top of page
  • Writer's pictureTom Maughan

Rethinking Infosec - A Review

Updated: May 23, 2020

This book offers a novel yet refreshingly simple approach to InfoSecurity. It looks at the current range of issues challenging the industry and offers creative and realistic solutions. The author offers advice broader than just the immediate industry, branching into wider aspects of leadership and management within businesses. Whether you’re fresh into the industry or a little more seasoned, this book emphasises that everyone can still learn, which makes this book a useful text for everyone within the sector.

Through relatable analogies, van der Gaast explains a variety of concepts, practicing what he preaches by using language people both inside and outside of the profession understand. InfoSec can be distant from other parts of the business. Greg highlights the importance of being integrated within the business and speaking the same language to build a more productive view. The authors vast knowledge acquired over many years within the industry shines through with some of the gems of knowledge he chooses to provide. He also demonstrates an incredible awareness in order to talk about an industry we all know and recognise, no matter the level of seniority or experience the reader holds. After setting this scene of, the author subsequently breaks it down and challenges us to look at it in a new perspective. It is done in such a way that does not feel radical or revolutionary yet following the steps within the book would soon lead us to revisit all our perceptions and approaches to the way we do our jobs…. And even what our role is within the organisations we operate.

For too many years, the consensus has been that Cybersecurity needs increased spending and resources, but that it draws from a talent pool with a sizeable skills gap. The theory is that this leads to large numbers of vacancies and the need to pay large salaries to attract and retain talent within an organisation. Perhaps it’s not the skills that need to change, but, as Greg proposes, it’s the way people hire and what they expect from those they choose to employ. Is the way you have defined roles restricting the talent that you could be attracting, simply because they do not appear to have the niche or the specialism you think you need.

This book will make you look again about your entire professional approach, from the team you chose to build, the activity you select to prioritise and the tools you use to do it. InfoSec sometimes falls into the traps of an industry which does things in certain ways because that is how they have always been done, rather than adapting to varying challenges and ever changing environments. The book encourages you to build a unique approach which works best within your organisation. An important factor within the will be the Framework you build for InfoSec activity within your organisation. The author provides some excellent tips on how to structure a framework. He also highlights the most common pitfalls that occur – and more importantly how to avoid them. I look forward to reading more from this intelligent author as he gives us the opportunity to learn from his own experiences.

If you are ready to make a fundamental change to the way you operate, that will save you money yet allow you to achieve so much more, this book is a must read! 

171 views0 comments


bottom of page