Ben McCarty - Cyberjutsu: Cybersecurity for the Modern Ninja

Cybersecurity has never been this critical to our economic prosperity and social peace. The need to protect our businesses intellectual property and peoples personal information is of utmost importance. Cybercriminals are getting faster, more creative, more organized, and more resourceful. Cybersecurity practitioners find themselves constantly discovering new threats and responding to new attacks, despite all the cyberdefense measures they have already taken. Its a cyber arms race.

In the 200 or so pages that follow, Benjamin McCarty, a brilliant cyber threat intelligence expert and an innovative security researcher whom I have known since 2017, shares how to protect your information from cyberhackers. Bens main message is simple: think like a ninja. But what about this message justifies writing an entire book? For the full and thorough answer, you just have to read it. But I can tell you that, at a high level, the answer lies in the tactics and techniques that ninjas use to wage warfare.

When I was in graduate school 15 years ago, the first security lesson I learned in my security engineering class was to think like a hacker. Within the cybersecurity community, we have been touting this message for several years, if not decades. But judging by the number of cyberattacks that organizations continue to undergo every year, this message does not seem to have sunk in for a large number of cyberdefenders. This is understandable for two reasons. First, the message is hard to internalize because of the lack of details. And second, any details available may be very hard to grasp. Ben addresses both issues by changing the message from Think like a hacker to Think like a ninja.

How? you might ask. Well, the answer lies in the ninja scrolls, which were scripted in medieval times but carefully kept secret until the mid-20th century. The scrolls were recently translated from Japanese to English. The translation reveals just how ninjas were trained to think, strategize, and act. Ninjas, being covert agents, cautiously kept their strategies and tactics secret. But the revelations made through the publication of their scrolls are worth a deep analysis to understand what made ninjas so successful in their espionage, deception, and surprise attack missions over centuries.

Bens analysis of these scrolls gleans the strategies, tactics, and techniques that ninjas used to conduct their attacks. He maps these ancient tactics and techniques to the modern-day tactics, techniques, and procedures (TTPs) used by hackers to conduct cyberattacks. Reading through the playbook and procedures will help security professionals understand not only how a ninja thinks, but also how a cybercriminal thinks. With that understanding, you will be able to develop the craft of really thinking like a hacker and internalizing that security principle. Not only will that help you predict the hackers potential next move, but it will also give you time to prepare for that move and build up your defenses to prevent the hacker from reaching their goal.

Another reason why Bens use of the ninja scrolls to bring these TTPs closer to cyberdefenders is a very smart approach is because these scrolls deal with attacks in the physical world; that is, they reference physical objects and describe movements within a physical environment. Physical environments are much easier for our brains to visualize than cyber or virtual environments. Thinking about the hackers tactics and techniques as they relate to tangible assets makes them more discernible. You can start envisaging how a hacker might apply a particular TTP to compromise one asset or move from one asset to another. In each chapter, Ben brilliantly takes you through a castle theory thought exercise to help you visualize those movements in a medieval castle and then translate them to a cyber environment.