Author: Jessica Barker
ISBN No: 9781789663402
Review date: 23/04/2024
No of pages: 239
Publisher: Kogan Page
Publisher URL:
https://www.koganpage.com/product/confident-cyber-security-9781789663402
Year of publication: 06/10/2020
Brief:
price
£14.99, paperback
Jessica Barker’s book is welcome and enjoyable, and full of good advice, writes Mark Rowe.
So many books about cyber-security give off the whiff that it’s rather hard work – both for those non-cyber people who are users of IT (and are commonly damned as ‘the weakest link’), and for the cyber professionals trying to shore up systems in technical terms, or educate or mitigate the worst errors of the (dumb) non-professionals.
Jessica Barker pulls off the trick of avoiding all that, while not dumbing the subject down. While she does devote pages to the technical side of cyber, she never weighs the book down with malware or firewalls – sensibly, as that technical detail changes with the years in any case. She pulls off another trick by speaking to two different audiences – the non-cyber specialists who want to know some more, to be secure when online, and those who have in mind to make cyber a career.
As she sets out right away, while some love to work in cyber security because of the technical challenge, others are drawn to it to help others – like the rest of security, it’s a service (something easily overlooked). Most, she point out, have curiosity in common, and the enjoyment of solving puzzles (why has that stopped working, what is the reason for that spike in network traffic?).
She starts by disarmingly admitting – like many in all branches of security – that she never expected to have a successful career in cyber security, or any tech field; ‘having finished my PhD and not knowing what to do, I was head-hunted by a cyber-security consultancy’, while not knowing what cyber was.
Like other Kogan Page books about business, besides a clear and readable writing style, and chapters well broken up to be digestable, the author walks us through the subject, from the very basics. We get a variety of explanations, case studies, and exercises, which all serve to reinforce the learning.
She talks impeccably of cyber in terms of risks – such as social engineering attacks. She sensibly does not omit ‘the physical side of cyber security’ – for what is the point of protecting the zeroes and ones of information, if someone can download stuff onto a memory stick and walk out the door with it?!
She talks in terms of ‘how organisations can better prepare themselves’ and then individuals; and case studies include the pop singer Taylor Swift and ‘social media influencers’, rather than the more worthy but dull factories and power stations. As that suggests, this is not a comprehensive study of the subject, nor has the author tried to achieve that; rather, it’s an introduction to the topic, ‘how to get started’, as the sub-title says.
A particularly important and useful chapter is the penultimate one on cyber ‘at the board level’. Cyber, she says, is too often still seen ‘as a technical domain’, whereas cyber risks ought to be captured and managed ‘in business terms’; ‘cyber security should be addressed at the board level just like any other business risk’. Hence that need for some board members to understand the ‘business context’. Again, it’s all about risk; knowing your organisation, your appetite and tolerance for risks, what information (for Jessica Barker, cyber is about info, not the computers that hold the data) is critical to the business. A board has to ask the right questions as much as grasp the answers, for example about moving to cloud computing from ‘on-prem storage’, all the rage due to the pandemic lockdown and home working.
For the reader already in the security industry, the last chapter on pursuing a career may be the one you want to turn to first. As the author notes: “There are lots of ways into a cyber security job, but none one way.” That can be a benefit, ‘but can feel overwhelming if you’re looking to get a foot in the door’.
While Jessica Barker does run through university qualifications, and vendor certifications, she dwells on what employers want, and what attributes are good in employees: an ethical and moral code, curiosity, a desire to learn, an acceptance that you don’t know everything (‘and that’s ok’); empathy, situational awareness (your own observational skills – was that someone trying to tail-gate you at the entrance?), spotting patterns (what ‘normal’ looks like) and last but not leat, ‘a level of communication skills’, whether inside a cyber team, in a written report, or (the staple of all security) how to explain that security is not about blocking business that non-security employees try to work around.
She closes by urging upon cyber industry people ‘a learning mindset’ – learn all you can, while not putting pressure on yourself to know everything.
About Jessica Barker; a regular writer and speaker, she was among the speakers at the virtual Infosecurity Europe 2020 event in the summer. She is co-founder and co-CEO of the cybersecurity consultancy Cygenta. Visit https://www.cygenta.co.uk/about.
She also blogs regularly; visit https://blog.cygenta.co.uk/.
