This Cybersecurity Foundation level course is designed for those who want to embark a career path in this domain but not sure how to start and move forward.
At the end, this foundation level course suggests further study and provide a 8 step guide on how to to begin your new career.
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Cybersecurity Fundamental Course by Haris Chughtai.pdf
1. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity Fundamentals
Instructor: Haris Chughtai (Linkedin)
dc.expert123@gmail.com
Dated: 2024
2. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai
Cybersecurity Fundamental
2
Course Content
● Course Outline
○ Cybersecurity - People, Process, Technology
○ Information Security Triad - CIA
○ Threat Surface, Threat Actors and their movies
○ Common Cyber Attacks
○ Governance, Risk & Compliance (GRC)
○ Blue, Red & Purple teams
○ Cryptography (Encryption & Decryption)
○ Digital Signature & Certificates
○ Security Services - Firewalls, EDR/MDR/DR,
Email Protection, Cloud, Data, Application
Security etc
○ Security Management & Security Operations
Center (SOC)
○ Incident Response, Business Continuity Plan,
Disaster Recovery
3. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
U N D E R S TA N D I N G CY B E R S E C U R I TY
3
● Cybersecurity is the practice of protecting systems, networks, and
programs from digital attacks
● In this section we will study the basics concepts of Cybersecurity
4. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Why Cybersecurity is important?
4
Cyberattacks are constantly increasing
Ref: Field Effect Cybersecurity 101 eBook
5. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
What is Cybersecurity?
5
● Cybersecurity is not just about technology, rather it is a framework of People, Process & Technology designed
to protect systems, networks, programs, devices and data from cyber attacks.
► People need to understand the potential risks, their roles and responsibilities, and how their actions can
impact the overall security of the organization
► Process refers to the set of procedures and policies in place to guide the interaction between people and
technology
► Technology refers to the set of cybersecurity technologies deployed to provide the protection. Examples
include Firewalls, SIEM, AntiVirus/Endpoint Protection etc
● https://www.youtube.com/watch?v=n_kKEimNhgY
6. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity CIA
● CIA Triad (Confidentiality, Integrity & Availability) is a model designed to guide policies for
information security within an organization.
6
● Confidentiality is roughly equivalent to privacy. Confidentiality measures
are designed to prevent sensitive information from unauthorized access
attempts. It is common for data to be categorized according to the amount
and type of damage that could be done if it fell into the wrong hands. More
or less stringent measures can then be implemented according to those
categories.
● Integrity involves maintaining the consistency, accuracy and
trustworthiness of data over its entire lifecycle. Data must not be changed
in transit, and steps must be taken to ensure data cannot be altered by
unauthorized people (for example, in a breach of confidentiality).
● Availability means information should be consistently and readily
accessible for authorized parties. This involves properly maintaining
hardware and technical infrastructure and systems that hold and display
the information.
7. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Data Privacy & Protection
7
● Data privacy is a guideline for how data should be collected or handled, based on its sensitivity and importance. Data privacy is
typically applied to personal health information (PHI) and personally identifiable information (PII). This includes financial
information, medical records, social security or ID numbers, names, birthdates, and contact information.
○ Data Privacy defines the ability of a person to determine for themselves when, how, and to what extent personal
information about them is shared with or communicated to others.
● Data protection signifies the strategic and procedural steps undertaken to safeguard the privacy, availability, and integrity of
sensitive data, and is often interchangeably used with the term ‘data security.’
8. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Authentication vs Authorization
● Authentication - The act of identifying
or verifying the eligibility of a station,
originator, or individual to access specific
categories of information.
● Authorization - The right or a
permission that is granted to a system
entity to access a system resource
8
9. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Information Security Risk
● Information security risk reflects the potential adverse impacts that result from the possibility
of unauthorized access, use, disclosure, disruption, modification or destruction of information
and/or information systems.
● Risk Management - Identification, Assessment, Treatment etc. By applying risk management, we
were able to assess and prioritize the risks to an organization (e.g. asset vulnerabilities that can
be exploited by threats). An organization can decide whether to:
○ Accept the risk (ignoring the risks and continuing risky activities)
○ Avoid the risk (ceasing the risky activity to remove the likelihood that an event will occur)
○ Mitigate the risk (taking action to prevent
○ Reduce the impact of an event), or transfer the risk (passing risk to a third party)
9
10. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Information Security Risk
10
Risk Matrix
11. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
○ Non-repudiation - The inability to deny taking an action such
as creating information, approving information and sending or
receiving a message.
