Build, evaluate, and measure effective cybersecurity strategies using real-world threat intelligence and lessons from decades of enterprise defense experience.
Key Features
Apply data-driven strategies to protect, detect, and respond to modern cyber threats Evaluate Zero Trust, attack-centric, and resilience strategies for enterprise defense Address ransomware, API abuse, cloud risks, and AI system security Purchase of the print or Kindle book includes a free PDF eBook
Book DescriptionDesigning a cybersecurity strategy that actually works is difficult when threats evolve faster than budgets, teams, and tools. This book helps security leaders cut through noise by focusing on how organizations are compromised, which strategies succeed, and how to measure outcomes. Written by Tim Rains, a former Global Chief Security Advisor at Microsoft and senior security leader at AWS and Fortune-scale enterprises, this edition expands on the previous editions with major updates and new chapters. You will learn how threat intelligence, attack-centric security, intrusion kill chains, and MITRE ATT&CK can help defenders design stronger strategies. New and expanded content covers ransomware, API security, living off the land attacks, resilience as a cybersecurity strategy, and the security of AI systems alongside practical guidance on using AI to improve security outcomes. This book takes a practical, evidence-based approach to cybersecurity strategy, helping you assess trade-offs, avoid costly missteps, and communicate clearly with executives and boards. By the end of this book, youll be able to evaluate cybersecurity strategies more effectively, improve enterprise defenses, and communicate security priorities clearly to executives and boards.What you will learn
Identify common enterprise intrusion paths and reduce initial compromise Distinguish credible threat intelligence from industry noise Improve vulnerability management while reducing risk and cost Assess malware, ransomware, and internet-based attack techniques Secure APIs and reduce exposure from trusted enterprise tools Evaluate Zero Trust and attack-centric security strategies Apply cloud, resilience, and AI capabilities to improve security outcomes How governments request data and how enterprises manage access, risk, and oversight
Who this book is forThis book is for CISOs, CSOs, security leaders, architects, and cybersecurity professionals responsible for strategy, risk reduction, and compliance in enterprise environments. Readers should have a basic understanding of IT, networking, and core cybersecurity concepts.
