What do you think?
Rate this book
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World (9781119643371) was previously published as Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World (9781793464187). While this version features a new cover design and introduction, the remaining content is the same as the prior release and should not be considered a new or updated product.
Looking for real-world advice from leading cybersecurity experts? You’ve found your tribe.
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street.
Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation Tribe of Hackers is a must-have resource for security professionals who are looking to advance their careers, gain a fresh perspective, and get serious about cybersecurity with thought-provoking insights from the world’s most noteworthy hackers and influential security specialists.290 pages, Kindle Edition
First published January 1, 2019
178 people are currently reading
1366 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 26 of 26 reviews
February 24, 2024
Another one for school...
Marcus Carey is the founder and former CEO of the cybersecurity company Threatcare and the co-creator of the Tribe of Hackers book series and 2019 summit. He has over 25 years of cybersecurity experience that includes penetration testing, incident response, and digital forensics. He started his career in the U.S. Navy and has a Master's degree in Network Security. Jennifer Jin is the co-creator of the Tribe of Hacker book series and 2019 summit and is Head of Communications at Threatcare.
Carey’s inspiration for the title and structure of the book is from the self-help book Tribe of Mentors, by Tim Ferriss. Instead of tapping over 130 people with success stories as Ferriss did, Carey narrowed his list to 70 “notable hackers,” friends and colleagues in the cybersecurity industry—authors, speakers, business leaders, software creators, and experts in the field. The interview subjects are a diverse group of men and women, with experience ranging from a few years to several decades. There’s a chapter for each person, and they are asked the same 14 questions, based on common questions Carey has been asked about cybersecurity. In his introduction to the book, Carey said they match the informal conversations he has at conferences which he and his colleagues refer to as “hallway-con.” This structure may sound trying, and it’s certainly not conducive to reading the book cover to cover. A print copy is recommended over an electronic one, since this is a book best consumed by flipping through to areas of interest. Pull quotes don’t work well in the electronic format either, as they are not very distinct from the rest of the text and look like duplicate sentences or paragraphs.
Business leaders who want insider advice will find the most relevant information by scanning the first three questions and answers in each chapter. These cover cybersecurity myths and recommendations for secure business practices. The answers aren’t identical, but many of the interview subjects agree on where money is better spent (i.e. on people rather than security products that promise more than they can deliver) and what are common misconceptions about security (i.e. being in compliance with security rules means you’re safe). Several of those interviewed emphasize the principle of least privilege.
Readers looking for career advice will find a lot of it in the answers to questions 4-8 and 14, which include opinions on whether or not degrees and certifications are necessary, descriptions of how the subjects got their start in the field, and what qualities all highly successful cybersecurity professionals share. Many answer that last question with the same words: curiosity, perseverance, and passion. The majority answer that degrees and certifications have limited usefulness besides “getting past HR.” There does appear to be a trend that the more recognized cybersecurity is as a job in itself and not a role wrapped into an IT position, the more HR departments will look for degrees and credentials. The career-oriented answers contain more jargon than any of the others. Advice like Emily Crose’s “Don’t be the candidate who can’t expand on the seven layers of OSI,” won’t be terribly meaningful to the general reader. Much of the career advice emphasizes sharing knowledge, participating in the community, and giving back. Keirsten Brager’s statement sums up this common sentiment, “Be nice, share knowledge, and send the ladder back down when you succeed.”
People with a more general interest will get the most out of the first myth-debunking question, along with questions 9-13, which cover favorite books/movies about hackers and cybersecurity, life hacks, and advice about social media and the Internet of Things. The most common advice: use multifactor authentication, use password managers, and be careful what you post and connect to your network. By far, the most recommended book was The Cuckoo’s Egg, by Clifford Stoll. WarGames, Sneakers, Catch Me if You Can, and of course, Hackers were favorite movies. Mr. Robot was a big favorite too with this group, and David Kennedy, one of the show’s consultants, is interviewed in the book.
Marcus Carey is the founder and former CEO of the cybersecurity company Threatcare and the co-creator of the Tribe of Hackers book series and 2019 summit. He has over 25 years of cybersecurity experience that includes penetration testing, incident response, and digital forensics. He started his career in the U.S. Navy and has a Master's degree in Network Security. Jennifer Jin is the co-creator of the Tribe of Hacker book series and 2019 summit and is Head of Communications at Threatcare.
Carey’s inspiration for the title and structure of the book is from the self-help book Tribe of Mentors, by Tim Ferriss. Instead of tapping over 130 people with success stories as Ferriss did, Carey narrowed his list to 70 “notable hackers,” friends and colleagues in the cybersecurity industry—authors, speakers, business leaders, software creators, and experts in the field. The interview subjects are a diverse group of men and women, with experience ranging from a few years to several decades. There’s a chapter for each person, and they are asked the same 14 questions, based on common questions Carey has been asked about cybersecurity. In his introduction to the book, Carey said they match the informal conversations he has at conferences which he and his colleagues refer to as “hallway-con.” This structure may sound trying, and it’s certainly not conducive to reading the book cover to cover. A print copy is recommended over an electronic one, since this is a book best consumed by flipping through to areas of interest. Pull quotes don’t work well in the electronic format either, as they are not very distinct from the rest of the text and look like duplicate sentences or paragraphs.
