Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, 3rd Edition

I purchased this book to accommodate my textbook from school. Unfortunately, the problem with textbooks based on technology is that it’s outdated as soon as it’s published. However, the concepts and ideas regarding security will always apply. It’s the software and tools that become deprecated over time or no longer maintained.

Short review about Cybersecurity – Attack and Defense Strategies (3rd Ed) by Yuri Diogenes and Dr Erdal Ozkaya. It has been a few years since I read the first edition of this book, and from what I recall, the first book was a convenient reference on the topic of cybersecurity strategy. Although unfortunately, I did not get to read the book end-to-end, it was valuable at the time in my research on the creation of incident response playbooks. I am pleased to say the third edition has not disappointed me with the depth and quality of the information. Included here is my feedback on some of the select chapters. Chapter 1. Security Posture - An excellent initial readout on the cybersecurity world's current and evolving threat landscape. I liked that it was not presented as a "doom and gloom" readout but as a realistic scenario that cybersecurity practitioners should be aware of and, more importantly, how to be prepared for it. It was also great to see the authors include concepts of Zero Trust concepts in this book. Zero Trust is a simple concept; however, the messaging can easily confuse someone new to this. Hence it is good to see that the authors present the topic in an easy-to-understand fashion especially tying this back to the NIST special publication and the principles captured within that. Chapter 2. Incident Response Process. Since I was familiar with this chapter in the first edition, I was curious to find out what had changed. In my opinion, the core concepts have remained the same. However, it was good to see the inclusion of additional real-world scenarios, which is something the readers will benefit from. Chapter 4. Understanding the Cybersecurity Kill Chain. No serious publication on cybersecurity attacks and a defence strategy will be complete without the cybersecurity kill chain model, and this book provides comprehensive coverage on this topic. Chapter 4 provides the foundations for the kill chain, and the latter chapters go deeper into distinct steps. I also liked that additional focus has been provided on the new and emerging attack vectors, such as IoT security. The remainder of the book focuses on helping organisations build effective security policies and the surrounding threat intelligence platforms. The final chapters are focused more on incident response, vulnerability management and real-world log analysis using on-prem and cloud-based systems. In summary, I really enjoyed this book, and I am also a bit embarrassed to say that it had taken me almost 5 years to read the book end-to-end (all be it was the 3rd edition that I was most interested in reviewing). This book will appeal to a broad audience of IT security practitioners, starting with the Cx team responsible for the overall cybersecurity strategy, to security architects involved in designing and deploying security solutions and equally appealing to the cybersecurity operations team responsible for incident response planning.

I highly recommend this book to security professionals at all levels, with the breadth of content and methodical approach, I find it relevant for a broad range of IT/Security pros - from Red/Blue teams to CISOs, DevOps/SRE, analysts and researchers. As the name suggests, this book covers both defense and attack strategies, and guides you through the key concepts you must know as a security professional, without extra fluff. Each chapter covers a well-defined topic, so more experienced readers can jump right to specific topics of interest. The style is engaging and includes references to real world scenarios, lessons learned, business aspects and jargon. Due to the breadth of topics covered, this book alone will not make you an expert Pen-tester, Cloud security engineer, SOC analyst or security architect, but it sets the foundational knowledge and includes many references you can use to dive deeper and specialize. The book covers the popular tools in the industry such as: Kali Linux, Metasploit, Nmap and Wireshark, Mimikatz, Nessus. it is also loaded with screenshots and code listings - again, don't expect to ace capture the flag (CTF) challenges or clear the OSCP exam, but you'll get enough information and practice to get you started. Some of the chapters include mini-labs that helps solidifying the theoretical concepts with hands-on practice, for example: OSINT (using dnsrecon, DNSDumpster and Shodan), SQL injection, Social engineering. To conclude, if you are looking for a concise and straight to the point guide covering offensive and defensive strategies, give this book a try. List of chapters: Chapter 1: Security Posture Chapter 2: Incident Response Process Chapter 3: What is a Cyber Strategy? Chapter 4: Understanding the Cybersecurity Kill Chain Chapter 5: Reconnaissance Chapter 6: Compromising the System Chapter 7: Chasing a User’s Identity Chapter 8: Lateral Movement Chapter 9: Privilege Escalation Chapter 10: Security Policy Chapter 11: Network Security Chapter 12: Active Sensors Chapter 13: Threat Intelligence Chapter 14: Investigating an Incident Chapter 15: Recovery Process Chapter 16: Vulnerability Management Chapter 17: Log Analysis