Cybersecurity 101, Part II: Foundations & Attacks
The CIA Triad, threats, vulnerabilities, and the real attacks shaking organizations and individuals today.
In Part I, we discussed why cybersecurity matters in 2025: how it impacts every aspect of our lives, how data has become the new gold, and how finances can be compromised with a single breach.
Now it’s time to get a little more structured.
When I teach cybersecurity, I always emphasize that we need foundations—concepts that simplify a massive, complex field into something we can actually build on.
That’s where the CIA Triad comes in. And no, I’m not talking about the spy agency.
⏪ Check out part 1 (why it all matters) if you’ve missed it!
The CIA Triad: Cybersecurity’s North Star
At one point in the workshop, I asked: “How do we make sense of something as broad as cybersecurity?”
My answer: Start with the CIA Triad — Confidentiality, Integrity, and Availability.
These three principles are the foundation of everything we do.
Confidentiality - Ensuring that only authorized individuals can access the data.
Imagine your mortgage account. Only you and an authorized individual from your bank should have access to this information. Confidentiality is what prevents your neighbor, your co-worker, or a hacker on the other side of the world from peeking in. In practice, we enforce this through encryption, access controls, and identity verification.
Integrity - Ensuring the data isn’t tampered with.
If your mortgage account lists you as Dayspring Johnson, integrity ensures no one can sneak in and flip that to James Johnson. If that change happened, the system would now recognize James as the owner. Integrity keeps systems from being manipulated behind your back.
Availability - Ensuring you can access your data when you need it.
If ransomware locks down your bank account, retirement funds, or even your laptop, then your data may still exist, but it’s unavailable to you. And in practice, that’s the same as losing it.
I told the room, “If you remember nothing else from today, remember these three. Break any one of them, and security collapses.”
Threats, Vulnerabilities, and Risk
Once you know the CIA Triad, the next question is: what actually threatens these three pillars?
We use three words constantly in this industry: threats, vulnerabilities, and risk.
Threats – These are individuals or forces that attempt to cause harm. Attackers trying to break in, steal data, or disrupt availability. A ransomware crew is a threat. An insider misusing access is a threat.
Vulnerabilities – These are the weaknesses in your system that threats exploit. An unpatched server. A weak password. A misconfigured cloud bucket. No matter how “secure” we think we are, vulnerabilities always exist. That’s why vulnerability management is a whole career path of its own.
Risk – This is how businesses understand all of it. You can tell an executive, “There’s an RCE in the web service,” but that won’t land. Instead, we say: “There’s a high risk of customer data exposure that could cost millions.” Risk is the translation layer between technical threats and business impact.
I explained in the workshop: “If we can’t communicate in terms of risk, we fail the business. Cybersecurity is often seen as a cost center. Unless we show the value of reducing risk, leadership won’t keep investing in us.”
This is why terms like low risk, medium risk, and high risk exist.
They’re not just words — they’re how we justify budgets, policies, and jobs.
When Cybersecurity Becomes a Cost Center
I highlighted an important point: most companies see cybersecurity as a cost rather than a revenue generator. It doesn’t generate income directly, but it helps avoid losses.
However, the exception is when you work for a cybersecurity company.
For vendors like CrowdStrike and SentinelOne, as well as cloud providers like AWS and Microsoft, security is the product.
In those cases, cybersecurity is a revenue generator, not a cost center.
Understanding this distinction helps you see why translation to “risk language” is critical.
If your leadership only sees cost with no apparent benefit, security budgets disappear quickly.
Common Cyber Attacks
With foundations set, I shifted the workshop into what most people really wanted to know: what does this look like in the real world?
We explored two common, dangerous attack types.
1. Ransomware: Digital Kidnapping
I asked the room to imagine this: you log into your computer, and suddenly everything is locked. A message pops up demanding Bitcoin. If you don’t pay, not only will you never see your files again, but the attacker promises to leak them to the world.
That’s ransomware.
Attackers infiltrate, encrypt, and extort. They make billions every year. Ransomware campaigns have paralyzed entire governments, hospitals, and school districts.
In the workshop, I broke down how they get in (called initial access vectors):
Phishing emails
Typo-squatted websites (e.g., bnkofamerica.com instead of bankofamerica.com)
Malicious downloads disguised as free software or media
Even calling help desks and impersonating executives
And then I told the room: “Stopping ransomware isn’t about one magic tool. Antivirus, EDR, firewalls — they help. But attackers evolve. That’s why we preach defense in depth: layered defenses across endpoints, networks, cloud, and people. One layer fails? Another should catch it.”
2. Insider Threats: Danger on the Inside
The second attack type doesn’t involve outsiders breaking in. Its employees are misusing the access they already have.
I painted the picture:
“You’re an accountant at a bank. You have access to social security numbers, retirement accounts, and client records. You notice one account has $20 million sitting in it. Meanwhile, you’re making $70,000. The temptation is real.”
That’s an insider threat.
And it’s why companies need not only external defenses, but also monitoring and policies for insiders. In fact, the team I work on at Amazon focuses heavily on insider threats because insiders already understand systems, already have access, and can often cause just as much damage as an external attacker.
Audience Q&A Moments
This was one of my favorite parts of the workshop — people weren’t shy about asking questions.
Q: What’s the point of an antivirus if attackers always bypass it?
I explained that legacy antivirus was “signature-based,” relying on known file fingerprints. Attackers quickly learned to modify files so that signatures no longer matched. Modern tools are behavioral, so they look at what a file does.
But even then, attackers adapt. That’s why prevention (not downloading shady files in the first place) is stronger than relying purely on detection tools.
Q: Should I accept cookies on websites?
Cookies mainly track you.
I usually deny them, or at least clear them often. Better yet, use privacy-focused browsers like Brave. But the bigger lesson is this: you always have the freedom not to use a site if it feels invasive. Exercising that choice is part of your personal security posture.
Q: What if I already downloaded something shady?
If you only downloaded it, delete it.
If you opened it, assume persistence and consider a complete reset or reimage. Painful, yes — but safer. Attackers often build mechanisms that survive reboots or file deletions.
Practical Tools I Recommended
I also gave the room some practical starting points anyone could use:
Malwarebytes – A free (with paid tier) tool that blocks malicious websites and downloads.
Microsoft Defender – Comes built into Windows and is often enough to catch common threats.
Skepticism – Still the best defense. If something feels off, question it before you click.
Wrapping Up Part II
By the end of this section of the workshop, the room had a clearer picture: cybersecurity isn’t just about hackers in hoodies. It’s about protecting confidentiality, integrity, and availability; translating threats into risks businesses can understand; and recognizing that both ransomware crews and insiders pose real dangers.
In Part III, we’ll go deeper into the people side of defense: how Blue Teams monitor, detect, and respond, how Red Teams attack to make systems stronger, and the real career pathways you can take to join the fight.
🎥 Watch the Full Workshop (Cyberwox Members Only)
If you’d like to watch the complete edited two-hour workshop, it’s available exclusively to my Cyberwox Squad and Syndicate members on YouTube.
👉🏽 Join here and watch the full session.
Join a vibrant cybersecurity community of over 6,800 people who are constantly engaging in conversations and supporting one another, covering topics from cybersecurity and college to certifications, resume assistance, and various non-professional interests like fitness, finance, anime, and other exciting subjects.
✅ Next up: Cybersecurity 101, Part III: Defenders, Offense, and Careers
How Blue and Red Teams operate, and the practical ways you can build a career in cybersecurity.