In simple terms non-repudiation in information security is the
ability to prevent a denial in an electronic message or
transaction.
Security Controls
11
○ Security Controls act as safeguards or
countermeasures prescribed for an
information system to protect the
confidentiality, integrity and availability of the
system and its information. Implementation of
security controls is expected to reduce risk to
an acceptable level
○ Three types of security controls
a. Administrative controls
b. Physical controls
c. Logical/Technical controls
i. MAC - Mandatory Access Control
ii. DAC - Discretionary Access Control
iii. RBAC - Role Based Access Control
12. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
CY B E R
T H R E AT A CT O R S
12
● In this section we will discuss some of the common cyber threat sources
and the risks they pose to organization’s digital assets
13. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Threat Surface
13
Threat Actors & Motivation
Attack Surface Definition: All the parts of your IT network where cyber
criminals could identify security gaps, holes, or other potential
vulnerabilities, and gain access.
14. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity Common Attacks
14
● Common types of Cybersecurity Attacks
○ Eavesdropping, IP-Spoofing, MiTM (Man in the Middle )
○ Phishing, Whale-phishing, Spear-Phishing, Drive-by Download,
Trojan Horse, Botnets
○ Denial of Service (DoS)
○ Brute force, Password/Dictionary
○ URL interpretation, DNS-Spoofing
○ Trojan Horse
○ SQL Injection, Cross-Site-Scripting/XSS
○ Cryptojacking
○ Ransomware
● Some of technologies used for security enforcements to mitigate
cyber attacks
○ Firewalls, EDR/MDR/XDR, SIEM, SOAR, Vulnerability Assessment,
Penetration Tests etc
https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks
15. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Threat Actors & Risks
● Threat Actors: APT, Botnet/Zombies, Malware/Virus, Social
Engineering (Phishing, Vishing, Smishing), Ransomware, DDoS etc
● Cyber Risk: Cyber risk is based on the probability of a bad event
happening to your business's information systems, leading to the
loss of confidentiality, integrity, and availability of information
15
16. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com) 16
Advanced Persistent Threats -APTs
● An advanced persistent threat (APT) is a
well-resourced adversary engaged in
sophisticated malicious cyber activity that is
targeted and aimed at prolonged
network/system intrusion.
● APT objectives could include espionage,
data theft, and network/system disruption
or destruction.
17. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
C R Y PT O G R A P H Y
17
● Cybersecurity is framework of People, Process & Technology designed to
protect systems, networks, programs, devices and data from cyber attacks
● In this section we will discuss some of the commonly used encryption
technologies to provide data protection
18. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Digital Encryption
● Encryption is a way to conceal information by altering it so that it appears to be random data.
Encryption is essential for security on the Internet.
18
● Encryption algorithm is the method used to transform data into ciphertext. Like a physical
key, it locks (encrypts) data so that only someone with the right key can unlock (decrypt) it.
● A cryptographic/encryption key is a string of characters used within an encryption
algorithm for altering data so that it appears random/cipher.
19. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Types of Encryption
19
● Encryption is a very essential cybersecurity techniques as it provides various advantages including Privacy,
Security, Data Integrity and help compiling with government regulatory and compliance standard e.g. HIPAA,
GDPR, PCI-DSS etc
● There are two encryption mechanisms - Symmetric & Asymmetric
Symmetric - only one key used by sender &
receiver for both encryption and decryption
Asymmetric - different keys (Public & Private)
are used for encryption and decryption.
Symmetric Encryption
(same Key)
20. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Key Differences of Symmetric & Asymmetric Encryption
20
https://www.youtube.com/watch?v=ERp8420ucGs
21. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
How Encryption helps securing Internet
● Encryption is foundational for a variety of technologies to keep communication secure
● Almost all newer application support encryption e.g. Email, WhatsApp, Instagram, Facebook, Signal, Telegram, Web Browsers
etc
● Encryption is especially important for keeping HTTP requests and responses secure. The protocol responsible for this is called
HTTPS (Hypertext Transfer Protocol Secure). A website served over HTTPS instead of HTTP will have a URL that begins with
https:// instead of http://, usually represented by a secured lock in the address bar.
