The proactive guide to preparing for and preventing security disasters.
What’s in the book
- What a security framework is and how to use one
- How to track vulnerabilities in your software stack
- How to run Threat Modeling sessions with your team
- How to run a bug bounty program (and why)
- How to make the case for preventative security work
- How to create a detailed plan for your security budget
- How to instill a healthy security culture – where everyone wears their “seatbelt”
- How to prioritize security work for maximum impact
- What to look for in your first security hire
- How to respond if you do get hacked
This is a book of strategy, not a technical book.
I wrote this book for leaders who are busy and just need someone to tell them how to protect their investment.
It’s not a deep-dive into the nitty-gritty details of:
❌ network layering
❌ system administrations
❌ server hardening or
❌ how to reverse engineer the latest CVE
This book will tell you:
✅ how to build a proactive security culture
✅ how to organize a security program
✅ how to use data and metrics to set goals and measure success
✅ how to incorporate secure practices into the things that you already do
This book won’t help you to earn any kind of security certification or badge of honor. Those are things that matter to other people.
Instead, this book will help you do something much more useful and important: make meaningful changes that will protect your business against threats and the peace of mind that the work you’re doing matters to you.