Posted by: Ken Harthun
Book Review, cyber security, InfoSec, physical security, Security best practice, security training
If you’re a security wonk like me, you’ll definitely want to pick up a copy of Scrappy Information Security — The Easy Way to Keep the Cyber Wolves at Bay (ISBN 978-1-60005-132-6) by Michael Seese. Not just another dry tome produced in a boring, didactic style, this book is–as its name implies–written with an attitude and nowhere is the attitude more evident than in the first paragraph of the first chapter:
You have to learn to crawl before you can walk. It’s no different when learning about information security. But your first baby steps probably should not include thumbing through some of the tomes out there with upwards of 500 pages. . . Let us assume that you have a life, and don’t want to spend it flipping through such a text until you are well into your nineties.
The author’s approach to security focuses on the essentials and leaves out all of the unnecessary theory and discussion that don’t serve any purpose in the real world. He starts off by answering the standard reporter questions of who, what, when, where, and why, leading off with “Why do we need InfoSec?” I won’t spoil it for you and tell you the answer he gives, but I will tell you that it’s one of those answers that is so simple and so obvious that it escapes most people. From there, he breaks down security into three main divisions: Physical Security, Technical Security and Administrative Security, and his explanation of the components in those areas comprise the bulk of the book. Everything that matters from fences to firewalls, passwords to phishing and how to deal with social engineering is covered.
What impressed me most, besides the practicality of the information, was the way it’s presented. Each section starts off with a relevant, pithy quote, then proceeds into “Why it matters.” Next, is “The Technobabble” wherein the author details the technical elements of the subject. This is followed by a “What it means” explanation of the technology. Sometimes, the section will include a “Scrappy Tip” about how to apply the information or expanding upon some particularly relevant aspect. Bottom line: The book is technical enough for a Geek, but written in a way that almost anyone who’s at least somewhat computer-literate can understand.
I found chapter 5 – “Inform and Inspire–Training That Gets Results” particularly useful since I am often tasked with training people on various aspects of technology.
The author wraps it all up by saying, “Personally, I’m mad as hell and I’m not taking it any more! So if just one person reads this book, takes the lessons to heart, and [applies 13 principles] then my effort was worth it.”
Well, Mr. Seese, I assure you, it was.