurity |
- Core Concepts
- Common Threats & Attacks
- Defence Strategies
- Essential Security Tools
- Network Security
- Cybersecurity in the Workplace
- Real-World Scenarios
- Security Checklist
- Resources
The foundation of all cybersecurity:
| Principle | Meaning | Example |
|---|---|---|
| Confidentiality | Only authorised users can access data | Password protection, encryption |
| Integrity | Data is accurate and hasn't been tampered with | File hashing, digital signatures |
| Availability | Systems and data are accessible when needed | Backups, redundancy, uptime monitoring |
| Term | Definition |
|---|---|
| Vulnerability | A weakness in a system that can be exploited |
| Exploit | A method used to take advantage of a vulnerability |
| Threat | Any potential danger to a system or data |
| Risk | The likelihood and impact of a threat being realised |
| Attack Surface | All the points where an attacker could try to enter |
| Zero-Day | A vulnerability unknown to the software vendor |
| Patch | A software update that fixes a security vulnerability |
| Authentication | Verifying who a user is |
| Authorisation | Determining what a user is allowed to do |
| Encryption | Converting data into unreadable format without a key |
What it is: Fraudulent emails or messages that trick users into revealing credentials or clicking malicious links.
How to spot it:
- Urgent or threatening language
- Suspicious sender email address
- Generic greetings ("Dear Customer")
- Links that don't match the claimed website
- Requests for passwords or personal info
Defence: Security awareness training, email filtering, multi-factor authentication (MFA)
What it is: Malicious software designed to damage, disrupt, or gain unauthorised access to systems.
Types:
| Type | Description |
|---|---|
| Virus | Attaches to files and spreads when opened |
| Ransomware | Encrypts files and demands payment |
| Spyware | Secretly monitors user activity |
| Trojan | Disguises itself as legitimate software |
| Worm | Self-replicates across networks without user action |
Defence: Antivirus software, regular updates, user education
What it is: Attacker secretly intercepts communication between two parties.
Common scenarios:
- Public Wi-Fi interception
- ARP spoofing on local networks
- SSL stripping
Defence: Use HTTPS, VPNs, avoid public Wi-Fi for sensitive tasks
What it is: Flooding a system with traffic to make it unavailable to legitimate users.
Defence: Firewalls, rate limiting, DDoS protection services, load balancing
What it is: Inserting malicious SQL code into input fields to manipulate databases.
Example:
-- Normal input: username
-- Malicious input:
' OR '1'='1Defence: Input validation, parameterised queries, web application firewalls (WAF)
What it is: Manipulating people psychologically to reveal confidential information.
Tactics:
- Pretexting (creating a fake scenario)
- Baiting (leaving infected USB drives)
- Tailgating (following someone into a secure area)
- Vishing (voice phishing over phone calls)
Defence: Staff training, strict verification policies, security culture
What it is: Systematically trying every possible password combination until the correct one is found.
Defence: Strong passwords, account lockout policies, MFA, CAPTCHA
Using multiple layers of security so that if one fails, others still protect the system.
Layer 1 → Physical Security (locked server rooms)
Layer 2 → Network Security (firewalls, IDS)
Layer 3 → Endpoint Security (antivirus, EDR)
Layer 4 → Application Security (input validation, WAF)
Layer 5 → Data Security (encryption, backups)
Layer 6 → User Security (MFA, training)
Users should only have access to what they need to do their job — nothing more.
✅ Good: IT support staff can reset passwords but cannot modify firewall rules ❌ Bad: Every employee has admin access to all systems
"Never trust, always verify" — assume every user and device could be compromised.
Key principles:
- Verify every user, every time
- Limit access to only what's needed
- Monitor and log all activity
- Assume breach has already occurred
| Tool | Category | Use |
|---|---|---|
| Nmap | Network Scanner | Discover hosts and open ports on a network |
| Wireshark | Packet Analyser | Capture and analyse network traffic |
| Metasploit | Penetration Testing | Test systems for vulnerabilities |
| Burp Suite | Web Security | Test web application security |
| John the Ripper | Password Testing | Test password strength |
| Nessus | Vulnerability Scanner | Scan systems for known vulnerabilities |
| Snort | IDS/IPS | Detect and prevent network intrusions |
| OpenVAS | Vulnerability Scanner | Open-source vulnerability assessment |
| Type | Description |
|---|---|
| Packet Filtering | Filters traffic based on IP, port, protocol |
| Stateful Inspection | Tracks connection state for better filtering |
| Application Layer | Inspects traffic at application level (Layer 7) |
| Next-Gen Firewall (NGFW) | Combines traditional firewall with IDS/IPS, DPI |
| Port | Protocol | Security Note |
|---|---|---|
| 22 | SSH | Secure — but restrict access |
| 23 | Telnet | |
| 80 | HTTP | |
| 443 | HTTPS | Secure web traffic |
| 3389 | RDP | |
| 21 | FTP |
Encrypts internet traffic and masks IP address.
Use cases:
- Secure remote work connections
- Protecting data on public Wi-Fi
- Accessing company resources remotely
- How to identify phishing emails
- Password hygiene and management
- Safe use of USB devices
- Social engineering awareness
- Incident reporting procedures
- Safe internet browsing habits
1. IDENTIFY → Detect and confirm the incident
2. CONTAIN → Isolate affected systems immediately
3. ERADICATE → Remove the threat completely
4. RECOVER → Restore systems and data
5. LESSONS → Document and improve defences
- ✅ Minimum 12 characters
- ✅ Mix of uppercase, lowercase, numbers, symbols
- ✅ Different password for every account
- ✅ Use a password manager
- ✅ Enable Multi-Factor Authentication (MFA)
- ❌ Never share passwords
- ❌ Never use personal info (birthdays, names)
- ❌ Never reuse old passwords
Situation: An employee receives an email claiming to be from IT, asking them to reset their password urgently via a link.
Red flags:
- Urgent language
- Link goes to a non-company domain
- Email from external address
Response:
- Do NOT click the link
- Report to IT department immediately
- IT investigates and blocks the sender
- Send security awareness reminder to all staff
Situation: A staff member opens an email attachment and files start getting encrypted.
Immediate response:
- Disconnect the device from the network immediately
- Notify IT security team
- Identify scope — which systems are affected
- Restore from clean backups
- Investigate how the attack entered
- Patch the vulnerability
Situation: Security logs show login attempts from an unknown IP address at 3am.
Response:
- Block the IP address at the firewall
- Review all login logs for that period
- Force password reset for targeted accounts
- Enable MFA on all accounts
- Investigate if any data was accessed
- All systems patched and up to date
- Firewall rules reviewed and documented
- Unused ports and services disabled
- MFA enabled on all critical systems
- Backups tested and verified
- Access rights reviewed (least privilege)
- Security logs monitored regularly
- Staff security awareness training conducted
- Incident response plan documented and tested
- Antivirus/EDR deployed on all endpoints
- OWASP Top 10 — Top 10 web application security risks
- NIST Cybersecurity Framework — Industry standard security framework
- ZSecurity — My certification platform
- Cybrary — Free cybersecurity courses
- TryHackMe — Hands-on cybersecurity labs
- Have I Been Pwned — Check if your email has been breached
⭐ If you find this useful, feel free to star the repo!
— Frank Armah | IT Professional | Ghana 🇬🇭