Today marks the official start of my deep dive into cybersecurity, and I couldnāt be more energized. Iāve set my sights on earning the CompTIA Security+ certificationāa foundational credential that opens doors to high-impact roles in security engineering, incident response, and cloud architecture. The goal? Complete all training material by the end of September and sit for the exam with confidence and precision.
š Day One: Fundamentals of Security (Objectives 1.1 & 1.2)
I kicked things off by exploring the bedrock principles that define cybersecurity. These arenāt just buzzwordsātheyāre the DNA of every secure system.
š§¬ CIANA: The Pillars of Security
- Confidentiality ā Keeping sensitive data private and protected from unauthorized access.
- Integrity ā Ensuring data remains accurate and unaltered unless by authorized means.
- Availability ā Making sure systems and data are accessible when needed.
- Non-repudiation ā Guaranteeing that actions or communications canāt be denied later.
- Authentication ā Verifying identity before granting access.
Together, these form the CIANA modelāa framework thatās already reshaping how I think about system design and risk mitigation.
š AAA: The Access Control Triad
- Authentication ā Who are you?
- Authorization ā What are you allowed to do?
- Accounting ā What did you do?
This trio is essential for tracking user behavior, enforcing permissions, and maintaining audit trails. Itās the backbone of secure access management.
š”ļø Security Controls: Categories & Types
I also explored how organizations implement safeguards through:
- Control Categories: Managerial, Operational, and Technical
- Control Types: Preventive, Detective, Corrective, Deterrent, and Compensating
Understanding these distinctions helps clarify how layered defenses work in practiceāand how to evaluate their effectiveness.
š§± Zero Trust & Gap Analysis
The Zero Trust model was a standout concept: āNever trust, always verify.ā Itās a mindset shift that assumes breach and demands continuous validation. Paired with Gap Analysis, which identifies where current security measures fall short, Iām already thinking like a security architectāspotting weaknesses and planning improvements.
šÆ Whatās Next?
This journey is more than just passing an exam. Itās about building a strategic foundation for a career in cybersecurityāone that blends technical mastery with operational insight. Iāll be tracking my progress, sharing key takeaways, and reflecting on how each concept fits into the broader security landscape.
By the end of September, I aim to be exam-ready. But more importantly, I want to be role-readyāprepared to contribute meaningfully to any security team I join.
Stay tuned. The grind has begun. š»
