Название: The Security Hippie Автор: Barak Engel Издательство: CRC Press Год: 2022 Страниц: 197 Язык: английский Формат: pdf (true) Размер: 10.2 MB
The Security Hippie is Barak Engel’s second book. As the originator of the “Virtual CISO” (fractional security chief) concept, he has served as security leader in dozens of notable organizations, such as Mulesoft, Stubhub, Amplitude Analytics, and many others. The Security Hippie follows his previous book, Why CISOs Fail, which became a sleeper hit, earning a spot in the Cybercannon project as a leading text on the topic of information security management.
In this new book, Barak looks at security purely through the lens of story-telling, sharing many and varied experiences from his long and accomplished career as organizational and thought leader, and visionary in the information security field. Instead of instructing, this book teaches by example, sharing many real situations in the field and actual events from real companies, as well as Barak’s related takes and thought processes.
An out-of-the-mainstream, counterculture thinker – Hippie – in the world of information security, Barak’s rich background and unusual approach to the field come forth in this book in vivid color and detail, allowing the reader to sit back and enjoy these experiences, and perhaps gain insights when faced with similar issues themselves or within their organizations. The author works hard to avoid technical terms as much as possible, and instead focus on the human and behavioral side of security, finding the humor inherent in every anecdote and using it to demystify the field and connect with the reader.
Chapter 4’s theme about baking security into software (or any ecosystem for that matter) is one that we’ve encountered over the years more times than I can count. Sometimes disasters-that-could-have-been serve almost as effectively as ones that played out. Oftentimes the person who can best provide security oversight or feedback is not part of the design discussions so that security is relegated to an “after-thought”. In modern times where businesses need to be extremely agile, and timing is everything, there’s no time for engineering in security when the business is scrambling to get a product to market. While Barak’s story about the company with the faulty crypto plan could be a recipe for a disaster for the company, sometimes luck prevails – though it doesn’t make it right. This just helps illustrate how important it is for the security practitioner to have a seat at the table as early as possible in the process.
Importantly, these are not the stories that made the news; yet they are the ones that happen all the time. If you’ve ever wondered about the field of information security, but have been intimidated by it, or simply wished for more shared experiences, then The Security Hippie is the perfect way to open that window by accompanying Barak on some of his many travels into the land of security.