The ABC's of

Cybersecurity

A Perfect Introduction

Mantej S. Lamba
To All Of My Closest Family and Friends
 Table of Contents

Foreword 1

Cybersecurity: Brief Overview 2

and Importance

Threats and Motives 4

Cyber Attacks 10

Defense 16

Future 22

The Next Steps 26

Acknowledgements 28

About the Author 29

 Foreword:
Hello! I am so glad that you have decided to
dive into the field of cybersecurity! Cybersecurity is
a career filled with endless possibilities and it will
only keep growing in the future. In this book, I will
take you through a simple, yet informative
introduction that will teach you the basic
terminology, concepts and fundamentals of
cybersecurity. This book includes colorful pictures
and diagrams to help students and beginners
visualize these topics. It would not be as
beneficial for professionals trying to progress in
their career, but rather for people who are eager
to take the first step towards learning about
cybersecurity.
I am a high school senior, and I enjoy learning about
cybersecurity and computer programming. For the past
months, I have been taking online courses and reading
books in order to advance my understanding of this
field. During my learning sessions, I realized that there
were almost no introductory cybersecurity books geared
towards children. If we take a look at other fields -
medicine, economics, computers in general - we see
that there are plenty of books for introductory learners,
but not cybersecurity. The future of this career depends
on the children of today, and if we are not able to reach
out to them and inform them of this field, we will not
be able to progress. By writing this book, I hope to
inspire kids to enter this field and learn more about the
amazing benefits cybersecurity has to offer. I am excited
to start this journey with you, so let’s begin by heading
straight into our first chapter - Cybersecurity: Brief
1 Overview and Importance.
Cybersecurity: Brief Overview and Importance

Cybersecurity is a set of technologies, practices and processes

that are designed to protect networks, computers and data from
becoming compromised. These tools and practices are used by
millions of companies worldwide and help keep away attackers
who are trying to get into a system. There are a few terms which
are commonly used in cybersecurity, and it is almost mandatory
that you realize what they mean. Gaining a strong
understanding of these concepts when dealing with cybersecurity
will create a strong base for you to work off of and will help you
master complex topics.
The first concept is assets. In cybersecurity, an asset is a
piece of information that is of some importance to you or the
company. These assets could be code, customer data, or
important emails sent between executives. Not all companies
will value an asset in the same way.
For example, if a company uses their email
frequently to discuss possible business solutions,
they will value their emails a lot more than a
company that does not use them at all. Assessing
the value of assets is a key part of cybersecurity and it varies
between organizations.
The second term is threat. Threats are discussed more
in detail in the next two chapters, as this is a key part
of being a cybersecurity specialist. A threat is
something, or someone, that wants to hack into your
system to inflict some damage. The levels of threat
vary as well. A powerful government trying to hack into
another country’s data is a larger threat than a group
of teenagers attempting to do the same thing. Realizing
threats, and analyzing how dangerous or harmless an
attack can be is also key in cybersecurity. If done
2
wrong, it will undoubtedly have devastating effects.
The third term is vulnerability. A vulnerability is a
shortcoming, or a weakness within the system or network
that can be exploited and used as a way of entry.
Vulnerabilities can range from an error in code, to a
failure in keeping an updated firewall. This is a very
important part of cybersecurity, as it is the main
reason that systems are compromised. If there were no
vulnerabilities, the number of successful attacks would be close
to zero. Cybersecurity professionals have an important job of
finding the vulnerabilities so they can be fixed and if the correct
steps are not taken, then the attackers will have a much easier
time gaining access into the system.
The final term I want to go over is risk. Many
people tend to confuse risk with threat, but
they are two different concepts. A threat is an
attack or event that will definitely cause harm.
Risk is the evaluation of a threat and
vulnerability. It is the probability of something
bad to happen to the business. One of the
fundamental statements in cybersecurity
involving risk is this: risk = threat probability x
potential harm. If you have a weakness in your
system, and if it is attacked, there is a
potential harm associated with the attack. The
entire assessment of this situation is known as
risk. By far, risk assessment is one of the most
vital parts in having a strong security setup.
Leaders in cybersecurity emphasize the fact
that if you have good risk assessment, there
will be a lower chance of a successful attack.
Understanding the difference between risk and
threats is a key part in building a strong
foundation for cybersecurity.
3
 Threats and Motives:

Cyber threats are occurring everyday. More and more “bad

guys” are becoming advanced in hacking, and are using their
skillset to break into systems. One misconception which I want to
clear up is the difference between threats and attacks. Threats
are used to describe the harm that attackers can do while
attacks are deliberate actions on a system. With this, let’s dive
straight into one of the basic concepts of cybersecurity, the CIA
model. The CIA model can be used to describe the

C
three main types of threats. The “C” stands for
confidentiality, the “I” is for integrity, and the

I
“A” represents availability. Cybersecurity

A
experts have also argued to include a “F” in this
model, to stand for fraud. In the next couple of
paragraphs, I will go over what these threat
types mean and some real world applications.
A confidentiality threat involves the
potential of classified information being
compromised. This information may include
credit card information, government
documents or bank account data. This is
especially dangerous as millions of user
identities can be stolen if an attack is
successful, and this can damage a
company’s reputation. People will be scared
of giving their personal information to
companies known for being hacked, and this
will cause the company to lose business.
Corporations such as Wells Fargo, Visa, and
the FBI are extremely cautious about the
information they hold, so a confidentiality
threat is one they take very seriously. 4
 The “I”, which stands for integrity, is the threat
that someone might corrupt a piece of
software, hardware or a system for their own
use and for criminal purposes. For example, if
malware - software designed to cause
damage - is downloaded onto a computer,
then that is an example of an integrity threat.
This integrity threat might be a dangerous file,
a threatening piece of code or an email link
which downloads malware onto your system.
Companies take an integrity threat very
seriously and they go to great measure in
order to prevent their systems from being
corrupted. In the next chapter, I will go over
the different attacks which pose an integrity
threat.
“A” is for availability, and this is when an attack
has the ability to prevent your company from
delivering out their respective services to the
customers. For example, attacks could shut down
an AT&T system and cause thousands of
customers to lose their service. Another example
is if Google suffered an enormous cyber attack
which caused their entire search engine to
collapse. The chances of this happening is very
low, but it is always a possibility. An availability
threat is one that is very dangerous to service
providers as without their ability to provide their
customers, their business is useless. Companies
like Verizon, AT&T, Xfinity and Dish Network make
their money by providing services to customers,
so if this is compromised, then the company will
lose a lot of business.

5
Our final letter is “F”, stands for fraud. It
does not fit into the CIA model, but rather is
a different type of threat altogether. A fraud
threat is when someone takes advantage of
a service without ever paying for it. Let’s say
$0.00
for example, someone hacks into Netflix,
and is now able to watch movies or shows
for free. Instead of paying a monthly fee for
the subscription, they will take advantage of
the system and use Netflix without paying a
single cent. Once again, this is a very
dangerous scenario for companies who
provide services. If a major hack exposes
their system, they will lose millions of
dollars from people who are not paying for
the subscription.

These four threats are taken very seriously by companies.

Money, government documents, and services may be taken, which
will result in devastating consequences. Cybersecurity engineers
and executives aim to create strong system security protocols to
prevent threats from turning into attacks.

Now that we have gone over the main types of cyber threats,
we can take a look at who is behind all of these illegal activities
and what their motivations are. The list of malicious actors can be
incredibly long, along with their motivations. I will briefly go over
some of these people along with their motivations so you have a
better idea of who is behind these attacks.

