I get a lot of folks asking about how I think about this or that. Lots of conference rooms, video meetings, and hallway discussions about how my perspective is different from a defender’s. This has led to a lot of blog posts, and now has led to a book. I always figured my first book would be a choose-your-own-adventure style, but it turns out it’s about networks and hackers instead. If you want some context on how moose thinks about you and your network, check it out over at Amazon!
As someone regularly hired to hack Fortune 500 companies, I’ve found that the most challenging organizations to break into are the ones anticipating my every move. They have experience protecting what matters most.
Cybersecurity spend continues to steadily increase, with US firms spending an average of $2.6 million per year. But even as firms open up their purse strings to attempt to curb their risk, large-scale data breaches in the US have skyrocketed to over a thousand a year. The problem is that the security industry has continued to find better mousetraps to tackle the same solutions without reexamining the strategy itself.
I wrote this book to take you through the attacker’s kill chain step-by-step, as seen and performed by an actual attacker. The goal isn’t to scare you into buying a new security product — there is plenty of that already. I want organizations to understand the attacker’s perspective — a hacker’s logic used to break into organizations. Because once you see your environment the way a hacker does, your security strategy will change. You’ll prioritize like an attacker does, and figure out how to protect what matters most.