This Book is probably not like any other book you have read in cyber security. First of all this is not particularly about cyber security it is for cyber security professionals. Secondly this 'book' is a Special Report: a guide which details the issues and offers solutions you can customise to suit your environment through the application of the included exercises. This Special Report is based on the authors notes and experience as a CEO of a global services firm and as an AWS software developer and through working with cyber security professionals.While this book is aimed primarily at the cyber professional almost any profession can benefit where one professional is contracted to provide service to a large number of employees or teams. You could be a third party, a hired gun or in the cyber security lingo, a vCISO or virtual professional.Ultimately no matter your core message requirements, where there is a need to communicate a message or influence working practices or implement change, then you need to be an effective motivator and this book is all about how one professional can not only talk to many but be heard by them and help ensure they are crucially likely to take action when needed as well. Getting an audience to attend, listen and crucially, to take action is considered a magic trick, it is a subject most speakers have trouble with.
It is for most not easily achievable, and as a result often avoided. With this Special Report to hand you will discover there is no need, the impossible becomes the possible.There is a risk this book may not be taken seriously as some of those in cyber security for instance will be more interested in reading about more things that are about cyber security specifically as they come from that background.This has lead to the biggest problem at the root cause of the big data breaches in recent years: the almost exclusively technical approach to cyber security. Problems are most often human.Mega breaches of late are those that have produced losses of over £100m and it should be of no surprise that these have occurred within well governed highly structured organisations.The fault, invariably occurred as a result of poorly implemented cyber security and governance. Something has to change.
The author as an educator has delivered CISSP and CRISC courses and had the opportunity to work with many practitioners over many years. Specifically in just the last twelve months practicing cyber security professionals have come from consultancies like PwC, not for profit organisations like the NHS, national and local government, computer companies such as Dell, freelance contractors often employed by banks and many others in the UK.The author discovered few have much idea about how to manage the communication part of security other than it was a requirement that needed to be delivered and the topics are little understood by most as a result of their natural technical focus on data and data security within electronic storage and information systems.Security awareness is usually delivered through internal in-company presentations and workshops. Two areas the author has much experience in.If development and operational teams are operating within closely governed, highly invested organisations and mega breaches still occur, messages can't be getting through. This book, it's exercises and the authors workshops are designed to address this 'missing' element. The author has been involved in the development of audit software for nearly two years and most of the queries and feedback has been about operational issues rather than technical requirements.
An area of constant surprise. When pushed in order to understand why operational issues are so important the answer came as no surprise. Most technical people are generally not 'people' people. This Special Report has been written to resolve this core issue.