This book is for anyone who wants to get their cybersecurity fundamentals clear in a short span of time.
The author Chirag Joshi, who is a dear friend, has put in a lot of research towards writing this book. His knowledge is experiential; he is well-networked in the cybersecurity community (in Australia, India and the US) and speaks at many events.
The 7 Rules… taught me that cybersecurity is not only about technology. One has to know one’s business well in order to understand what to protect (Rule 1).
Cybersecurity is not just about Risk Mitigation. It is a Risk Management exercise. (Rule 2). What is Risk? How do you quantify risk? Some risks can be ignored but some can severely impact your business operations. Know your assets, and understand how threats become risks to your business. Know how vulnerabilities can be exploited and become threats – and impact your business.
After identifying risks you have got to measure them in the context of your business. (Rule 3.) As Chirag says, “What gets measured gets managed and what gets managed delivers value.”
One should also address the human factor. (Rule 4.) The vast majority of cyber security incidents occur due to human errors and mistakes. You could have watertight security, with state-of-the-art IDS and firewalls – but one careless click on a malicious link …
Strategy is also important. (Rule 5.) Chirag says a “fit-for-purpose” strategy forms the basis of a good cybersecurity program. And cybersecurity leaders must have knowledge of design and execution of these strategies.
I was surprised to find that Rule 6 is about Mastering the Art of Differentiating Skills. This one is about soft skills which Chirag calls “differentiating skills” – which many security leaders lack. These skills include presentation skills, writing skills, networking skills, and having the right mindset.
Rule 7 was also a surprise for me – it is about building an Authentic Brand. This chapter offers tips on how cybersecurity leaders can build their personal brands. And one of the ways of doing this is by posting thought leadership content on Linkedin and Twitter. As Chirag writes, “To be an exceptional cybersecurity leader, you need to be able to inspire confidence and influence key stakeholders.”
The book ends with a list of useful resources and links that Chirag compiled during his research. An updated resource list is available on his website: www.ChiragDJoshi.com
Please read the book, engage with the community, share knowledge and spread cybersecurity awareness.
Available on Amazon.com