Business leaders who want insider advice will find the most relevant information by scanning the first three questions and answers in each chapter. These cover cybersecurity myths and recommendations for secure business practices. The answers aren’t identical, but many of the interview subjects agree on where money is better spent (i.e. on people rather than security products that promise more than they can deliver) and what are common misconceptions about security (i.e. being in compliance with security rules means you’re safe). Several of those interviewed emphasize the principle of least privilege.
Readers looking for career advice will find a lot of it in the answers to questions 4-8 and 14, which include opinions on whether or not degrees and certifications are necessary, descriptions of how the subjects got their start in the field, and what qualities all highly successful cybersecurity professionals share. Many answer that last question with the same words: curiosity, perseverance, and passion. The majority answer that degrees and certifications have limited usefulness besides “getting past HR.” There does appear to be a trend that the more recognized cybersecurity is as a job in itself and not a role wrapped into an IT position, the more HR departments will look for degrees and credentials. The career-oriented answers contain more jargon than any of the others. Advice like Emily Crose’s “Don’t be the candidate who can’t expand on the seven layers of OSI,” won’t be terribly meaningful to the general reader. Much of the career advice emphasizes sharing knowledge, participating in the community, and giving back. Keirsten Brager’s statement sums up this common sentiment, “Be nice, share knowledge, and send the ladder back down when you succeed.”
People with a more general interest will get the most out of the first myth-debunking question, along with questions 9-13, which cover favorite books/movies about hackers and cybersecurity, life hacks, and advice about social media and the Internet of Things. The most common advice: use multifactor authentication, use password managers, and be careful what you post and connect to your network. By far, the most recommended book was The Cuckoo’s Egg, by Clifford Stoll. WarGames, Sneakers, Catch Me if You Can, and of course, Hackers were favorite movies. Mr. Robot was a big favorite too with this group, and David Kennedy, one of the show’s consultants, is interviewed in the book.
January 11, 2021
This book started out as a disappointment. I had not realized the format when I had ordered it and was surprised to see it was just the same questions asked of seventy people recognized in the field.
Within a few interviews, though, my attitude changed, as did the approach that I took with the book.
I decided to read three interviews when I took a break. I equated it to choosing to sit and have a coffee with peers. By using that approach, I was able to value the individals responses, and even consider what further questions that I might pose of them.
I have, as a result, started to follow a few bloggers, confirmed some of the approaches taken. I also have found some good short tips to add to my list for non-techs to help in securing our world. It was refreshing to read the viewpoints of real people.
I recommend this book for someone wishing to start in the field, or shift their focus.
Within a few interviews, though, my attitude changed, as did the approach that I took with the book.
I decided to read three interviews when I took a break. I equated it to choosing to sit and have a coffee with peers. By using that approach, I was able to value the individals responses, and even consider what further questions that I might pose of them.
I have, as a result, started to follow a few bloggers, confirmed some of the approaches taken. I also have found some good short tips to add to my list for non-techs to help in securing our world. It was refreshing to read the viewpoints of real people.
I recommend this book for someone wishing to start in the field, or shift their focus.
December 21, 2023
It was useful and engaging, but no outstanding advice that I found novel for me.
September 3, 2023
An insider's view into the world of cybersecurity.
Have you ever wondered about the intricacies of the cybersecurity world? Pondered what it takes to become a successful professional in this ever-evolving field, or how to keep your personal digital environment secure? These questions, and many more, often linger in the minds of many of us, as we navigate this digital age. After all, the world of cybersecurity offers endless lessons to learn and explore.
In this book, you will be guided through a rich tapestry of insights and experiences straight from the veterans of cybersecurity. Through the lenses of accomplished professionals, you'll get a comprehensive overview of the field, debunking common myths and understanding the integral role of personal and professional skills in achieving success in cybersecurity.
This journey promises to not only enlighten you about the diverse pathways to success in cybersecurity but also empower you to make informed decisions about your personal digital safety. As you delve into these narratives, you'll better understand the role of constant learning, practical experience, and a balanced perception about cybersecurity threats. Most importantly, you'll grasp the profound role of interpersonal skills in propelling your cybersecurity career, and you'll learn how to navigate the landscape of cybersecurity with a sense of confidence and clarity. So, get ready for an enlightening journey through the world of cybersecurity.
-
There are lots of paths to becoming a cybersecurity pro
Let’s kick things off with some insights from Lesley Carhart, an information security whizz who's been in the IT industry for nearly two decade. She currently serves as a principal threat hunter at Dragos, Inc., and has a lot to share about cybersecurity.
Now, if there's one misconception she wishes to debunk, it's that security professionals should not only focus on the nitty-gritty of their niche but also comprehend the businesses they serve. You see, these organizations often aren't security-focused themselves. So, the quicker security pros grasp this, the sooner they can help senior leadership strike a pragmatic balance between operations and security.
Another pearl of wisdom that Lesley imparts is that you don’t need a college degree or certification to be a cybersecurity hotshot. While a degree can help get your foot in the door or boost your chances of snagging a promotion, it's not the be-all and end-all. The journey to becoming a cybersecurity pro is flexible with many paths to success. However, Lesley gives a heads-up: don't just rely on degree programs to equip you with all the skills you'll need in this field. She encourages self-study and active involvement in the community as key components for success.
When it comes to climbing that corporate ladder or starting your own cybersecurity company, she emphasizes networking. Get out there, interact, and get involved! Brushing up on your social skills might even give you an edge. Lesley's seen smart folks miss out on opportunities because of poor interview or résumé skills. And remember, the cybersecurity world values creative problem-solving and an insatiable curiosity about how things work.
