Security for Beginners

Welcome

Security is the layer that sits on top of everything else a computer does. Once you can picture a server, a network, and the web, the next question is the one this course answers: who would attack them, why, and how do we defend? We build the whole picture from the ground up — what we actually protect, how identity and encryption work, how attacks on people and systems really unfold, and how defenders hold the line. Concept-first, in plain language, with nothing left undefined and nothing you have to install.

10 chapters 45 topics covered 5 hours audio Knowledge check on every topic

About This Course

"Security" is one of those words that sounds either boring or terrifying, and rarely like something you could actually understand. That is mostly a problem of how it is taught — as a pile of scary stories and a list of rules to obey. This course does the opposite. It builds a clear mental model of how digital security really works, from nothing, so the news, the warnings, and the advice all start to make sense.

To keep it grounded, the whole book follows one ordinary person. Olivia has email and a bank account, a phone, some social media, a job, and the normal digital life that goes with all of that. Every idea in the course is shown through something in her world — an account, a message, a service she relies on — so the concepts stay concrete instead of floating off into abstraction.

By the end, the words that fill every security headline and every IT conversation — authentication, encryption, phishing, malware, breaches, defense in depth — will already mean something to you, and you will see how they fit together rather than as a jumble of jargon. There is no command line here and nothing to install. This course teaches you to understand security; learning to do it, hands-on, is the job of the CyberSecurity Deep Dive that this course leads into.

Who This Is For

Anyone who wants to genuinely understand digital security — people switching into tech, students, new engineers, and anyone who works near security people and wants to follow the conversation. It assumes only that you can use a computer and the web as an everyday user, and that you have a rough picture of what a server, a network, and a website are (the Computing Foundations from Zero course covers exactly that, if those words are still fuzzy). It does not assume you have ever configured anything, written code, or used a security tool. If you already work in security, this course is below you — head for the deep dive.

What You Should Already Know

Roughly what a server, a network, and a website are — the everyday picture, not the details
That software runs "on a computer somewhere" and you reach it over the internet
A willingness to meet new words; each one is explained the first time it appears
No programming, no command line, and no security experience required

How the Course Is Built

The ten chapters build in a deliberate order. We start with the mindset — what security is, the three things we protect, and the words (threat, vulnerability, risk) that make the rest readable. Then the building blocks: how systems know who you are, the human cons that get around them, how encryption keeps secrets, and how the web is secured. Then the threats — malware, and attacks on systems and networks — followed by defense, what happens when things go wrong, and a closing look at the bigger picture.

Every topic has the same gentle shape: an everyday hook to start, the idea explained step by step, one real-world comparison to make it stick, the mix-ups people usually run into, why it matters, and a short knowledge check at the end. It is patient, but it keeps moving — you are here to learn, not to be slowed down.

Understand, don't memorize

This is not a checklist of rules to obey. We build the why behind security — what is being protected and what is being attacked — so the rules make sense on their own and you can reason about new situations.

One person, all the way through

Olivia and her ordinary digital life run through every chapter. Each new idea attaches to the same story, so the picture accumulates instead of resetting page to page.

Honest, never scary

No fear-mongering and no false comfort. Real risk is stated plainly, and so are the real limits of every defense. Nothing here is something you will later have to unlearn.

A map, not the whole territory

This course is the conceptual map. The hands-on practice — real tools, real cryptography, real defense — waits for the CyberSecurity Deep Dive, which this course is built to lead into.

Chapter Map

Chapter 1

Why Security Exists

The mindset and the core words: what security actually means, the three things we protect, the difference between a threat, a vulnerability, and a risk, who attacks and why, and why no system is ever perfectly secure.

Chapter 2

Identity

How a system knows who you are: authentication versus authorization, why passwords are weak, the three kinds of proof behind multi-factor, how passwords are stored without being kept, and how you stay logged in.

Chapter 3

The Human Threat

Why the easiest way in is a person, not a machine: phishing and the fake destination at its heart, the wider family of cons, and the human levers — urgency, authority, trust — that make them work on anyone.

Chapter 4

Secrets and Encryption

How to send something across an untrusted path so only the right person can read it: encryption with one key and with two, data in transit and at rest, hashing versus encryption, and digital signatures.

Chapter 5

How the Web Is Secured

What the padlock really means: HTTP versus HTTPS, the certificates and chain of trust that prove a site is genuine, the honest limits of what HTTPS protects, and cookies as both convenience and tracking.

Chapter 6

Malware

Hostile software, demystified: what malware actually is, the family of viruses, worms, trojans, and spyware, ransomware as encryption turned against you, and how malware gets in and what it does.

Chapter 7

Attacks on Systems and Networks

How a real attack unfolds in stages, eavesdropping and the man in the middle, denial-of-service attacks on availability, and why the data a program accepts can be turned against it.

Chapter 8

Defense

How we protect systems: defense in depth, firewalls and filtering, least privilege and segmentation to limit the damage, why updates are a security measure, and backups as the answer to loss.

Chapter 9

When Things Go Wrong

What a breach actually is, how defenders notice an attack at all, the calm sequence of responding to an incident, and the honest reason breaches keep happening despite everything.

Chapter 10

The Bigger Picture

Privacy versus security, why security is everyone's job and not one team's, why data has legal rules like GDPR and PCI, and where the CyberSecurity Deep Dive picks up from here.

Disclaimer

This course is an independent educational project created and maintained by Sergey Okinchuk. It is provided for learning and reference purposes only.

No affiliation. This course is not affiliated with, sponsored by, endorsed by, or officially connected to any company, product, or standards body mentioned. All opinions, interpretations, and recommendations expressed are those of the author.

Trademarks. Product names, standards, and regulations referenced — including "GDPR" and "PCI DSS" — are the property of their respective owners and bodies. Use of these names is for identification and educational purposes only and does not imply any endorsement.

Not security advice. This material teaches durable concepts for understanding, not operational instructions for securing any specific system. Explanations are simplified for learning and are not a substitute for professional security advice. Always consult official documentation and qualified professionals before making real security decisions.

Accuracy and currency. Security evolves continuously — threats, tools, and details drift over time. Facts in this course reflect the author's understanding at the time of writing and may not be current. This course teaches durable concepts rather than step-by-step instructions; always consult authoritative sources before acting.

No warranty. This material is provided "as is" without warranty of any kind. The author accepts no liability for any loss or damage arising from reliance on the content.