Module 1
Stepping Into the Cybersecurity World
I just finished Module 1 of Google’s Cybersecurity Certificate, and while I’ve always had an interest in security, this gave structure and shape to that curiosity. Forget the Hollywood stuff, black hoodies and blinking green code, this is about real systems, real risks, and real responsibility.
It’s got layers: people, tools, policies, ethics, attackers, and defenders.
What I learned
CIA Triad
No, not the spy agency. It’s the holy trinity of cybersecurity:
- Confidentiality – Only the right people should access the data.
- Integrity – The data shouldn’t be changed or messed with.
- Availability – The data and systems should always be usable when needed. It’s simple but everywhere. I now keep asking: *“Which part of the CIA triad is being protected (or broken) here?
💻 Cybersecurity is way more than just hacking (even though that’s all most online course ads talk about.)
There are so many roles! Not just “ethical hackers” but also:
- SOC/Security analysts
- Threat Hunters
- Compliance analysts
- Security Engineers and many more
It feels like there’s a place for all kinds of minds here, not just coders.
Threat Actor vs. Threat
- Threat actor = who’s coming for you
- Threat = what they’re trying to do
Think of it like this: A threat actor is the burglar, and the threat is the break-in they’re planning.
Security Posture
It’s like your digital immune system. Some companies are rock solid, others are basically on a junk food diet.
At first, I thought “security posture” was just about how strong your tools are like what firewall or antivirus you’ve got running. But it’s deeper than that. You can have the best tech stack in place, but if employees are still using passwords like Password123, what’s the point? It’s how seriously a company treats security in their day-to-day habits.
It showed me that security isn’t just tools, it’s mindset, culture, and discipline.
Compliance
Didn’t expect this to be such a big deal.
Skipping rules like GDPR or HIPAA can cost companies millions.
It’s not just “legal stuff”, it’s accountability. And it’s part of defense.
Stuff That Changed My Perspective
Internal Threats
I assumed the bad guys are “out there.”
Turns out, it could be someone inside clicking a sketchy link or misconfiguring a system.
The enemy isn’t always external, sometimes it’s careless insiders.
Security Frameworks ( ISO)
I never really bothered to understand that there are different types of ISO certifications, I just knew I kept seeing “ISO 9001” thrown around in marketing. It always felt like a buzzword, slapped onto brochures to make things look official. I didn’t realize how different it was from something like ISO 27001, which actually focuses on information security and requires serious internal commitment.
What I Want to Explore More
Cloud Security
I want to dive into how cloud environments are secured, from configuration and access control to permission management and data sharing.
SIEM Tools
Just a teaser so far, but the concept of a tool that watches logs and raises alerts?
That’s exciting.
Security Careers
There’s more to this world than just “hackers” or “IT guys.”
Red teams, blue teams, SOC analysts, forensic investigators, compliance analyst, cloud security engineers. I don’t know yet where I fit, but at least I know the terrain now. Hoping real-world projects give me clarity.
My takeaway:
Cybersecurity = protecting what matters, digitally.
It’s a field that mixes logic, curiosity, and responsibility and honestly, I’m getting more excited with every passing minute.
Final Thoughts
This first module felt like trying to untangle a giant knot, but also kind of thrilling.
Security isn’t just a skill, it’s a lens. A mindset. A way of looking at things.
You start noticing the little cracks in systems, apps, even your own digital habits.
For the first time, tech feels alive like I’m not just using it, but questioning it.
Now, I’m noticing things like:
- What privacy settings apps actually offer
- How companies respond to breaches
- What makes a password policy strong or weak
And honestly? That awareness feels powerful.
What’s Next
Next up: Module 2 - diving into the actual threats.
Malware, phishing, worms, and all the chaotic ways systems get compromised.
Spoiler: It involves love letters, rogue USB drives, and some wild political motives.
Let’s go deeper.