I am a cybersecurity risk management thought leader and subject matter expert with hands-on experience in managing and measuring large-scale cybersecurity programs, system security architecture, cybersecurity tools and techniques, cybersecurity forensics, audit of information systems and networks, and technology control processes. I have spent my career educating others in cybersecurity, mostly because it has always been necessary to educate staff; and colleagues soon recognized that I was easily able to handle the transition from staff training to external classroom environments. But my main motivation for external cybersecurity education is to get feedback from the cybersecurity professional community on my approaches to today’s cybersecurity issues.
I wrote
Enterprise Security for the Executive: Setting the Tone from the Top
A reporter’s account of nation-states' relentless pursuit of superior offensive capability. Although former NSA officials may not agree with every word, it is generally acknowledged to be a true trail of facts available to reporters. Most cybersecurity staff are routinely muzzled by legal confidentiality agreements in the same manner as staff who have access to business trade secrets. There are few reporters who have had as much access as Perlroth to those individuals.
THE NEW YORK TIMES BESTSELLER * Winner of the Financial Times & McKinsey Business Book of the Year Award * Bronze Medal, Arthur Ross Book Award (Council on Foreign Relations)
"Written in the hot, propulsive prose of a spy thriller" (The New York Times), the untold story of the cyberweapons market-the most secretive, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero-day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy's arsenal, a zero-day has the power…
A system administrator’s suspenseful account of the hunt for a hacker who broke into the Lawrence Berkeley National Laboratory (LBNL). The author trumpeted the experience and became a hero in cybersecurity circles. This was the first real proof available to laymen that cybersecurity adversaries were a force with which to be reckoned. Unfortunately, for most global corporations, it fell on deaf ears.
Before the Internet became widely known as a global tool for terrorists, one perceptive U.S. citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up? Cliff Stoll's dramatic firsthand account is "a computer-age detective story, instantly fascinating [and] astonishingly gripping" (Smithsonian).
Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name…
It is April 1st, 2038. Day 60 of China's blockade of the rebel island of Taiwan.
The US government has agreed to provide Taiwan with a weapons system so advanced that it can disrupt the balance of power in the region. But what pilot would be crazy enough to run…
The book portrays a scenario in which nation-state adversaries launch a sophisticated cyberattack against the United States.Though it is science fiction, the political scenario it depicts is a realistic description of how today’s nation-states consider technology options when they are engaged in traditional war. For people interested in cybersecurity and attracted to that genre, it will be an eye-opening experience because the basic scenarios it describes are very easy to project into the near future. It is also a tale of adventure.
Ghost Fleet is a page-turning imagining of a war set in the not-too-distant future. Navy captains battle through a modern-day Pearl Harbour; fighter pilots duel with stealthy drones; teenage hackers fight in digital playgrounds; Silicon Valley billionaires mobilise for cyber-war; and a serial killer carries out her own vendetta. Ultimately, victory will depend on who can best blend the lessons of the past with the weapons of the future. But what makes the story even more notable is that every trend and technology in book - no matter how sci-fi it may seem - is real. The debut novel by…
Amoroso’s experience started with academic research at Bell Labs and Stevens Institute of Technology but moved quickly to practically fill voids at AT&T and NSA. His book reduces technical concepts in cybersecurity to basic principles and explains generically how they are effectively implemented. For the true techy who wants to fully understand all the formal logic behind the theories in Cyber Attacks, reach back to Ed Amoroso’s Fundamentals of Computer Security Technology (1994).
Cyber Attacks takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction. It initiates an intelligent national (and international) dialogue amongst the general technical community around proper methods for reducing national risk. This includes controversial themes such as the deliberate use of deception to trap intruders. It also serves as an attractive framework for a new national strategy for cyber security, something that several Presidential administrations have failed in attempting to create. In addition, nations other than the US might choose to adopt the framework as well.
This book covers cyber security policy development for…
It is April 1st, 2038. Day 60 of China's blockade of the rebel island of Taiwan.
The US government has agreed to provide Taiwan with a weapons system so advanced that it can disrupt the balance of power in the region. But what pilot would be crazy enough to run…
It is a reporter’s account of a cybersecurity entrepreneur stumbling into criminal and nation-state level cyberattacks, assisting in the investigation, and ultimately becoming a target. The writing is clear and accessible to the non-technical reader but it still conveys a good sense of what it is like to witness and investigate cyber-crime. It is a suspenseful human drama.
In 2004, a California computer whiz named Barrett Lyon uncovered the identity of a hacker running major assaults on business websites. Without fully grasping the repercussions, he set on an investigation that led him into the heart of the Russian mob. Cybercrime was evolving. No longer the domain of small-time thieves, it had been discovered by sophisticated gangs. They began by attacking corporate websites but increasingly stole financial data from consumers and defence secrets from governments. While Barrett investigated the cutting edge of technology crime, the U.S. government struggled to catch up. Britain, however, was a different story. In the…
This is a cybersecurity book in the “Business” category. It was written for business executives with direct responsibility and/or interest in information security or cybersecurity. It describes cyber security management practices and recommends an approach for those motivated to create and/or support an information/cyber security function. In a nutshell, it can give executives confidence they are setting the right tone at the top to support their company’s cybersecurity initiatives. For a deeper dive into cybersecurity policy decisions, advance to my Cyber Security Policy Guidebook (2012) or Financial Cybersecurity Risk Management (2018).
