Cybersecurity Myths and Misconceptions

It's been 50 years since the discipline of cybersecurity originated, but users and developers still spread and succumb to many of the same pitfalls in design and practice. The same mistakes keep getting repeated, people keep getting misled, and cybersecurity remains far from optimal. In Cyber Myths, three cybersecurity pioneers don't just deliver the first comprehensive collection of false folk wisdom that derails security from the frontlines to the boardroom: they offer expert practical advice for avoiding or overcoming each myth.

Whatever your cybersecurity role or experience, Eugene Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout, you'll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses.

"Many security leaders are traditionally in charge of correcting misconceptions just as much as they are in charge of building up solid security practices. We have plenty of resources on practices--but this book is the crucial guide to that essential myth busting."
--Phil Venables, CISO, Google Cloud

"I'm writing this on my phone, over Wi-Fi, in an airplane on my way to Black Hat, one of the world's largest security conferences. The fact that I'm able to do this at all shows how much we've really learned about cybersecurity over the decades. Now it's all collected in one place for everyone to share. Thank the wise authors, and most importantly: GET OFF THEIR LAWN."
--Wendy Nather, Head of Advisory CISOs, Cisco

"This book is astounding. A true tour de force--which I have never said about any other book. Inverting the viewpoint is a stroke of genius. This is going to be on my grabbable-at-any-time shelf. What I learned, recalled, and was refreshed on with technically astute agnosticism cannot be measured; just appreciated as a profound historical compilation of security practice and theory. Bravo!"
--Winn Schwartaul, Founder and Chief Visionary Officer, The Security Awareness Company

"I am happy to endorse the central idea of this book--that cybersecurity is rife with myths that are themselves part of the problem. The brain wants to understand, the world grows ever more complicated, and the sum of the two is myth-making. As the authors say, even if some understanding is true at some time, with enough change what was true becomes a myth soon enough. As such, an acquired immunity to myths is a valuable skill for the cybersecurity practitioner if no other. The paramount goal of all security engineering is No Silent Failure, but myths perpetuate if not create silent failure. Why? Because a state of security is the absence of unmitigable surprise and you cannot mitigate what you don't know is going on. Myths blind us to reality. Ignorance of them is not bliss. This book is a vaccine."
--Dan Geer, CISO, In-Q-Tel

"This is a fun read for all levels. I like their rapid fire delivery and the general light they cast on so many diverse myths. This book will change the cybersecurity industry for the better."
--Michael Sikorski, Author of Practical Malware Analysis & CTO, Unit 42 at Palo Alto Networks

Eugene H. Spafford, PhD, is a professor in Computer Science at Purdue University. In his 35-year career, Spaf has been honored with every major award in cybersecurity. Leigh Metcalf, PhD, is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute's cybersecurity-focused CERT® division. Josiah Dykstra, PhD, is a cybersecurity practitioner, researcher, author, and speaker. He is the owner of Designer Security and has worked at the US National Security Agency for 18 years.

This item is eligible for free returns within 30 days of delivery. See our returns policy for further details.