● HTTPS uses the encryption protocol called Transport Layer Security (TLS). In the past, an earlier encryption protocol called
Secure Sockets Layer (SSL) was the standard, but TLS has replaced SSL. A website that implements HTTPS will have a TLS
certificate installed on its origin server.
● Understanding Encryption further
https://www.youtube.com/watch?v=TImdsUglGv4
https://www.youtube.com/watch?v=WqoJOD9_8WY
21
22. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Digital Signature & Certificates
● A digital signature is a mathematical technique used to validate the authenticity and integrity of
a digital document, message or software.
● A digital certificate is a file or electronic password that proves the authenticity of a device,
server, or user through the use of cryptography and the public key infrastructure (PKI). Digital
certificate authentication helps organizations ensure that only trusted devices and users can
connect to their networks.
● The Public key infrastructure (PKI) is the set of hardware, software, policies, processes, and
procedures required to create, manage, distribute, use, store, and revoke digital
certificates and public-keys.
22
23. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Organization can use Public or Private PKI
23
● Public PKIs are automatically trusted by
client software, while private PKIs must
be manually trusted by the user (or, in
corporate and IoT environments,
deployed to all devices by the domain
administrator) before any certificates
issued by that PKI can be validated.
● Understanding, Public, Private Leys &
PKI in further details
https://www.youtube.com/watch?v=0ctat6RBrFo
24. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
CY B E R S E C U R I TY S E R V I C E S
24
● Cybersecurity is framework of People, Process & Technology designed to
protect systems, networks, programs, devices and data from cyber attacks
● In this section we will discuss some of the commonly used technologies to
provide protection from cyber attacks
25. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
25
● Network Security: Network security focuses on protecting an organization's computer networks
from unauthorized access, attacks, and data breaches. It involves the implementation of firewalls,
intrusion detection and prevention systems, virtual private networks (VPNs), and other technologies to
secure network infrastructure.
● Note: When talking about Network Security, keep in mind that WiFi has replaced many of our wired networks,
mainly because of its ease of use. However it also brings security issues, therefore securing Wi-Fi, e.g., using
WPA2, is very important.
26. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
● Email Security: Email security involves the strategic set of measures and techniques used to
protect email-based communications, effectively preserving the confidentiality, integrity, and
availability of email messages.
26
27. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
● Endpoint Detection & Response (EDR): EDR provides an organization with
the ability to monitor endpoints for suspicious behavior and record every
single activity and event. It then correlates information to provide critical
context to detect advanced threats and finally runs automated response
activity such as isolating an infected endpoint from the network in near
real-time.
● Xtended Detection & Response (XDR): is the evolution of EDR, Endpoint
Detection, and Response. While EDR collects and correlates activities across
multiple endpoints, XDR broadens the scope of detection beyond endpoints
to provide detection, analytics, and response across endpoints, networks,
servers, cloud workloads, SIEM, and much more.
● XDR provides a unified, single pane of glass view across multiple tools and
attack vectors. This improved visibility provides contextualization of these
threats to assist with triage, investigation, and rapid remediation efforts.
● Managed Detection & Response (MDR) MDR works by integrating a
security platform with analytics and expert-led services to provide threat
detection and response recommendations across cloud, hybrid, and
on-premises environments and endpoints. Typically it is a category of a
Security-as-a-Service offering, where an organization outsources some of its
security operations to a third-party Managed Security Service Provider.
27
28. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
● Application Security: Application security is concerned with protecting software applications
from vulnerabilities and ensuring that they are developed, deployed, and maintained securely.
This involves code reviews, penetration testing, and the use of secure coding practices to
prevent exploitation of application weaknesses.
28
Users accessing
29. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
29
● Data Security: Data security involves
protecting sensitive information from
unauthorized access, disclosure,
alteration, and destruction. This
includes encryption, access controls,
data loss prevention (DLP), and
backup strategies to ensure the
confidentiality and integrity of data.
30. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
● SIEM- Security Information & Event Management:SIEM stands for
security, information, and event management. SIEM tools aggregate log
data, security alerts, and events into a centralized platform to provide
real-time analysis for security monitoring.
● SIEM technologies helps organizations detect, analyze, and respond to
security threats before they harm business operations
● Security operation centers (SOCs) invest in SIEM software to streamline
visibility of log data across the organization’s environments, automate
security workflows, detect and respond to cyber threats, and adhere to
compliance mandates.
