After this lesson, you will be able to: Understand the major cybersecurity domains, why they matter, and which sub-track matches your goals.
Cybersecurity is a vast field, too vast to learn all at once. This intro lesson maps out the landscape so you can choose where to dig in. You'll learn the CIA triad, get a one-paragraph tour of every domain BiTree teaches, and walk away knowing which sub-track to pick first.
This is a free introductory lesson. No purchase required.
Cybersecurity is the practice of protecting computers, networks, programs, and data from unauthorized access, change, or destruction. At its core it's a tradeoff problem: every security control adds friction. Good security professionals know how to lower risk without grinding the business to a halt.
Three goals drive most security decisions: Confidentiality (only authorized people see data), Integrity (data isn't changed without permission), and Availability (systems stay up when users need them). Every control you'll meet, from a password to a firewall, exists to protect at least one corner of this triangle.
Diagram coming soon!
Triangle diagram with C, I, A at each corner, labeled Confidentiality, Integrity, Availability, with example controls under each
Identity & Access Management, who logs in and what they can do. Vulnerability Management, finding and fixing weaknesses. Application Security, protecting the code itself. Incident Response, what to do when something goes wrong. Data Leakage Prevention, keeping sensitive data inside. Penetration Testing, authorized attack simulation. Risk Management & Governance, the business side of security. End User Device Management, laptops, phones, IoT. Threat Intelligence, knowing your adversaries. NIST Framework, the industry-standard playbook. AI in Cybersecurity, how AI changes both offense and defense.
Every sub-track in this track points back to the same hands-on toolkit. Set it up once and you'll be ready for any lab. Kali Linux (or Parrot OS), the de facto security distro. It ships with hundreds of tools preinstalled (Nmap, Burp Suite, Metasploit, Wireshark, Hashcat, John the Ripper). VirtualBox or VMware Workstation Player, both free, lets you run Kali as a guest VM on your main computer so you never expose your host system to lab traffic. Docker, lighter than a full VM. Use it for spinning up deliberately vulnerable apps (DVWA, WebGoat, OWASP Juice Shop, Metasploitable 2) in seconds, no full VM required. HackTheBox and TryHackMe, online practice ranges that give you legal targets to attack. Free tiers cover months of learning. Wireshark, the standard packet capture and protocol analyser. Burp Suite Community Edition, the standard intercepting proxy for web app testing. Both run on Kali or any host OS.
Diagram coming soon!
Two-column layout: left column 'VM lab' showing host OS with VirtualBox running Kali Linux guest, right column 'Container lab' showing Docker spinning up vulnerable containers (DVWA, WebGoat). HackTheBox and TryHackMe logos floating above as online practice ranges.
Do these once and you'll be ready for every cybersecurity sub-track. Don't worry about installing every tool, the VM and accounts are enough to start.
Install VirtualBox (free, virtualbox.org) or VMware Workstation Player on your main computer
Download the Kali Linux VirtualBox VM image from kali.org/get-kali and import it into VirtualBox
First boot of Kali: change the default password, run apt update + apt upgrade, snapshot the clean install so you can roll back after experiments
Install Docker Desktop (free for personal use, docker.com) so you can spin up vulnerable apps without a full VM
Create a free HackTheBox account at hackthebox.com (Starting Point machines are free and friendly)
Create a free TryHackMe account at tryhackme.com (the free rooms cover beginner to intermediate)
Create a free PicoCTF account at picoctf.org for capture-the-flag style challenges
Bookmark the NIST Cybersecurity Framework page at nist.gov/cyberframework, you'll reference it across sub-tracks
Think about what "wiped" actually does to legitimate users.