Why Everyone Should Know Security Essentials
LPI has just released the Security Essentials certificate. Our interest in this topic is not arbitrary: These days, IT security news is ubiquitous. Every day, someone’s data is encrypted for ransom, personal information is copied, and new security vulnerabilities are discovered. Even though this all sounds technical, cryptic, and somehow far away, many of these attacks may personally affect you and me.
Some IT security attacks are very sophisticated, and far too professional for us as individuals to deal with. But not every attack is as elaborate as, for example, the SolarWinds hack (do some research, there is a lot to learn!). While some of the attacks seem trivial – they still may be effective. That is because people do quickly confirm their personal data on a new online portal allegedly put by their bank. People do thoughtlessly open the attachment to the cancellation email from their employer. And people do share some vacation photos publicly in social media; even that innocent-seeming act gives potential attackers an opening to call your office, ask for information on behalf of the person on vacation, and cause havoc.
These are everyday mistakes that can have severe consequences. Anyone using digital devices will be exposed to these kinds of threats sooner than later. Sometimes it just takes a single moment of distraction. I myself once had my credit card blocked the day before Christmas holidays, because I didn't notice that I was using a compromised ATM. When I found out, I questioned myself how I possibly could not have noticed that the machine was unsafe, especially considering myself a security aware person. Luckily, I was covered by my bank. But certainly, no one wants to be the person who opens an email attachment that triggers encryption across all servers in their company.
With Security Essentials, we want not only to create awareness for these dangers, but also provide guidance for the right ways to deal with them. We want to enable everyone to understand the basics of IT security. Beyond learning the right way to deal with personal data, email attachments, and phishing attempts, a good security education also includes general knowledge. For example, what does it mean when a web browser indicates that a connection is not secure? What constitutes such a secure connection anyway? Two simple questions whose answers require the concepts of private keys, public keys, and certificates.
These basic concepts are also part of the exam, but only as far as they are absolutely necessary to understand threats and countermeasures. Candidates will understand what's behind news reports about companies losing access to all of their data, customer data being stolen from online shops, email servers all over the world becoming vulnerable, and botnets marauding against IT infrastructure of everykind. Candidates will recognize common security threats and know how to mitigate them.
This knowledge can be the beginning on which a whole career in IT security is built. But this knowledge is first and foremost the foundation on which we can all protect ourselves and our environment. Sometimes, the people we don't ususally associate with IT security are the ones who benefit the most from special expertise in it. Security attacks do not necessarily come through the networking infrastructure. In the form of emails, lost USB drives, phone calls, or alleged new colleagues asking for the WiFi password, attacks can show up at every company’s reception desk.
This knowledge is included in Security Essentials. We also delve under the surface to cover a broad list of topics beyond typical introductions to security. We offer theoretical basics where they are needed to really understand a topic.
Security Essentials, even more than our other Essentials exams, addresses beginners with no prior knowledge of computing except the routine use of their devices. The required knowledge can be acquired with reasonable effort, and the exam objectives are transparent and of practical relevance. Learning Materials and translations are in the works.
In addition, we try to keep the costs of the exam as low as possible. We explicitly address learners in an academic environment, such as schools and universities, but also companies and individuals who need a thorough introduction to a topic.
Personally, I am excited about the new certificate. If the exam preparation helps some of our candidates to mitigate attacks against their devices, data, or accounts, the work has been worth it.
However, we are not done yet. We are still looking for help with the Learning Materials for Security Essentials. If anyone feels called upon, please be sure to contact us. IT security is an exciting topic, whether you're preparing for your exam, writing a lesson for the learning materials or, as your knowledge grows, advancing your career.
We will be reading more about Security Essentials in the LPI blog in the upcoming posts, with some folks from LPI partners sharing their insights. In the meantime, I wish all candidates an enjoyable preparation and much success in the exam.