6
Our first group is a broad one - hackers. These hackers may
consist of kids trying to better their computer skills, or adults
trying to actually get into a system. These people do not pose a
huge threat as a majority of their hacking does not result in any
consequence. Most of these hackers are not motivated by financial
gain, rather they hack out of curiosity. The person behind the
screen might be a student just trying to break into a system for
fun, or it might be a group of people who enjoy hacking. Needless
to say, it still is not right to hack into an unauthorized system, but
these people pose a much smaller threat than the ones we will
talk about later. Also as a side note, companies may hire white-
hat hackers to break into their system to try and find flaws. These
are ethical hackers and get paid to break into systems. There is a
field in cybersecurity, penetration testing, that is dedicated
specifically to hack into systems.
The second group is one that is motivated mainly by
money. Cyber criminals hack into systems in hopes of
stealing money or valuable information which they
can sell. Medical records, social security numbers,

TOR credit cards are all data which cyber criminals want
to access. From there, they will go to the Dark Web
and sell this information for money. The Dark Web is
a hidden part of the internet which can only be
accessed through an anonymous browser, Tor. The
Dark Web was created to provide access to
Facebook, Instagram and Twitter in countries who
have banned these applications. However it is now
also used to sell illegal items such as stolen
information. These cyber criminals are motivated by
financial gain, and are taken very seriously by
companies.

7
The third group is called hacktivists. They aim to hack
into systems in order to promote their political beliefs.
Most of the time, they do not cause financial damage
or steal information, but they rather promote their
cause in hopes of strengthening their base. One of the
main groups which falls under the hacktivist category is
one called Anonymous. During the period of unrest
after the murder of George Floyd, members of
Anonymous took down the Minneapolis Police
Department website as means of rebellion. Minnesota
Governor Tim Waltz also said that every computer in
the region suffered some sort of attack. Hacktivists can
also be people who aim to cause real destruction.
These groups are better known as cyber terrorists. They
hack into systems in hopes of causing havoc. They pose
a serious danger to the safety and security of our world
as they are motivated by personal beliefs. While their
level of intensity ranges from moderate to severe, we
must always be aware of the dangers that hacktivists
pose to society.

Our final group are nation-state attackers, also known as

state-sponsored attackers. These people are probably the
most dangerous out of any of the ones mentioned before.
They carry out malicious activity with motivation similar
to that of their respective countries. With the vast
resources given to them by their government, it is
incredibly difficult to hold off nation-state attackers from
infiltrating your system. They are highly skilled, and
monitor weak systems for long periods of time before
staging an attack. Governments fund these groups and
provide them with high end technology to help them hack.
With their immense amount of resources, state-sponsored
attackers are one of the most, if not the most, dangerous
cyber attackers in the world.
8
As shown by these four groups, the motivations and types of
cyber attackers are extremely different. From casual hackers to
nation-state criminals, there is a large range of people trying to
break into systems. The main motivations of these attackers are
financial gain, political beliefs and private information. Every
day, more and more personal data is compromised, and sold for
large profits on the Dark Web. State-sponsored attackers are
constantly attempting to hack into the systems of foreign
countries and gain access to highly classified information.
Hacktivists are always working to push their political agendas
through intricate cyber attacks. Every single computer, system or
network is at risk of becoming compromised, and we all must be
aware of the dangers that these threats pose.

9
 Cyber Attacks:

Now let’s say that one of these groups successfully breaks

into a system. They would have used one method, or a
combination of many in order to successfully complete their
hack. A successful attempt would be considered an attack. In this
chapter, we will go over the different types of attacks. Keep in
mind that the descriptions of the individual attacks will be fairly
simple. I will solely go over the basics of each approach and
what it does to a system. Hackers obviously use a lot more
complex techniques than the ones mentioned here, but in order
to understand those, it is crucial to know the simple ones first.
Without further ado, let’s talk about the two main groups of
attacks: heuristic and brute force.
A brute force attack is exactly what it
seems like. Hackers attempt to break into
a system by giving many options into the WALL (COMPUTER)
authorization panel with hopes of
eventually guessing correctly. Let’s say for
example someone wants to hack into my
Gmail, and they know that my password
has two letters and two numbers. The
hacker could write a program which will
guess every single combination of two
letters and two numbers into the system
and finally reach the correct answer. This
approach works best when the password is
a pin, or a short set of letters and BREAKING IT
numbers. Creating a strong password with (WITH FORCE)
special characters, letters and numbers is
a great way to prevent brute force attacks
from invading your system.
10
The second main type of attack is a heuristic one. A heuristic
attack does not attempt to guess every single possibility, but it
rather involves a more complex approach. Hackers create a
shortcut, or something that saves them time. By doing so they
are able to save time and can gain access into a system much
easier. In order to deal with heuristic attacks, you can make your
point of entry a lot more complex, so it will be hard for the
attacker to break it. We will learn more about heuristic attacks
later in this chapter.
Now that we have identified the two
WALL (COMPUTER) main groups of attacks, let’s take a
look at the different approaches
that hackers take to get into a
system. Remember, the various
types of attacks are extremely large
and can be quite advanced. I will
just describe a few of them in brief
detail just so you have a basic
ATTACKING IT understanding of the most common
(MORE COMPLEX) cyber attacks. These attacks vary
depending on the victim, and can
occur in various sizes.