30
31. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
● IAM - Identity & Access Management: IAM is focused on managing and controlling user access
to systems and data. It involves authentication processes, authorization mechanisms, and the
enforcement of least privilege principles to ensure that only authorized individuals have access
to specific resources.
31
32. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Services
● Cloud Security: With the increasing
adoption of cloud services, cloud
security has become a critical
component. It focuses on securing data,
applications, and infrastructure in cloud
environments. This includes
implementing access controls,
encryption, and monitoring for
cloud-based resources.
32
Cloud
33. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
S E C U R I TY M A N A G E M E N T
33
● Cybersecurity is framework of People, Process & Technology designed to
protect systems, networks, programs, devices and data from cyber attacks
● In this section we will discuss the typical teams and programs run to
protect organization’s digital assets
34. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity Management/Governance
● Cybersecurity Management is a typical set of Security Activities Executed by the organization to
maintain their security posture to the adequate level
● Typical security activities involved in Security Management
○ Security Infrastructure - Implementing adequate information security controls
○ Security Prevention - Assuring security through vulnerability management and penetration testing (Red
& Blue teams)
○ Compliance and Compliance/Validation - Complying and validating with various standards (e.g. NIST,
ISO, GDPR, HIPAA, PCI-DSS, SOC-2, FedRamp etc)
○ Security Operations Center (SOC): 24x7 Monitoring, detecting & responding to the security incidents
34
35. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Red,Blue,Purple Teams
35
● The Red, blue and purple teams simulate cyberattacks and incident
responses to test an organization's cybersecurity readiness.Their primary job
involves mimicking real-life security threats, identifying vulnerabilities,
enhancing information security, and strengthening defenses.
► Red — A red team is a group that pretends to be an enemy, attempts a
physical or digital intrusion against an organization at the direction of that
organization, then reports back so that the organization can improve their
defenses. Red teams work for the organization or are hired by the organization.
► Blue — The group responsible for defending an enterprise's use of
information systems by maintaining its security posture against a group of mock
attackers (i.e., the Red Team).
► Purple — Purple teams act as an intermediary that allows Red and Blue
teams to communicate. Purple teaming is a cybersecurity testing exercise in
which a team of experts take on the role of both red team and blue team, with
the intention of providing a stronger, deeper assurance activity delivers more
tailored, realistic assurance to the organization being tested.
36. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity GRC
36
GRC - Governance, Risk & Compliance: GRC is a comprehensive
approach to manage organization’s cybersecurity that
incorporates three key components: governance, risk
management, and compliance.
► Governance — Aligning processes and actions with the
organization's business goals
► Risk — Identifying and addressing all of the organization's risks
❖ Risk = Impact * Probability
► Compliance — Ensuring all activities meet legal and regulatory
requirements
❖ Common Compliance Frameworks e.g. NIST, GDPR,
PCI-DSS, HIPAA, ISO, FedRamp, SOC
37. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity Management
37
Security management covers all aspects of
protecting an organization's assets – including
computers, people, buildings, and other assets
38. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com) 38
Key Functions of a Typical SOC
39. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Security Operations Center (SOC)
39
40. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Incident Response (IR)
● IR is an organizational process that enables timely & effective response to cyber attacks
● Incident Response plan responds to abnormal operating conditions to keep the business
operating
● The four main components of Incident Response are:
○ Preparation
○ Detection and Analysis
○ Containment, Eradication and Recovery
○ Post-Incident Activity
● Incident Response teams are typically a cross-functional group of individuals who
represent the management, technical and functional areas of responsibility most directly
impacted by a security incident.
40
41. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Business Continuity Plan (BCP)
● The main focus of business continuity is to keep the
operations running during crisis
● Components of the Business Continuity Plan (BCP)
include details about how and when to enact the plan
and notification systems and call trees for alerting the
team members and organizational associates that the
plan has been enacted
● The plan provides the team with immediate response
procedures and checklists and guidance for
management
● Business Impact Assessment (BIA) - Identify and
prioritize the risks
41
42. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Disaster Recovery (DR)
42
● When both the Incident Response (IR) and Business Continuity (BC) plans fail, the Disaster Recovery
(DR) plan is activated to return operations to normal as quickly as possible
● The Disaster Recovery (DR) plan may include the following components:
○ executive summary providing a high-level overview of the plan
○ department-specific plans
○ technical guides for IT personnel responsible for implementing and maintaining critical
backup systems
○ full copies of the plan for critical disaster recovery team members, and checklists for certain
individuals
Understand the terminologies: High Availability (HA), Fault Tolerance (FT), Single Point of Failure (SPOF)
43. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai 43
What’s Next?
