Cybersecurity Myths and Misconceptions

Available now on Amazon and everywhere you get books.

Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn’t the user the weakest link?

In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don’t just deliver the first comprehensive collection of false folk wisdom that derails security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.

Whatever your cybersecurity role or experience, Eugene Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout the book, you’ll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses.

  • Read over 175 common misconceptions held by users, leaders, and cybersecurity professionals, along with tips for how to avoid them.
  • Learn the pros and cons of analogies, misconceptions about security tools, and pitfalls of faulty assumptions. What really is the weakest link? When aren’t “best practices” best?
  • Discover how others understand cybersecurity and improve the effectiveness of cybersecurity decisions as a user, a developer, a researcher, or a leader.
  • Get a high-level exposure to why statistics and figures may mislead as well as enlighten.
  • Develop skills to identify new myths as they emerge, strategies to avoid future pitfalls, and techniques to help mitigate them.
  • Fall down the rabbit hole of analogies with whimsical illustrations of difficult concepts, coupled with extensive citations and humor-tinged prose that explain them.

Essential Cybersecurity Science

Essential Cybersecurity Science Cover

If you’re involved in cybersecurity as a software developer, forensic investigator, or network administrator, this practical guide shows you how to apply the scientific method when assessing techniques for protecting your information systems. You’ll learn how to conduct scientific experiments on everyday tools and procedures, whether you’re evaluating corporate security systems, testing your own security product, or looking for bugs in a mobile game.

“Dykstra surprises readers by showing that the security of software artifacts can be the subject of scientific study.” —Vint Cerf, Internet Pioneer

“An invaluable resource on the application of the scientific method for any cyber security practitioner.”  —Matt Georgy, Senior Technical Director, Symantec Corporation

Once author Josiah Dykstra gets you up to speed on the scientific method, he helps you focus on standalone, domain-specific topics, such as cryptography, malware analysis, and system security engineering. The latter chapters include practical case studies that demonstrate how to use available tools to conduct domain-specific scientific experiments.

  • Learn the steps necessary to conduct scientific experiments in cybersecurity
  • Explore fuzzing to test how your software handles various inputs
  • Measure the performance of the Snort intrusion detection system
  • Locate malicious “needles in a haystack” in your network and IT environment
  • Evaluate cryptography design and application in IoT products
  • Conduct an experiment to identify relationships between similar malware binaries
  • Understand system-level security requirements for enterprise networks and web services

Preview and purchase at Amazon.