Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us,
Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra
Pearson, Addison-Wesley, 2023.
ISBN ISBN-10 0137929234, ISBN-13 978-0137929238
With a foreword by Vint Cerf
416 plus xxxv pages, First edition
Reviewed by Sven Dietrich Mar 19, 2023
"Email is Private." "A VPN makes you anonymous." These are sample statements that you will find in this new book by "Spaf," also known as Gene Spafford at Purdue University, a household name when it comes to cybersecurity. These statements are of course meant to make you cringe, to question the status quo, and to delve deeper into the "whys" and "why nots"...
Spaf teamed up with Leigh Metcalf and Josiah Dykstra to write this 400+-page book on demystifying cybersecurity a little and to give you the skills to bust those myths and "mythconceptions." The book is well written, with additional text boxes sprinkled throughout for examples or contextual background. Black and white illustrations, sometimes technical diagrams, sometimes funny cartoons, complement the actual text. A foreword by Internet pioneer Vint Cerf rounds off the writing of this book.
The book is divided into four parts, with sixteen chapters in an uneven distribution over those four parts. The first part talks about 'General Issues' and contains the two chapters 'What is Cybersecurity?' and 'What is the Internet?' The second part 'Human Issues' covers five chapters, including on faulty assumptions, fallacies, and cognitive biases. The third part is the largest, with six chapters, on 'Contextual Issues', and talks about some pitfalls of analogies, legal issues, vulnerabilities, malware, and digital forensics. The fourth part 'Data Issues' includes three chapters on statistics and lies, illustrations, diagrams, and visualization, and least but not least about 'Finding Hope.' Perhaps an upbeat note about a light at the end of the tunnel?
After that last part, an appendix also adds some background explanations and an acronym list helps with the letter mixes. As for further reading, the reader can find references at the end of each chapter in a contextual manner, rather than a single reference list at the end of the book. Still, those references will help you understand the well-described problems even better.
At 175+ myth-busting statements in this book, if you space it out right at a dosage of reading one statement (typically a few paragraphs long, sometimes longer) once every two days, you could be stretching it to about a year. Given the "slow release" nature of these knowledge injections that truly get under your skin, they won't wear off right away and get you through the next day. Oh, and don't forget to laugh here and there while reading this book. Or this review, for that matter.
Overall I liked reading this book: it covers so many topics in cybersecurity that needed this special treatise by Spaf and his co-authors Leigh Metcalf and Josiah Dykstra. It may make the reader experience the (more than) occasional "Aha!" moment. It will definitely find a spot on my bookshelf, to be readily retrieved upon an unsuspecting visitor to my office asking whether "Artificial Intelligence and Machine Learning Can Solve All Cybersecurity Problems." Of course... take a look over here... I hope you will enjoy reading this book as much as I did.