(Additional Reference
Study & Practice Tools)
44. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Gain Additional Cybersecurity Knowledge to make a career
A. Start with Youtube Courses
a. Simplilearn Cyber Security Course (11 hours single video)
b. Edureka Cyber Security Training For Beginners (61 videos)
c. Google Cybersecurity Certification Course (18 videos)
B. Enrich your Theoretical Concepts from other online material
a. Codecademy - Introduction to Cybersecurity (3 Hours)
b. Fortinet Training Videos of FCF, FCA, FCP self-paced courses
c. ISC2 - Certified in Cybersecurity (CC) Course Material
d. Cisco Academy learning Study the free courses
44
45. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity Practice Project & Tools
A. Student may pick one from this Youtube video
B. There are several free and open-source cybersecurity tools that students can use for hands-on learning and labs. Here's a list
of some popular ones:
45
● Wireshark: A network protocol analyzer that allows students to capture and analyze
the data traveling back and forth on a network.
● Nmap (Network Mapper): A powerful open-source tool for network exploration and
security auditing.
● Metasploit: A penetration testing framework that helps students develop and execute
exploit code against a remote target.
● Kali Linux: A Debian-based Linux distribution specifically designed for digital forensics
and penetration testing. It comes pre-installed with various cybersecurity tools.
○ One of the best is Kali OS. Inside Kali lot of software are natively available in
there
○ Download its VM from https://www.kali.org/ and run and use there softwares
● OWASP ZAP (Zed Attack Proxy): An open-source security tool for finding vulnerabilities
in web applications during the development and testing phase.
● Burp Suite Community Edition: A set of tools for testing web security. The Community
Edition is free and includes various features for web application security testing.
● Ghidra: A software reverse engineering (SRE) framework developed by the National
Security Agency (NSA). It helps students analyze malicious code and understand
software internals.
● Snort: An open-source intrusion detection and prevention system
(IDS/IPS) that can be used to detect and prevent network attacks.
● OpenVAS: The Open Vulnerability Assessment System is a powerful
open-source vulnerability scanner.
● Hashcat: A password recovery tool that supports various hashing
algorithms and can be used for password cracking.
● Cuckoo Sandbox: An open-source automated malware analysis system
that can be used to analyze suspicious files and behavior.
● OSINT Framework: A collection of various tools and resources for
open-source intelligence (OSINT) gathering.
● Volatility: An open-source memory forensics framework that allows
students to analyze volatile memory dumps.
● Security Onion: A Linux distribution for intrusion detection, network
security monitoring, and log management.
● YARA: A pattern-matching tool for identifying and classifying malwar
46. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Cybersecurity Certification to start career
A. Write at least a few of the following beginner level exams:
a. Certified in Cybersecurity (CC) - ISC2 (free for now)
b. Fortinet Certification of FCF &, FCA (free self paced training)
c. Google Cybersecurity Professional - (7 days free, later $49/month with access to all
courses and certifications - Financial aid option available)
d. Comptia Security+ (Paid but valuable)
46
47. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
8 Steps to start a fresh Cybersecurity career
1. Know the stuff - Develop intermediate level knowledge in your desired domain
2. Do a small project or Lab or use a freely available tools to polish your skills.
a. Here is a list of some of the resources
3. Obtain some career certifications as a proof that you know the stuff
4. CV - Build a ‘neat’ Resume
5. Create Linkedin Profile with ‘open to work’ to attract recruiters
6. Prepare well for the upcoming interviews
7. Have some Professional References handy
8. Start job Hunting - searching for a job is itself a full time job :-)
Good luck !
47
48. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Course developed & delivered by Haris Chughtai
Train your brain to be
a growth mindset!
48
Keep learning, keep
growing
49. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com)
Keep learning,keep growing
49
Learning is not attained by
chance; it must be sought for with
ardor and diligence.”
– Abigail Adams
50. Course developed & delivered by Haris Chughtai (dc.expert123@gmail.com) 50