Secrets of a Cyber Security Architect

Any organization with valuable data has been or will be attacked, probably successfully, at some point and with some damage. And, don't all digitally connected organizations have at least some data that can be considered "valuable"?

Cyber security is a big, messy, multivariate, multidimensional arena. A reasonable "defense-in-depth" requires many technologies; smart, highly skilled people; and deep and broad analysis, all of which must come together into some sort of functioning whole, which is often termed a security architecture. Secrets of a Cyber Security Architect is about security architecture in practice. Expert security architects have dozens of tricks of their trade in their kips. In this book, author Brook S. E. Schoenfield shares his tips and tricks, as well as myriad tried and true bits of wisdom that his colleagues have shared with him.

Creating and implementing a cyber security architecture can be hard, complex, and certainly frustrating work. This book is written to ease this pain and show how to express security requirements in ways that make the requirements more palatable and, thus, get them accomplished. It also explains how to surmount individual, team, and organizational resistance. The book covers:

• What security architecture is and the areas of expertise a security architect needs in practice
• The relationship between attack methods and the art of building cyber defenses
• Why to use attacks and how to derive a set of mitigations and defenses
• Approaches, tricks, and manipulations proven successful for practicing security architecture
• Starting, maturing, and running effective security architecture programs
• Secrets of the trade for the practicing security architecture
• Tricks to surmount typical problems

Filled with practical insight, Secrets of a Cyber Security Architect is the desk reference every security architect needs to thwart the constant threats and dangers confronting every digitally connected organization.

任何擁有有價值數據的組織都已經或將會遭受攻擊，很可能會成功，並造成一些損害。而且，所有數位連接的組織都至少擁有一些可以被視為「有價值」的數據，不是嗎？

網路安全是一個龐大、混亂、多變、多維度的領域。合理的「防禦層層疊加」需要許多技術、聰明且高技能的人員，以及深入廣泛的分析，所有這些必須結合成某種運作良好的整體，通常被稱為安全架構。《資安架構師的秘密》是關於實踐中的安全架構。專業的安全架構師在他們的工具箱中有許多訣竅。在這本書中，作者Brook S. E. Schoenfield分享了他的技巧和訣竅，以及他的同事們與他分享的無數實踐智慧。

創建和實施一個資安架構可能是困難、複雜且令人沮喪的工作。這本書旨在減輕這種痛苦，並展示如何以更易接受的方式表達安全需求，從而實現這些需求。它還解釋了如何克服個人、團隊和組織的阻力。本書涵蓋了以下內容：

- 安全架構的定義以及實踐中安全架構師所需的專業領域
- 攻擊方法與建立網路防禦的藝術之間的關係
- 為何使用攻擊以及如何推導出一套緩解和防禦措施
- 實踐安全架構所證實成功的方法、技巧和操作
- 開始、成熟和運行有效的安全架構計畫
- 實踐安全架構的行業秘訣
- 克服常見問題的技巧

《資安架構師的秘密》充滿實用的見解，是每位安全架構師需要擁有的桌上參考書，以應對每個數位連接組織所面臨的持續威脅和危險。

Brook S. E. Schoenfield is the author of Securing Systems: Applied Security Architecture and Threat Models and Chapter 9: Applying the SDL Framework to the Real World, in Core Software Security: Security at the Source. He has been published by CRC Press, SANS Institute, Cisco, SAFECode, and the IEEE. Occasionally, he even posts to his security architecture blog, brookschoenfield.com.

He is the Master Security Architect at a global cyber security consultancy, where he leads the company's secure design services. He has held security architecture leadership positions at high-tech enterprises for nearly 20 years, at which he has trained and coached hundreds of people in their journey to becoming security architects. Several thousand people have taken his participatory threat modeling classes.

Brook has presented and taught at conferences such as RSA, BSIMM, OWASP, and SANS What Works Summits on subjects within security architecture, including threat models, DevOps security, information security risk, and other aspects of secure design and software security.

Brook lives in Montana's Bitterroot Mountains. When he's not thinking about, practicing, writing about, and speaking on secure design and software security, he can be found telemark skiing, hiking, and fly fishing in his beloved mountains, exploring new cooking techniques, or playing various genres of guitar--from jazz to percussive fingerstyle.

Brook S. E. Schoenfield是《Securing Systems: Applied Security Architecture and Threat Models》一書的作者，也是《Core Software Security: Security at the Source》一書中第9章「將SDL框架應用於現實世界」的作者。他的作品曾在CRC Press、SANS Institute、Cisco、SAFECode和IEEE等出版社發表。他偶爾也會在他的安全架構部落格brookschoenfield.com上發表文章。

他是一家全球網路安全顧問公司的主要安全架構師，負責領導公司的安全設計服務。在過去的20年中，他曾在高科技企業擔任安全架構領導職位，培訓和指導了數百名人士成為安全架構師。數千人參加了他的參與式威脅建模課程。

Brook曾在RSA、BSIMM、OWASP和SANS What Works Summit等會議上發表演講和教授課程，內容涵蓋安全架構的各個方面，包括威脅建模、DevOps安全、信息安全風險和其他安全設計和軟體安全相關主題。

Brook居住在蒙大拿州的Bitterroot山脈。當他不在思考、實踐、撰寫和演講有關安全設計和軟體安全的時候，他喜歡在心愛的山脈中進行雪地滑雪、遠足和飛釣，探索新的烹飪技巧，或彈奏各種類型的吉他，從爵士樂到打擊指彈。