Skip to content

Security Fundamentals

Core Concepts

CIA Triad

  • Confidentiality — Prevent unauthorized access (encryption)
  • Integrity — Prevent unauthorized modification (hashing)
  • Availability — Ensure systems accessible (DDoS mitigation)

Authentication Factors

  • Something you know — Password
  • Something you have — Token, smart card
  • Something you are — Biometrics (fingerprint)

OWASP Top 10 (2026)

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection (SQL, XSS, command)
  4. Insecure Design
  5. Security Misconfiguration

Common Attacks

Attack Description
Phishing Social engineering via email
SQL Injection Database manipulation via input
XSS Inject JavaScript into web pages
MITM Intercept network traffic

Essential Tools

Tool Purpose
Nmap Network scanning (port discovery)
Wireshark Packet analysis (network traffic)
Burp Suite Web app testing (proxy, scanner)
Metasploit Exploitation framework
John the Ripper Password cracking

Security+ Certification

Why Security+? - Industry baseline (HR filters require it) - Covers all security domains (breadth over depth) - Makes you employable (entry-level requirement) - Study time: 2-3 months (1 hour daily)

Study resources: - Professor Messer YouTube (free, excellent) - Jason Dion Udemy course ($15 on sale) - Practice exams (critical — do 5+ full exams)

Exam details: - Cost: $400 - Format: 90 questions, 90 minutes - Passing: 750/900 (83%) - Difficulty: Moderate (not technical deep-dive)

By End of Phase 1

  • Understand security concepts (CIA, AAA, defense in depth)
  • Know basic attack techniques (SQLi, XSS, phishing)
  • Completed 50+ TryHackMe rooms (hands-on practice)
  • Security+ certification obtained
  • Can explain MITM attack to non-technical person

Last Updated: 2026-02-02 | Vibe Check: Foundation Builder - Security+ is your first real credential. Don't skip the hands-on practice. 50+ TryHackMe rooms before the exam. Theory + practice = hireable.

Tags: security-fundamentals, security-plus, comptia, certification