Finally, for anyone wondering how to keep their home network safe in this digital age, Lesley has some tips. Consider the necessity of your Internet of Things devices and try to separate them from your main computer network. For instance, keep your smart devices and tax-preparing computers on separate networks, and ensure they're protected by a firewall.
-
Interpersonal skills are just as important as academic qualifications
Next, we're learning from Ming Chow, a senior lecturer at Tufts University who's made a big splash in the world of cybersecurity and computer science education. Let's see what Ming has to share from his wealth of experience.
Ming believes there is no direct correlation between increased cybersecurity spending and breaches persisting. Here’s why: First, many assume more spending itself will fix the problem. Second, management may not grasp what exactly they're protecting against or the real threats. Third, cybersecurity products can be complex and vulnerable themselves. And fourth, many breaches result from basic issues like weak passwords that money can't prevent.
Luckily, Ming also suggests an effective way for organizations to up their cybersecurity game: emphasize it right from the onboarding process. He encourages constant drills and exercises, such as phishing simulations. This approach, he believes, helps to instill a serious regard for cybersecurity across the organization and spreads awareness, much like learning from a burnt finger not to touch a hot stove!
If you're wondering how to get started in the cybersecurity field, Ming advises that it's a vast, interdisciplinary field that offers room for both technical and non-technical skill sets. It's accessible to almost anyone and doesn’t require fancy equipment or a college degree. But it demands hard work to stay up-to-date, intellectual curiosity to understand how things work, and hands-on experience. Ming often suggests beginners start by setting up a vulnerable web server at home, a practical exercise that offers real, hands-on experience.
Lastly, when it comes to climbing the corporate ladder or starting a company in cybersecurity, Ming believes that personality and emotional intelligence play a crucial role. Your academic or technical skills may land you a job, but it's your interpersonal skills that will help you secure promotions and drive your success in the long run.
In short, Ming underscores the importance of continuous learning, practical experience, and strong interpersonal skills in making it big in cybersecurity.
-
The best approach to cybersecurity is to keep it simple
Next up: Bruce Potter, the CISO, or chief information security officer, at Expel and founder of the Shmoo Group. He’s been in the cybersecurity field for over two decades, and brings a wealth of experience to the table.
Much like Ming, Bruce stresses that mastering the basics is key for an organization to improve its cybersecurity posture. Instead of getting lost in the newest technological advancements, organizations could significantly strengthen their security by focusing on simple measures such as patching software vulnerabilities, limiting the use of USBs, and implementing two-factor authentication.
When it comes to the shared qualities of successful cybersecurity professionals, Bruce has an interesting perspective. He highlights the ability to make tough decisions, to say "let's do this," and follow through with what's right, even when it's not the easiest path. This ties in nicely with Ming's idea of the importance of personality and emotional intelligence in this field.
On the topic of cybersecurity advice for the general public, Bruce's focus is a little different. While he acknowledges that the vast majority of individuals are not prime targets for cyberattacks, he urges caution around trusting the companies providing Internet of Things devices and their associated cloud services. If a service is free, he suggests, it may not be entirely trustworthy. And in a somewhat surprising twist, he champions the use of Apple products for their robust security features.
In line with Ming’s emphasis on continuous learning, Bruce dismisses the concept of a "life hack," pointing out that it's really just another term for learning. His belief is that one should simply pursue learning without worrying about whether it qualifies as a "hack."
When it comes to mistakes, Bruce doesn't single out any massive blunders. Instead, he cautions about the danger of not recognizing and addressing numerous small mistakes, which can collectively cause significant damage – a reminder that continuous self-reflection and honesty are crucial in any professional journey.
In a nutshell, Bruce reiterates the significance of mastering the basics, making tough decisions, staying vigilant about the trustworthiness of tech companies, and embracing the joy of learning. Keep these nuggets of wisdom in mind as you navigate the fascinating world of cybersecurity.
-
Cybersecurity adversaries don’t have the upper hand – defenders do
Let’s now see what Robert M. Lee has to say about cybersecurity. Robert is a notable name in the realm of industrial cybersecurity and the CEO of Dragos, Inc.
We'll begin with an insightful piece of advice from Robert. Contrary to popular belief, he doesn't agree with the idea that in the realm of cybersecurity, adversaries always have the upper hand. Contrary to this, he argues that with the right defense strategies, defenders can gain the advantage. This complements Bruce's suggestion of prioritizing fundamental security practices to maintain a robust defense.
Robert also highlights the importance of having knowledgeable analysts in an organization. These experts not only help choose the right technologies but also prevent the unnecessary expenditure on vendor products that may not be needed, thus offering a great return on investment.
Contradicting the widespread belief that increasing cybersecurity breaches correspond to increased spending on security, Robert sees no direct correlation. He explains that while breaches seem to be on the rise, it may merely be a perception issue due to increased awareness and detection of old issues.
Echoing Lesley’s emphasis on learning, Robert reassures us that a formal college degree or certification isn't always necessary in cybersecurity. Much of his knowledge is self-taught, and he encourages newcomers to leverage the plethora of free resources available for self-education and to embrace continuous learning.
Robert's cybersecurity specialty lies in industrial control systems and threat intelligence, areas where hands-on experience is highly valuable. His advice for others interested in these areas is to seek employment in places like utilities or industrial companies, where real-world experience can be gained.
For career progression, Robert reiterates the importance of stepping outside the traditional paths and engaging with the broader community. Much like Ming's focus on communication skills, Robert suggests public speaking, writing papers, and offering training as ways to stand out and hone skills.
