What Is a Network and Why Should You Care?

The foundation of every cybersecurity career starts here.

If you want to work in cybersecurity, you need to understand networks. It doesn't matter if you want to be a penetration tester, a SOC analyst, or a security architect. Networks are the foundation on which everything else sits. So let's start at the beginning.

What is a network?

A network is a collection of two or more devices connected so they can share information. Is your phone talking to your Wi-Fi router? That's a network. A company's 500 computers are all connected to shared servers? Also, a network. In 2026, your smart thermostat, doorbell camera, and voice assistant are all on your home network, too. The average household has over 20 connected devices.

Think of it like a road system. Houses are devices. Roads connect Ethernet cables, Wi-Fi signals, and fiber-optic lines. Data is the traffic moving between them. Some roads are neighborhood streets, others are highways. The basic idea is always the same: connect point A to point B.

What's changed is the scope. Networks used to be mostly physical cables in a building. Now, a massive portion of business networking happens in the cloud, AWS, Azure, and Google Cloud. Companies create virtual networks, subnets, and security groups defined entirely in software. The concepts are more complex, but the fundamentals haven't changed.

Types of networks you'll encounter

LAN (Local Area Network) - a network in a small area. Your home network, an office building—devices connected by Ethernet or Wi-Fi. When a SOC analyst monitors the 'internal network,' they're usually talking about the LAN.

WAN (Wide Area Network) - connects networks that are far apart. A company with offices in multiple cities uses a WAN. The Internet is the InternetWAN. 'Perimeter defense' refers to the boundary between your LAN and the WAN.

WLAN (Wireless Local Area Network) - a LAN over Wi-Fi. Introduces additional attack vectors, such as evil twin attacks, rogue access points, and over-the-air packet sniffing.

Cloud and Virtual Networks - when companies run infrastructure on cloud platforms, they create virtual networks (VPCs, subnets, security groups) defined in software. Same fundamental rules, different implementation. If you're going into cybersecurity, you will encounter cloud networking.

How data actually moves

Your data doesn't travel as one big chunk. It gets broken into smaller pieces called packets. Each packet contains the data plus metadata indicating where it came from, where it's going, and the order for reassembly.

Imagine mailing a book, but the postal service only accepts envelopes. You tear the book into sections, number them, and address each envelope. They arrive out of order through different post offices. Your friend reassembles them using the numbers. That's packet switching.

Every packet has a header containing the source IP, destination IP, protocol, and sequence number. Security tools like Wireshark capture these packets so you can inspect exactly what's being sent and where it's going. Understanding packets is foundational to network analysis.

TCP is like a certified mail handshake, confirmation, and retransmission. UDP is like dropping a postcard aster, no guarantee. Web browsing uses TCP. Video streaming uses UDP. Different applications are chosen based on whether reliability or speed matters more.

Why this matters for cybersecurity

Every attack happens on a network. Malware spreads over networks. Phishing emails travel over networks. Data exfiltration requires a network. Ransomware communicates with command-and-control servers over the network. Without understanding networks, you can't understand attacks. And without understanding attacks, you can't defend against them.

Analysts need to know what normal looks like before they can spot abnormal. Is that device sending data to an unfamiliar IP at 3 AM? Is a workstation generating unusual DNS queries? Is there traffic on an unexpected port? These questions require networking fundamentals.

AI-powered security tools are making detection easier. IEMs use ML to baseline behavior and flag anomalies, and AI SOC agents can triage alerts autonomously. But the analyst still needs to understand what the tools are telling them. AI flags the anomaly. You determine whether it's a threat. That judgment requires networking knowledge.

Key terms to know

Protocol - rules devices follow to communicate. HTTP, TCP, DNS, and DHCP are all protocols.

Bandwidth - how much data can flow at once—the width of the pipe.

Latency - how long data takes to travel. Low = fast, high = slow. Can indicate attacks or misrouting.

IP Address - every device's network identity. Public IPs face the internet; private IPs are inside your LAN.

Port - if an IP is a building address, a port is the apartment number. HTTP uses 80, HTTPS uses 443, and SSH uses 22.

Firewall - monitors and controls traffic based on rules. The bouncer at the door.

Bottom line

Networks are the playing field. Attackers and defenders both operate on them. Before you can understand firewalls, intrusion detection, or packet analysis, you need to know what a network is and how data moves through it. Next up: IP addresses, how they work, why they matter, and the difference between public and private.