Security from Zero: Practical Security for Busy People

October 31, 2020
Security from Zero: Practical Security for Busy People

Most of the marketing employed by the security industry tends torely on a bit of fear-mongering. It's easy to sell sensationalism-- to say that "everything is broken" and cause a sense of alarmand hopelessness.The goal of this book is not to impart fear, but knowledge.Informed individuals are less likely to panic when scary thingshappen. They're more likely to understand what's going on and howto respond appropriately. They're more likely to prepare andprevent disasters when they understand the real risks that theymight face. The goal of this book is to inspire confidence in thereader and an understanding that, despite the overwhelmingperception that everything is broken, the future is not doomedbecause everything can be fixed.Your inbox is overflowing, your day is full of meetings,everyone needs something from you, and you're struggling to stayahead of it all while trying to grow your company. There's thatnagging feeling that you should probably be doing something withsecurity to defend all of this work that you've done, to protectyour investment. But, what should you be doing? Where do you evenbegin?If this sounds familiar, then this book is for you. I want toshare my experience with you so that you'll know when it's time tostart focusing on security and how to start from scratch. This bookexplains the practical things you can do today, soon, and later --to improve your security wisely, to maximize the impact, and themetrics you'll need to make decisions, set goals and trackprogress.This book focuses on the high level strategy of successfulsecurity programs and avoids deep technical discussions so thatyou'll have the right level of insight to make informed decisionsand can spend your time on the things that matter most.Goals of This BookKickstarting Your Security ProgramThe Importance of Security CultureYour First Security HirePrioritizing the Work: Effort vs ImpactWorkload Management: Issue TrackingYour Data-Driven Security ProgramLeveraging Security Frameworks & QuestionnairesRegulation and ComplianceTracking VulnerabilitiesPlanning Your Security BudgetResponding to IncidentsThreat Modeling ExercisesEffective Bug Bounty ProgramsSecurity Audits & Penetration TestsLeast Privilege & Access ControlsMonitoring & Alerting