On the topic of practical cybersecurity advice for home users, Robert reassures people not to overthink or fear. He underscores the use of legitimate software licenses and two-factor authentication, reminding us of Bruce's emphasis on getting the basics right.
Finally, his guiding point, or "life hack," emphasizes that although threats are more significant than many realize, they're often not as bad as imagined. This sensible mindset serves to center individuals and organizations, helping them navigate the vast landscape of cybersecurity.
In essence, Robert's insights echo and expand upon the themes of understanding the basics, focusing on self-education, and maintaining a balanced perspective about cybersecurity threats.
-
Humans don’t undermine cybersecurity – poor training does
Jayson E. Street, a seasoned voice in cybersecurity and an advocate for hands-on involvement in the field, offers a wealth of insights that bring a fresh perspective to how we approach cybersecurity. His point of view is particularly interesting, starting with a compelling myth-busting statement: humans are not the liability in cybersecurity, rather, it's our failure to properly train them.
He speaks to the perception that humans are the "weakest link" due to errors such as clicking on unsafe links or using weak passwords. Jayson flips this idea on its head, asserting that if we properly instill a security-minded culture in our users, they can instead become a powerful line of defense. This shifts the focus from blaming the user to empowering them to protect the technology they're using.
Jayson also delves into the seemingly paradoxical situation of rising cybersecurity spending amidst continual breaches. He likens it to the eternal struggle between safes and safe-crackers – no matter how advanced the security, risk is never entirely eliminated. Rather, it's a matter of mitigating risk to an acceptable level and constantly evolving our security practices to stay one step ahead of potential threats. His insights remind us that there's no finish line in cybersecurity – it's a continual race against ever-evolving risks.
In terms of career success in cybersecurity, Jayson stresses the importance of consistent good work, driven by passion. Regardless of your current role, excel in it while signaling your desire to grow and improve. He also identifies curiosity as a shared quality among successful cybersecurity professionals. This inherent desire to solve problems and find solutions, especially when they’re complex and challenging, is what makes someone stand out in the field.
For everyday people navigating the age of social media and the Internet of Things, Jayson offers practical advice – remember that online privacy is not guaranteed, and to keep your systems patched. This, he says, will do more to protect you than any antivirus software.
Jayson's “life hack” is a beautiful reminder of human decency – be genuinely kind and respectful to others, not for personal gain, but simply because it might make their day better. This approach can foster unexpected positive outcomes in life. So, let's not forget the human element which, as Jayson stresses, is at the heart of a secure and compassionate digital world.
-
Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street have a lot of insights to offer about cybersecurity. They debunk common misconceptions, such as the necessity for a degree or certification, emphasizing self-study, hands-on experience, and understanding the basics of cybersecurity as key factors to success. The experts underscore the need for cybersecurity professionals to comprehend the businesses they serve, advocating for a balance between operations and security. They also highlight the importance of interpersonal skills and continuous learning. Practical advice for the general public includes prioritizing fundamental security practices like patching software vulnerabilities, two-factor authentication, and being cautious about the trustworthiness of tech companies.
Have you ever wondered about the intricacies of the cybersecurity world? Pondered what it takes to become a successful professional in this ever-evolving field, or how to keep your personal digital environment secure? These questions, and many more, often linger in the minds of many of us, as we navigate this digital age. After all, the world of cybersecurity offers endless lessons to learn and explore.
In this book, you will be guided through a rich tapestry of insights and experiences straight from the veterans of cybersecurity. Through the lenses of accomplished professionals, you'll get a comprehensive overview of the field, debunking common myths and understanding the integral role of personal and professional skills in achieving success in cybersecurity.
This journey promises to not only enlighten you about the diverse pathways to success in cybersecurity but also empower you to make informed decisions about your personal digital safety. As you delve into these narratives, you'll better understand the role of constant learning, practical experience, and a balanced perception about cybersecurity threats. Most importantly, you'll grasp the profound role of interpersonal skills in propelling your cybersecurity career, and you'll learn how to navigate the landscape of cybersecurity with a sense of confidence and clarity. So, get ready for an enlightening journey through the world of cybersecurity.
-
There are lots of paths to becoming a cybersecurity pro
Let’s kick things off with some insights from Lesley Carhart, an information security whizz who's been in the IT industry for nearly two decade. She currently serves as a principal threat hunter at Dragos, Inc., and has a lot to share about cybersecurity.
Now, if there's one misconception she wishes to debunk, it's that security professionals should not only focus on the nitty-gritty of their niche but also comprehend the businesses they serve. You see, these organizations often aren't security-focused themselves. So, the quicker security pros grasp this, the sooner they can help senior leadership strike a pragmatic balance between operations and security.
Another pearl of wisdom that Lesley imparts is that you don’t need a college degree or certification to be a cybersecurity hotshot. While a degree can help get your foot in the door or boost your chances of snagging a promotion, it's not the be-all and end-all. The journey to becoming a cybersecurity pro is flexible with many paths to success. However, Lesley gives a heads-up: don't just rely on degree programs to equip you with all the skills you'll need in this field. She encourages self-study and active involvement in the community as key components for success.
When it comes to climbing that corporate ladder or starting your own cybersecurity company, she emphasizes networking. Get out there, interact, and get involved! Brushing up on your social skills might even give you an edge. Lesley's seen smart folks miss out on opportunities because of poor interview or résumé skills. And remember, the cybersecurity world values creative problem-solving and an insatiable curiosity about how things work.
