Aaron Roberts - The No-Nonsense Guide for CISOs and Security Managers

This Apress imprint is published by the registered company APress Media, LLC part of Springer Nature.

The registered company address is: 1 New York Plaza, New York, NY 10004, U.S.A.

Since the Internet became a regular fixture in everyday life in the 1990s, the threat from criminals utilizing this modern wonder of the world has grown exponentially. As the world has become more dependent on technology, the sophistication and reach of hackers, nation-states, and criminals continues to evolve at an unprecedented rate and an unprecedented scale.

I have always been fascinated by computers and technology. As a young child, I remember my Commodore 64 fondly. I grew up as a working-class lad and didnt own a proper computer until I was 18. However, from that moment, my interest and inquisitive nature took over. In 2009, after three years on and off in the Army Reserve, I embarked on my then newfound career working in IT and, subsequently, intelligence within the UK Civil Service. I worked in a variety of roles and locations and received some excellent training and foundations to specialize in the emerging field of cyber intelligence, which is something Im incredibly grateful for.

Although I hope you find this book of value, and that it helps you in setting up or maintaining an excellent CTI program in your own business or, indeed, learning some of the core concepts around CTI as an analyst, I would urge you not to consider this book a one-stop shop for what or how you should adapt CTI within your organization.

These are just a few questions that you should be asking yourself before considering a CTI program. After all, your threat profile is very different if youre Barclays Bank or if youre Peggys News on the high street in Skipton. This example may be crude, but it helps to illustrate that you need to adopt a unique response to your intelligence program and some of the reasons why. If you dont adopt a unique strategy within your own business, youre going to have gaps in your coverage and/or detection processes.

Something I strongly believe is that cybersecurity should always be intelligence-led. CTI gives you the reason why to adopt a specific approach. Without it, you just have information and response without context.

This book is written almost like a manifesto for what CTI practices should be. It is not, however, a step-by-step guide on what you should do and how you should do it. There are a couple of reasons for this. Foremost, as I mentioned, every single organization has different requirements, different IT estates, and a unique threat model from every other organization, unique even from its own peers.

I cant in good conscience tell you what to do and know that it will work 100% of the time. Some of my suggestions will ring true for you; some of them wont. You may agree with me in some cases and wholeheartedly disagree with me elsewhere. However, I hope the overlying message conveyed within this book is something that you do agree with and therefore take into consideration when looking at broader practices, vendors, and approaches to security controls moving forward.