ebook img

Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership PDF

313 Pages·2020·10.522 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership

TRIBAL KNOWLEDGE FROM THE BEST IN CYBERSECURITY LEADERSHIP TRIBE OF HACKERS SECURITY LEADERS MARCUS J. CAREY JENNIFER JIN Tribe of Hackers securiTy Leaders Tribe of Hackers securiTy Leaders TRIBAL KNOWLEDGE FROM THE BEST IN CYBERSECURITY LEADERSHIP Marcus J. carey & JeNNifer JiN Copyright © 2020 by Marcus J. Carey and Jennifer Jin Published simultaneously in Canada ISBN: 978-1-119-64377-7 ISBN: 978-1-119-64379-1 (ebk.) ISBN: 978-1-119-64376-0 (ebk.) Manufactured in the United States of America No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Control Number: 2020933611 TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. 10 9 8 7 6 5 4 3 2 1 Contents Acknowledgments vii Introduction viii 01 Marcus J. Carey 1 02 Ian Anderson 6 03 James Arlen 14 04 Mark Arnold 25 05 Andrew Bagrin 31 06 Zate Berg 36 07 Tash Bettridge 46 08 Philip Beyer 50 09 Kyle Bubp 58 10 Joanna Burkey 64 11 Bill Burns 70 12 Lesley Carhart 78 13 Christopher Caruso 83 14 Mike Chapple 91 15 Steve Christey Coley 98 16 Jim Christy 102 17 Chris Cochran 110 18 Edward Contreras 114 19 Dan Cornell 117 20 Mary Ann Davidson 124 21 Kimber Dowsett 132 22 David Evenden 136 23 Martin Fisher 141 24 Chris Hadnagy 147 25 Andrew Hay 153 26 Mark Hillick 157 27 Terence Jackson 165 28 Tanya Janca 168 29 David Kennedy 174 30 Joe Krull 180 31 Robert M. Lee 188 32 Rafal Los 194 33 Tracy Z. Maleeff 199 34 Jeff rey Man 202 35 Angela Marafi no 209 v vi • Contents 36 James Medlock 212 37 Kent Nabors 221 38 Charles Nwatu 228 39 Greg Ose 232 40 Edward Prevost 239 41 Ray [REDACTED] 244 42 Stephen A. Ridley 249 43 David Rook 255 44 Marina Segal 259 45 Khalil Sehnaoui 262 46 Jackie Singh 267 47 Dan Tentler 271 48 Eugene Teo 274 49 Dominique West 279 50 Jake Williams 283 51 Wirefall 288 Appendix: Recommended Reading 293 Acknowledgments Tribe of Hackers would not exist without the awesome cybersecurity community and contributors in it. I owe them tremendously for allowing me to share their perspectives on our industry. I’d like to give a special shout-out to my wife, Mandy, for allowing me to do whatever the heck I want as far as building a business and being crazy enough to do this stuff . To Erran, Kaley, Chris, Chaya, Justin, Annie, Davian, Kai, Theo: I love you all more than the whole world! I also want to thank Jennifer Jin for helping build the T ribe of Hackers book series and summit. She would like to thank her parents for supporting her and the online Tribe of Hackers community for their unwavering support of our mission. Thanks also goes to Jennifer Aldoretta for helping me build a company that is true to our values. Shout-out to every one of the people I’ve worked with over the past few years. Thanks to Dan Mandel, Jim Minatel, and the Wiley team for believing in the whole vision. —Marcus J. Carey Vii introduction Over the last few years, there has been a frequently repeated statistic claiming that there are more than three million cybersecurity jobs left unfi lled. I don’t really believe that’s true—I believe we have an even bigger problem. I’ll admit that we need more people who understand and can help reduce cyber risk. That number is probably signifi cant. But who is going to lead all the people who are coming into the fi eld? Who is going to lead the people currently in the fi eld? I’m an avid reader, and I like to apply what I learn in books to my life in cybersecurity. One of my favorite books on leadership is E xtreme Ownership by Jocko Willink and Leif Babin. In the book, they use the saying, “There are no bad teams, just bad leaders.” I have a talent for over-generalizing things. So I thought to myself, “What if the real problem is a cybersecurity leadership problem?” Even if all the cybersecurity experts we needed were put into place, most cybersecurity teams would suff er from this lack of leadership. This book is not about beating up on current security leaders. Cybersecurity leadership should start with CEOs, moving all the way down to the cybersecurity owner and their team. I use the term c ybersecurity owner because titles vary in every organization. The cybersecurity owners are responsible for day- to-day cybersecurity operations and cyber-risk mitigation. This can be one person or multiple teams. The cybersecurity owner and their team, processes, and technology make up the security model for each organization. Strong leadership makes the security model work to reduce cyber risk for the organization. Every security model is diff erent, so all security owners must make sure that they leverage the processes and technology they have in place to generate the best outcomes. This involves understanding the business, the most likely threats, how to mitigate those threats, and how to detect and respond Viii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.