- Security TWENTY
- Women in Security
Author Roger A Grimes
ISBN No 978-1-119-39621-5
Review date 19/05/2019
No of pages 320
Publisher URL http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119396212.html
Year of publication 23/08/2017
'Hackers don't have to be brilliant. I'm living proof of that,' is a disarming remark by the author of Hacking the Hacker: Learn From the Experts Who Take Down Hackers.
He introduces two dozen or more cyber-security people (mainly men, but some women), starting with the author Bruce Schneier. For the author, their stories and his own are proof that 'the best and most intelligent hackers work for the good side'. They get to exercise their minds, and get well paid. The author soon disabuses us of the Hollywood idea that hackers are automatically bad people, who can guess or steal any passwords, living on energy drinks. Grimes suggests that hackers can be good or bad, defenders or maliciously criminal, wreckers. "It's just that the attacker usually gets more press."
Hackers, Grimes argues, are people with curiosity, who test boundaries, without crossing those boundaries to do harm or commit a crime. Hackers, whether defenders or malicious, are looking for weaknesses; so they have to be persistent, until they find the weakness that undermines the whole defence perimeter.
Grimes sets out how hacking is an ethical matter; like private investigators, they have to decide whether they are to stay in the law (which implies knowing what it is) or not. Are you going to break into a mobile phone, or emails, or a server, because an employer or client or mate asks you to? Are you a white-hat (who does good) or a black-hat (who does unethical or illegal things) or a grey-hat (someone who pretends they are a white-hat, but do black-hat things).
As that implies, in computer matters things can be invisible. Grimes' achievement in Hacking the Hacker, that's true of far from all cyber books, is that besides an easy, engaging style of writing he shows us, without cinema or other illusions, people working on computer security to be thinking people like the rest of us, with choices. And, as the case of another of the two dozen shows, someone can change, start as a black-hat but become a white-hat, like famously Kevin Mitnick.
Besides having the endearing trait of naming several books in the same field as his that he rates, Grimes makes a powerful and useful case that 'the defenders are the smartest hackers'; they are the really impressive ones, who not only have to know what the malicious hackers might do, but are builders, and closers of holes in code. As someone doing penetration testing for a living, Grimes broke into every network he was hired to try to break; but only so as to better defend it against others. To break in out of malice or for criminal purposes is not only wrong; Grimes makes the arguably more compelling case that it's not personally or professionally satisfying.
Grimes, then, does take us through computer issues such as connected cars and cryptography, firewalls, DDoS attacks and 'intrusion detection', but is mercifully light on computing terms; instead he talks in human terms, of 'social engineering' and penetration testing.
The only hitch with the book is that in the case of Schneier and Brian Krebs, an interested reader can read their own books, or for free their blogging. It would be a pity not to do something as old-fashioned as buy this book by Grimes, and offer it to a young man or woman who shows an aptitude for computers. You could after all buy it as an ebook. In the last few pages of the book, indeed, Grimes offers a 'Guide for Parents with Young Hackers' before a few pages of a hacker's 'code of ethics'.