Finally, for anyone wondering how to keep their home network safe in this digital age, Lesley has some tips. Consider the necessity of your Internet of Things devices and try to separate them from your main computer network. For instance, keep your smart devices and tax-preparing computers on separate networks, and ensure they're protected by a firewall.
-
Interpersonal skills are just as important as academic qualifications
Next, we're learning from Ming Chow, a senior lecturer at Tufts University who's made a big splash in the world of cybersecurity and computer science education. Let's see what Ming has to share from his wealth of experience.
Ming believes there is no direct correlation between increased cybersecurity spending and breaches persisting. Here’s why: First, many assume more spending itself will fix the problem. Second, management may not grasp what exactly they're protecting against or the real threats. Third, cybersecurity products can be complex and vulnerable themselves. And fourth, many breaches result from basic issues like weak passwords that money can't prevent.
Luckily, Ming also suggests an effective way for organizations to up their cybersecurity game: emphasize it right from the onboarding process. He encourages constant drills and exercises, such as phishing simulations. This approach, he believes, helps to instill a serious regard for cybersecurity across the organization and spreads awareness, much like learning from a burnt finger not to touch a hot stove!
If you're wondering how to get started in the cybersecurity field, Ming advises that it's a vast, interdisciplinary field that offers room for both technical and non-technical skill sets. It's accessible to almost anyone and doesn’t require fancy equipment or a college degree. But it demands hard work to stay up-to-date, intellectual curiosity to understand how things work, and hands-on experience. Ming often suggests beginners start by setting up a vulnerable web server at home, a practical exercise that offers real, hands-on experience.
Lastly, when it comes to climbing the corporate ladder or starting a company in cybersecurity, Ming believes that personality and emotional intelligence play a crucial role. Your academic or technical skills may land you a job, but it's your interpersonal skills that will help you secure promotions and drive your success in the long run.
In short, Ming underscores the importance of continuous learning, practical experience, and strong interpersonal skills in making it big in cybersecurity.
-
The best approach to cybersecurity is to keep it simple
Next up: Bruce Potter, the CISO, or chief information security officer, at Expel and founder of the Shmoo Group. He’s been in the cybersecurity field for over two decades, and brings a wealth of experience to the table.
Much like Ming, Bruce stresses that mastering the basics is key for an organization to improve its cybersecurity posture. Instead of getting lost in the newest technological advancements, organizations could significantly strengthen their security by focusing on simple measures such as patching software vulnerabilities, limiting the use of USBs, and implementing two-factor authentication.
When it comes to the shared qualities of successful cybersecurity professionals, Bruce has an interesting perspective. He highlights the ability to make tough decisions, to say "let's do this," and follow through with what's right, even when it's not the easiest path. This ties in nicely with Ming's idea of the importance of personality and emotional intelligence in this field.
On the topic of cybersecurity advice for the general public, Bruce's focus is a little different. While he acknowledges that the vast majority of individuals are not prime targets for cyberattacks, he urges caution around trusting the companies providing Internet of Things devices and their associated cloud services. If a service is free, he suggests, it may not be entirely trustworthy. And in a somewhat surprising twist, he champions the use of Apple products for their robust security features.
In line with Ming’s emphasis on continuous learning, Bruce dismisses the concept of a "life hack," pointing out that it's really just another term for learning. His belief is that one should simply pursue learning without worrying about whether it qualifies as a "hack."
When it comes to mistakes, Bruce doesn't single out any massive blunders. Instead, he cautions about the danger of not recognizing and addressing numerous small mistakes, which can collectively cause significant damage – a reminder that continuous self-reflection and honesty are crucial in any professional journey.
In a nutshell, Bruce reiterates the significance of mastering the basics, making tough decisions, staying vigilant about the trustworthiness of tech companies, and embracing the joy of learning. Keep these nuggets of wisdom in mind as you navigate the fascinating world of cybersecurity.
-
Cybersecurity adversaries don’t have the upper hand – defenders do
Let’s now see what Robert M. Lee has to say about cybersecurity. Robert is a notable name in the realm of industrial cybersecurity and the CEO of Dragos, Inc.
We'll begin with an insightful piece of advice from Robert. Contrary to popular belief, he doesn't agree with the idea that in the realm of cybersecurity, adversaries always have the upper hand. Contrary to this, he argues that with the right defense strategies, defenders can gain the advantage. This complements Bruce's suggestion of prioritizing fundamental security practices to maintain a robust defense.
Robert also highlights the importance of having knowledgeable analysts in an organization. These experts not only help choose the right technologies but also prevent the unnecessary expenditure on vendor products that may not be needed, thus offering a great return on investment.
Contradicting the widespread belief that increasing cybersecurity breaches correspond to increased spending on security, Robert sees no direct correlation. He explains that while breaches seem to be on the rise, it may merely be a perception issue due to increased awareness and detection of old issues.
Echoing Lesley’s emphasis on learning, Robert reassures us that a formal college degree or certification isn't always necessary in cybersecurity. Much of his knowledge is self-taught, and he encourages newcomers to leverage the plethora of free resources available for self-education and to embrace continuous learning.
Robert's cybersecurity specialty lies in industrial control systems and threat intelligence, areas where hands-on experience is highly valuable. His advice for others interested in these areas is to seek employment in places like utilities or industrial companies, where real-world experience can be gained.