The first one is called a DDoS attack, also known as a distributed

denial of service attack. A DDoS attack targets a network and
floods it with traffic. This causes the online service to become
unavailable as it is dealing with a huge amount of requests. The
attackers overload the website and cause the system to become
overwhelmed. One way that hackers implement a DDos attack is
with the use of botnets.

Target Traffic

11
A botnet is a collection of computers and systems which have
been compromised and can be used to infiltrate other networks.
Hackers use botnets to generate traffic and then aim that traffic
at some network. This can be exceptionally dangerous as DDoS
attacks can become massive, causing permanent damage to a
system and are even capable of destroying it.

Botnet Diagram
Attack
Traffic

Target

12
 Our second attack is called Man-in-the-
middle. This type of attack is exactly
how it seems. It involves a client and a
server, which communicate back and
forth. The attacker compromises the
network and gets in between these two.
This allows the hacker to interfere in the
communication between client and
server and allows them to gain access to
all the information that is being
processed. Once they gain access,
hackers can also download malware to
filter and steal data. Most of these
attacks are caused by an unsecured
public Wi-Fi.
The third type of attack is known as a phishing
attack. These cyber attacks consist of sending
emails to various employees within an
organization which consist of fraudulent links and
data. These emails may have links, files or
attachments which download malware onto the
computer once the person clicks it. This malware
aims to collect personal information from the
user which can then be used to be sold on the
Dark Web. A specific type of a phishing attack is
called spear phishing. This is when someone sends
out an email that is made to look like it is from a
reliable sender, but it is actually fraud. For
example, if you worked for a company and you
received an email titled “URGENT: Opportunity for
Promotion!” from your boss, you would be
inclined to click on it. However if your boss isn’t
behind this email, then you could possibly be in
13 danger of a cyber attack.
These next two attacks don’t really belong under a category, but
are rather viruses whose main goal is to download malware
onto the system. The malware is then used to steal personal
information and disrupt connection. Trojan horses are the first
type of these attacks. They are programs which hide in reliable
applications and then carry out dangerous activities. These
programs are essentially trapdoors, and cannot be seen unless
you take a look at the code and understand what is occurring.
Trojans can be used to initiate attacks and are often exploited by
attackers to gain access into the system. Another type of attack
is known as worms. Worms are programs which are circulated
and once activated, spread throughout the network. They copy
themselves onto the computer then travel to all the other
contacts found and carry out the activities which they are told to
do. When worms are used by skilled attackers, they can quickly
compromise an entire network, which then forms a botnet. As
mentioned before, these botnets can then be used to launch

WORM
DDoS attacks.
The final type of attack we are going over is
called SQL injections. SQL is a programming
language that is used to fetch data from a
database. Hackers use SQL to write code
that will force the server to get information
that otherwise would not be available for
the public. These people will be able to get
credit card information, social security
numbers and even back account data from
large corporations if a SQL injection attack
is carried out successfully. Attackers will
also be able to shut down the database or
delete information, causing major problems
for both the customer and the company.
This type of attack is now becoming
increasingly widespread, as more and more
companies are storing user data in
databases. Majority of the time, SQL
injection attacks are successful when the
code has not been written properly. It is
always important to make sure that you
write good code, or else your system
becomes extremely vulnerable.
As shown by the previous paragraphs, cyber attacks are
incredibly varied. They can be as simple as clicking on a
malicious link, or can be more complex, such as a SQL injection
attack. However, no matter how complicated a cyber attack
may be, each one can have potentially dangerous outcomes. A
successful breach has the potential to cause permanent damage
to an organization and may even put them out of business. Just
recently, a Russian hacking group called Evil Corps attacked
Garmin, an American sportswear company, and caused an
outage. Garmin was forced to pay a multi-million dollar
ransom to Evil Corps in order to restore their service.
14
 Also, Twitter was the most recent victim of a spear phishing
attack. Many main profiles such as Barack Obama, Elon Musk
and Bill Gates had their accounts compromised. A bitcoin scam
was posted and the hackers stole over $100,000 from this
attack. These recent events just go to show that even the largest
of companies can be broken into in a matter of a few days by
cyber criminals. We all must be aware of the dangers that cyber
attacks pose and must be cautious of how we navigate the
internet.

