Book review: Managing Cyber Risk

Managing cyber risk is the book for those looking to understand this new enterprise risk from a strategic perspective. The book was written by a cyber risk expert for managers and senior executives, although practitioners can also benefit from reading it. The book covers everything a senior stakeholder in an organisation needs to know to…

Book Review: Industrial Network Security

Some months ago doing a research for a job assignment, I ended up in scadahacker.com which is an ICS specific cyber security blog. Among the books the blog recommends is Industrial Network Security, I did not think about it twice and bought it. I was not familiar enough with the area to understand it, so…

Book review: Leading change, our iceberg is melting

Some months ago I was catching up with a friend of mine, and while we were discussing the joy of having a job, she suggested to me to read the book Leading change, our iceberg is melting. The book is a fable about penguins written in a very simple language, the story focuses around leading…

Cyber Economics (1) – Development of a security control baseline

This is a short post of a simple of Cyber Economics framework to help organisations develop investment strategies to reduce Cyber Risk. The framework is based on a research paper produced by AFCEA International Cyber Committee. This document was created in 2013 but the principles are still the same in 2020 as well as the…

Cyberspace and Great Power Competition

This is an hour symposium at the Council on Foreign Relations in which a panel of experts from Fireeye, Recorded Future and Johns Hopkins University discuss the last developments in threat operations by actors such as China, Iran, North Korea and Russia. The discussion is strategic in nature and it discloses the different interests of…

Defensible architectures

Defensible architectures are those that follow a set of specific practices oriented to avoid the shortcomings of classic security architecture. In a classical security architecture, systems are hardened during the design stage and they continue like this thorough the whole life-cycle thus assuming the threat’s modus operandi is constant unlike in a defensible architecture in…

Threat oriented cyber strategy with Cyber Prep

Cyber Prep is a preparedness methodology that aligns with a Multi-tier approach to Risk Management as defined in NIST SP 800-39. Cyber Prep supports the first step of this multi-tier approach which is Risk Framing. Risk framing pertains to the organizational level and from there it cascades all down to Mission / Business and Systems…

Understanding the threat for Organizational Cyber Preparedness

I have spent some time working in the threat industry and through my own experience, I started getting interested in looking at things from a different perspective. There are great professionals and researchers in this area of cyber security however, it lacks cohesion. A higher degree of cohesion within as well as in other areas,…

Network attacks and exploitation: a framework

There is no other book like this one, indeed I would say this is the only book I have read of this nature. It has been written and edited by Matthew Monte and Dave Aitel two experts in the field. The main focus of the book is Computer Network Exploitation (CNE) from a strategic point…

How They Rule the World: The 22 Secret Strategies of Global Power

This a short review of a geostrategy book written by Pedro Baños, Pedro is a colonel of the Spanish Army and a specialist in geostrategy, defense, security, and jihadist terrorism and he held different positions during his career from Lieutenant to Head of Counterintelligence and Security for Europe in Strasbourg. I initially got interested in this…

Russian disinformation operations for the masses

This a very good, short and to the point documentary on how Russia has been developing their disinformation operations. Having researched this field through papers and doctrine; I recommend watching this video. It is very succinct with real examples from the past and present in which the objectives and impact of these operations in western…