For career progression, Robert reiterates the importance of stepping outside the traditional paths and engaging with the broader community. Much like Ming's focus on communication skills, Robert suggests public speaking, writing papers, and offering training as ways to stand out and hone skills.
On the topic of practical cybersecurity advice for home users, Robert reassures people not to overthink or fear. He underscores the use of legitimate software licenses and two-factor authentication, reminding us of Bruce's emphasis on getting the basics right.
Finally, his guiding point, or "life hack," emphasizes that although threats are more significant than many realize, they're often not as bad as imagined. This sensible mindset serves to center individuals and organizations, helping them navigate the vast landscape of cybersecurity.
In essence, Robert's insights echo and expand upon the themes of understanding the basics, focusing on self-education, and maintaining a balanced perspective about cybersecurity threats.
-
Humans don’t undermine cybersecurity – poor training does
Jayson E. Street, a seasoned voice in cybersecurity and an advocate for hands-on involvement in the field, offers a wealth of insights that bring a fresh perspective to how we approach cybersecurity. His point of view is particularly interesting, starting with a compelling myth-busting statement: humans are not the liability in cybersecurity, rather, it's our failure to properly train them.
He speaks to the perception that humans are the "weakest link" due to errors such as clicking on unsafe links or using weak passwords. Jayson flips this idea on its head, asserting that if we properly instill a security-minded culture in our users, they can instead become a powerful line of defense. This shifts the focus from blaming the user to empowering them to protect the technology they're using.
Jayson also delves into the seemingly paradoxical situation of rising cybersecurity spending amidst continual breaches. He likens it to the eternal struggle between safes and safe-crackers – no matter how advanced the security, risk is never entirely eliminated. Rather, it's a matter of mitigating risk to an acceptable level and constantly evolving our security practices to stay one step ahead of potential threats. His insights remind us that there's no finish line in cybersecurity – it's a continual race against ever-evolving risks.
In terms of career success in cybersecurity, Jayson stresses the importance of consistent good work, driven by passion. Regardless of your current role, excel in it while signaling your desire to grow and improve. He also identifies curiosity as a shared quality among successful cybersecurity professionals. This inherent desire to solve problems and find solutions, especially when they’re complex and challenging, is what makes someone stand out in the field.
For everyday people navigating the age of social media and the Internet of Things, Jayson offers practical advice – remember that online privacy is not guaranteed, and to keep your systems patched. This, he says, will do more to protect you than any antivirus software.
Jayson's “life hack” is a beautiful reminder of human decency – be genuinely kind and respectful to others, not for personal gain, but simply because it might make their day better. This approach can foster unexpected positive outcomes in life. So, let's not forget the human element which, as Jayson stresses, is at the heart of a secure and compassionate digital world.
-
Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street have a lot of insights to offer about cybersecurity. They debunk common misconceptions, such as the necessity for a degree or certification, emphasizing self-study, hands-on experience, and understanding the basics of cybersecurity as key factors to success. The experts underscore the need for cybersecurity professionals to comprehend the businesses they serve, advocating for a balance between operations and security. They also highlight the importance of interpersonal skills and continuous learning. Practical advice for the general public includes prioritizing fundamental security practices like patching software vulnerabilities, two-factor authentication, and being cautious about the trustworthiness of tech companies.
April 12, 2022
This wasn't as helpful as I expected, given how often I've heard this book mentioned within infosec. It's a collection of written interviews with 70 infosec pros. By reading the interviews, you can learn about infosec principles, culture, the variety of paths into the field, resources, conferences, and sources of motivation. There are many movie and book recommendations.
Questions answered by interviewees
• If there is one myth that you could debunk in cybersecurity, what would it be?
• What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?
• How is it that cybersecurity spending is increasing but breaches are still happening?
• Do you need a college degree or certification to be a cybersecurity professional?
• How did you get started in the cybersecurity field, and what advice would you give to a beginner pursuing a career in cybersecurity?
• What is your specialty in cybersecurity, and how can others gain expertise in your specialty?
• What is your advice for career success when it comes to getting hired, climbing the corporate ladder, or starting a company in cybersecurity?
• What qualities do you believe all highly successful cybersecurity professionals share?
• What is the best book or movie that can be used to illustrate cybersecurity challenges?
• What is your favorite hacker movie?
• What are your favorite books for motivation, personal development, or enjoyment?
• What is some practical cybersecurity advice you give to people at home in the age of social media and the Internet of Things?
• What is a life hack that you'd like to share?
• What is the biggest mistake you've ever made, and how did you recover from it?
Questions answered by interviewees
• If there is one myth that you could debunk in cybersecurity, what would it be?
• What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?
• How is it that cybersecurity spending is increasing but breaches are still happening?
• Do you need a college degree or certification to be a cybersecurity professional?
• How did you get started in the cybersecurity field, and what advice would you give to a beginner pursuing a career in cybersecurity?
• What is your specialty in cybersecurity, and how can others gain expertise in your specialty?
• What is your advice for career success when it comes to getting hired, climbing the corporate ladder, or starting a company in cybersecurity?
• What qualities do you believe all highly successful cybersecurity professionals share?
• What is the best book or movie that can be used to illustrate cybersecurity challenges?
• What is your favorite hacker movie?
• What are your favorite books for motivation, personal development, or enjoyment?
• What is some practical cybersecurity advice you give to people at home in the age of social media and the Internet of Things?
• What is a life hack that you'd like to share?
• What is the biggest mistake you've ever made, and how did you recover from it?
