Out today, my new book: Security Operations in Practice

Possibly, the only information security book written largely on a boat.

One of the really neat things about writing books is knowing the story behind how they were written. For example, in early 2019, I was commuting, as so many folk do, via a ferry to Seattle on a daily basis. It’s an interesting commute full of natural beauty, coffee, and questionable-looking breakfast sandwiches. The best thing about that commute, in a giant metal box with poor wireless connectivity, is that for about 2 hours a day, it was just me, my thoughts about security operations, and my laptop. Those thoughts would eventually turn into the book that hits the shelves and digital marketplaces today.

The cover image was chosen because it shows a control tower in the midst of a brewing storm, which represents a SecOps team pretty much every day.

Security Operations in Practice is written from my experiences in going from an individual contributor to heading up Security Operations teams at some pretty big companies. It’s the book I wish I’d had, say 7 or 8 years ago when I started on that path.

The modern Security Operations team is where the aspirations of information security policies are put into practice. It’s where the ‘rubber hits the road’ as far as a technical security program is concerned. It’s a pivotal team in determining the success and reputation of a security program. Therefore, it’s crucial that an effective security operations team is one that provides a service to its organisation, rather than simply generating more work. This book talks about how to make that happen.

When it comes to ‘noise’, security operations should be a filter, not an amplifier.

The book is full of case studies and anecdotes based on my own experiences, that I hope will back up the theoretical elements.

Running security operations becomes a lot easier when you’re surrounded by good people. I’ve been fortunate to have the support of really good people throughout my career, and a lot of them get a shout out in the acknowledgements section of this book. One person I’d like to extend a special thanks too is my friend and former colleague, Tamlynn Deacon, who contributed the Foreword for this book.

Tamlynn’s story is incredible. She’s a fearless leader in the information security and compliance space. I have no doubt that her latest venture RiscPro will take over the world one day.

Anyway, if you read this book, I really hope you enjoy it and learn something new, or just get confirmation from a second set of eyes that you’re on the right path.

And thank you, from the bottom of my heart, for allowing the thoughts and experiences committed to print on that boat, some space in your brain. I will never get over how much of a privilege it is to write a book that other people end up reading.

You can find Security Operations in Practice at Amazon US, Amazon UK, Barnes and Noble, WH Smith, Waterstones and anywhere else books are sold! You can also, read the first pages for free.

Note: if ordering the paperback, ignore the long lead times (stock is on the way!)

Information security professional specializing in SecOps, IR and Digital Forensics. Author of the Digital Forensic Diaries, and now, the Pen Test Diaries.

Information security professional specializing in SecOps, IR and Digital Forensics. Author of the Digital Forensic Diaries, and now, the Pen Test Diaries.