Chapter 1: The Psychology of Cybersecurity Technology

Chapter 2: Authentication Tech

Foundations of Authentication

The Big Three – Something You Know, Have, or Are

Secure Password Storage

How Hackers “Crack” Password Lists

Chapter 3: Access Control Tech

Foundations of Access Controls

Mandatory vs Discretionary Access Controls

BLP, BIBA, and Other Models

RBAC and ABAC

Foundations of Cryptography

Symmetric Cryptography

Asymmetric Cryptography

Certificates and PKI

Chapter 5: Cryptography Application Tech

Foundations of Cryptographic Applications

Securing Data-At-Rest

Securing Data-In-Motion

Securing Data-In-Use

Securing Composite States

Chapter 6: Classical Host Security Tech

Foundations of Host Security

Malware: Viruses, Trojans, Ransomware

Host Hardening

Host IDS

Technological Limits

Chapter 7: Classical Network Security Tech

Foundations of Network Security

Border Security: Gateways, Firewalls, Proxies

Virtual Private Network (VPN)

Network IDS and IPS

Physical Security

Technological Limits

Chapter 8: Web Security Tech

Foundations of Web Security

TLS

Cookies, State, and Session Defenses

API Security

Domain Name Security

Chapter 9: Email and Social Media Security Tech

Foundations of Overlay Security

Email-borne Malware

Spam, Phishing, and Other Email Threats

Social Media Threats

Chapter 10: Cloud Security Tech

Foundations of Cloud Security

Multitenancy Security for Storage and Operations

Availability

Incident Response

Chapter 11: Modern Security Tech

Foundations of Classic Security Limitations

Advanced Persistent Threats

Zero-trust Networking

Deception Technologies

Data Privacy Techniques

Chapter 12: Blockchain Tech

Foundations of Blockchain Technology

Peer-to-Peer Technology

Distributed Ledgers

Public and Private Ledgers

Limitations of the Technology

Cryptocurrencies

Chapter 13: Current Events and Future Trends 

TODO: Decided closer to end-of-book

Appendix A: Review of Computer Basics

Appendix B: Review of Networking Basics

Seth James Nielson, PhD is the founder and chief scientist of Crimson Vista, a cybersecurity engineering company. He advises clients from startups to Fortune 50 companies on security matters. Dr. Nielson also teaches cybersecurity courses at the University of Texas at Austin. He has authored or co-authored papers on topics such as IoT security, hacking portable chemical manufacturing systems, and methods for teaching computer security to students. Dr. Nielson also co-authored the Apress book, Practical Cryptography in Python.

The contemporary IT landscape is littered with various technologies that vendors claim will “solve” an organization’s cybersecurity challenges. These technologies are powerful and, in the right context, can be very effective. But misunderstood and misused, they either do not provide effective protection or do not protect the right things. This results in unnecessary expenditures, false beliefs of security, and interference with an organization’s mission.

This book introduces major technologies that are employed in today’s cybersecurity landscape and the fundamental principles and philosophies behind them. By grasping these core concepts, professionals in every organization are better equipped to know what kind of technology they need, ask the right questions of vendors, and better interface with their CISO and security organization. The book is largely directed at beginners, including non-technical professionals such as policy makers, compliance teams, and business executives.

What You Will Learn

• Authentication technologies, including secure password storage and how hackers “crack” password lists
• Access control technology, such as BLP, BIBA, and more recent models such as RBAC and ABAC
• Core cryptography technology, including AES encryption and public key signatures
• Classical host security technologies that protect against malware (viruses, trojans, ransomware)
• Classical network security technologies, such as border security (gateways, firewalls, proxies), network IDS and IPS, and modern deception systems
• Web security technologies, including cookies, state, and session defenses, and threats that try to subvert them
• Email and social media security threats such as spam, phishing, social media, and other email threats