15
 Defense:

Despite the countless ways that an attacker may compromise

your system, there are still ways to make it difficult for this to
happen. In this chapter, I will talk about the basic actions
someone can take in order to make your system safer. These
techniques can be expanded to work for groups as well as single
users. The defenses go into a lot more depth when scaling and
are evolving every year. In order to create stronger cyber
defense, it is extremely helpful to have a coding background. This
will increase the strength of the security and allow you to take
larger management roles. Now, we will go over the three main
groups which help safeguard systems.

The first group are the security groups

within corporations. They are called security
enterprise teams and are often led by a
CISO - a chief information security officer.
This position is also known as a CSO - a
chief security officer. Now with cyber attacks
becoming more prominent, these groups are
becoming larger and given more resources.
They are now appearing in almost every
company, even start ups. Corporations are
spending more money on these teams in
hopes of having greater security to their
systems.

16
Another group of cyber defenders are those
who have created companies to provide
security resources to its vendors. Fortinet,
KnowBe4, IBM are just a few corporations who
provide resources to other groups. With the
exception of IBM, who also make other tech
devices, these companies specialize in security
tools, and have a strong team of developers
who continuously work to improve them. They
provide other companies with invaluable
products such as firewalls, and anti-virus
software.

The final category of these cybersecurity

groups are our government and military
organizations. The FBI, CIA, NSA and
Homeland Security are all government groups
which have cybersecurity teams working under
them. These people may perhaps be our
biggest asset against foreign invaders and
their jobs are extremely important. Their main
role is to protect the country’s top secrets, and
ward off invading nations who are trying to
compromise our systems. One example is the
tampering with our nation’s elections. Election
fraud is a recent topic that has come up quite
a bit, and cybersecurity teams at these
government groups are working to prevent it.
They are given resources and money by the
government to protect our systems, and are
one of the most high demanding jobs in the
technology field.

17
Now that we have gone over who actually provides us with the
tools to ward off attacks, let’s take a look at these tools and the
various ways you can protect your system. The first step in
securing your devices is fairly simple, yet many people look over
it. By simply updating software, installing an antivirus software
and using strong passwords, users can create a stronger line of
defense against attackers. Updating software fixes security,
making your device more safer and efficient. An antivirus
software is a program that is meant to detect and remove
computer viruses. These techniques are incredibly easy, but
provide the first step of protection against invaders.
Additionally, users can use a VPN in order to
secure their data even more. A VPN is known as a
Virtual Private Network and is used to give you
privacy when using a public network. The way
they do this is by basically changing your IP
address, which is a numerical label given to each
device. Your IP address depends on the network
you are connected to, so it varies if you go from
your home router to a local coffee shop. It should
most likely be turned on when you are accessing
public Wi-Fi, such as the Wi-Fi at Starbucks. If
you fail to use a VPN, then other strangers on the
same network are able to track your browsing
data, and take a look at everything you are doing
on your device. A VPN has the ability to make
your online actions almost untraceable.

