There is a distinct lack of theoretical innovation in the cybersecurity industry. This is not to say that innovation is lacking, as new technologies, services, and solutions (as well as buzzwords) are emerging every day. This book will be the first cybersecurity text aimed at encouraging abstract and intellectual exploration of cybersecurity from the philosophical and speculative perspective. Technological innovation is certainly necessary, as it furthers the purveying of goods and services for cybersecurity producers in addition to securing the attack surface of cybersecurity consumers where able. The issue is that the industry, sector, and even academia are largely technologically focused. There is not enough work done to further the trade-the craft of cybersecurity. This book frames the cause of this and other issues, and what can be done about them. Potential methods and directions are outlined regarding how the industry can evolve to embrace theoretical cybersecurity innovation as it pertains to the art, as much as to the science. To do this, a taxonomy of the cybersecurity body of work is laid out to identify how the influences of the industry's past and present constrain future innovation. Then, cost-benefit analysis and right-sizing of cybersecurity roles and responsibilities-as well as defensible experimentation concepts-are presented as the foundation for moving beyond some of those constraining factors that limit theoretical cybersecurity innovation. Lastly, examples and case studies demonstrate future-oriented topics for cybersecurity theorization such as game theory, infinite-minded methodologies, and strategic cybersecurity implementations. What you'll learn The current state of the cybersecurity sector and how it constrains theoretical innovation How to understand attacker and defender cost benefit The detect, prevent, and accept paradigm How to build your own cybersecurity box Supporting cybersecurity innovation through defensible experimentation How to implement strategic cybersecurity Infinite vs finite game play in cybersecurity Who This Book Is For This book is for both practitioners of cybersecurity and those who are required to, or choose to, employ such services, technology, or capabilities.

Understand the challenges of implementing a cyber warfare strategy and conducting cyber warfare. This book addresses the knowledge gaps and misconceptions of what it takes to wage cyber warfare from the technical standpoint of those with their hands on the keyboard. You will quickly appreciate the difficulty and complexity of executing warfare within the cyber domain. Included is a detailed illustration of cyber warfare against the backdrop of national and international policy, laws, and conventions relating to war. Waging Cyber War details technical resources and activities required by the cyber war fighter. Even non-technical readers will gain an understanding of how the obstacles encountered are not easily mitigated and the irreplaceable nature of many cyber resources. You will walk away more informed on how war is conducted from a cyber perspective, and perhaps why it shouldn't be waged. And you will come to know how cyber warfare has been covered unrealistically, technically misrepresented, and misunderstood by many. What You'll Learn Understand the concept of warfare and how cyber fits into the war-fighting domain Be aware of what constitutes and is involved in defining war and warfare as well as how cyber fits in that paradigm and vice versa Discover how the policies being put in place to plan and conduct cyber warfare reflect a lack of understanding regarding the technical means and resources necessary to perform such actions Know what it means to do cyber exploitation, attack, and intelligence gathering; when one is preferred over the other; and their specific values and impacts on each other Be familiar with the need for, and challenges of, enemy attribution Realize how to develop and scope a target in cyber warfare Grasp the concept of self-attribution: what it is, the need to avoid it, and its impact See what goes into establishing the access from which you will conduct cyber warfare against an identified target Appreciate how association affects cyber warfare Recognize the need for resource resilience, control, and ownership Walk through the misconceptions and an illustrative analogy of why cyber warfare doesn't always work as it is prescribed Who This Book Is For Anyone curious about warfare in the era of cyber everything, those involved in cyber operations and cyber warfare, and security practitioners and policy or decision makers. The book is also for anyone with a cell phone, smart fridge, or other computing device as you are a part of the attack surface.

Use this unique book to leverage technology when conducting offensive security engagements. You will understand practical tradecraft, operational guidelines, and offensive security best practices as carrying out professional cybersecurity engagements is more than exploiting computers, executing scripts, or utilizing tools. Professional Red Teaming introduces you to foundational offensive security concepts. The importance of assessments and ethical hacking is highlighted, and automated assessment technologies are addressed. The state of modern offensive security is discussed in terms of the unique challenges present in professional red teaming. Best practices and operational tradecraft are covered so you feel comfortable in the shaping and carrying out of red team engagements. Anecdotes from actual operations and example scenarios illustrate key concepts and cement a practical understanding of the red team process. You also are introduced to counter advanced persistent threat red teaming (CAPTR teaming). This is a reverse red teaming methodology aimed at specifically addressing the challenges faced from advanced persistent threats (APTs) by the organizations they target and the offensive security professionals trying to mitigate them. What You'll Learn Understand the challenges faced by offensive security assessments Incorporate or conduct red teaming to better mitigate cyber threats Initiate a successful engagement Get introduced to counter-APT red teaming (CAPTR) Evaluate offensive security processes Who This Book Is For Offensive security assessors and those who want a working knowledge of the process, its challenges, and its benefits. Current professionals will gain tradecraft and operational insight and non-technical readers will gain a high-level perspective of what it means to provide and be a customer of red team assessments.