Previously in the Cybersecurity Fundamentals section, I went over the core foundations of security and how things stack up to make sense. But it also makes sense to step back and have a writing piece on IT foundations. Cybersecurity really sits on top of those basics, and when you see it that way, everything clicks together better.
So that’s what this post is: a high-level overview of the most fundamental IT topics. From here, I’ll break these areas down into separate pieces, going deeper one step at a time. That’s the approach that’s made the most sense to me, and it’s what I’d like to share in this space with anyone who comes across my writing.
Networking: Where Everything Happens
Every attack, every defense, every alert—at some point, it all happens on a network. If you don’t understand how networks work, you’ll always feel like something’s missing.
You don’t have to be a network engineer, but you should know the essentials:
- How the internet actually moves data (TCP/IP and the OSI model)
- What IP addresses are and why ports matter
- What DNS does (basically the internet’s phonebook)
- The difference between a router and a switch
- Why firewalls, proxies, and VPNs exist
Once you understand these, reading network logs or spotting weird traffic starts to make way more sense.
Operating Systems: The Stuff Hackers Target
Hackers don’t attack “the cloud” in some vague sense—they go after real machines. That means Windows servers, Linux boxes, and sometimes Macs. If you can’t find your way around an OS, you won’t be able to investigate or defend it.
Key things to learn:
- How files, permissions, and processes actually work
- Using the command line (PowerShell in Windows, Bash in Linux)
- Where logs live and how to read them
- How services run in the background
You don’t need to memorize every command, but you should be comfortable enough that troubleshooting doesn’t scare you.
Security Principles: The Core Ideas
A lot of cybersecurity boils down to a few simple rules:
- Keep things confidential (don’t let the wrong people see them)
- Make sure they stay accurate (integrity)
- Keep them available (so people can actually use them)
That’s the CIA triad, and it’s everywhere. Add in some other big ideas like least privilege (don’t give people more access than they need), defense in depth (layers of security), and zero trust (never assume anyone is safe by default).
These sound obvious, but when you’re making real decisions, they matter.
Cryptography: The Locks on the Doors
Cryptography can feel intimidating, but the basics aren’t too bad. Think of it as the locks and keys of the digital world.
You’ll want to understand:
- The difference between symmetric and asymmetric encryption
- What hashing is and why it’s different from encryption
- What digital certificates do (that little lock in your browser)
You don’t need to be a cryptographer. You just need to know enough to not be lost when SSL/TLS, keys, and certificates come up.
Attacks: Know How They Happen
You can’t defend what you don’t understand. So get familiar with the most common attack methods:
- Phishing and social engineering
- Malware basics
- SQL injection, XSS, buffer overflows
- Network attacks like spoofing, sniffing, and denial of service
The point isn’t to master them all right away—it’s to recognize them when you see them.
Wrapping It Up
Cybersecurity can feel like drinking from a firehose. There’s always something new to learn, and the field moves fast. But the fundamentals don’t change. If you know networking, operating systems, basic security principles, cryptography, and common attacks, you’ll have the foundation you need to grow into anything else—cloud, forensics, pen testing, whatever.
Start with the basics. Build from there. That’s how you actually get good at this stuff.