18
Another method of security that users can implement
is known as defense in depth. This idea is that if one
layer of security helps, then two or three will be even
better. For example, if you have one password
authentication, then increasing that to two passwords
will increase your level of security. Although simple,
defense in depth has been proven to be highly
effective and is still used widely when protecting
highly classified information. Fingerprints, answers to
personal questions, and patterns are other ways of
providing a defense in depth type of authentication
after a password. This tactic can become very time
consuming and expensive, so it is not practical for all
users. For example, the average civilian probably will
not need this type of security for their email address,
but in order to protect classified documents, defense
in depth becomes a lot more important.
Firewalls are other methods of security which can
help secure your information. A firewall is a network
security system that regulates the traffic that
transmits through the network. It is a set of
software rules which can be modified to your own
preferences. They filter out traffic which you don’t
want and prevent harmful data from entering your
system. However, attackers can still get around the
firewall by taking advantage of someone inside of
the system through a spear phishing attack. They
can also get through the firewall if the regulations
are weak and not able to properly filter traffic.
Firewalls may come in the form of software, but can
also be part of the router which provides you with
wi-fi. These security software systems should be
your first step in setting up a strong network to
19 protect your data.
The last type of security we are going to
talk about is called encryption. Encryption
is mainly used to hide personal data that
someone would not want others to see.
The science of encryption and decryption is
called cryptography, and is a fundamental
concept of computing. To start off,
encryption is known as the process of
encoding information or turning it into
unreadable text. The text isn’t just
randomly mixed up, there is a formula
that the encryption has to follow. It is kind
of like if you had a secret language which
you used to communicate with your
friends. “A” would be equal to “Z”, “B”
would be equal to “Y”, and so on. The
actual algorithm is way more complex,
but that is in essence how encryption
works. Cybersecurity professionals refer to
the information as plain text, and the
encrypted data as cipher text. First, plain
text gets analyzed and encrypted by a
cryptographic algorithm. The algorithm
then generates a key, which is used to
encrypt and decrypt the text. Once the key
is generated, we can use it to output the
text which is called cipher text.

Key
I like Pizza R orpv kraaz
20
Cyber defense is now one of the most important aspects of
technology. With an increasing amount of data now being
stored online, attacks are becoming even more frequent. By
following cybersecurity protocols, users can add a level of
privacy to their personal information and make it difficult for
hackers to gain unauthorized access. Keep in mind, highly
skilled attackers and groups will be harder to defend against.
With their resources, they can find easy ways to exploit a
network and take important information. It is up to us as
individuals to manage our own data and control who gets to
see it. Make sure to follow the basic security protocols that we
talked about earlier, and always be mindful of where you are
putting your information.

21
 Future:

Cybersecurity is a field that has an incredibly bright future.

