Security Engineering & Operations Topics
Operational security practices, secure systems implementation, threat modeling, penetration testing, vulnerability assessment, and security operations at production scale. Covers network security, endpoint security, secure architecture implementation, incident response mechanics, and security automation. Distinct from Security & Compliance (which addresses governance, compliance frameworks, and policy) and from Security Research & Innovation (which addresses novel techniques and research contributions).
Access Control Lists and Firewalls
Covers fundamental concepts and configuration techniques for network access control lists and basic firewall behavior. Topics include what access control lists are and why they are used for security, permit and deny rule semantics, differences between standard and extended access control lists, rule ordering and sequence numbers, directionality of rules such as inbound and outbound placement on interfaces, matching on source and destination addresses and ports, wildcard mask usage and pattern matching, and basic syntax for writing simple rules. Also includes basic firewall concepts such as packet filtering, stateful inspection, how firewalls relate to access control lists, rule evaluation order, and common troubleshooting and verification methods. Candidates should be able to design and write simple rules to allow or deny traffic based on address, protocol, or port, explain when to use an access control list versus a firewall policy, and describe how to test and debug rule behavior.
Incident Response Forensics and Crisis Management
Covers the full spectrum of preparing for, detecting, investigating, containing, and recovering from security and operational incidents, plus managing their business and regulatory impact. Candidates should understand the incident response lifecycle including detection and monitoring, triage and prioritization, containment, eradication, recovery, and post incident review. This includes forensic evidence preservation and analysis practices such as secure collection of logs and artifacts, tamper proofing, chain of custody, immutable storage, timeline building, memory and disk examination fundamentals, and legal and regulatory considerations for evidence. It also covers designing infrastructure and tooling to enable rapid response at scale: logging and telemetry architecture, data retention policies, secure evidence storage, automated collection and alerting, integration with runbooks and response workflows, and readiness of teams and playbooks. Finally, it addresses crisis and stakeholder management skills: incident command and coordination across engineering, security, product, legal, customer support and executive stakeholders, internal and external communications and status updates, customer and regulator notification procedures, postmortem and lessons learned processes, tabletop exercises and drills, and leadership and decision making under pressure.
Network Access Control
Network focused controls and protocols that govern device and user admission to network resources. Topics include port based network admission control such as IEEE 802.1X, media access control filtering, virtual local area network segmentation for access separation, device posture and endpoint posture checking, virtual private network authentication, and centralized network authentication and accounting services such as Remote Authentication Dial In User Service and Terminal Access Controller Access Control System Plus. Also covers how certificate based authentication and network access control integrate with enterprise identity systems.
Network Device Hardening and Secure Configuration
Focuses on secure configuration and operational hardening of network infrastructure devices such as routers, switches, wireless controllers, and firewalls. Topics include enforcing strong authentication and password management, disabling unnecessary network services and interfaces, restricting management plane access through secure management channels such as Secure Shell rather than insecure protocols, and limiting management access to a management Virtual Local Area Network or dedicated management network. Candidates should understand configuration backups and safe rollback, firmware and software update processes, logging and change monitoring, secure remote access controls, access control lists and network segmentation to limit lateral movement, and secure default setting remediation. Emphasis on operational practices that keep device configurations consistent and auditable, including automated configuration management and monitoring for unauthorized changes.
Cloud Network Security and Segmentation
Design and hardening of cloud network architectures including virtual private cloud design, subnets, security groups, network access control lists, private connectivity options, virtual private network and direct interconnect patterns, and transit and peering architecture. Cover cloud native isolation and microsegmentation patterns, distributed denial of service protection, web application firewall placement, load balancing and public exposure, data exfiltration controls, and monitoring and logging in cloud networks. Address differences between cloud vendor primitives and on prem networking and hybrid connectivity considerations.
Encryption and Secure Connectivity
Addresses network security and secure communication methods used to protect data in transit and to connect systems safely. Topics include VPN architectures and use cases such as site to site and remote access, zero trust network access, and software defined wide area networking. Candidates should understand core encryption protocols and transports including TLS and SSL, IPsec concepts and modes, WireGuard basics, mutual TLS, key management and certificate authorities, and certificate lifecycle. Also cover encryption at rest versus in transit, performance and latency trade offs, when to use VPNs versus application layer security, and operational considerations such as throughput, monitoring, and maintenance of secure tunnels.
Network Device Firewalls and Security Appliances
Basic understanding of firewalls (stateful vs stateless), how firewalls protect networks, firewall policies and rule creation, common firewall technologies (packet-filtering, stateful inspection). Understanding where firewalls fit in network architecture.
Firewall Rules, ACLs, and Network Segmentation
Understanding firewall log interpretation: allowed and denied traffic. Recognizing patterns that might indicate policy misconfiguration or attacks. Understanding basic ACL (Access Control List) concepts. Familiarity with firewall rule logic and how rules protect against threats. Understanding network segmentation and why different security zones require different access policies. Recognizing lateral movement attempts that cross security boundaries.
Network Security and Encryption
Network layer protections and cryptographic controls used to secure communications and access. Coverage includes transport layer security such as TLS and IPSec, use of certificates and public key infrastructure, mutual TLS for service to service authentication, RADIUS and TACACS plus for network device authentication, encryption in transit and at rest, key lifecycle and key management services, zero trust networking concepts, and understanding how network controls integrate with authentication and authorization functions.