Course 2: Play It Safe – Manage Security Risks
Course 2 of the Coursera Google Cybersecurity Certification offered topics which delved further into the concepts introduced in the first course. As indicated in the course name, the lessons here were focused on managing security risks. It also introduced essential toolkits for assessing, mitigating, and monitoring potential cybersecurity threats in a structured way. The transition from foundational knowledge to specific risk management practices gave me a deeper understanding of the strategies and tools used to safeguard digital assets and respond to incidents.
The specific modules for Play It Safe: Manage Security Risks were:
- Module 1: Security domains
- Module 2: Security frameworks and controls
- Module 3: Introduction to cybersecurity tools
- Module 4: Use playbooks to respond to incidents
Key Concepts Learned and Skills Acquired
Building on the foundations of Course 1, the second course covered key industry frameworks and security tools that shape effective cybersecurity practices. These lessons included studying the eight CISSP security domains in depth as well as exploring the CIA triad further. An entire module was allocated for the NIST cybersecurity frameworks and the OWASP principles and security audits.
It was also enlightening to gain clarity on what constitutes a threat (a circumstance that can negatively impact assets), a risk (anything that can impact the confidentiality, integrity, or availability of an asset), and a vulnerability (a weakness that can be exploited by a threat). Even now, long after earning my certificate for this course—and for the entire program—I still find myself reflecting on incidents I read about, considering whether they classify as a risk, threat, or vulnerability.
Cybersecurity tools and playbooks were also introduced in this course. I learned about SIEM tools and dashboards like Chronicle and Splunk, and how they enable security teams to monitor and detect threats in real time. The final module was all about incident response playbooks and their usefulness as guides in offering actionable steps during security incidents.
The acronyms alone (CIA, CISSP, NIST, OWASP, SIEM, etc.) would tell you there is a lot to learn when it comes to cybersecurity frameworks and tools. All these may sound formidable when summarized like this, but when you’re actually doing the lessons, the information is given in bite-sized pieces so you can take your time in absorbing everything.
Course Structure and Learning Materials
The lessons were started by video lectures followed by in-depth readings that expounded on the videos. Interactive exercises also helped reinforce the lessons. To check the learner’s understanding and retention of the material, short quizzes were given at the end of every lesson, and longer tests after every module. A good thing about these tests or challenges is that right before answering the test, you are given a glossary of all the terms introduced in the module so it serves as a sort of refresher of the previous lessons.
One highlight of the course structure was the portfolio activity, where I conducted a security audit of a fictional company. A brief background of the company and some of their business practices were given. What I had to do was review their practices based on a controls and compliance checklist, and see whether the company adheres to security standards. For me, this exercise was invaluable because it offered a real-world application of the theoretical knowledge I just acquired.
What I Found Most Interesting/Enjoyable
One of the most exciting parts of this course was learning about SIEM tools and dashboards like Chronicle and Splunk. Understanding how these tools support threat detection and response in real time made the technical concepts feel more tangible and practical.
I also found it reassuring to learn about cybersecurity playbooks—structured guides for analysts during incidents—which provide step-by-step processes to follow when responding to threats. Knowing that these resources exist emphasizes the collaborative, well-organized nature of cybersecurity work.
What I Found Most Challenging
The volume of material on different security frameworks and standards was a bit overwhelming at first. Remembering each point was challenging, but I soon realized it’s more about grasping the core concepts than memorizing details. Another slightly intimidating aspect was understanding the sheer range of threats, risks, and vulnerabilities that security professionals must be vigilant about. This course truly underscored the complexity of cybersecurity but also reassured me of the strategies in place to manage these challenges.
In Their Words: Insights from a Google Professional
Wajih, a security engineer, sort of answers my apprehension on trying to absorb everything. He said:
“My advice for people wanting to get into cybersecurity is don’t be too overwhelmed with trying to understand every single specialization within cybersecurity. There’s so much going on within the cybersecurity field in terms of trends and it’s nice to stay up to date with all of those but sometimes you need to take a step back and prioritize what subjects within cybersecurity you are staying most up to date on. “
Google CyberSecurity Certification Course 2: Final Thoughts
Play It Safe: Manage Security Risks offered an eye-opening dive into risk management and the essential tools and frameworks that underpin cybersecurity practices. It moved beyond foundational concepts and gave me a more practical and hands-on idea of the type of work that security analysts do. The exposure to SIEM tools and cybersecurity playbooks provided a solid glimpse into the practical aspects of the field.
I know it was just the tip of the iceberg, but what I got to learn—key security principles, and what I got to experience— conducting a security audit of a company, made me realize just how impactful the role of a security professional is. As I mentioned earlier, the scope of potential threats was initially daunting for me. But then again, that’s why there are frameworks, controls, and tools that can help strengthen the organization’s security posture. So, how do I put all these strategies to work? I’m eager to find out in the courses to come. Stay tuned for more insights on the path ahead!