Information by itself is generally boring. My role as a writer is to take relevant facts and details and put them into a format that my audience wants to read. The very best information is useless if nobody reads it, so it is important to make it engaging by crafting a narrative around it. The Identity Defined Security Alliance (IDSA) understands the value of the story—which is why they created the CISO Chronicles to raise awareness of identity and access management fundamentals.
I started my career as a writer as the Guide for the About.com site for Internet / Network Security in 2002. I reviewed hundreds of books on the subject of cybersecurity—but one, in particular, really intrigued me: Hacker’s Challenge.
There are books on every unique aspect and nuance of technology and cybersecurity. No matter what you want to know, it is a virtual guarantee that you can find a book that shares the information you are looking for. The thing that made Hacker’s Challenge different is that rather than just explaining the importance of cybersecurity and listing off security fundamentals and best practices—like 100 other books on the topic—Hacker’s Challenge was a collection of short stories that shared valuable insights and relevant information through a fictional narrative.
I loved Hacker’s Challenge, and the subsequent Hacker’s Challenge 2 so much that I approached the publisher to propose a third volume. Hacker’s Challenge 3 was the first book I co-authored—along with David Pollino, Bill Pennington, and Himanshu Dwivedi—with stories contributed by a number of other authors. I wrote three of the stories: “Shooting Phish in a Barrel,” “Pale Blue Glow,” and “The Root of the Problem.”
With the Hacker’s Challenge series, part of the fun was to try and solve the mystery. So, the stories are each broken into two parts. The first half sets up the scenario and provides evidence for the reader to try and figure out. Then, the second half walks through the answer to explain to the reader what happened.
Identity Defined Security
A lot has changed since that book came out in 2006. The ecosystem of technology has grown exponentially, and the threat landscape continues to expand with innovative techniques and exploits. The evolution of the cloud, SaaS (software-as-a-service) applications, and internet-of-things (IoT) technologies have dramatically changed the attack surface, and identity has emerged as the first line of defense—or the Achilles heel—for cybersecurity, depending on how effectively it is managed.
The notion of a network perimeter and protecting “inside” the network from unauthorized or malicious access from “outside” the network is outdated. So is the idea of “us” vs. “them”—or placing inherent trust in your own accounts while only actively preventing access by unknown accounts. The reality is that at the point of attack almost all attacks are insider attacks that leverage valid identities. Threat actors can compromise credentials through a wide variety of tactics and techniques, allowing them to access your network and data as a “valid” user.
The Identity Defined Security Alliance recognizes the importance of strong identity security and provides free, vendor-neutral education and assets you can use to reduce the risk of a breach with an identity-centric approach to security. The Identity Defined Security Framework is comprised of best practices and security outcomes and approaches that can be implemented for a stronger security posture.
The IDSA has tons of resources you can use to learn more about the fundamentals and best practices of identity security. One of the coolest, though, is the CISO Chronicles.
The CISO Chronicles is like Hacker’s Challenge—using a fictional narrative as a vehicle for conveying important information. The stories are engaging and well-written, so you will be entertained. But they also provide the added benefit of educating readers on the challenges and pitfalls of identity security, as well as tips and guidance to manage identity security effectively.
You should check out the CISO Chronicles. They are great stories, and you will walk away knowing more, whether you want to learn about identity security or not.