Crawley Kim - A Simple Cyber Resilience Guide for Business

Kim Crawley

Copyright 2022 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.

978-1-119-81123-7
978-1-119-81125-1 (ebk.)
978-1-119-81124-4 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2021942648

Trademarks: WILEY and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Cover image: Zhenjin Li/Getty Images
Cover design: Wiley

To Jay for loving me.

To the Smith (Smith-Collins) clan for giving me a new family.

To Tori for upholding the responsibility of being the last Crawley in my life.

To Kate Brew, Joe Pettit, David Turner, Haris Pylarinos, Aris Zikopoulos, Daphne Deiktaki, Kate Bevan, and Phil Wylie for the professional opportunities you've granted me.

Kim has been a prolific cybersecurity researcher and writer for well over a decade. Her years spent with BlackBerry Cylance, AT&T Cybersecurity, Venafi, and several other cybersecurity industry leaders gave her a thorough perspective on enterprise cybersecurity needs and trends. Years of friendships with CISOs, malware researchers, cyber threat intel specialists, and network administrators have provided her valuable insight to the scary ways the cyber threat landscape is evolving. Currently, Kim is focused on running Hack The Box's new blog, writing books about practical cybersecurity knowledge, and doing a little bit of dark web OSINT for a major Canadian bank on the side.

To my loving partner, Jay Smith, for all the times you've bragged about your brilliant cybersecurity hacker girlfriend to your family and your buddies. We're three years together, going strong! Let's make it three decades.

To my late father, Michael Crawley, for teaching me how to write for a living, from my toddler years to my twenties. It's a shame you didn't live long enough to witness my success.

To my publisher, Jim Minatel, for believing in my wacky ideas, and to my editor, Robyn Alvarez, for her patience with my eccentricities.

All the soft animals in my bed are also very much loved and appreciated.

I first met Kim Crawley in person in October 2019, in Toronto at SecTor, Canada's version of DEFCON. We'd been acquainted for a long time via Twitter, and she was the one who originally turned me onto SecTor and inspired me to submit a talk, citing the merits of her hometown and the conference. She was right about both. In between the superb sessions there, amidst the fantastic energy of that conference and the international vibe of the city, we walked around and talked about information security, cyber resilience, and neurodiversity, topics woven deeply into the fabric of both our lives. Over lunch one afternoon, our conversation came around to how our industry can do a better job of helping small and midsize organizations better prepare for strategic response to cybercrime. We agreed that by helping smaller and more vulnerable organizations, the larger organizations and the collective industry as a whole would also benefit. We compared notes on tactics and strategies that don't have to cost a lot of time or money.

Shortly after our time and discussions at SecTor, Covid-19 hit. Kim didn't slow down. She founded DisInfoSec, a pop-up infosec conference showcasing infosec professionals who identify as neurodivergent (including ADD, AHDH, autism, Asperger's, dyslexia, and more). Inspired by Lesley Carhart's PancakesCon and other events, DisInfoSec was a first-of-its-kind event and took place on July 11, 2020. The con included a lot of great talks and raised funds for the Autistic Self Advocacy Network, the Autistic Women and Nonbinary Network, and the Council of Canadians with Disabilities. Kim's commitment to improving inclusion and nudging the world to a better place is showcased in her actions, and this new book is merely an extension of her productive mindset.

If you're new to Kim's work, her past and present articles on infosec and cyber for AT&T Cybersecurity, Cylance, and others are some of the most accessible to read, especially for anyone who is new to those topics. Kim writes with spirit and an intimate awareness of the diverse audiences who may be reading, which makes her style a stand-out. Her new book is no exception: 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business is an easy read for first-timers, seasoned veterans, and anyone else keen to learn more about infosec and cyber resilience using practical, quick-win steps you can take right away to better prepare your organization for a strategic response to unplanned events that would otherwise compromise your productivity, reputation, and bottom line. That's real peace of mind, and I don't know about you, but these days I'll take all of that I can get. Enjoy the book!

Chad Calease

Chief Information Security Officer

https://resilience.sh