September 5, 2023
I got a little headache from how smart this book was—a perfect first read for anyone curious about an insider's view into the world of cybersecurity. Delves into debunking common myths and understanding the integral role of personal and professional skills in achieving success in cybersecurity.
Expert takeaways:
- Ming Chow, a senior lecturer at Tufts University (who's made a big splash in the world of cybersecurity and computer science education), believes there is no direct correlation between increased cybersecurity spending and breaches persisting
- Bruce Potter, the CISO, or chief information security officer, at Expel and founder of the Shmoo Group believes instead of getting lost in the newest technological advancements, organizations could significantly strengthen their security by focusing on simple measures such as patching software vulnerabilities, limiting the use of USBs, and implementing two-factor authentication.
- One should simply pursue learning without worrying about whether it qualifies as a "hack"
- Jayson E. Street notes that humans are not the liability in cybersecurity, rather, it's our failure to properly train them (look it's a fair point)
Career takeaways:
- Security professionals should not only focus on the nitty-gritty of their niche but also comprehend the businesses they serve
- Your academic or technical skills may land you a job, but it's your interpersonal skills that will help you secure promotions and drive your success in the long run
- You don’t need a college degree or certification to be a cybersecurity hotshot
- Don't just rely on degree programs to equip you with all the skills you'll need in this field
Expert takeaways:
- Ming Chow, a senior lecturer at Tufts University (who's made a big splash in the world of cybersecurity and computer science education), believes there is no direct correlation between increased cybersecurity spending and breaches persisting
- Bruce Potter, the CISO, or chief information security officer, at Expel and founder of the Shmoo Group believes instead of getting lost in the newest technological advancements, organizations could significantly strengthen their security by focusing on simple measures such as patching software vulnerabilities, limiting the use of USBs, and implementing two-factor authentication.
- One should simply pursue learning without worrying about whether it qualifies as a "hack"
- Jayson E. Street notes that humans are not the liability in cybersecurity, rather, it's our failure to properly train them (look it's a fair point)
Career takeaways:
- Security professionals should not only focus on the nitty-gritty of their niche but also comprehend the businesses they serve
- Your academic or technical skills may land you a job, but it's your interpersonal skills that will help you secure promotions and drive your success in the long run
- You don’t need a college degree or certification to be a cybersecurity hotshot
- Don't just rely on degree programs to equip you with all the skills you'll need in this field
Currently reading
June 26, 2022چهارده سوال کلی در مجموع از ۷۰ هکر در طول مصاحبه هاشون پرسیده میشه:
1. اگر یک افسانه وجود داشته باشد که بتوانید آن را در امنیت سایبری رد کنید، آن افسانه چیست؟
2. یکی از بزرگترین اقداماتی که یک سازمان می تواند برای بهبود وضعیت امنیت سایبری خود انجام دهد چیست؟
3. چگونه است که هزینه های امنیت سایبری در حال افزایش است اما رخدادهای امنیتی همچنان در حال وقوع است؟
4. آیا برای حرفه ای شدن در امنیت سایبری به مدرک دانشگاهی یا مدرک معتبر بین المللی نیاز دارید؟
5. چگونه امنیت را شروع کردید و چه توصیه ای به مبتدیانی که به دنبال شغلی در امنیت سایبری هستند میدهید؟
6. تخصص شما در امنیت سایبری چیست؟ چگونه دیگران میتوانند در حرفهی شما تخصص کسب کنند؟
7. توصیه شما برای موفقیت شغلی در مورد استخدام، طی کردن پله های ترقی در یک شرکت امنیتی یا حتی راه اندازی یک شرکت در حوزه امنیت سایبری چیست؟
8. فکر می کنید متخصصان امنیت سایبری بسیار موفق چه ویژگی هایی دارند؟
9. بهترین کتاب یا فیلمی که میتوان از آن برای نشان دادن چالشهای امنیت سایبری استفاده کرد چیست؟
10. فیلم هکر موردعلاقه شما چیست؟
11. کتابهای موردعلاقه شما برای انگیزه، پیشرفت شخصی یا لذت بردن چیست؟
12. توصیههای عملی امنیت سایبری که در عصر رسانههای اجتماعی و اینترنت اشیا به مردم می کنید چیست؟
13. اگر بخواهید زندگی را هک کنید، هک زندگی چیست که میخواهید آن را به اشتراک بگذارید؟
14. بزرگترین اشتباهی که تا به حال مرتکب شده اید چیست و چگونه از آن خلاص شدید؟
1. اگر یک افسانه وجود داشته باشد که بتوانید آن را در امنیت سایبری رد کنید، آن افسانه چیست؟
2. یکی از بزرگترین اقداماتی که یک سازمان می تواند برای بهبود وضعیت امنیت سایبری خود انجام دهد چیست؟
3. چگونه است که هزینه های امنیت سایبری در حال افزایش است اما رخدادهای امنیتی همچنان در حال وقوع است؟
4. آیا برای حرفه ای شدن در امنیت سایبری به مدرک دانشگاهی یا مدرک معتبر بین المللی نیاز دارید؟
5. چگونه امنیت را شروع کردید و چه توصیه ای به مبتدیانی که به دنبال شغلی در امنیت سایبری هستند میدهید؟
6. تخصص شما در امنیت سایبری چیست؟ چگونه دیگران میتوانند در حرفهی شما تخصص کسب کنند؟
7. توصیه شما برای موفقیت شغلی در مورد استخدام، طی کردن پله های ترقی در یک شرکت امنیتی یا حتی راه اندازی یک شرکت در حوزه امنیت سایبری چیست؟
8. فکر می کنید متخصصان امنیت سایبری بسیار موفق چه ویژگی هایی دارند؟
9. بهترین کتاب یا فیلمی که میتوان از آن برای نشان دادن چالشهای امنیت سایبری استفاده کرد چیست؟
10. فیلم هکر موردعلاقه شما چیست؟
11. کتابهای موردعلاقه شما برای انگیزه، پیشرفت شخصی یا لذت بردن چیست؟
12. توصیههای عملی امنیت سایبری که در عصر رسانههای اجتماعی و اینترنت اشیا به مردم می کنید چیست؟
