Berlin Amanda - Defensive security handbook best practicesfor securing infrastructure

by Lee Brotherston and Amanda Berlin

Copyright 2017 Lee Brotherston and Amanda Berlin. All rights reserved.

Printed in the United States of America.

Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.

OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .

• Editors: Courtney Allen and Virginia Wilson
• Production Editor: Melanie Yarbrough
• Copyeditor: Kim Cofer
• Proofreader: Eliahu Sussman
• Indexer: Ellen Troutman-Zaig
• Interior Designer: David Futato
• Cover Designer: Karen Montgomery
• Illustrator: Rebecca Demarest

• April 2017: First Edition

See http://oreilly.com/catalog/errata.csp?isbn=9781491960387 for release details.

The OReilly logo is a registered trademark of OReilly Media, Inc. Defensive Security Handbook, the cover image, and related trade dress are trademarks of OReilly Media, Inc.

While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.

978-1-491-96038-7

[LSI]

Spend any time in the information security world, and it will become quickly evident that most of the press and accolades go to those folks working on the offensive side of security. From finding new vulnerabilities, creating exploits, breaking into systems, bug bounties, the occasional cable TV show, and capture the flag contests, the red teams get all the glory. But there is moremuch moreto the security world than just offense.

Being on the defensive side, the blue team, can seem a lonely, unappreciated battle. But doing defense is a vital, noble, and worthwhile pursuit. We defenders matter, greatly, to the future of our organizations and the jobs and livelihoods of our coworkers. When the bad guys win, people lose their jobs, organizations are distracted from their core goals, and the bad guys are often enriched to continue their nefarious pursuits. And, like something out of a cyberpunk novel, with the trend of the Internet of Things, soon actually lives may be at threat when the bad guys are successful.

So many of us got our start in the security world as tool engineers, running perhaps a firewall or IDS platform for our employer. Though those skills are highly valued, moving beyond them to a more holistic view of defensive security can sometimes be a challenge without the right resources to bring a bigger picture view. As we continue to experience a shortage of valuable information security defensive talent, we will need more folks than ever to continue to learn and grow into the defensive security role; and to do it well, they need a holistic view of the security landscape.

Another challenge we often face is that a great deal of the narrative around defenses, technology, threats, and thought leadership in the defensive security world comes from the vendors themselves, and their snazzy demos and marketing presentations. Though a lot can be learned from vendors in the space, as they are laser focused on the problems organizations are trying to solve, they also have a sometimes narrow view of the world. IT Security Vendors will often define the problem set as the problem they can solve with their technology, not necessarily the problem an organization actually has. Countering that view with a holistic view of defensive security is vital to helping organizations become as secure as they can be.

This is why I am so honored to write the forward for the Defensive Security Handbook. The world of security is changing rapidly, and we need more folks on the defensive side, learning from the best practices and the hard-won lessons of those who came before. This book does a great job of laying out key principles and skills, and giving a broad overview of the complex and growing landscape of the defensive security side of the world. Amanda Berlin and Lee Brotherston have laid out an overview of the multifaceted world of defensive security. Certainly, whole books have been written on tiny segments of the topics covered, but this handbook does a marvelous job of giving a defensive security professional an overview of the myriad of skill sets necessary to be successful. This handbook is a great primer for those new to the world of information security defense, those who want to expand their skills into more areas, and even those who have many years in the industry and are looking to make sure they are covering all their bases.

I think youll find this a valuable resource to keep nearby and reference throughout your career. Best of luck on your path, and remember to keep fighting the good fight. Even when it may seem lonely and tough, remember what you are doing matters, and there are many out there who can and will help. Amanda and Lee have done a great job sharing their experience; now its up to us to learn from their experience.

Andrew Kalat

Cohost of the Defensive Security Podcast

February 2017