We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
“Our freedom, our individual liberties, our economic independence, and our national security are
inextricably intertwined with the strength and security of our computer and cloud networks.” (Preface, p. VII)
This is the new reality we face in today’s cyber world. How do we protect our most critical cyber assets? What steps are necessary within companies and between organizations? Those are the questions Paul Ferrillo and Christophe Veltsos answer in their book, Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives.
This book is a must-read for any manager, director, or executive responsible for keeping their organization’s systems and data safe. The ten chapters that make up the meat of the book provide brief explanations as well as goals for anyone responsible and accountable for security. Chapters cover a wide range of cyber topics, such as federal regulations, cybersecurity oversight and governance, cybersecurity insurance, cyber risk management and reporting, the NIST Cybersecurity Framework, spear phishing, incident response, artificial intelligence and machine learning, and cloud computing.
The real value of this book is in asking the right questions rather than pretending to have all of the answers. Along with critical questions are vignettes direct from security leaders, allowing readers to learn from their experiences. While this book is meant for executives, it’s a good reference for all cybersecurity professionals to understand why and how to Take Back Control of Your Cybersecurity Now.
Executives today are under fire. There is constant news of cyber breaches and more regulations to keep them up at night. Many lack the background on the strategies, tactics, and technologies required to adequately protect their organization’s crown jewels. The ever-changing cybersecurity technology is also daunting. That’s the niche filled by Take Back Control of Your Cybersecurity Now. The authors, Paul Ferrillo and Dr. Christophe Veltsos, provide not only timely answers but also the questions executives need to ask to help guide their companies through the cybersecurity storm. The subtitle, Game Changing Concepts on AI and Cyber Governance Solutions for Executives describes new technologies affecting our world and how executives can leverage them for not only security but also efficiency.
Both Paul and Chris have a long history with information security. Paul is legal counsel in Weil, Gotshal & Manges’s Litigation Department and Cybersecurity, Data Privacy & Information Management practice, where he focuses primarily on cybersecurity corporate governance and risk management issues. Chris – aka DrInfoSec™ – is both a university faculty member and an InfoSec practitioner. Both authors are passionate about helping organizations take stock of their cyber risks and manage those risks across the intricate landscape of technology, business, and people.
Many in management don’t have time to read tomes. Take Back Control provides short, targeted messages with action items throughout that are easy for anyone to follow. It’s not a book that has to be read from start to finish, but can be used as a reference whenever you hit a cybersecurity snag. You get the mission-critical information up front, followed by the tools and critical questions to help you improve your cybersecurity posture.
Take Back Control is actually the second edition of the book. The first, titled Navigating the Cybersecurity Storm: A Guide for Directors and Officers was written for a similar purpose: to guide decision-makers through the swampy cybersecurity waters. The second edition provides insights on technological innovations that are now prevalent on the security battlefield, such as cybersecurity automation, orchestration, machine learning, deep learning, and artificial intelligence. Paul and Chris collaborated on updating and adding content to ensure the book continues as a primary resource for decision-makers.
Time to Take Back Control of Your Cybersecurity
The preface and first chapter offer a reality check about today’s perilous cybersecurity environment. Each provides background to the book’s purpose, why executives need to care about their organization’s cybersecurity posture, and tools for getting it done, together. Paul and Chris balance the bad news with the good. There are many tools available to fight the battle. Many are simply a change in culture, policy, and practice. For most, ignorance and complacency are the enemy, and collaboration is king. “Cybersecurity is the ultimate team sport. We are all in this fight together. It is time to act, and there is no better time than right now.”
For those who are new to cybersecurity, this book also shows why you need to care. Chapter 1 contains an explanation of threat actors who want to disrupt your business. It is important for readers to be aware of the new reality of cyberthreat actors and their threat vectors for attack. The authors provide many examples here to prove, “it’s not if, but when.”
Each chapter starts with a purpose with a corresponding three to five takeaways. There are stories in each chapter than explain “why” and “how” to accomplish the goals. The authors provide many references throughout where you can learn more on the particular chapter’s topic. The extensive reference lists at the end of each chapter demonstrate the level of detail they went through to vet the concepts and provide significant value.
How to Do It
The ten chapters that make up the meat of the book (Chapters 2 through 11) deliver insights for managing security and technology for anyone responsible and accountable for security. Chapters cover a wide range of cyber topics, such as: federal regulations, cybersecurity oversight and governance, cybersecurity insurance, cyber risk management and reporting, the NIST Cybersecurity Framework, spear phishing, incident response, artificial intelligence and machine learning, and cloud computing. They provide hope for all organizations, no matter the size, structure, or function, waking up to the realization that cybersecurity isn’t an issue that should be relegated to the IT department.
Below is a brief overview of each chapter to show how you can take back control of your cybersecurity:
Don’t Abandon Ship
Chapter 12 brings it all together by reminding us of the key points of the book. For those who are short on time, you may want to read this after Chapter 1. It provides action items applicable to all organizations. Some cost money; some cost little. But all of them will take you toward a more secure tomorrow.
Take Back Control of Your Cybersecurity Now is a book for anyone fighting strategic battles on the cyber warfront. Paul and Chris, two “Cyber Avengers,” have taken their experiences on the battlefront and digested them into an easy-to-read book segmented into very timely and applicable chapters. They cover a number of sensible and critical concepts that are changing how we fight this war. For executives, this is a must-read. While others may not see the value, it provides insights on strategies, tactics, techniques, and technologies affecting everyone in our connected world. It is for this reason that I recommend it as a Cybersecurity Canon book.