13. اگر بخواهید زندگی را هک کنید، هک زندگی چیست که میخواهید آن را به اشتراک بگذارید؟
14. بزرگترین اشتباهی که تا به حال مرتکب شده اید چیست و چگونه از آن خلاص شدید؟
May 24, 2021
This is a fantastic book and an absolute must read for anybody interested in Cyber Security at a professional level (and as a hobby in some sense). It is NOT a how-to or tutorial, but rather a collection of interviews with people employed in high-level cyber security jobs across a broad variety of disciplines. It gives you a (purposefully) brief insight into each individual, with some background, and how they got into the industry, what they feel is most important in pursuing such a career, and even some light-hearted insight into what they took away from their favorite pop-media or cult hacker books/movies etc... Highly recommended for anybody interested in anything cyber security related! It is as much of an inspiration piece/collection as it is a reference guide for non-specific thoughts, picking the brains of the foremost cyber security experts.
February 13, 2023
It took me four years to read, so I wouldn’t exactly consider it a page turner and it got a little repetitive, but I guess the repeat advice helped reinforce the more important paths forward for security and how to approach it.
Spoilers! It’s all about human error and improving training for everyone, you have to be curious and a lifelong learner to succeed, don’t use IoT devices, use MFA for everything, and they are all obsessed with Mr. Robot and Hackers.
Interesting perspectives though. Definitely a way to learn a ton of approaches vs. one author.
Spoilers! It’s all about human error and improving training for everyone, you have to be curious and a lifelong learner to succeed, don’t use IoT devices, use MFA for everything, and they are all obsessed with Mr. Robot and Hackers.
Interesting perspectives though. Definitely a way to learn a ton of approaches vs. one author.
This entire review has been hidden because of spoilers.
February 11, 2021
It probably doesn't help that I don't have a huge interest in cyber security and wouldn't have picked this book up of my own accord, but I didn't get a whole lot out of it. It's not so much a book as a compilation of interviews with known individuals in the field, and most of it came across as very dry and sometimes borderline self-obsessed to me. I found myself skipping most of it and just reading the same two or three questions for each person featured.
June 16, 2020
Loved it. I always wondered about the origins of infosec people and this is a comprehensively detailed roster of some big names in the industry and their perspectives. Interview format with the same 12 questions asked of all the contributors, which makes it very easy to read in bite-sized chunks. Medium-length, finished in two days.
July 26, 2020
A very easy read. Great advice/articles on different infosec career paths. Lots of useful information. Some of the responses are a bit redundant (which means that these repetitive answers are very imporant). A great book!
January 16, 2023
Es un recopilatorio muy constructivo e inspirador, tienes consejos muy buenos de los profesionales de seguridad más reconocidos en la comunidad estadounidense.
Sin embargo, puede llegar a ser muy repetitivo para el lector, recomiendo leer el libro pausadamente para sacarle el mayor provecho.
Sin embargo, puede llegar a ser muy repetitivo para el lector, recomiendo leer el libro pausadamente para sacarle el mayor provecho.
June 13, 2019
A fun read with good advice too
July 10, 2019
Great read.
December 13, 2019
What I enjoy most about this series is the amazing amount of relevant knowledge contained in each book. Nice job done there 👏🏼
May 8, 2020
It was a fun read, lots of great tips from professionals in the industry. Not the type of book I would read in one sitting..but yes, I would recommend.
November 11, 2020
A good overall read. Lots of practical advice from cybersecurity professionals. Very interesting to learn what each professional recommends for learning and development enhancement.
April 14, 2021
Great book, a lot of great insight on the field and helpful tips I hadn't thought of.
June 7, 2021
Good insights and advice for newbies (even for veterans) in cybersecurity from experts and practitioners of the field
July 21, 2021
Pretty good idea; general advice from ~70 different experts in security.
Did get sort of repetitive and boring about 2/3 thru, but I persevered.
Did get sort of repetitive and boring about 2/3 thru, but I persevered.
July 7, 2022
Nice idea, but ultimately only enough meat for a blog post - maybe a two part blog post.
Gets repetitive very fast. The same questions with the same answers over and over.
Gets repetitive very fast. The same questions with the same answers over and over.
January 30, 2023
Interviews of various people working in the security industry.
Read
August 24, 2025I changed my password please text me if you see I’m reading a sus book my Goodreads has been hacked and it’s hurting my authenticity
January 8, 2020
What a timely read
Thanks for putting this together I loved reading every single page and plan to be great in my cyber security work
Thanks for putting this together I loved reading every single page and plan to be great in my cyber security work
October 2, 2022
Reading Wrap up https://youtu.be/oMhWdWj7cUI
Displaying 1 - 26 of 26 reviews