Computer use is increasing every year, and in order to safely
secure the information we store digitally, cybersecurity
professionals are needed. This chapter goes over how the
cybersecurity industry will evolve and what different
technologies may merge with it. From IoT to AI, new and
improved machinery will begin to play a huge role in the
technology industry, and cybersecurity will be one of the many
fields which will be impacted by this.
The first topic I want to talk about is
artificial intelligence, also known as AI. In
simple terms, AI is when computers or
robots carry out tasks that are meant to
be done by humans. Some examples are
the Roomba robot, which is used for
cleaning, and Google Maps, which
implements AI in order to estimate how
long it will take for you to reach your
destination. In cybersecurity, AI is used to
detect attacks, and is vital to many
companies operating today. Many
professionals say that their business
relies on AI to respond to cyber attacks
which helps them lower costs for their
operations. In the future, expect more
cybersecurity work to be done with AI,
especially the work which involves
detecting attacks and then responding to
them. AI has evolved exponentially for
the past decades, and will continue to do
so in the future. 22
 Aside from artificial intelligence, machine learning is
also becoming a very useful tool. Machine learning
is often seen as a subsidiary of artificial intelligence,
as it carries out tasks which aren’t meant to be done
by computers. It is widely used to analyze data, and
make predictions based on it. Through analysis, it
can track incoming data, identify patterns and make
decisions without being explicitly told what to do.
Cybersecurity teams can become better at
responding to attacks with machine learning and
organizing the data they collect. In the future,
machine learning will become increasingly popular
in cybersecurity, as it provides professionals with
tools that makes their work easier.
These two technologies will definitely help cybersecurity
practices become more advanced, but I want to briefly go over
how cybersecurity will become a part of other technologies in
the future. One topic which is particularly interesting is called
IoT, or the internet of things. This name is given to systems
that are interacting with each other and are transferring data
over a network without any human interaction. Some
examples of IoT devices are smart devices and connected cars.
Although this is revolutionizing, IoT poses many challenges to
security professionals. So much so, there has been a new
specialization in cybersecurity that focuses solely on devices
that fall under IoT. IoT cybersecurity is becoming more
important now, because these devices are becoming
widespread. Often, IoT devices are not secure enough to
prevent it from being compromised, and if a skilled hacker
does break into the system, there is a chance of the entire
network being compromised. Based on what we have seen,
more and more security tools will be created for IoT devices in
the future.
23
As we continue to progress in technology,
more and more data is being stored. This data
is then analyzed and patterns are detected
from it. The inferences made from these
enormous amounts of data can show a lot of
sensitive information about consumers and
current trends. Companies involved in
cybersecurity analyzing attacks and
discovering patterns which can be used to
predict breaches. However one of the biggest
challenges is that if these analytical
inferences are compromised, then the
consequences could be severe. Every day,
attempts are made to access sensitive
information that is stored as part of big data,
and cybersecurity professionals work hard to
ward these attackers away. In the future, as
technology continues to innovate,
cybersecurity professionals will have a tough
job of securing this stored information.
The final technology which I want to talk about is cloud
security. You may have heard of the term cloud, which
basically means storing information over the internet.
Cloud computing is when a user stores and accesses the
data that he or she has stored in the cloud. This
technology has changed the way we store information,
but it comes with its challenges. One of those main
challenges is providing a safe and accessible platform
for users to store information. DDoS attacks and data
breaches are just some of the threats that cloud storage
providers face. People may store sensitive information
like credit card numbers and bank account information
on the cloud, so security professionals must make sure
that it doesn’t fall into the wrong hands.
24
Besides for the new technology, cybersecurity as
a career has a very positive future. With an
increasing amount of data being processed and
stored, cybersecurity careers are becoming more
in demand. According to the United States
Bureau of Labor Statistics, the growth rate for
jobs in computer security is 37%, which is much
faster than the average for others. Another
statistic by the U.S. Department of Commerce
shows a great demand for cybersecurity
professionals. According to a report, there are
over 350,000 unfilled cybersecurity jobs in the
United States and this number is predicted to
grow to 3.5 million jobs in 2021. This makes
cybersecurity a very popular field as there are
many opportunities for people to learn and
grow.

As shown in the past few paragraphs, cybersecurity is an evolving

sector and many new technologies are becoming a part of it.
With so many new job openings, cybersecurity is a field that is
constantly in demand, and it is only expected to increase in the
future. Through machine learning, big data and artificial
intelligence, cybersecurity will continue to evolve and new tools
will be created. By gaining more knowledge of these
technologies, a cybersecurity professional will be able to
contribute more to this field and become increasingly adept at his
or her job. Cybersecurity is vital to the protection of user data,
and it will continue to work to prevent threats from
compromising confidential information.

25
 The Next Steps:

Congratulations! You have made it to the end of the book!

You have now learned more about basic cybersecurity, and are
ready to take a deeper dive into other technological concepts.
This book has introduced you to all the various topics there are in
the field of computer science, and now it is up to you where you
want to go next. If you are interested in learning more about
cybersecurity, I recommend going to a website such as Coursera,
or Udemy, and starting a course. This way, you will be able to
learn from industry professionals and receive assessments to test
your understanding of the topics. A course which I highly would
recommend is one taught by Ed Amoroso, called Introduction to
Cybersecurity Specialization. It goes into a higher level of depth
than this book, but is still fairly easy for most to understand.

However in order to truly gain mastery of

cybersecurity, you have to understand other
concepts as well such as computer
programming, networking and various
internet protocols. TCP/IP is a fundamental
concept of technology, and it is essential that
you know what it is. A great analogy I heard
from Ed Amoroso is that if you are a chemist,
you can’t say that you don’t want to learn the
periodic table. The periodic table is the first
building block of chemistry and you must have
knowledge about it. The same thing applies
for TCP/IP. You need to have a strong
understanding of it in order to learn other
topics.

