A super enriched mindmaps for security professionals. The mindmaps collection seen here is my own creation, I have painstalkingly collected valuable data, insights and view on different security topics, e.g secuirty engineer,security architecture, network analysis, cloud security over the period of 10 years. The sources of knowledge or facts comes mainly from dozens of security books I have read in pursuit of certifications like ISC(2), CEH, Cloud-Security.
I have tried to be as asethethic as possible given the limitation of using free version of mind-maps.
I hope this mindmaps would benefit secrity professionals for their daily tasks, as well can be a great source of knoweldge for interview prepation and study for security certifications.
Note: Some mindmaps will be displaying picture as well, this is because the files were generated at time when Mindmap software Xmind used to be free:P.
___
- 🚀 Download
- 📦 MindMapCollection
- 📂 Misc
- 🔌 Telecom
Those who are interested to download Mindmap can download it from link, https://xmind.app/. Also, if you want the source-file as well, I can share on request basis.
The content seen shown in mindmap is based upon text from following sources:-
- API Security in Action by Neil Madden. Publisher: Manning Publications. (Jan, 2021).
- Architecting Cloud Computing Solutions by Kevin L. Jackson and Scott Goessling. Publisher: Packt Publishing. (May, 2018).
- Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS) by Michael Kavis. Publisher: Wiley. (Jan, 2014).
- Best Practices for Mitigating Risks in Virtualized Environments by Abhik Chaudhuri, Heberto Ferrer, Hemma Prafullchandra, J.D. Sherry, Kelvin Ng, Xiaoyu, Ge, Yao Sing, Tao, Yiak Por, Heng. Publisher: Cloud Security Alliance. (Apr, 2015).
- Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Ed. by Susan Snedaker. Publisher: Syngress. (Sep, 2013).
- Cloud Computing: Concepts, Technology & Architecture by Zaigham Mahmood, Ricardo Puttini, Thomas Erl. Publisher: Pearson. (May, 2013).
- CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 by Rich Mogull, James Arlen, Adrian Lane, Gunnar Peterson, Mike Rothman, David Mortman. Publisher: Cloud Security Alliance. (Jul, 2017).
- Data Governance: The Definitive Guide by Evren Eryurek, Uri Gilad, Valliappa Lakshmanan, Anita Kibunguchy-Grant, Jessi Ashdown. Publisher: O'Reilly Media, Inc. (Mar, 2021).
- EU General Data Protection Regulation (GDPR) by European Parliament and Council of the European Union. Publisher: EU. (May, 2018)
- Incident Response in the Age of Cloud: Techniques and best practices to effectively respond to cybersecurity incidents by Ozkaya, E. Publisher: Packt Publishing. (Feb, 2021).
- Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. Publisher: O'Reilly Media. (Mar, 2019).
- Practical Cyber Forensics: An Incident-Based Approach to Forensic Investigations, 1st Edition by Niranjan Reddy. Publisher: Apress. (Jul, 2019).
- Practical Guide to Cloud Service Agreements Version 3.0. Publisher: Cloud Standards Customer Council. (Feb, 2019).
- Security, Privacy, and Digital Forensics in the Cloud by Lei Chen, Hassan Takabi, Nhien-An Le-Khac. Publisher: Wiley. (Apr, 2019).
- The Official (ISC)² Guide to the CCSP CBK, 3rd Ed. by Leslie Fife, Aaron Kraus, Bryan Lewis. Publisher: Sybex. (Jul, 2021).
- Threat Modeling by Izar Tarandach, Matthew J. Coles. Publisher: O'Reilly Media, Inc. (Nov, 2020).
See MINDMAP file.
The source of this mindmap comes when I was preparing for ISC(2), ISSEP exam which be very well be my toughest non-technical exam till date. Prepared it over a year and finally passed:). The map is an extract of over 8000+ pages of security text that I read and prepared for the exam, and some of the text has been taken from books or references like DoD, US-mil field manual (de-classified) 3 or 4 decades old. If you are interested in the reference material, here is the link.
See MINDMAP file.
The source of this mindmap comes when I was preparing for ISC(2), ISSAP exam which is in series of ISC(2) concetration exams. Many folks in cyber-security have false sense of understanding of security architecture and usually relates with UML diagram or vendors drawings, in actual fact it is way more dense and as they say "devil lies in details". As a security architect you should have the ability to discern between various security requirements right from the requirements illiciation, rigt down to implementation. You would learn about "secure by design/default" principles and how can you successfully your architecture from "as is" state "to-be". For those who are interested in the reference material, here is the link used for preparation of the mindmap.
See MINDMAP file.
The source of this mindmap comes when I was preparing for ISC(2), ISSAP exam which is in series of ISC(2) concetration exams. The content here is very similar to some of other popular security certifications like CISM and CISA. If you are interested in the reference material, here is the link used for preparation of the mindmap.
See MINDMAP file.
Perhaps the most intriguing Mindmap experience was the time when I was preparing for Wireshark WCNA exam (Wireshark Certified Network Analayst). Yes, this might come as suprise to many but yes Wireshark do have its own certificaiton track, its unforunate its not as popular as other top security certs (perhaps largely due to company size, plus marketing). I learned the nice hacks and tricks you can do with Wireshark that could otherwise take lot of painstaking analyst hours to identify and fix. Learning use of search filters / regex along with performing analysis using IOgraphs filter which can very useful in certain DoS/DDoS scenarios. Wireshark is an undisputed swiss-army knife tool, for the internet and under right hands and knowledge can do wonders!
See MINDMAP file.
I worked as security analyst for 5 years where I intergerated depoloy, and managed IBM Qradar as part of my every day job function. Till date, even with the onset of free-text and elastic backed SIEM technologies, in my view IBM Qradar is still an Industry leader in SIEM/SOC places. The one very simple reason is the very intutitve and usable UI/UX which makes analyst job of "finding needle in the haytack" a bit less painful. The aggregation , normalizatio on event names is a powerful feature and able to drill down to N_LEVEL into a search gives greater control over filtering. I made this mindmap during my job on IBM Qradar 7.1.* which has been upgraded to many new major release version in last 8 years, please use this minmap to understand the design and architecture of the product.
See MINDMAP file.
No security analyst job be completed If there is no discussion about firewall, IPS and IDS. CISCO for many network enthusiast is very well the de-facto and serves as the gateway into the big , interesting and complex work of networking. I worked with CISCO ASA firewall over one year during my job as a security analyst. I worked on cisco-asa-5585-x firepower series product, which is pretty decent IPS, and I learned the power of custom signatures , and best practice in regard to rules/signature writing. The content is made from offical training manuals which I received during my 5 days offical CISCO ASA training in Dubai at Global Knowledge learning center.
See MINDMAP file.
🔌 Telecom
Not directly related to Info Security/Cyber-security, but very valuable if you are working for a telcom sector, or in my cases I prepared this while preparing for my interview at Ericsson-London. Sadly :( I couldn't get hired largely due to my lack of knowledge and expertise around telcom. This is fairly simple and not as deep as other Mindmaps are, this is because I made it with intention to pass the interview and goal was to go inch deep -while a miile wide.
Hope someone of you, find it useful in your own journey to become cyber security guru !
See MINDMAP file.