26
In order to do this, I recommend reading books that explain these
topics in a simple, yet effective manner. There are many books
which you can find on Amazon that go over basic topics, and are
a great way of learning new material. Elijah Lewis, Ramon
Nastaste and Richard Stevens have written a few books that
relate to networking and cybersecurity, so I definitely recommend
taking a look at them. You should also gain knowledge of
computer programming, and there are many online tutorials you
can follow. Start by learning the basics, and soon you will be
able to skillfully write programs.

It is wonderful that you have read this book, and I am extremely

grateful that you have taken the time to do so. Hopefully this
book has expanded your horizons, and taught you the basics you
need to continue learning. Cybersecurity is a field that isn’t ever
going to go away, and has countless opportunities to succeed. I
hope you have enjoyed this book, and I wish you the best of luck
for your future endeavors.

27
 Acknowledgements:
First of all, I would like to give a huge thank you to my
family, who has supported me endlessly throughout my high
school journey. There has never been a moment where I felt
discouraged from pursuing my passions, and I want to thank
them for being the great people they are. My family is everything
to me, and I just want to take a few moments to thank them.
My dad is my personal Google, and it seems as if he knows
everything. I remember the days where he used to read my
school books and make notes for me so I could understand the
topics better. Your dedication and humble character has shaped
who I am, and for this I can only say thank you.
My mom is really the rock of our family. Her jokes, smile and
legendary dishes are truly a blessing, and have an amazing
effect on the rest of us. You support our family in so many ways,
and your loving personality has taught me so much. Last but not
least, my sister.
My sister Prabhleen is simply a joy to be around. I was 18
months when she was born, and I have enjoyed every moment I
have had with you. Your knowledge, passion and intellectual
curiosity is contagious, and I learn from you everyday. Continue
on the path you are on, and I am confident that you will do great
things.
I also want to thank all of my closest family and friends.
Without their support and guidance, I wouldn’t be where I am
today. I have learned how to work hard, respect those around
you, and pursue your passions; skills which are vital to success in
life. I appreciate every one of you, and I am excited for what the
future holds.
Finally I want to thank my favorite teachers and mentors.
Every single one of you has instilled invaluable morals into me,
and I am grateful that I had the chance to meet you all. I am
blessed to have learned so much from all of you, and I cannot
thank you enough for all of your support.
28
 About the Author:
Mantej Singh Lamba is a high school senior from Fremont,
California. He grew up in the Bay Area for his entire life, and has
always been surrounded by the technological advancements of
the Silicon Valley. As a high school student, he has developed a
passion for cybersecurity, and hopes to pursue a career in this
field in the future. Besides for this book, Mantej has been reading
cybersecurity books, taking online courses and studying computer
science on his own in order to develop his passions. Along with
computers, Mantej has an interest in community service, and has
initiated many projects in high school. He has created Sikh
Awareness Presentations, and worked with representatives to
ban the sale of flavored tobacco in Fremont. Mantej has also
started a project with his sister called Cards 4 Covid Heroes
during the COVID-19 pandemic. As part of this, they are
collecting cards and distributing them to hospitals along with
gift cards. In his free time, he enjoys playing basketball, working
out at his local crossfit gym, and watching sports. He currently
resides in Fremont with his parents and younger sister.

29
The ABC's of Cybersecurity: A Perfect Introduction covers the basic
concepts and terminology of cybersecurity. Filled with colorful visuals
and diagrams, this book goes over various topics, such as assets,
threats, the CIA model, cyber criminals, the various types of attacks,
and basic defense protocols. It is geared toward young students, from
elementary school all the way to high school, who are interested in
learning about this field.

Mantej Singh Lamba has received official

certifications from the NYU Tandon School of
Engineering in Intro to Cyber Attacks, Cyber Attack
Countermeasures, and Real-Time Cyber Threat
Detection and Mitigation. He is passionate about
cybersecurity and dreams of one day working for the
FBI to track and defend cyber attacks.